I heard recently there is a massive tor exit node http downgrade attack which malicious attackers control more theran twenty percent of tor exit node. I encountered this attack today and carelessly typed my sensitive credential into a http login page.I tried to mitigate the http downgrade attack but Qubes-whonix seems have some very weird mechanism makes doing it very difficult.
First I tried to ban all non-https connection in https everywhere, and it turned out work very well. The problem is I need to do this everytime in the disposable vm, which is pretty meaningless because I forget to do it most of the time.
I tried to do this modification in the template browser, so refuse to connect http sites will be a default behavior of all spawned disposable vms, but first problem is the “you cannot open torbrowser in the template”. I commented out in tb_allow_start_in_templatevm=true /etc/torbrowser/30_default, but torbrowser command in bash still refuses to start torbrowser and indicates “Neither /var/cache/tb-binary/.tb/tor-browser/Browser/start-tor-browser nor/var/cache/tb-binary/.tb/tor-browser/start-tor-browser nor /var/cache/tb-binary/.tb/tor-browser/start-tor-browser.desktop is executable.” I tried to launch torbrowser in root but it refuses to launch as root.
Fine, so I just chmod o+x the launcher,but use command torbrowser just comes with more permission problems. “Browser/Data/Browser/profile.default/user.js’: Permission denied
[ERROR] [torbrowser] /usr/bin/torbrowser script bug”
“touch: cannot touch ‘/var/cache/tb-binary/.tb/tor-browser/slider-question-done’: Permission denied
[ERROR] [torbrowser] /usr/bin/torbrowser script bug.”
After fixing these permission problems one by one running torbrowser comes with this bug “[ERROR] [torbrowser] Tor Browser ended with non-zero (error) exit code!
Tor Browser was started with:
/var/cache/tb-binary/.tb/tor-browser/Browser/start-tor-browser --allow-remote .
Tor Browser exited with code: 126”. Search this error code led to an ancient tor browser help ticket which is not helpful at all https://trac.torproject.org/projects/tor/ticket/6493.
At this poing I messed up my whonix workstation and I need to reinstall my whonix template.
Ok I just uses template revert and got my whonix template back, and we can continue now.
I tried to edit the dvm template and changed the settings in torbrowser gui, but it seems like the spawned disp vms do not inherit
settings from dvm torbrowser.