Open Source Tortilla For Tor To Be Released At Black Hat

← Back to Stories (view on slashdot.org)

Open Source Tortilla For Tor To Be Released At Black Hat

Posted by samzenpus on Monday July 15, 2013 @08:12AM from the comine-soon dept.

msm1267 writes "A researcher is expected to release Tortilla, an open source tool that anonymously routes TCP and DNS traffic through Tor, at the upcoming Black Hat conference. Tortilla provides a secure, anonymous means of routing traffic through Tor regardless of client software and without the need for a VPN or secure tunnel."

68 comments

Min score:

Reason:

Sort:

The real problem with Tor by i+kan+reed · 2013-07-15 08:17 · Score: 4, Insightful

The real problem is that nefarious governments locate physical locations connecting to TOR by complicit ISPs and go after the people and hardware.
1. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 08:19 · Score: 0
  
  Does not help that tor is abused by child porn seekers and such. Most ISP ban tor now.
2. Re:The real problem with Tor by Anonymous Coward · 2013-07-15 08:32 · Score: 0
  
  This is why the Tor project continues to try to make Tor undetectable. It's a hard problem, of course. But if I understand Tortilla properly, doing this at the TCP level should make it much more difficult and expensive for ISPs to determine whether you're using Tor.
3. Re: The real problem with Tor by Nutria · 2013-07-15 08:34 · Score: 2
  
  Exactly. Using Tor in a DPI world is waving a big red flag, and yelling, "I'm hiding something!!!"
  
  --
  "I don't know, therefore Aliens" Wafflebox1
4. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 08:45 · Score: 0
  
  Really? Which ISPs? Tor works fine on every local and regional ISP around here.
5. Re: The real problem with Tor by Gr8Apes · 2013-07-15 08:52 · Score: 4, Insightful
  
  That is true - you are hiding something - your traffic, your destinations, and your sources, because not much can be ascertained in any other way. There's nothing illegal about using TOR, and in fact, everyone should if they value privacy. That said, it's pointless to use TOR when hitting your email or posting to Twitter or Facebook, so the general usefulness of TOR as a percentage of traffic has actually dropped.
  
  --
  The cesspool just got a check and balance.
6. Re:The real problem with Tor by i+kan+reed · 2013-07-15 08:57 · Score: 1
  
  It's a valiant effort, but it still fundamentally depends on talking to specific hosts to get into the network. As long as that list is public, someone will be able to figure out if you're talking to it.
7. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 09:06 · Score: 0
  
  Why don't you tell us how you really feel?
8. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 09:35 · Score: 1
  
  Using Tor in a DPI world is waving a big red flag, and yelling, "I'm hiding something!!!"
  Tor is not for people who have something to hide. If you're doing something illegal online, odds are you'll be found anyway, weather you use Tor or not. Tor is for people who (like me) just want that added layer of privacy. In the end, if you're doing something illegal online, and the government wants to catch you, they're gonna catch you. Tor isn't going to help you much.
9. Re:The real problem with Tor by Anonymous Coward · 2013-07-15 09:37 · Score: 0
  
  scare tactics won't work.
  you see, i use tor to provide COVER TRAFFIC for governments, military, businesses, you name it.
  the more i surf every day, the more cover traffic i provide these entities without them spending a cent.
  i am a tor exit node, down one day up the next.
  this is the real meaning of DO NOT TRACK.
  Suck it.
10. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 10:03 · Score: 0
  
  using SSH?
  using SSL?
  YOU must be hiding something if you need to use ANY encryption, so use the easiest to break/sniff !!!
  kthx,
  TLA
11. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 10:03 · Score: 1
  
