{"id":17106,"date":"2019-12-05T09:40:03","date_gmt":"2019-12-05T17:40:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10842\/"},"modified":"2019-12-05T09:40:03","modified_gmt":"2019-12-05T17:40:03","slug":"news-10842","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/12\/05\/news-10842\/","title":{"rendered":"Dissecting Tor Bridges and Pluggable Transport – Part I: Finding the Built-in Tor Bridges and How Tor Browser Works"},"content":{"rendered":"
\n
\n

A FortiGuard Labs Threat Research Report<\/i><\/b><\/p>\n

Background
<\/h2>\n

At the SecureWV 2019 Cybersecurity Conference<\/a>, held in Charleston, West Virginia, Peixue and I presented our talk \u201cDissecting Tor Bridges and Pluggable Transport<\/a><\/b>.\u201d We are now sharing more details of this research, with our analysis being posted in two blogs. In this first blog, I will explain how I found built-in Tor bridges and how Tor browser works with Bridge enabled using reverse engineering.<\/p>\n

Tor Browser and Tor Network<\/h2>\n

Tor Browser<\/a> is a tool that provides anonymous Internet connectivity combined with layers of encryption through the Tor network. When users explore websites using Tor Browser, their real IP address is hidden by the Tor network so that the destination website never knows what the true source IP address is. Users can also set up their own website in the Tor network with a domain name ending with \u201c.onion\u201d. That way, only Tor Browser can access it and nobody knows what its real IP address is. It\u2019s one of the reasons why ransomware criminals require victims to access the payment page on a .onion website through Tor Browser. The Tor project team is aware of this practice because the Tor project blog clearly states that \u201cTor is misused by criminals.\u201d<\/p>\n

Tor Browser is an open source project with a design based on Mozilla Firefox<\/a>. You can download the source code from its official website. The Tor network is a worldwide overlay network comprising thousands of volunteer-run relays. It consists of two kinds of relay nodes: normal relay nodes and bridge relay nodes. The normal relay nodes are listed in the main Tor directory, and the connections to them can be easily identified and blocked by censors.<\/p>\n

The bridge information is defined in the profile file of Firefox, so you can display it by entering \u201cabout:config\u201d in the address bar of Tor Browser, as shown in Figure 1.<\/p>\n<\/p><\/div>\n