Tor Browser Hacking


Edited 2019-07-13 based on concerns


Replacing.onion in your browsers url bar, press go and you will be redirected to that darknet site without the need to download or configure any new software such as Tor and I2P. Method 2 - Using.Onion chrome plugin/extension. Pseudo Harmer Hacker is a Darkweb site on the Tor network which offers Hacking services. They offer everything from the simplest Cell phone and E-mail hacking, to more complex jobs like hacking into Private company databases and school databases. In this book we’ll delve into the worlds of both Hacking and using Tor to stay anonymous. It might come as a surprise to you is that hacking does not need to mean having mad computer skills. You need to know some basics, naturally, but hacking a computer system is a lot simpler than you might think.

I do not condone the use of this information for creating illegal web crawlers. This was more an informational exercise and I wanted to share it with others. Another thing to note is that some sites are able to automatically block IP’s that are Tor exit nodes, so this may not work for some sites that go to these measures.

The Problem

The other day I was starting the search for a new aparment in New York City, which I have done a couple of times now, and was frustrated that StreetEasy doesn’t allow you to filter apartments that are available after a certain date. After a quick search I realized that people have been requesting this feature for years (since Oct 2015 to be exact), and it was nowhere in sight and there didn’t seem to be any services out there that did it either. So I had a thought, I used to web scrape sites using Python, why not try it on StreetEasy and filter the apartments myself. Spoiler alert I wasn’t able to do this for a reason I will explain in more detail, but this led me to use a lot of old tools I hadn’t used in a while and come up with a script for scraping through Tor and switching IP’s between requests.

The Roadblock

So first let me quickly describe the reason I wasn’t able to scrape StreetEasy. At first glance, there appeared to be a few different StreetEasy scraping scripts on Github. However, I thought it was simple enough I’d prefer to do it myself. It had been a while since I had scraped sites and I wanted to do it all (mostly) on my own. However, the first task in my iterative approach was to just get a listing page for a StreetEasy search. This quickly led me to receive the following html

My initial thought was since I was using the requests library that I wasn’t rendering JavaScript so after doing some googling I came across two ways to render JavaScript in Python. I could use the new requests-html library or I could use selenium. However, I quickly realized neither was able to give me the result I wanted, I was still getting the same html page that said “Pardon Our Interruption”. So now I decided to take a closer look at the scraping scripts I saw on [Github])( earlier. A few of them had warnings about how their scripts no longer worked because StreetEasy started using Distil Networks to protect them from unwanted bots and web scrapers. After a couple of google searches, I quickly realized I wasn’t going to break through Distil Networks checks very easily and decided to table the web scraping of StreetEasy. Nevertheless, I had come back to web scraping after years and was interested in what I could do with it.

The Final Result

When I initially thought I was going to web scrape StreetEasy, I wanted a way to do it without getting throttled because I knew I was going to have to go to a lot of individual listing pages to get information. I originally thought this was going to be the biggest problem for me to overcome so I put some thought into it. While in college, I had done some research on Tor and the dark web under Soumya Basu. A brief synopsis of Tor without getting into two much detail is that it’s an onion router. Tor itself stands for The Onion Router (big surprise I know). What Tor does is it routes your traffic through multiple nodes(computers/servers) in a circuit, and then when your HTTP request reaches your end server it looks like it came from the last node in the Tor circuit. Generally there are three hops in the circuit, and it will send your request to a node then that node only knows where to send the message to next until you reach your final destination like How it does that is by encrypting your request in multiple layers, and at each node a layer is decrypted so it knows where to send the request next until we reach the last(exit) node and the entire message is decrypted and it knows what request you are looking to make. Then the traffic is rerouted back through all the nodes in a similar way until it reaches you. The reason it’s called an onion router is because of the decryption and peeling away of the message at each node (like an onion).

Through my research I had become acquainted with the Stem Python package that would allow you to interact with Tor in Python. I knew you could use Tor as a proxy and route your HTTP requests through it in Python, so I thought this could be a good solution to the throttling problem. I imagined the throttling would be IP based, so I could use Tor and change my exit node between requests so that my web scraper wasn’t throttled. However, this ended not being the biggest problem I had sadly.

Still, I wanted to give it a go because I thought it could be an interesting application in theory. So the general idea behind it was as follows

Tor browser hackingHacking
  1. Run Tor on your computer
  2. Use Tor as a proxy for selenium in Python
  3. Make a request to a website
  4. Request a new end node/circuit from Tor
  5. Repeat steps 3 and 4 until all your requests are made

The code for this is as follows (I saved this as a file called and ran it as python This was developed using python 3.7.2 (I use Anaconda and conda for Python version management)

Before starting there are some requirements

  1. Install Tor on your computer, for macs this can be accomplished using homebrew brew install tor. You can then run it constantly in the background using the command brew services start tor or run it manually using the command tor.
  2. Make sure you have firefox installed on your computer, this will be required if you want to use the same selenium code above. You can use other browsers but the my_proxy method will need to change slightly
  3. Install selenium, stem, and beautiful soup Python libraries using the command pip install selenium stem bs4
  4. You will also need to update your torrc and restart Tor so that you can make requests to the Tor controller. On a mac you can find your torrc file at /usr/local/etc/tor/torrc.sample. Rename it to torrc by doing mv /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc and then uncomment the following lines (I will copy the full torrc at the bottom of this post)

Now let’s talk about the code a little

This method is what allows us to switch our IP. It issues a signal (Signal.NEWNYM) to the Tor Controller Port, which tells Tor that we want a new circuit for traffic to be routed through. This will give us a new exit node which means our traffic looks like it’s coming from a different IP.

