X-Git-Url: http://git.thejh.net/?p=detour.git;a=blobdiff_plain;f=README;h=202273ac50c191b2a3c70f5b5d49ce8bc09c2e9f;hp=b9cb3f009840b54955fc943441d5abb2876358a1;hb=refs%2Fheads%2Fmaster;hpb=3182add0e964daa8e7a5b4b8fbf35c389fd0de89 diff --git a/README b/README index b9cb3f0..202273a 100644 --- a/README +++ b/README @@ -22,11 +22,21 @@ So, this is a known problem, but I wanted to see how easy it really is to do thi and I wanted to try it myself, so I built a PoC. The requirements are: - - The user points his browser to the attacker's webserver and stays on that server + - The user points his browser to an attacker's webserver and stays on that server long enough (a bit over 4 minutes in my implementation) - - The attacker controls the webserver or the exit node (or something between them) + - An attacker controls the webserver or the exit node (or something between them) (in my implementation, he controls the webserver) - - The attacker can measure the internet traffic of all possible users + - An attacker can measure the internet traffic of all possible users + - The attacking machines have their time synced over NTP or so + +It is NOT required, however, that the webserver is run by the same attacker who also +runs the passive traffic analysis near the users – they can be two distinct attackers +who decide to collaborate after-the-fact. The webserver owner only needs to save the +64-bit ID he generated, the traffic analysis attacker needs to save one bit every four +seconds for every connection. + +Also, it is NOT required that the victim's browser supports JavaScript or so. curl would +already be sufficient. In my implementation, the attacking server can encode 64 bits into a pattern of data bursts – simplified, a zero becomes "first data, then nothing" and a one @@ -45,6 +55,8 @@ stuff that would probably improve the accuracy and speed a lot. My proof-of-concept code is at . It needs libpcap and works on Linux. It probably won't work on Windows. +You can download the code with "git clone git://thejh.net/detour.git". + Compile with "./compile.sh". On the server, run "./pulser". This will open an HTTP server on port 4422. On the monitoring device (just run it on your computer if you just want to