[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Security issues: adding proxy after Tor

Hi folks,

I want to add a socks5 proxy (from a paid proxy provider) after Tor, but I am not sure what the security issues are when doing this. I want to add the proxy after the exit node and then connect to a website that is secured with SSL (Gmail.com).

But is it possible for the owner of the Tor exit node or for the provider of the socks proxy to capture the credentials of my Gmail account? Is this because there is no encryption between the the Tor exit node and the socks proxy?

And how can I encrypt the complete traffic (Me --> Tor --> Socks proxy --> Gmail.com)?

And in the case without adding a proxy after the Tor exit node, the connection between the Tor exit node and Gmail.com is encrypted because Gmail.com uses SSL? Is that correct?

Would appreciate any help. Thank you all!

Hey.
First id adviced you to use vpn on host,to mask tor traffic from your provider,second maybe you interested in vpn througt tor (vpn after tor) use vpn on workstation,while tor traffic goes from gateway.
Im also interested in this way and planning to test,but you know there is a problem with vpn interface on kde,need to configure network manager.

Or maybe your need only proxy,thats other disc.?

If you are using ssl connection exit node cant sniff your traffic,threoretically,but who can you trust gmail in this question?

You know better to use non proprietary services and software.

I want to add a socks5 proxy (from a paid proxy provider) after Tor, but I am not sure what the security issues are when doing this. I want to add the proxy after the exit node and then connect to a website that is secured with SSL (Gmail.com).

Please see:
https://trac.torproject.org/projects/tor/wiki/doc/TorPlusVPN

But is it possible for the owner of the Tor exit node or for the provider of the socks proxy to capture the credentials of my Gmail account?
When the adversary uses sslstrip and you fall for it, yes. When the adversary can break SSL, yes. (There have been cases were SSL was broken: https://www.whonix.org/wiki/SSL) Although breaking gmail SSL would be harder, I think. Some websites have the luxury of having some hardcoding of their SSL.
Is this because there is no encryption between the the Tor exit node and the socks proxy?
Yes. And because SSL isn't a substitute for Tor's onion like encryption. And because SSL is non-ideal itself.
And how can I encrypt the complete traffic (Me --> Tor --> Socks proxy --> Gmail.com)?
SSL is best you can get for gmail. Additionally, when caring for privacy, end-to-end encryption is mandatory (OpenPGP).

Looking at the bigger issue… Phone verification can be a problem. See: https://www.whonix.org/wiki/E-Mail#gmail (This means, Google could one day start asking for a phone number and when you don’t provide one, they lock you out of your account.)

There are alternatives to e-mail, see:


And in the case without adding a proxy after the Tor exit node, the connection between the Tor exit node and Gmail.com is encrypted because Gmail.com uses SSL? Is that correct?
SSL encrypts between you and gmail so or so. Just when using a proxy there are a few more servers (and ISP's) (see traceroute) capable of running a man-in-the-middle attack.

Hi, whona! And it may be worth refuse to use Tor Browser in favor of well-protected private proxy?

Hi! You can certainly use a private proxy. I have several times to buy access to private proxy from different paid providers, for the last time - on http://buy.fineproxy.org/eng/individualproxy.html. But still remains the “weakest link” - gmail. What about to choose a more secure mail?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]