This method sets up our selenium webdriver to use the Firefox browser in headless mode and to use Tor as a proxy to route our traffic through. This ensures that all of our requests to our selenium webdriver go through Tor and look like they are coming from our exit node.

This last bit of code just sends a request to so that we can check the IP of our request through our selenium webdriver. We print out the ipv4 and ipv6 addresses of the exit node of our Tor circuit because sometimes it’s ipv4 and sometimes it’s ipv6. Then after that we request a new IP by requesting a new Tor circuit to be built. If everything goes well you should get a result in your terminal that looks something like

As you can see my IP address changes between calls, which is exactly what we are looking for. The server we are making the request to thinks that we are the Tor exit node, and each request we made looks like it’s coming from a different computer. The None values are because if you have an ipv4 value than it doesn’t show anything for ipv6.

And just like that you can hide your real IP when making HTTP requests using Python. I hope this is hepful, and if you have any questions or corrections feel free to leave a comment below!

Additional Resources

Full Torrc

There's $20B in buyer demand for technology M&A. Where's it going?
Our Technology M&A: 2021 Outlook gives owners, founders and entrepreneurs insight into why e-commerce is dominating technology acquisitions, what this means for multiples, when investors are looking to allocate capital and more. Download now.

News that two Carnegie-Mellon CERT researchers have developed an inexpensive way to breach the Tor network has the project, privacy advocates, and probably criminals who use the network equally concerned.

The Tor Project posted has advised relays to upgrade to Tor 0.2.r.23e or to close the protocol vulnerability used by the researchers, but It warned that preventing traffic confirmation in general 'remains an open research problem.'

Hidden service operators should consider changing the location of their service, the Tor Project said.

'So much for being secure,' remarked Jim McGregor, principal analyst at TIrias Research.

'If you were using Tor for classified communications and data, this could be very serious,' he told TechNewsWorld.

What the Tor Project Found

On July 4, the Tor Project found a group of relays that were trying to deanonymize people who operate or access Tor hidden services by modifying Tor protocol headers to conduct traffic confirmation attacks.

The attack also probably tried to learn who9 published hidden service descriptors, Tor said.

This would let the attackers learn the location of hidden services and, in theory, link users to their destinations on normal Tor circuits, although this was unlikely because the operators did not operate any exit relays.

The attack might aid other attackers in deanonymizing Tor users, the project cautioned.

Technical Details of the Attack

The attackers are believed to have used a combination of a traffic confirmation attack and a Sybil attack.

In a traffic confirmation attack, the attacker controls or observes the relays on both ends of a Tor circuit and compares traffic timing, volume or other characteristics to discover whether the two relays are on the same circuit.

If the first relay in the circuit, also known as the 'entry guard,' knows a user's IP address and the last relay knows the resource or destination being accessed, the user can be deanonymized.

There are several varieties of confirmation attacks; the one used consisted of the attackers injecting a signal into the Tor protocol headers at the relay on one end and having the relay on the other end read the signal.

That let the attackers obtain the HSDir ('suitable for hidden service directory') and Guard ('suitable for being an entry guard'). The attackers then injected the signal whenever it was used as a hidden service directory and looked for an injected signal whenever it was used as an entry guard.

Hacking Browser Game

The Sybil attack was standard. The attackers signed up 115 fast non-exit relays running on either of two IP addresses: or These added up to about 6.4 percent of the Tor network's Guard capacity, and they became entry guards for 'a significant chunk' of Tor users over the five months they were in operation, Tor said.

Was the NSA Involved?

The attackers were Carnegie-Mellon CERT researchers Alexander Volynkin and Michael McCord.

They were scheduled to present their findings at the Black Hat security conference, to be held in Las Vegas in August, but they canceled the presentation.

Richard Lynch of the Carnegie Mellon Software Engineering Institute, which runs CERT, demurred when approached for comment.

'Sorry, but we're not able to comment on Tor,' he told TechNewsWorld.

Hacking Browser Download

Carnegie-Mellon CERT boasts of partnering regularly with government and law enforcement, which has given rise to speculation that the NSA or U.S. law enforcement agencies may have been behind the attack on Tor.

'That was the first thing that came to mind,' McGregor said. 'Who better than the government to attack Tor?'

On the other hand, disclosure of the attack would have worked against the interests of law enforcement and the NSA, Rob Enderle, principal analyst of the Enderle Group, told TechNewsWorld.

Announcing the breach 'leads to people putting resources into monitoring this kind of attack,' he said, 'improving the response time, and moving to something that could be more difficult to penetrate or that's less well known.'

Richard Adhikari has written about high-tech for leading industry publications since the 1990s and wonders where it's all leading to. Will implanted RFID chips in humans be the Mark of the Beast? Will nanotech solve our coming food crisis? Does Sturgeon's Law still hold true? You can connect with Richard on Google+.

Can Tor Be Hacked

Online Cybersecurity Degree
Pursue lucrative and in-demand roles with Utica College's 100% online cybersecurity degree. You'll choose from four specializations to tailor your degree to your career goals. Study at an institution designated as a National Center of Academic Excellence in Cyber Defense Education (CAE/CDE). Request Information »