Spoiled Onions: Exposing Malicious Tor Exit Relays Philipp Winter Stefan Lindskog Karlstad University Karlstad University Abstract renders it possible for exit relay operators to run vari- ous MitM attacks such as traffic sniffing, DNS poison- Several hundred Tor exit relays together push more than ing, and SSL-based attacks such as HTTPS MitM and 1 GiB/s of network traffic. However, it is easy for exit sslstrip [19]. An additional benefit for attackers is that relays to snoop and tamper with anonymised network exit relays can be set up quickly and anonymously, mak- traffic and as all relays are run by independent volun- ing it very difficult to trace attacks back to their origin. teers, not all of them are innocuous. In this paper, we While it is possible for relay operators to specify con- seek to expose malicious exit relays and document their tact information such as an email address1, this is op- actions. First, we monitored the Tor network after devel- tional. As of January 2014, only 56% out of all 4,962 oping a fast and modular exit relay scanner. We imple- relays publish contact information. Even fewer relays mented several scanning modules for detecting common have valid contact information. attacks and used them to probe all exit relays over a pe- To thwart a number of popular attacks, Tor- riod of four months. We discovered numerous malicious Browser [23]—the Tor Project’s modified version exit relays engaging in different attacks. To reduce the of Firefox—ships with extensions such as HTTPS- attack surface users are exposed to, we further discuss Everywhere [8] and NoScript [14]. While HTTPS- the design and implementation of a browser extension Everywhere provides rules to rewrite HTTP traffic to patch which fetches and compares suspicious X.509 cer- HTTPS traffic, NoScript attempts to prevent many script- tificates over independent Tor circuits. Our work makes based attacks. However, there is little users can do if it possible to continuously monitor Tor exit relays. We web sites implement poor security such as the lack of are able to detect and thwart many man-in-the-middle at- site-wide TLS, session cookies being sent in the clear, or tacks which makes the network safer for its users. All using weak cipher suites in their web server configura- our code is available under a free license. tion. Often, such bad practices enable attackers to spy on users’ traffic or, even worse, hijack accounts. Besides, 1 Introduction TorBrowser cannot protect against attacks targeting pro- tocols such as SSH. arXiv:1401.4917v1 [cs.CR] 20 Jan 2014 As of January 2014, nearly 1,000 exit relays [24] dis- All these attacks are not just of theoretical nature. In tributed all around the globe serve as part of the Tor 2007, a security researcher published 100 POP3 govern- anonymity network [7]. As illustrated in Figure1, the ment credentials he captured by sniffing traffic on a set purpose of these relays is to establish a bridge between of exit relays under his control [22]; supposedly to show the Tor network and the “open” Internet. A user’s Tor the need for end-to-end encryption when using Tor. In circuits, which are encrypted tunnels, terminate at exit Section2, we will discuss additional attacks which were relays and from there, the user’s traffic proceeds to travel found in the wild. over the open Internet to its final destination. Since exit relays can see traffic as it is sent by a Tor user, their 1.1 What Happens to Bad Exits? role is particularly sensitive compared to entry guards and middle relays; especially because traffic frequently The Tor Project has a way to prevent clients from se- lacks end-to-end encryption. lecting bad exit relays as the last hop in their three-hop By design, exit relays act as a “man-in-the-middle” 1Contact information can be useful to get in touch with relay oper- (MitM) in between a user and her destination. This ators, e.g., if they misconfigured their relay. 1 circuits. After a suspected relay is communicated to the Entry guard Encrypted by Tor project, the reported attack is first reproduced. If the at- Not encrypted by Tor tack can be verified, a subset of two (out of all nine) di- Tor client rectory authority operators manually blacklist the relay Tor using Tor’s AuthDirBadExit configuration option. Every network Destination hour, the directory authorities vote on the network con- sensus which is a signed list of all relays, the network is comprised of. Among other information, the consen- Middle relay sus includes the BadExit flag. As long as the majority Exit relay of the authorities responsible for the BadExit flag, i.e., two out of two, agree on the flag being set for a partic- Figure 1: The structure of a three-hop Tor circuit. Exit ular relay, the next network consensus will label