-----BEGIN PGP SIGNED MESSAGE-----
Tor Hidden Services ( TorHS ) allows for users of Tor to host their services/websites in such a way that it is very hard to track the hosting location and even to attack them where necessary. This website for example is run on a TorHS hosted webserver as is the Aotearoa Leaks Dead Drop.
There are some TorHS websites that, well, just need a fucking scrub-cutter taken to them…in order to on balance, justify the existence of Tor itself which makes it possible for these sites to exist with impunity ( along with of course, lots of other sites and services that are beneficial to planet Papatuanuku ), a targeted attack is needed against TorHS’s that can effectively dice a bad onion, but not hurt the Tor’s anonymity volunteer network of guards, relays, exit nodes etc.
Criteria of the attack:
1/ A method preferably restricted to attacks only against TorHS webservers, else the attack can be used on non-TorHS websites therefore using up Tor resources without benefiting the Tor volunteer anonymity network, and or resulting in blacklisting of Tor exit nodes.
2/ Does not overwhelm Tor’s volunteer guard/bridge/relay network: The attack needs to use as little Tor resources as possible.
Fortunately someone has already come up with an implementation that does just this. Rootseck’s Torloris delivers the Slowloris attack via Tor on to its intended target.
The type of attack is a thread consumption attack on Apache. Uses very little data. The one issue though is that Torloris can also be used against any website which could result in many if not all of the Tor exit relays being needlessly banned.
I present Torloris For Onions. This is a quick’n’crude edit of Torloris to restrict it to *.onion websites only.
1/ You will need Tor ( TorBrowser ), Perl and IO::Socket::Socks module
2/ For Windblows users you will need perl activestate, and install module IO::Socket::Socks
c:\perl\bin\perl ppm install IO::Socket::Socks
Usage: Obviously edit the demo onion URL ( abcdefghijklmnop.onion ) and replace with the onion address that needs slicing and dicing.
Code Repository: https://github.com/Taipo/TorLoris-For-Onions
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----