Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information


Speculative Tor Attacks

About this Speculative Tor Attacks Page
Support Status stable
Difficulty easy
Maintainer torjunkie
Support Support


Tor is not invulnerable to attacks. Many users are familiar with research highlighting that the Tor network is susceptible to Traffic Analysis, Confirmation Attacks and potential Guard Discovery. These techniques similarly affect Whonix ™ and could potentially lead to deanonymization under specific circumstances.

However, a number of other lesser-known attacks are mentioned in the literature, and these should not be withheld from the reader. Note that many of these may have already been addressed by the Tor Project, but they have been listed for completeness. Any additional attacks that are not mentioned can be freely added by the reader.

Tor Ecosystem Attacks[edit]

Since Tor's inception, studies conducted on onion networks have found adversaries are capable of attacking three different entities: [1]

  1. Client: a client of the Tor network is targeted to identify it.
  2. Server: the Tor onion (hidden) service is targeted to reveal its identity or to weaken it.
  3. Network: the broader Tor network itself is targeted, usually via multiple malicious Tor nodes.

Note that generic attacks also exist for more than one Tor entity; typically both the client and server are targeted at the same time.


The following table summarizes known (speculative) Tor attacks and the specific target categories. The various attacks can be used by malicious actors to either retrieve information or to perpetrate harmful activities. Those attacks which have been addressed by The Tor Project or do not affect Whonix ™ are marked accordingly.

Table: Tor Entity Attack Vectors [1]