  It's not that the ISPs ban them, per se, it's that they exit nodes get inundated with DMCA takedown letters because of bittorrent users. They pass the letter on to you, possibly hinting that you may be violating their terms of service. Most of the time they have no idea whether you're using Tor or not; they don't care.
  If I were to run a Tor server, I'd filter it. (Actually, I'd first have to write my own so I could filter). I'd block all bittorrent usage, and I'd throttle the traffic so people surfing porn (legal or illegal) would get frustrated.
  Of course, people could get around this with some savvy, but that's beside the point. The point is I don't want to be flooded with takedown letters constantly, like I was last time I ran a Tor exit node.
12. Re:The real problem with Tor by Anonymous Coward · 2013-07-15 10:07 · Score: 0
  
  so use bridges, especially obfs2/obfs3 bridges.
  news for news? or nerd news for newbies?
13. Re: The real problem with Tor by Pseudonym+Authority · 2013-07-15 10:19 · Score: 3, Interesting
  
  So what your saying is that no relevant ISPs ban Tor. So it was a lie. You're a liar.
  
  If I were to run a Tor server, I'd filter it. (Actually, I'd first have to write my own so I could filter).I'd block all bittorrent usage,
  It's already blocked in the default configuration.
  
  and I'd throttle the traffic so people surfing porn (legal or illegal) would get frustrated.
  You going to crack AES to filter out all the hidden services, where all that nasty stuff is at, too?
  
  I was last time I ran a Tor exit node.
  Good thing you stopped, you don't seem to quite grasp how it works.
14. Re:The real problem with Tor by Anonymous Coward · 2013-07-15 10:29 · Score: 5, Interesting
  
  Nefarious government hunt down Tor users.
  Smart governments, like the U.S., run Tor nodes. In fact, it's been conjectured by cryptographers and analysts--not just Bruce Schneiner, but other academics--that the U.S. government runs a plurality of all Tor nodes. We know for a fact that they use Tor to hide some of their own surveillance and exfiltration traffic, but undoubtedly they also log all traffic on their nodes for analysis so they can figure out who else is using it.
  Because Tor doesn't use constant-rate traffic padding, it's actually easy to trace Tor traffic if you can analyze a substantial number of Tor messages. Thus, the easiest way to defeat Tor if you have a decent budget is to just run as many Tor nodes as you can. (Because the NSA's taps into major exchanges, they're probably capable of doing it the hard way, too; specifically, by simply recording IPs and timing of traffic to and from all known Tor nodes.)
  When I ran a Tor exit node on a gigabit Cogent link, I was constantly inundated with DMCA takedown letters and other legal harassment, primarily because of bit torrent users*. The EFF actually provides legal support, but I can't believe that there are enough people willing to put up with the hassle of running long-term, high volume Tor exit nodes. Rather, it seems far more plausible that the government runs many or most of them because they're effectively immune to legal harassment, not just because they're the government and actually immune, but because they have a limitless number of lawyers to fight the challenges without necessarily revealing their identity.
  * You guys suck, BTW. Stop downloading all that crap. I hate you not because I believe in the legitimacy of copyright, but because you guys are being lazy about it and causing all kinds of other headaches, e.g. making it impossible to run a Tor exit node. Here's an idea--for every piece of media you download in contravention of copyright laws, why not at least send the money equivalent to the EFF, ACLU, and other organizations who will lobby to change the laws for the better, even if not perfectly.
15. Re: The real problem with Tor by JohnVanVliet · 2013-07-15 11:16 · Score: 1
  
  " If I were to run a Tor server, I'd filter it. (Actually, I'd first have to write my own so I could filter). I'd block all bittorrent usage, and I'd throttle the traffic so people surfing porn (legal or illegal) would get frustrated. "
  ------
  that is going to be a bit difficult , seeing as the traffic IS ENCRYPTED Not strongly , but still encrypted .
  yes in a few weeks you can decrypt it to see what is what , but by then a few weeks have past
  there is no way to "filter" it IN REAL TIME
  
  --
  "I don't pitch OpenSUSE Linux to my friends, i let Microsoft do it for me
16. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 11:17 · Score: 0
  
