Research: Classification of attacks on Tor clients and Tor hidden services

Anonymity network protocols were namely developed to protect the privacy of censored online users. Anonymity is accomplished via implanting users’ data in between multiple encryption layers and via forwarding network traffic through a diverse group of proxies and/or relay nodes. Onion networks are by far the most widely used solutions within such context. There are presently several anonymizing network protocols including I2P, Freenet, Hornet, Tarzan, and Morphix, yet Tor is inarguably the most widely used onion based anonymizing network protocol. Accordingly, it is of paramount importance to understand and analyze the potential threats that can undermine users’ privacy over the Tor network.

A recently published research study analyzes the different forms of attacks that can target the Tor network. Authors of the paper propose a detailed taxonomy concept based on the specific target(s) of each attack form. This taxonomy serves as a detailed scheme to identify various forms of cyber attacks associated with darknet ecosystems. Throughout this article, we will overview the different forms of attacks against Tor clients and Tor hidden services presented via this paper.


Attacks against the Tor protocol:

When Tor network security is considered, attacks can target three different components of the network:

– Client: the individual that uses the Tor network to connect to the internet and/or visit hidden services

– Server: the Tor based hidden service/server that can include marketplaces, forums, etc

– Network: the Tor network’s infrastructure itself is targeted via some attack forms

Attacks targeting Tor clients:

During the past few years, many researchers have attempted to deanonymize Tor users via linking their IP addresses to outgoing data packets. However, in this section, we will take a look at attacks aimed at inflicting damage to Tor clients or unmasking their IP addresses, which include:

Plug-in based client attacks:

These attacks exploit the plug-ins of the user’s browser e.g. Java, Flash, and ActiveX Controls. Some of this software runs in frameworks or virtual machines that bypass the proxy settings configured within the Tor browser; thus, communicating directly with the internet, without utilizing the Tor browser bundle. Due to potential deanonymization of clients with usage of these plug-ins, the Tor browser disables them by default to promote anonymous and safe communication to the Tor network.

Torben attack:

The Torben attack is launched to deanonymize a Tor client via manipulation of web pages in order to force the client to access content provided by untrusted sources and via exploitation of the low latency features of the Tor network in order to infer indicators of the transmitted web pages; thus, obtaining information on the pages that the client has been accessing via Tor.

P2P information leakage:

This attack form deanonymizes the client via exploitation of their communications with peer-to-peer systems. When considering the BitTorrent P2P protocol, an adversary can obtain a client’s IP address that uses Tor to connect to the torrent’s tracker . In such case, the adversary exploits the fact, that even though the list of torrent trackers may be obtained in an anonymous manner via Tor, P2P connections are usually established unsafely via communicating directly with the peer. As such, the adversary can exploit the Tor protocol’s man-in-the-middle addition to modify the content of the list presented by the torrent tracker via adding the IP address of an adversarial torrent peer. Given the fact that communications with such malicious peers would not be accomplished via Tor, the adversary can possibly obtain the IP address of the Tor client initiating the request to the torrent tracker.

Induced or triggered Tor guard selection:

The Tor entry node is the sole node that communicates directly with the client. However, as Tor packets’ contents are encrypted, the entry node cannot obtain the clean content of transmitted packets without having the decryption keys of the nodes of Tor’s circuit. Accordingly, even though a single adversarial guard node cannot possibly undermine communications, the attacker may be required to own the Tor circuit’s entry node.

To induce a client to utilize a specific adversarial entry node, it is possible to drop client’s communications to public Tor entry nodes, except the ones controlled by the adversary. This can be done via modifying the network traffic capabilities of the target or blocking communications with honest entry nodes via appropriate policies such as via the ISP or the network administrators.


Raptor refers to routing attacks on privacy in Tor. Raptor is a group of attack strategies that can be launched via the Autonomous System (AS) in order to deanonymize Tor clients. One attack strategy relies on analysis of network traffic of asymmetric communications which mark the network. Another attack strategy is based on exploiting the natural churn within BGP paths and internet routing to achieve network traffic analysis . The last attack strategy relies on manipulation of internet routing via means of BGP hijacking actions, which are established to uncover the clients’ Tor guard nodes.

Exploitation of unpopular ports:

This attack relies on the exploitation of the fact that Tor exit nodes minimize the number of ports they can possibly connect to on the surface internet. This attack is designed to deanonymize clients via usage of a group of adversarial entry and exit nodes. Exit nodes run by the adversary support communications taking place on unpopular ports. The adversary also has to take over the service host the client attempts to contact. The goal of the adversary is to force the client to establish a Tor circuit via an entry node and an exit node that are both controlled by the malicious attacker. This specific configuration enables the adversary to deanonymize the client via traffic correlation techniques.

Attacks targeting the server:

The goal of these attacks is to unmask the IP address of the targeted Tor hidden service. These are the different forms of server attacks:

Cell counting and padding:

This attack forces the hidden service to communicate with an adversarial rendezvous point. The adversary sends a specifically created Tor cell/packet to the hidden service’s introduction point in order to specify the rendezvous point. As such, the introduction point routes the message towards the hidden service, which is triggered to create a Tor circuit to connect to the adversarial rendezvous point. Once the rendezvous point is delivered, the message (which includes a cookie or a token created by the client) is programmed to send a predefined number of cells to the Tor hidden service via means of the same Tor circuit. Thereafter, the rendezvous point shuts down the circuit. The entry node, which is under control of the adversary, monitors the network traffic of the circuits routed to it. Once it receives a cell that includes the circuit closure, it will confirm that this has occurred after the cell, including the confirmation cookies, had been received and that the number of proceeding cells is 3 cells up and 53 cells down through the Tor circuit. Once these conditions are met, the adversary can conclude that the guard node they control was picked up from the hidden service; thus, they can obtain the hidden service’s IP address.

Tor cell manipulation:

Manipulation of Tor cells/packets can be utilized to build a targeted Tor hidden service. Once the client delivers a cell to a Tor hidden service to establish communication, the request will get “proxed” via the adversarial rendezvous point. This gives the adversary the ability to alter the contents of the cell; hence, routing the message to the Tor hidden service and sending a timestamp of the altered cell to a server controlled by the adversary. The cell might not be identified as an intact cell sent from the Tor hidden service, which would trigger sending a destroy message back to the client. This message will be routed from the entry node of the hidden service, which is controlled by the adversary, to the central server and will include information such as the circuit ID, the cell timestamp, the source IP address, and the circuit ID.


James Stanley

Caronte attack:

Caronte is a unique tool that detects location leaks within Tor hidden services. Leaked information can include server configuration and possibly the IP address of the target Tor hidden service.

Off-path MitM attack:

This attack relies on launching a man-in-the-middle attack (MitM) against a given Tor hidden service. Assuming that the hidden service’s private key is owned by the adversary, launching a MitM attack is possible. The essential point in such scenario is that the adversary is not required to be located along the communication path established between the hidden service and the client.

Similar Articles:

Strength in Numbers: The Final Count Is In

Strength in Numbers: The Final Count Is In

How Has Tor Helped You? Send Us Your Story.

How Has Tor Helped You? Send Us Your Story.

This SIM Card Forces all of Your Mobile Data Through Tor

This SIM Card Forces all of Your Mobile Data Through Tor

Mozilla will match all donations to the Tor Project

Mozilla will match all donations to the Tor Project