Delivery-Date: Sun, 28 Jun 2015 11:45:55 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 636A31E0477;
	Sun, 28 Jun 2015 11:45:52 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B56A936B4E;
	Sun, 28 Jun 2015 15:45:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 04CB136B41
 for <tor-talk@lists.torproject.org>; Sun, 28 Jun 2015 15:45:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ovmLWbMozyC1 for <tor-talk@lists.torproject.org>;
 Sun, 28 Jun 2015 15:45:43 +0000 (UTC)
Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com
 [IPv6:2a00:1450:400c:c05::232])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id AE84E3689C
 for <tor-talk@lists.torproject.org>; Sun, 28 Jun 2015 15:45:43 +0000 (UTC)
Received: by wibdq8 with SMTP id dq8so52811183wib.1
 for <tor-talk@lists.torproject.org>; Sun, 28 Jun 2015 08:45:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=from:message-id:date:user-agent:mime-version:to:subject:references
 :in-reply-to:content-type:content-transfer-encoding;
 bh=VExzYQMA0yUrbtJOW+Dzlqcg+GnQcAAUVqSrf9lFGDQ=;
 b=fLxdwOp8yDkHyLJpdm4ccI42aonxAlKbX/lsinusAJfVz2qV1XzYvfZdlH0izDTZgu
 x3/hQj2BgY3ctdIp7nr/52zNtVeGpOg/fPUy+FDOMDFPvvy8gtf2owdOMuR5EczMVRQN
 5wmbre1cj56VjqJBP++dfiOsScxjIAN+phhqj5bvLvuaes0AtlGDWGdKIfIM+8MgeB+F
 wpyMzS2Vk5HsTa600kounGZBz4QgqITR3TqIo+YPq07fWsuwkiQPDpMsSWiZgNmap/QZ
 gRyA9EZCRtjwQDiLS8rTkeW/3sEoZFPJv4E8P1CX55IWGXpMcW66pCMMw3cpUp/KTQnz
 jr4w==
X-Received: by 10.180.96.196 with SMTP id du4mr14532624wib.77.1435506339746;
 Sun, 28 Jun 2015 08:45:39 -0700 (PDT)
Received: from [172.16.41.91] (195-154-136-40.rev.poneytelecom.eu.
 [195.154.136.40])
 by mx.google.com with ESMTPSA id qq1sm59577510wjc.0.2015.06.28.08.45.38
 for <tor-talk@lists.torproject.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 28 Jun 2015 08:45:38 -0700 (PDT)
From: aka <akademiker1@googlemail.com>
X-Google-Original-From: aka <akademiker1@gmail.com>
Message-ID: <55901673.1080806@gmail.com>
Date: Sun, 28 Jun 2015 17:44:51 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <558EB972.6040101@countermail.com>
 <558EC46B.2000107@countermail.com> <558EDB0F.9090301@openmailbox.org>
 <558EE509.6040309@countermail.com>
In-Reply-To: <558EE509.6040309@countermail.com>
Subject: Re: [tor-talk] Question regarding some strange behavior on some
	exitnodes
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

You should also check out cloud hosters: upload pdf, doc or txt with
unique hidden service urls and log pageviews with php. Create a dump.php
which dumps "getallheaders()" to a file and then create URL redirections
at your webserver so all url requests get internally executed with
dump.php without the visitor knowing. That way you get cookies, referers
and useragents. Referers are especially interesting, sometimes you get
intranet URLs of antivirus vendors wikis and bugtrackers.

chloe wrote:
> Hi,
> 
> This is just part of my research and I was informed to bounce my results
> over to you so you can look deeper in why the exits are doing what they do.
> 
> All URLs are unique, so the chance for a crawler/spider/robot to find
> that URL is extremely unlikely.
> 
> /db/backups/997391913-2015 is a unique URL. The numbers "997391913" are
> generated, saved to a list and checked if there's any duplicates, if so,
> remove them. Then, all these URLs are visited through all (public)
> exitnodes. A web server is used and saves all(HTTP) the requests to a
> file(log). Later I check that log if an URL has been visited more than
> one time, if so I know that something fishy[sic] is going on with that
> node.
> 
> Regards,
> Chloe
> 
> nusenu skrev den 6/27/2015 19:19:
>> Hi,
>>
>> I read your email in the context of your recent blog post [1] on bad
>> exits (without it, the email does not make much sense to me).
>>
>> Since I'm just assuming and other readers probably don't have that
>> context you might want to specify it.
>>
>> If my assumption is wrong you might want to clarify why you think the
>> exits itself (their operators) are involved in generating HTTP
>> requests (as opposed to some random person/program) using tor.
>>
>>
>> [1] https://chloe.re/2015/06/20/a-month-with-badonions/
>>
> 
> 
> 
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