the re- relays constitute the bridge between encrypted circuits spective relay as BadExit. After the consensus was then and the open Internet. As a result, exit relay opera- signed by a sufficient number of directory authorities, it tors can see—and tamper with—the anonymised traffic propagates through the network and is eventually used of users. by all Tor clients after a maximum of three hours. From then on, clients will no longer select relays labelled as and implementation of EXITMAP. Section4 then presents BadExit as the last hop in their circuits. Note that this the attacks we discovered in the wild. Next, Section5 does not mean that BadExit relays become effectively proposes the design and implementation of a browser ex- useless. They keep getting selected by clients as their tension patch which can protect against HTTPS MitM entry guards and middle relays. All the malicious relays attacks. Finally, Section6 concludes this paper. we discovered were assigned the BadExit flag. Note that the BadExit flag is not only given to relays which are proven to be malicious. It is also assigned to 2 Related Work relays which are misconfigured or are otherwise unable to fulfil their duty of providing unfiltered Internet access. While MitM attacks have generally received consider- A frequent cause of misconfiguration is the use of third- able attention in the literature [12, 30], their occurrence party DNS resolvers which block certain web site cate- in the Tor network remains largely unexplored. This gories. is unfortunate as the Tor network enables the study of Apart from the BadExit flag, directory authorities can real-world MitM attacks which are rare and poorly doc- blacklist relays by disabling its Valid flag which prevents umented outside the Tor network. clients from selecting the relay for any hop in its circuit. In 2006, Perry began developing the framework This option can be useful to disable relays running a bro- “Snakes on a Tor” (SoaT)[25]. SoaT is a Tor network ken version of Tor or are suspected to engage in end-to- scanner whose purpose—similar to our work—is to de- end correlation attacks. tect misbehaving exit relays. Decoy content is first fetched over Tor, then over a direct Internet connection, 1.2 Contributions and finally compared. Over time, SoaT was extended with support for HTTP, HTTPS, SSH and several other The three main contributions of this paper are as follows. protocols. However, SoaT is no longer maintained and • We discuss the design and implementation of ex- makes use of deprecated libraries. Compared to SoaT, ITMAP; a flexible and fast exit relay scanner which is our design is more flexible and significantly faster. able to detect several popular MitM attacks. Similar to SoaT, Marlinspike implemented tortun- NEL [20]. The tool exposes a local SOCKS interface • Using EXITMAP, we monitored the Tor network over which accepts connections from arbitrary applications. a period of four months. We analyse the attacks we Incoming data is then sent over exit relays using one-hop discovered in the wild during that time period. circuits. By default, EXITMAP does not use one-hop cir- cuits as that could be detected by attackers which could • We propose the design and prototype of a browser then act innocuously. extension patch which fetches and compares X.509 certificates over diverging Tor circuits. That allows A first attempt to detect malicious exit relays was et al. our patch to detect MitM attacks against HTTPS. made in 2008 by McCoy [21]. The authors estab- lished decoy connections to servers under their control. The remainder of this paper is structured as follows. They further controlled the authoritative DNS server re- Section2 begins by giving an overview of related work. sponsible for the decoy hosts’ domain names. As long as It is followed by Section3 which discusses the design an attacker on an exit relay sniffed network traffic with 2 reverse DNS lookups being enabled, the authors were Entry able to map reverse lookups to exit relays by monitor- relay ing the authoritative DNS server’s traffic. Using that side Local Tor et al. channel, McCoy were able to find one exit re- SOCKS control Exit lay sniffing POP3 traffic at port 110. However, attack- port port relays ers could avoid that side channel by disabling reverse lookups. The popular tool TCPDUMP implements the com- probing Stem module mand line switch -n for that exact purpose. exitmap In 2011, Chakravarty et al. [3] attempted to detect exit Decoy relays sniffing Tor users’ traffic by systematically trans- destination mitting decoy credentials over all active exit relays. Over Figure 2: The design of . Our scanner invokes a a period of ten months, the authors uncovered ten relays EXITMAP Tor process and uses the library to control it.