  I'd block all bittorrent usage
  The most amusing part of the whole thing is that people try to use bittorrent over tor. They're probably the same people who whine about how slow tor is when in reality they're getting 2kbps because all of their peers see them as a non-cooperative leech with 0 upload rate. I am honestly surprised that nobody has implemented a hidden services TORrent (har har har) client that works entirely within the onion, though I assume if someone did that and it got any kind of even moderate use the network really would grind to a halt.
17. Re:The real problem with Tor by Anonymous Coward · 2013-07-15 11:29 · Score: 0
  
  The real problem is that nefarious governments locate physical locations connecting to TOR by complicit ISPs and go after the people and hardware.
  And that "real" problem could be easily eliminated of there was more Tor nodes than governments could count.
  Tor is like Twitter. The best way to ensure it's survival is to tell everyone to use the fucking thing.
18. Re: The real problem with Tor by AlphaWolf_HK · 2013-07-15 12:21 · Score: 2
  
  That doesn't make any sense. In fact, it's just wrong. The tor exit node can see all of your plaintext traffic, so that just adds yet another potential source of eavesdropping.
  Staying inside of the tor network however basically guarantees anonymity. You think the DEA hasn't tried to shut down the silk road already? Or what about lolita city? Drugs and child pornography are the two biggest things the US government wants dead, and as of yet they've been completely unable to stop either of those, meanwhile both of them operate completely in the open inside of the tor network.
  
  --
  Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK
19. Re: The real problem with Tor by cffrost · 2013-07-15 12:50 · Score: 1
  
  Does not help that tor is abused by child porn seekers and such. Most ISP ban tor now.
  It also does not help that Tor is subject to a FUD-based smear campaign to drive people away from a technology that they could use to empower themselves.
  
  --
  Thank you, Edward Snowden.
  
  "Arguments from authority are worthless." —Carl Sagan
20. Re: The real problem with Tor by p43751 · 2013-07-15 13:42 · Score: 1
  
  My ISP did not give a s**t about torrents or anything. But when they got letters about botnets being run from my address, thats when i dropped running a tor exitnode!
21. Re: The real problem with Tor by simtel · 2013-07-15 15:07 · Score: 1
  
  An important note is that the exit node can see all of "the" plaintext traffic - there's no effective way to track it back to you unless the data contains your personal info. That's one of the biggest reasons that many jurisdictions hold the exit node accountable for the traffic that goes through it.
22. Re: The real problem with Tor by Anonymous Coward · 2013-07-15 15:50 · Score: 0
  
  You obviously haven't tried using Tor. It's dog slow already. No need to throttle anything. Though yes, banning bittorrent would be great, by virtue that more exit nodes might spring up if the owners had reasonable certainty that they weren't going to get take down letters as soon as they started letting Tor connections through
23. Re:The real problem with Tor by CodeBuster · 2013-07-15 21:43 · Score: 1
  
  it's been conjectured by cryptographers and analysts--not just Bruce Schneiner, but other academics--that the U.S. government runs a plurality of all Tor nodes.
  That sounds about par for the course. I remember hearing that in the later decades of the 20th century the US government, at the behest of the NSA, made sure that it was cheaper to route international phone calls going from Europe to Asia or from South America, Asia and Africa to just about any other destination through the United States by subsidizing the connections so that the fees would be cheapest. This ensured that a majority of the world telecom traffic made it's way through the United States at some point, where the NSA intercepted and analyzed it, before continuing on to it's final destination. I wouldn't be surprised if this practice continues today with undersea fiber cables for carrying backbone Internet traffic.
24. Re: The real problem with Tor by tlhIngan · 2013-07-16 02:59 · Score: 1
  
  that is going to be a bit difficult , seeing as the traffic IS ENCRYPTED Not strongly , but still encrypted .
  yes in a few weeks you can decrypt it to see what is what , but by then a few weeks have past
  there is no way to "filter" it IN REAL TIME
  Only while it stays within the network.
  One thing that makes Tor more popular than other darknet systems is that it connects to the regular internet. Sort of how VoIP took off once call gateways to the POTS network were established. Because before that, well, you're just talking amongst yourselves and that's it.
  Of course, once you hit the public internet, your traffic is back in plain text that can be logged, recorded and analyzed by the owners of the exit node. (And a lot of traffic contains personal information - like say, bittorrent), as well as being a potential MITM if you're trying to do an SSL connection over Tor.
25. Re: The real problem with Tor by Anonymous Coward · 2013-07-16 19:16 · Score: 0
  
