Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

A Quick Tor Primer

DZone's Guide to

A Quick Tor Primer

Interested in how Tor works and how it's able to give you an added layer of privacy while on the web? Read on to learn from an expert!

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

So Tor can be used by malware authors to hide, command, and control traffic. It's not that common, but it is becoming more popular as a communications channel. Tor anonymity is really useful if, well, you want to stay anonymous. Which most malware authors do.

But how does it work, and how can you use it in a program?

First, Tor works by randomly routing packets over the Tor network, which is itself an overlay network in the application layer of the TCP/IP (or OSI) models. Essentially all the packets you send take unique, randomly generated paths over this network, and then the responses are similarly anonymously routed and encrypted. Then, when you receive the packets, your handy network stack re-assembles them. Now, this might sound like typical routing in packetized networks, where packets can be dispatched over a wide range of possible paths. The difference is that Tor will do this more frequently, changing these virtual networks with each host you query. Each one of these circuits is built from multiple Tor nodes, where each node only knows the path a packet takes from it to the next node. This makes tracing the entire path for a given node very difficult.

Of course, if you compromise enough nodes, you can reassemble paths, but this is very difficult to do (though not impossible).

You can also break anonymity by using Tor incorrectly. For example, BitTorrent will determine your real external IP address and send that over the TCP stream. Tor protects DNS and TCP anonymity, but an application that does this kind of thing will break anonymity by exposing who you are. Some applications will also ignore proxy settings in some cases (plugins can do this kind of thing too) and can leak identifying information. Error reporting can break anonymity too, and systems can fingerprint your browser as well, providing unique identifying information across sessions.

Overall, Tor does provide unique privacy capabilities, but it is far from foolproof.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
command and control ,tor ,security ,data privacy

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}