网络安全Anonymity案例 Even simple investigation of web tra c can be used to learn potentially-sensitive information. Here we set up a web server, and observe what information is visible to a few di erent perspectives.
project 5: Anonymity
eSoc 488: Information Privacy with Applications Due: 13 November 2018
Total Homework/project Points: 100
网络安全Anonymity案例网络安全Anonymity案例
1 Simple auditing
Even simple investigation of web tra c can be used to learn potentially-sensitive information. Here we set up a web server, and observe what information is visible to a few di erent perspectives. For this section, write your answers on their own line in a le called `auditing’ (no extension needed). Your mitmproxy dumps (described below) should be called `dump_1′ and `dump_2.’
(10)Set up a simple web server using the following steps:
Setup a virtual private server (VPS) running Debian on Digitalocean.1
Disable password authentication, and use an SSH key to access the server with a new account (notroot).
On your VPS, install ufw, and use it to ensure that your server drops all tra c that is not an SSH session from your current IP address, or a web request from 127.0.0.1 on port
Install apache2. Edit the le /var/www/html/index.html to contain exactly the string `DOWN WITHCYBERCRUD’.
Addthe IP address of your server to `auditing’.
(5) Look at yourlogs
Use tail to view the access logs on your server as they are changing (you need a ag for tail). Visit your site. Answer the following in the le for thissection:
Whatinformation is visible about you?
Howcould this be used to learn more?
(5) Use mitmproxy to record a ow for a site you’re visiting (i.e., lter for just the tra c for the site itself, not third parties). Save the dump as `dump_1.’ Now do the same for a third party advertiser oranalytics company on a Create a text dump of the third party ow as well, and save it as
`dump_2.’ Now search the text for something you nd interesting, and record it in `auditing.’
Tor2
You will submit these les for this section: your tor con guration le, `tor_getinfo.py,’ and `geo.’
1 Or a similar service. These instructions don’t assume anything about the VPS provider other than that it allows you to run a Linux instance.
2 Thanks to Maximilian Golla at RUB for sharing the questions in sections 3.2 and 3.3 below, which I have modi ed for our
purposes.
2.1 Onion Proxy
In this exercise we learn to interact with the onion proxy (OP) running on your client, and get information from it.
(10)Open the control port of the Tor daemon using the Tor con guration 3 Then, write a python script called ‘tor_getinfo.py’ that uses Stem to get information about your Tor connections.4 You must include detailed comments in this script explaining what each signi cant part is doing.
List the nodes used, with the IP-address and the ngerprint for each open Tor connection. Use the GeoIP Database5 to nd the locations of your Tor nodes. Record this in the `geo’ le, comma separated, with one line per node.
2.2 Specifying parts of the circuit
Tor allows to de ne the entry and exit nodes by modifying the con g le torrc. It is your task to use the following entry and exit nodes, which are identi ed by ngerprints.6
Guard nodes:
D529E870E7CCFCDA2CFEE9D317A8DC6E85497FDA
C38286764201C7F0CDCC928ED59F2180F067C49D
Exit nodes:
E4D1F25DFBE484208866BA4A1A958B73127CB0AD
E6FAC9A7F33EE66F03C55C119770B2D45D3C576B
Answer the following questions in a le called `tor_node_selection.’
(10) List the nodes used, with the IP-address and the ngerprint for each open Tor connection anduse the GeoIP Database7 to nd the location of your no
(5) How does a strict selection of the Tor exit and entry nodes in uence the anonymity of the connec- tion?
(5)Is it possible to exclude nodes? When should this be done?
2.3 Tor Bridges
Bridges are Tor relays that are not listed in the main Tor directory. Since there is no complete public list of them, even if your ISP (Internet Service Provider) is ltering connections to all the known Tor relays, they probably would not be able to block all the bridges. If you suspect your access to the Tor network is being blocked, you may want to use the bridge feature of Tor. It is your task to establish a connection to the Tor network via a bridge.8
3 The documentation can be found at https://www.torproject.org/docs/tor-manual.html.en.(10) Get a bridge that you can use to connect to the Tor network and give its IP, port and ngerprint. How did you get these pieces of information? What are other methods to get a bridge (be sure to list themall)?
4 Stem documentation is at https://stem.torproject.org/.
5 Found at https://www.maxmind.com/en/geoip-demo
6 See footnote 3 above for the documentation.
7 See the link in footnote 5.
8 See https://www.torproject.org/docs/bridges.html.en
(5) In which situations is the application of bridges useful? Does the method to get a bridge that you chose before work in suchsituations?
2.4 Set up a Tor hidden service
Your next task is to set up a hidden service on the Tor network.
(20) Using your VPS, install tor, and set up a hidden service using the tor documen9 On your local computer, use the tor browser to visit your site (the address is found in $HOME/hid- den_service/hostname). This site will need to remain available until you have received a grade for this project (not more than one week from the submission deadline). Turn in the onion address for your working hidden service in a le called ‘hidden_service_address’.
Please answer the following questions about hidden services:
(5)How is the service hidden, e., why can users not reveal the location of the service (in the network) and still use it?
(5) Is there a way to still reveal information about the operators or the location of a hidden service? Monitorthe connections to your hidden service (e.g., by watching the access log le).
(5) Can you distinguish between di erent users? Would this be di erent if your service was not a hidden service (and still accessed viaTor)?
9 See https://www.torproject.org/docs/tor-hidden-service.html.en
网络安全Anonymity案例 5: Anonymity
2020-07-01