The expert highlighted that it is quite easy to find misconfigured servers that expose their public IP address.

Every time an administrator of a hidden service adds an SSL certificate to a site, it associates the .onion domain with the certificate. The Common Name (CN) field of the certificate reports the .onion address of the hidden service.

When administrators misconfigure a server so that it listens on a public IP address, the SSL certificate associated with the website will be used for the public IP address.

Klijnsma discovered the misconfigured servers by crawling the Internet and associating SSL certificates to they’re hosted IP addressed. In this way, the expert discovered the misconfigured hidden Tor services and the corresponding public IP addressed.

Another #Tor hidden service exposed through an incorrect configuration of the listening server. Hiding your private forum on the deep dark (and still very public) web. Certificate can be found here (host is still live!): https://t.co/KEqN6hfyFb pic.twitter.com/cwHOuUdwmk

— Yonathan Klijnsma (@ydklijnsma) August 4, 2018

The expert concluded that to avoid the exposure of the public IP address for a Tor hidden service it should only listen on 127.0.0.1.

Pierluigi Paganini

(Security Affairs – SSL certificates, Tor sites)

[adrotate banner=”5″]

[adrotate banner=”13″]