  Please kill yourself. Drink a gallon of bleach or something.
26. Re:The real problem with Tor by zix619 · 2013-07-18 03:00 · Score: 1
  
  I wonder though if you use plugins like HTTPS everywhere (encrypting your traffic) in conjunction with Tor (giving you the anonymity) then you should be OK? Assuming obviously that no one can break your SSL encryption!
27. Re: The real problem with Tor by Anonymous Coward · 2013-07-29 06:19 · Score: 0
  
  My ISP did not give a s**t about torrents or anything. But when they got letters about botnets being run from my address, thats when i dropped running a tor exitnode!
  I got that message and ignored it. A year later, no new feedback from the ISP.
28. Re:The real problem with Tor by Anonymous Coward · 2013-07-29 06:30 · Score: 0
  
  SSL isn't trivial to break, but... if you have both sides of the certificate exchange, SSL isn't just trivial to break, it's fully broken. Some corporate firewalls have the functionality built in to answer and forward certificate requests, opening the pipe to monitoring and storage of the plaintext. Compromising the TOR network or HTTPS in general would be a big task, but within the reach of some countries.
29. Re: The real problem with Tor by p43751 · 2013-07-29 07:07 · Score: 1
  
  My line got blocked when I ignored the letter. a quick phonecall later all was ok as long as i did not run tor
Already done by Anonymous Coward · 2013-07-15 08:20 · Score: 0

Isn't that precisely what the following does, when placed in torrc?
DNSPort 53
DNSListenAddress 127.0.0.1
1. Re:Already done by Qzukk · 2013-07-15 09:54 · Score: 1
  
  Only if you set your OS up to use 127.0.0.1 for DNS instead of the IP addresses your router/ISP/whatever assign to you.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
The meat is the payload. by HeckRuler · 2013-07-15 08:24 · Score: 3, Funny

Alright people, we've got the tortillas and the onions, all we need are some bell peppers and some meat and we've got ourselves a fajita.
1. Re:The meat is the payload. by Anonymous Coward · 2013-07-15 08:33 · Score: 0
  
  Just use it to move porn and we've got plenty of meat. Any suggestions for what we can use as peppers?
2. Re:The meat is the payload. by Anonymous Coward · 2013-07-15 08:42 · Score: 1
  
  Just use it to move porn and we've got plenty of meat. Any suggestions for what we can use as peppers?
  Real sex with the wrong people will give you that burning sensation you're after...
3. Re:The meat is the payload. by Anonymous Coward · 2013-07-15 08:50 · Score: 0
  
  This is slashdot, dude. We dont do sex here.
4. Re:The meat is the payload. by Em+Adespoton · 2013-07-15 08:57 · Score: 1
  
  Alright people, we've got the tortillas and the onions, all we need are some bell peppers and some meat and we've got ourselves a fajita.
  Don't forget TACO....
5. Re:The meat is the payload. by Fosterocalypse · 2013-07-15 08:57 · Score: 1
  
  Version 2.0 will be named "the whoop ass fajita"
6. Re:The meat is the payload. by Anonymous Coward · 2013-07-15 09:45 · Score: 0
  
  My hand disagrees!
7. Re:The meat is the payload. by Anonymous Coward · 2013-07-15 10:56 · Score: 0
  
  Just use it to move porn and we've got plenty of meat. Any suggestions for what we can use as peppers?
  How about ... Pepper?
  Isn't there already a package with Tor+Firefox?
8. Re: The meat is the payload. by Anonymous Coward · 2013-07-15 16:27 · Score: 0
  
  Please don't forget the guacamole, sour cream and beans for added flavor, texture and gas.
Whonix by Natales · 2013-07-15 08:39 · Score: 1

