avatarOmaid Faizyar

Summary

The article outlines the process of setting up a Tor Exit Node to sniff traffic, emphasizing the educational value and the potential to emulate historical practices of organizations like Wikileaks.

Abstract

The author describes a methodical approach to establishing a Tor Exit Node for educational purposes, leveraging a privacy-friendly VPS provider like Cockbox and utilizing tools such as the Tor Relay Configurator for straightforward setup. The article highlights the ease of intercepting traffic with tools like HTTPDump and Urlsnarf, providing insights into the types of data that can be captured, including potential botnet activities. The author underscores the importance of encrypting web traffic to maintain privacy and security, given the relative simplicity of setting up such a surveillance operation.

Opinions

  • The author suggests that running a Tor Exit Node is a cost-effective way to contribute to society and implies that it can be both educational and entertaining.
  • There is a strong recommendation to use HTTPS to secure web traffic, criticizing those who still rely on unencrypted HTTP.
  • The article draws a parallel between the reader's potential activities and those of Wikileaks, suggesting a sense of adventurous rebellion or civic duty in monitoring traffic for significant information.
  • The author expresses surprise at the speed with which someone could set up a Tor Exit Node and begin sniffing traffic, highlighting the low barrier to entry for this kind of activity.
  • The author appears to have a dim view of individuals or companies that fail to encrypt their traffic, implying that they are naive or negligent in the face of potential surveillance.
  • There is a hint of cynicism towards 'Threat Intelligence' companies that might exploit such methods for commercial gain, while also providing a tongue-in-cheek method for them to appear more sophisticated.

How to set up a Tor Exit Node & sniff traffic.

I decided to run my own Tor Exit node as a cheap way to add value to humanity. As always, I decided to have some fun with it. This is for educational purposes, don’t be a dick and stop using HTTP dammit.

Fun Fact: Wikileaks started out by running Tor exit nodes and sniffing traffic for documents and emails. By following this article, you’re a cheap wig and a few cases of sexual assault away from being the next Julian Assange.

Step 1. Finding a VPS

First, you’re going to need a VPS. Finding a hosting provider that is Tor friendly is generally difficult to do. No worries, we’re going to use Cockbox. They’re cheap, privacy friendly, accept bitcoin, and will generally leave you alone unless you do something really stupid.

Step 2. Configure Tor

Once you have your VPS, use the Tor Relay Configurator which will walk you through installing Tor, and configuring it correctly. This is a very painless process. Once you start arm, you should see traffic flowing.

Step 3. Sniffing Traffic

Fun Fact: Almost immediately upon sniffing traffic I saw botnet traffic that was attempting to exploit a Remote Code Execution vulnerability in Oracle WebLogic.

I recommend two options for sniffing traffic:

HTTPDump — Written in Golang, very fast and neat. Allows you to see the full body content. If you’re blackhat or doing this for fun, I recommend HTTPDump.

Urlsnarf — Part of the dsniff suite, logs to common log format. You can just apt-get install this one and it’ll work right out of the box. Doesn’t show you the full body content, but if you’re a Threat Intelligence company, this is perfect for you. Set up a bunch of exit nodes, use Logstash to push logs to Kibana. BAM! You’re now a bleeding edge company with a Deep Web threat intel dashboard.

Takeaways:

While this was just a ’24 hour weekend project’ I like to do from time to time; I was amazed how quickly someone could set up a Tor Exit node and sniff traffic. The longest part of this process was waiting for my bitcoin transaction to confirm.

A tech savvy individual could go from 0–60 in about an hour. If you’re not encrypting your traffic, there’s a high chance someone is seeing what you’re doing.

Privacy
Tor
Deep Web
Hacking
Security
Recommended from ReadMedium
avatarJonathan Mondaut
How ChatGPT Turned Me into a Hacker

Discover how ChatGPT helped me become a hacker, from gathering resources to tackling CTF challenges, all with the power of AI.

4 min read
avatarAbi
I shut down my startup. Here’s the honest truth.

Today, I’m announcing Zencape Health’s shutdown. After four years, two major pivots, countless experiments, tens of thousands in annual…

5 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarPractical OSINT
Extract Hidden Phone Number and Email of any LinkedIn Account

This tool provides 10 FREE searches each month.

2 min read
avatarAustin Starks
I used OpenAI’s o1 model to develop a trading strategy. It is DESTROYING the market

It literally took one try. I was shocked.

8 min read
avatarNijamul Haque
How To Make Money With Make.Com For Beginners 2024 (Make.com Tutorial)

Are you a beginner looking to tap into the world of automation and start earning money in 2024?

8 min read