-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Quick Rationale:
Tor Hidden Services ( TorHS ) allows for users of Tor to host their services/websites in such a way that it is very hard to track the hosting location and even to attack them where necessary. This website for example is run on a TorHS hosted webserver as is the Aotearoa Leaks Dead Drop.
There are some TorHS websites that, well, just need a fucking scrub-cutter taken to them…in order to on balance, justify the existence of Tor itself which makes it possible for these sites to exist with impunity ( along with of course, lots of other sites and services that are beneficial to planet Papatuanuku ), a targeted attack is needed against TorHS’s that can effectively dice a bad onion, but not hurt the Tor’s anonymity volunteer network of guards, relays, exit nodes etc.
Criteria of the attack:
1/ A method preferably restricted to attacks only against TorHS webservers, else the attack can be used on non-TorHS websites therefore using up Tor resources without benefiting the Tor volunteer anonymity network, and or resulting in blacklisting of Tor exit nodes.
2/ Does not overwhelm Tor’s volunteer guard/bridge/relay network: The attack needs to use as little Tor resources as possible.
Fortunately someone has already come up with an implementation that does just this. Rootseck’s Torloris delivers the Slowloris attack via Tor on to its intended target.
The type of attack is a thread consumption attack on Apache. Uses very little data. The one issue though is that Torloris can also be used against any website which could result in many if not all of the Tor exit relays being needlessly banned.
I present Torloris For Onions. This is a quick’n’crude edit of Torloris to restrict it to *.onion websites only.
1/ You will need Tor ( TorBrowser ), Perl and IO::Socket::Socks module
2/ For Windblows users you will need perl activestate, and install module IO::Socket::Socks
Example: c:\perl\bin\perl ppm install IO::Socket::Socks
Usage: Obviously edit the demo onion URL ( abcdefghijklmnop.onion ) and replace with the onion address that needs slicing and dicing.
Code Repository: https://github.com/Taipo/TorLoris-For-Onions
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJX+KxjAAoJEL7YCbL0gxCTjQQP/iwvZYy/fnhSRkZ9ZJLaVIV0
n2BzSm/Ih669QwwN6QDm/u76RErhitbjmSWQ32RzMHhudvbNYHLVaHb55cDnR8cP
nfgMGgz1DMm9ScU7GhvzOXN7T/qntL/tQlmVsHySgkuboMPHAzwg7zWhCXSOHR5Y
/A+8ilQnytZiM7k/U3toW/TZNqxW85XOUHgUwn7eSdb8TMSvqRr47AS4W6f9xMyi
l6bm1m6iuA3/FDdvR9U6eA8foJw/sS0R6dPILy6qR2UQ9Qa/27bTzbr6TW8Mha7X
XPFo7R5mjX0WXomAgp2RFkbzVSA85GpyAGpPZJOxB3z9PT786SUxns5nysxB0nO2
85511u9AoxeTzwL4JjiaIo+LyhHyk1gRSPnpa447NDg68o+TjCz5pW5j8ry8cQK4
tVoKEotB60Q7rC+JC5LXP+FVFr2w4wCjorozxMK6A02kAEhZHVDeepGLb0CNsazE
TTR0pwuQJ5a7EaOVA5Zn0LwSKRZxKuIWU4pq+id8rf7LsD4qTSjTIbLA4Cn+R6oR
QvZoPDCSk23Gmgu98sITmuqlLfSpNVrfIudYyc/W5SYeF4LK+zg4cGpV0eLPCzRH
0BsywHU3SUrMGiRDN9YzgYSrf/JGpIdXzLwTYBNQxemxsbalZ5Ss7tnu+jKl8ULp
IY3orbIxFI+3ElF+GUqh
=to1+
-----END PGP SIGNATURE-----