Proof of concept deanonymizing I2P/TOR users
10 Oct 2012
This has a very small attack surface, but it is designed to show you how important it is to have proper settings on your I2P/TOR browser.
I used to have these bad settings myself so I am writing to make others aware of the danger.
(This video at 4:35 shows how I had it set up when it was vunerable)
Note how I use regex to chose the proxy settings. This allows for an attacker to trick my browser to call a server outside of the I2P network.
If this shows your normal IP address and not the TOR/I2P (localhost) then you must review your proxysettings!
Here is a image of me accessing the I2P version of this blog with bad proxy settings.