mirror of
https://codeberg.org/crimeflare/cloudflare-tor
synced 2024-11-13 21:02:40 +00:00
switch MiTM with MITM - #8
This commit is contained in:
parent
88b04c754a
commit
46a82dbd1b
10
README.md
10
README.md
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
"The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/), the world's [largest](https://w3techs.com/technologies/history_overview/proxy) MiTM proxy([reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)).
|
"The Great Cloudwall" is [CloudFlare](https://www.cloudflare.com/), the world's [largest](https://w3techs.com/technologies/history_overview/proxy) MITM proxy([reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy)).
|
||||||
It sits between you and origin webserver, acting like a [border patrol agent](https://www.cbp.gov/careers/bpa).
|
It sits between you and origin webserver, acting like a [border patrol agent](https://www.cbp.gov/careers/bpa).
|
||||||
The origin webserver administrator allowed the agent to decide who can access to their "_web property_" and define "_restricted area_".
|
The origin webserver administrator allowed the agent to decide who can access to their "_web property_" and define "_restricted area_".
|
||||||
Take a look at the second image posted below. You will think Cloudflare block _only_ attackers. It's not.
|
Take a look at the second image posted below. You will think Cloudflare block _only_ attackers. It's not.
|
||||||
@ -196,14 +196,14 @@ Also see [Frequently Asked Questions](faq.md).
|
|||||||
|
|
||||||
* Add WTF-Cloudflare news to [NEWS.md](NEWS.md)
|
* Add WTF-Cloudflare news to [NEWS.md](NEWS.md)
|
||||||
|
|
||||||
* Search something on [Searxes Tor](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) or [clearnet](https://searxes.eu.org/) (this will help collecting Searxes' "MiTM domains")
|
* Search something on [Searxes Tor](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) or [clearnet](https://searxes.eu.org/) (this will help collecting Searxes' "MITM domains")
|
||||||
|
|
||||||
* Take a look at add-on code and try it
|
* Take a look at add-on code and try it
|
||||||
|
|
||||||
| Name | Firefox | Chrome |
|
| Name | Firefox | Chrome |
|
||||||
| -------- | -------- | -------- |
|
| -------- | -------- | -------- |
|
||||||
| Block Cloudflare MiTM Attack | [Code](addon_firefox/bcma) | [Code](addon_chrome/bcma) |
|
| Block Cloudflare MITM Attack | [Code](addon_firefox/bcma) | [Code](addon_chrome/bcma) |
|
||||||
| Are links vulnerable to MiTM? | [Code](addon_firefox/ismitmlink) | [Code](addon_chrome/ismitmlink) |
|
| Are links vulnerable to MITM? | [Code](addon_firefox/ismitmlink) | [Code](addon_chrome/ismitmlink) |
|
||||||
| Which website rejected me? | [Code](addon_firefox/whyrejectme) | [Code](addon_chrome/whyrejectme) |
|
| Which website rejected me? | [Code](addon_firefox/whyrejectme) | [Code](addon_chrome/whyrejectme) |
|
||||||
|
|
||||||
* Try & write new [Tool / Script](tool/)
|
* Try & write new [Tool / Script](tool/)
|
||||||
@ -240,7 +240,7 @@ flagged for spam and will be deleted. See "List of services blocking Tor" for de
|
|||||||
# Who uses this list?
|
# Who uses this list?
|
||||||
|
|
||||||
* [Searxes](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) meta-search engine
|
* [Searxes](http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/) meta-search engine
|
||||||
* [Block Cloudflare MiTM Attack](https://addons.mozilla.org/en-US/firefox/addon/bcma/) add-on
|
* [Block Cloudflare MITM Attack](https://addons.mozilla.org/en-US/firefox/addon/bcma/) add-on
|
||||||
* Some Browser Add-ons
|
* Some Browser Add-ons
|
||||||
|
|
||||||
---
|
---
|
||||||
|
@ -78,8 +78,8 @@ More important, though, is that it starts to form a ratchet for web browser tech
|
|||||||
"When you fetch a page from a website that is served from Cloudflare, JavaScript has been injected on-the-fly into that page by Cloudflare. And they also plant a cookie that brands your browser with a globally-unique ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
"When you fetch a page from a website that is served from Cloudflare, JavaScript has been injected on-the-fly into that page by Cloudflare. And they also plant a cookie that brands your browser with a globally-unique ID. This happens even if the website is using SSL and shows a cute little padlock in your browser" [10]
|
||||||
|
|
||||||
- Cloudflare tracks you
|
- Cloudflare tracks you
|
||||||
Even if your traffic is protected from onlookers, Cloudflare itself can see your traffic[6] because they are a MiTM[14][31].
|
Even if your traffic is protected from onlookers, Cloudflare itself can see your traffic[6] because they are a MITM[14][31].
|
||||||
In addition, if Cloudflare[53] has intercepted your traffic(MiTM), so has the NSA[33].
|
In addition, if Cloudflare[53] has intercepted your traffic(MITM), so has the NSA[33].
|
||||||
"If a site uses Cloudflare, then the browser lock icon is a false promise."[14]
|
"If a site uses Cloudflare, then the browser lock icon is a false promise."[14]
|
||||||
"The short version, a rhetorical question: Would you trust a key escrow regime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34]
|
"The short version, a rhetorical question: Would you trust a key escrow regime, in which an “authorized” entity was entrusted with the potential to decrypt all communications at will? If not, why would you trust a de facto mass decryption chokepoint at which many communications are actually decrypted?"[34]
|
||||||
In other words,
|
In other words,
|
||||||
@ -112,7 +112,7 @@ The next time a large group wakes up, millions of websites might be down (includ
|
|||||||
|
|
||||||
*Background : How Cloudflare threatens the web*
|
*Background : How Cloudflare threatens the web*
|
||||||
|
|
||||||
- Cloudflare is a MiTM for the whole web
|
- Cloudflare is a MITM for the whole web
|
||||||
|
|
||||||
- As of 3 years ago 10% of the top 25,000 websites used Cloudflare[2]
|
- As of 3 years ago 10% of the top 25,000 websites used Cloudflare[2]
|
||||||
- A billion people in china are restricted by the Great Firewall[8]. Anyone who goes so far as to circumvent that must then deal with the "Great Cloudwall" for accessing the open internet.
|
- A billion people in china are restricted by the Great Firewall[8]. Anyone who goes so far as to circumvent that must then deal with the "Great Cloudwall" for accessing the open internet.
|
||||||
@ -203,7 +203,7 @@ of problems that, if we don't solve them, something like Cloudflare is roughly i
|
|||||||
|
|
||||||
*Cloudflare DNS*
|
*Cloudflare DNS*
|
||||||
|
|
||||||
"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MiTM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a business model around cobbling together superficial, overapproximating mitigations."[20]
|
"DNS[50] is around, servers are insecure, proper end-to-end crypto isn't the norm hence MITM goes unnoticed, anonymity is an edge case, routing lacks built-in resiliency to disruption, we're always going to have actors building a business model around cobbling together superficial, overapproximating mitigations."[20]
|
||||||
|
|
||||||
*Mozilla and Cloudflare*
|
*Mozilla and Cloudflare*
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user