You can achieve the same result today with Whonix which allows you to "torify" basically any network I/O traffic from the workstation VM. Heck, you can even have a Windows VM go through the Tor gateway for that matter.
1. Re:Whonix by Anonymous Coward · 2013-07-15 08:45 · Score: 1
  
  Whonix is a Linux operating system. Everything that can be done in this new Tortilla program can be done 20 different ways if you're using Linux, but Tortilla claims to be the first to do it on Windows.
2. Re:Whonix by Anonymous Coward · 2013-07-15 09:26 · Score: 1
  
  In case you missed the news, using Windows is already game over for you.
3. Re:Whonix by Natales · 2013-07-15 09:30 · Score: 0
  
  No, Whonix is a system. The key part of the system is the Gateway which is indeed Linux, but the Workstation portion can be easily swapped by Windows or anything else. Read a bit more before you comment.
4. Re:Whonix by Anonymous Coward · 2013-07-15 09:42 · Score: 2, Informative
  
  No, Whonix is a system
  
  Yes, it is an operating system.
  The link you gave has instructions on how to run Whonix in a virtual machine. It's still a Linux operating system. Like I said, if you can run Linux, then you've already got a ton of options to run Tor. (tsocks, iptables transparent proxy, manual proxy settings with filters for unconfigured programs, etc.)
  Tortilla claims to be the first program to transparently route your connections on Windows.
pfSense plugin? by TheRealMindChild · 2013-07-15 08:42 · Score: 1

Twould be nice if this could be turned into a pfSense plugin/filter

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Not on Torproject site yet. by auric_dude · 2013-07-15 08:50 · Score: 1

If not on https://www.torproject.org/ then it does not exist.
Tor Mailing Lists / Re:Not on Torproject site yet. by Anonymous Coward · 2013-07-15 09:01 · Score: 0

Take this discussion to:
Tor Talk ML
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk/
and/or
Tor Development ML
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev/
to get in touch with the Tor developers and users.
Full Tortilla source code by Anonymous Coward · 2013-07-15 09:15 · Score: 0, Offtopic
Homemade Flour Tortillas (makes 2 dozen)
- 4 cups all-purpose flour
- 1 teaspoon salt
- 2 teaspoons baking powder
- 2 tablespoons lard
- 1 1/2 cups water
1. Whisk the flour, salt, and baking powder together in a mixing bowl. Mix in the lard with your fingers until the flour resembles cornmeal. Add the water and mix until the dough comes together; place on a lightly floured surface and knead a few minutes until smooth and elastic. Divide the dough into 24 equal pieces and roll each piece into a ball.
2. Preheat a large skillet over medium-high heat. Use a well-floured rolling pin to roll a dough ball into a thin, round tortilla. Place into the hot skillet, and cook until bubbly and golden; flip and continue cooking until golden on the other side. Place the cooked tortilla in a tortilla warmer; continue rolling and cooking the remaining dough.
1. Re:Full Tortilla source code by Anonymous Coward · 2013-07-15 09:52 · Score: 0
  
  awesome!
2. Re:Full Tortilla source code by Culture20 · 2013-07-15 11:06 · Score: 1
  
  Homemade tortillas taste so much better than the grocery-store bought variety. And they're so easy to make, but Mexican restaurants all use the store versions.
This vs Tor in Layman's Terms? by Anonymous Coward · 2013-07-15 09:20 · Score: 0

Would anyone mind explaining how this differs from vanilla Tor? I sort of understand, but not really. Much appreciated. Thanks.
1. Re:This vs Tor in Layman's Terms? by wonkey_monkey · 2013-07-15 09:30 · Score: 1
  
  Just my possibly-incorrect understanding, but vanilla Tor operates as a SOCKS proxy - so client software has to be configured (if possible) to use it. You can do that via the Advanced->Network options in Firefox, for example. It sounds like this new tool will redirect all network traffic transparently. It doesn't seem particularly ground-breaking to me - more like something no-one could be bothered to get around to until now.
  
