Futaba _ Webs πΈπΈππΈπΈ
Bypassing Tor πΈπΈππΈπΈ
Today, in order to celebrate the launching of my new website, I have a special article for today. It's going to feature the first episode of "Mr.Robot", where Elliot hacks a pedophile.
π Article π Glossary π Catalog π Home π Search Modeπ Article Glossary
πΈ Synopsis πΈ
Today, in order to celebrate the launching of my new website, I have a special article for today. It's going to feature the first episode of "Mr.Robot", where Elliot hacks a pedophile.
πΈ Article Topics πΈ
I'll be discussing the following topics in order: π Premise π What is the Surface Web? π What is the Deep Web? π What is the Dark Web? π How Does TOR Onion Protocol Work? π How to use TOR? π Is there such a thing as true anonymity? π Mr.Robot Episode 1 βeps1.0_hellofriend[.]movβ π Why were the Ronβs Onion servers hosted on his internal network? π How to Host a PRIVATE web Server? π TOR's Major Flaw and how a Ron got hacked? You can click on any of the topics to simply check that one out if it interests you! NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!
πΈ Key Links πΈ
Here's a quick run down on all the main links that are in the article in case you want to check them out first. π LinkedIn Version π How To Setup Tor π Master Script
π Bypassing Tor
Premise πΈπΈππΈπΈ
We are also going to talk about the TOR Onion protocol, as well as how to bypass it. We are also going to discuss online anonymity, and how to setup and configure TOR so you can be "truly" anonymous.
In order to discuss this I need to go over the 3 layers of the internet: The surface web, deep web, and dark web.
What is the Surface Web? πΈπΈππΈπΈ
The surface web is what we use on a regular day to day basis: work memes, YouTube, etc. It's where the least of the internet is to be explored.
What is the Deep Web? πΈπΈππΈπΈ
The deep web, which is to not be confused for the Dark web, is where various information archives that arenβt typically available on the surface web can be found. This is where most data breach information is typically leaked, and is also where you can find the "hidden wiki" which is what you need in order to find and access dark web pages
What is the Dark Web? πΈπΈππΈπΈ
The dark web is the internet without any makeup, and is where true levels of anonymity and cyber criminal activity lurk. This is the least safe part of the internet to browse and if you are not careful you could be traced and put yourself as well as others you might live with at risk. A lot of human trafficking operations, organized crime, hackers for hire (black hats), and other crazy stuff goes on here.
For the sake of anonymity and security links to the "onion" sites are typically hidden and hard to find, and or available on "hidden wiki's" from the deep web. In order to access the Dark Web you'll need a special browser called "Tor"
How Does TOR Onion Protocol Work? πΈπΈππΈπΈ
The TOR Onion protocol is what's used to connect to dark web, one of the 3 layers of the internet, and is where most illegal activity and transactions occur. TOR operates by forwarding and handling end user data communications, proxy chaining them through dedicated TOR onion servers in order to spoof the end users
How to use TOR? πΈπΈππΈπΈ
If you would like to learn how to use TOR, check out my video here on how to set that all up for you
I also have a custom script that installs the TOR program as well as the browser and allows you to easily set all of that up. DO NOT USE TOR FROM THE COMFORT OF YOUR OWN HOME! IT'S NOT SAFE AND YOU CAN STILL BE TRACED IF YOU DO NOT KNOW WHAT YOU ARE DOING!
Is there such a thing as true anonymity? πΈπΈππΈπΈ
Sadly, NO, there isn't. For as long as any and all software are man made, there will exist vulnerabilities that allow you to exploit and bypass any form of anonymous protocol in place. You can make it hard to crack, but eventually it's going to get hacked.
Mr.Robot Episode 1 βeps1.0_hellofriend[.]movβ πΈπΈππΈπΈ
During episode 1 of Mr.Robot, Elliot confronts a coffee shop owner named βRonβ, who runs a TOR server that serves child pornography content on it. The coffee shop is a masquerade to hide his servers in plain sight since itβs hosted securely on his internal network via gigabit internet, which he also makes available to customers to put on a good cover front.
Why were the Ronβs Onion servers hosted on his internal network? πΈπΈππΈπΈ
Ron hosted the servers internally on his own network in order to preserve his anonymity. This keeps it out of the sight of the law enforcement and viewable only to the specific audience that he caters it to.
In order for one to maintain anonymity when hosting a [.]Onion server on the dark web it is CRUCIAL for it to be hosted on one's own PRIVATE servers, NOT a public domain, where it can easily be found and compromised.
The URL link to access the site needs to also be "VIP", where it's essentially hidden in areas of the deep web, while also being given to a select few via various means: WhatsApp, Telegram, hidden Wiki Pages, etc.
The reason the pages need to be hidden is so that it stays off the ranges of the law enforcement, A.K.A the FBI, which typically is responsible for seizing and shutting down illegal operations on the dark web.
How to Host a PRIVATE web Server? πΈπΈππΈπΈ
In order to host your own [.]Onion server you need to understand what port forwarding is. This is crucial and is how Ron was able to host his own TOR servers private on his internal network. Let's dive into what port forwarding is.
Port forwarding allows you to map internal IP's/ports on a network to an external gateway interface, your router. Here's how the process works. You essentially map an internal IP address and port number from a local system on your network to one of the available ports on your router, so that it's facing the internet. This is going to map the service to the public IP address assigned to the router via the ISP, as well as the port we just set for it. This allows the service to be discoverable by internal and external network devices, meaning if you wanted to host your own website from the comfort of your own home, you could, as well as a variety of different services. Be mindful when you set this, the ports don't have to be the same, meaning you can mismatch them if you want to.
TOR's Major Flaw and how a Ron got hacked? πΈπΈππΈπΈ
So the biggest question is, how was Elliot able to bypass Tor's security and hack Ronβs TOR server if they were truly anonymous? Well, the answer is quite simple, he wasnβt. Ron was only anonymous when his internal network traffic became external and was routed through TOR's Onion servers, allowing him to change his public IP and proxy it to host it more securely and anonymously. This means that even if the FBI did manage to find the server, the his true identity would be truly anonymous and protected, more so if they didn't leave behind sensitive information about those that were involved with the site. This would also allow him to discard server data should he be compromised.
The problem with this is TOR only works when it's able to leave the internal network and communicate with TOR's onion servers. Any and all traffic that hasn't left the network yet is fully exposed and can be intercepted if someone breaches the internal network, which allows stuff like DNS spoofing and parsing techniques that can strip secure network traffic and handle it on behalf of the real DNS server itself, forwarding it as if it were never intercepted.
This also allows an attacker to bypass any form of segmentation that the main access point might have set in place on the local network. This is crucial in that it allowed Elliot to find the server on the local network regardless of whether or Ron might have had proper segmentation and routing configurations in place.
Regardless of how segmentation on the network is configured, any and ALL network traffic eventually has to talk to the final endpoint node on the network, the default gateway router. Because of this, Elliot was able to intercept the traffic and bypass the TOR onion protocol and locate, as well as excavate any and all sensitive data from the servers and put in an anonymous tip with the law enforcement to have Ron arrested with solid evidence to shut him down for good.
If you enjoyed this post give it a thumbs up! Iβll be keeping track of whose reacting from now on as there is a βspecialβ reason for it. Just know the more you support my content the more there is in stored!
- The Hacker Who Laughs πΈπΈππΈπΈ
