Ndị mmepe nke netwọkụ Tor na-amaghị aha bipụtara nsonaazụ nyocha nke abụọ, nke Radically Open Security mere site na Eprel ruo Ọgọst 2023 (tupu nke ahụ, site na Nọvemba 2022 ruo Eprel 2023, Cure53 mere nyocha nke mbụ). Nlele nlele ahụ metụtara koodu maka ịhụ na arụ ọrụ nke ọnụ ụzọ ọpụpụ, Tor Browser, akụrụngwa akụrụngwa (nchịkọta metric, SWBS, Onionoo API) na akụrụngwa nnwale. Ebumnuche bụ isi nke nkwado ahụ bụ iji nyochaa mgbanwe ndị e mere iji melite ọsọ ọsọ na ntụkwasị obi nke netwọk Tor, dị ka ụkpụrụ nkewapụ okporo ụzọ Conflux agbakwunyere na ntọhapụ Tor 0.4.8 na ụzọ maka ichebe ọrụ yabasị site na mwakpo DoS dabere na ya. ihe akaebe nke ọrụ.
N'oge nyocha ahụ, achọpụtara adịghị ike 17, naanị otu n'ime ha ka akọwapụtara dị ka ihe dị ize ndụ. A na-ekenye adịghị ike anọ n'ogo nke ịdị njọ, 12 bụ nkewa dị ka nsogbu nwere obere ọkwa dị njọ. Achọpụtara adịghị ike kachasị dị ize ndụ na ngwa onbasca (Onion Bandwidth Scanner), nke ejiri nyochaa bandwit nke ọnụ netwọk.
A na-akpata adịghị ike ahụ site na ikike izipu arịrịọ site na usoro HTTP GET, na-enye ohere maka ngbanwe nke arịrịọ saịtị n'aha onye ọrụ ọzọ (CSRF, Cross-Site Request Forgery), nke na-enye onye na-awakpo ohere ịgbakwunye akwa mmiri ha. ọnụ na nchekwa data site na ijikwa paramita "bridge_lines". Dịka ọmụmaatụ, onye na-awakpo nwere ike biputere ibe weebụ yana koodu Javascript fetch("http://127.0.0.1:8000/bridge-state/? bridge_lines=obfs4+0.0.0.0%3A00000+AAA+cert%3D0+iat- mode% 3D0", ma ọ bụrụ na onye ọrụ meghere ibe a nwere nnọkọ na-arụ ọrụ na Onion Bandwidth Scanner, mgbe ahụ, a ga-agbakwunye IP “0.0.0.0 na nchekwa data n'aha ya.
Esemokwu Dị Ọkara:
- Ịgọnarị ọrụ na metrics-lib site na ịnyefe nnukwu faịlụ abịakọrọ - ebe ọ bụ na faịlụ a na-agbanye n'ime RAM, ọ ga-ekwe omume ịnyefe ihe dị ka bọmbụ zip (dịka ọmụmaatụ, ị nwere ike ịkwakọ 600 MB nke zeros n'ime 0.0006 MB) ebe nchekwa dị na-agwụ ike.
- Jiri na tor-android-service (ejiri na ihe nchọgharị Tor maka Android) modulu nke atọ tun2socks, nke a naghịzi elekọta.
- Ide ihe efu byte n'ofe oke nke nchekwa ekenyela na onye ahịa Tor n'ihi ojiji nke read_file_to_str_until_eof ọrụ, nke na-eweghachi nha n'ebughị n'uche njirimara efu.
- Ọdịmma dị na sbws (Scanner Bandwidth dị mfe) nke na-enye ohere ka atụgharịghachi njikọ HTTPS na HTTP site na iji redirect gaa na HTTP. Ọnụ ụzọ ọpụpụ Tor nke onye mwakpo na-achịkwa nwere ike iji adịghị ike a mee ka akara API pụta.
isi: opennet.ru