  --
  systemd is Roko's Basilisk.
2. Re:This vs Tor in Layman's Terms? by White+Flame · 2013-07-15 09:32 · Score: 1
  
  Currently, to use Tor a program must be written to communicate through Tor's SOCKS proxy, which apparently Windows doesn't support well.
  This, in theory and if I'm reading the bits of the description properly, would allow you to run any program that talks basic internet protocols and route its traffic through Tor without any changes to the program. That's similar to how a firewall can change the internet permissions of a program without touching the program itself.
3. Re:This vs Tor in Layman's Terms? by Anonymous Coward · 2013-07-15 09:58 · Score: 0
  
  Honestly, a whole lot of stuff on all OSes don't support SOCKS well for some reason, likely because of hacks (on *nix-type OSes) that override the usual connect() syscall with one that sets up the connection to the SOCKS proxy then hands that back to the program so the programmer doesn't have to bother supporting it.
  The question here is whether this is an equivalent hack on windows (if so, it's both awesome and terrible on SO MANY levels) or if it's just a transparent proxy setup that happens to run on windows.
4. Re:This vs Tor in Layman's Terms? by Anonymous Coward · 2013-07-15 10:00 · Score: 0
  
  more like something no-one could be bothered to get around to until now.
  More like a completely futile effort on Windows, at least as long as there is WGA and Windows "Experience" metrics which constantly bust your privacy by default.
5. Re:This vs Tor in Layman's Terms? by Anonymous Coward · 2013-07-15 10:27 · Score: 0
  
  LD_PRELOAD_PATH in the environment will allow you to use a SOCKS library which maps all the sockets calls - anything using the standard libraries will then be SOCKSified.
  Howver:
  "Tortilla provides a secure, anonymous means of routing traffic through Tor regardless of client software and without the need for a VPN or secure tunnel"
  Yeah, just so long as the traffic coming out the exit node doesn't reveal any of your details to the person operating it ... email address, cookies for sites, etc.
What is new about this? by Anonymous Coward · 2013-07-15 11:09 · Score: 0

You've been able to route all traffic through Tor forever. It comes with a transparent proxy and a built-in DNS, you just need to add the appropriate iptables rules.
It's not a good idea though. Programs that haven't been carefully configured to work with Tor may leak personal information and give you away. It's much better to configure the programs you want to use Tor explicitly, and then block all other traffic.
FTFA it appears to be a tool for security research by Molochi · 2013-07-15 11:20 · Score: 2

“The Tor client does all of the work,” Geffner said. “Tortialla(sic) redirects TCP and DNS traffic through Tor ensuring nothing else gets out. I wouldn’t call it a plug in; it does communicate with the Tor client over the SOCKS port Tor opens up, but it’s not a plug in.”
It sounds like their intent is to prevent the target malware sites from knowing your IP address while allowing the full impact of its flash/java/js payload to attack your machine. The idea being that such malware sites identify and block addresses that are identified with security research, law enforcement, etc... while existing Tor networks interfere with receiving the full brunt of their attack.
Anyways that's how I read it.

--
"The Adobe Updater must update itself before it can check for updates. Would you like to update the Adobe Updater now?"
Not New by Afecks · 2013-07-15 11:25 · Score: 4, Interesting

I wrote a tool like this ages ago called Torcap; http://freehaven.net/~aphex/torcap/ and it does all of that plus works on Windows and is open source.
1. Re:Not New by Sedated2000 · 2013-07-16 02:05 · Score: 1
  
  Very interesting, I appreciate you taking the time to develop this. I also appreciate that you opened the source. Thank you.
2. Re:Not New by exodus2287 · 2013-07-22 01:55 · Score: 1
  
  Well done...i've been looking for something along the lines of this for a while now. i'll definitely give this a go!
Use ? USE ?? by vikingpower · 2013-07-15 17:42 · Score: 1

“I’m hoping ..... the tool will be used,” Geffner said
You can bet it will !!

--
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
This is already supported natively by Anonymous Coward · 2013-07-16 01:25 · Score: 0

TOR supports transparent proxying. It's not in the default configuration file though. You can use iptables to reroute outgoing TCP connections to it.