Tor Threat Tor Entity Description
Induced Tor Guard Selection [2] Client Tor clients can be induced to adopt a malicious Tor guard (entry) node via: altering traffic capabilities of the target, blocking connections to legitimate entry nodes at the network level, and so on. This greatly assists end-to-end correlation and other attacks.
Low-resources Routing [3] Client Note: This attack variant is no longer possible since directory servers now control the declaration of effective bandwidth. Adversaries commit or compromise high-bandwidth, high-uptime Tor routers. Exploiting the ability to report incorrect bandwidth values, the capacity of the node it lowered to low-bandwidth (but still reported as high-bandwidth), increasing the chances it is chosen for a Tor circuit and thereby aiding traffic correlation attacks.
P2P Information Leakage Client Note: this vector does not affect Whonix; see here. Connections to peer-to-peer systems are exploited to retrieve the IP address of the client. For example, adversaries can retrieve the IP address of clients connecting over Tor with the BitTorrent protocol when they communicate with the torrent tracker. [4] While tracker lists can be retrieved anonymously over Tor, the actual P2P connection is not -- meaning a MitM attack on this connection can redirect to a list that includes the IP address of a malicious torrent peer. This means the IP address of the client that originated the tracker request (over Tor) can be retrieved.
Plug-in based Attacks Client Note: This vector does not affect Whonix; see here. Plug-ins (external software) in the user's browser like Flash, Java and ActiveX Controls are exploited. Since these plug-ins run with user permissions on the operating system, they can bypass Tor Browser's proxy configuration settings and connect directly to the Internet. [5] [6]
Raptor Attacks [7] Client Autonomous Systems (ASes) that carry Tor traffic have significant eavesdropping capabilities. An AS or colluding ASes can perform timing analysis between the client and first relay, and between the last relay and destination, to deanonymize clients. [8]
Torben Attacks [9] [10] Client Information is revealed about webpages visited with Tor by manipulating web pages to force users to access content from untrusted sources, as well as exploiting Tor's low-latency characteristics to infer webpage indicators that are transmitted.
Unpopular Ports Exploitation Client This attack requires both a malicious service host contacted by the Tor client and an adversary-controlled set of exit nodes working in tandem. The malicious service injects a script into the client-requested webpage, leading the browser to open a connection to an Internet service on an unpopular port (through Tor). Since the adversary controls a set of exit nodes supporting this communication, the probability of increasing control over the exit node increases. [11]
Caronte Attacks [12] Server This attack uses a tool to automatically identify location leaks in onion (hidden) services. For example, content might reveal sensitive information served by the onion service, or configurations that disclose the IP address. Specifically, Internet endpoints are extracted as well as unique strings from the onion service's content, followed by examination of the service's certificate chain to identify possible Internet endpoints where the hidden service might be hosted. [13]
Cell Counting and Padding [14] Server In this attack, an onion (hidden) service is forced to connect to a malicious rendezvous point. A specially crafted (specific number) of Tor padding cells and a cookie/token generated by the client adds a signature to the traffic. If an entry node controlled by an adversary monitors and identifies these signatures, it can be deduced the guard node they operate was chosen by the onion service, thereby revealing its IP address.
Off-path MitM Attacks [15] Server An adversary who is capable of compromising (assuming) the onion service's private key can launch man-in-the-middle attacks on the targeted service. Without a revocation mechanism for onion services, it is difficult to mitigate this attack and the only available option is to abandon the .onion address and create a new one. [16]
Tor Cells Manipulation [17] Server Tor cells/packets are manipulated so it is possible to locate an onion (hidden) service. An adversary-controlled rendezvous point detects the request and applies small changes to the message/cell data before forwarding the message to the onion service. This acts as a timestamp of the modified cell, which is relayed to the central server under the adversary's control. The onion service sends back a destroy message to the client (since the cell is not intact). The combination of command specific on the cell (CELL DESTROY), the cell's timestamp, circuit ID and source IP address, means a central server might discover the IP address of the onion service via time correlation.
Denial of Service [18] Network Adversaries can mount Denial of service (DoS) attacks so that network components or services have reduced or no availability. In the case of 'CellFlood', malicious clients flood a targeted node with specially crafted cells. Since private key 1024-bit server operations are far (20 times) slower than operations with the public key -- and it takes four times longer to process rather than create a Tor cell -- all the computing resources of the target can be quickly exhausted by a continuous stream of CREATE cells.
Sniper Attacks [19] Network Sniper attacks allow adversaries to perform anonymous DoS attacks that disable arbitrary Tor relays (killing the Tor process on the machine). A Tor node is forced to buffer large amounts of data (with valid protocol messages), until it is overloaded and goes offline. By attacking a large set of nodes and degrading network capability, this increases the chance a client chooses an adversary-controlled node. [20]
Tor Bridge Discovery [21] Network In order to retrieve information on Tor bridge nodes which is not publicly available, two methods are used: bridges are enumerated through bulk emails and HTTPS servers over Tor; or malicious Tor middle nodes exploit the weighted bandwidth routing algorithms to discover bridges.
Traffic Analysis [22] Client + Server Adversaries capable of network traffic analysis insert packets server-side (specific, repetitive traffic in the TCP connection), and then try to observe these packets client-side via statistical correlation. Therefore, if a client is connected to a malicious server and the adversary controls a large number of entry (guard) nodes -- one of which is chosen in a given Tor circuit -- Tor client traffic can be identified.
Timing Attacks [23] [24] Client + Server This is a variant of the traffic analysis attack noted above, whereby packets exchanged between the client and the server are observed to try and identify a temporal connection. To be successful, the adversary must control both the entry (guard) and exit node of the target's Tor circuit. To improve the accuracy of the attack, adversaries can temporarily interrupt traffic at predetermined intervals. Note that Tor utilizes packet buffering, delays and shuffling techniques to protect from this attack class.


Whonix ™ does not vouch for the accuracy, completeness or currency of any of the attacks mentioned in this entry. However, it does highlight that in research settings, Tor processes and anonymity protection might be seriously degraded under specific conditions. Therefore, users who are likely to be targeted by advanced adversaries should bear this in mind when undertaking anonymous activities -- for a small subset, defaulting to offline activities (whenever possible) might be the only safe course of action in their circumstances.


  1. 1.0 1.1 Darknet Security: A Categorization of Attacks to the Tor Network
  2. A stealthy attack against tor guard selection
  3. Low-Resource Routing Attacks Against Tor
  4. Torrent trackers retrieve information about peers who can share the requested resource, that is, IP address and listening port.
  5. Browser attacks come in two forms: malicious server system embeds on public-facing servers (like Adobe Flash contents on the page); or using a malicious exit node to intercept clear HTTP connections and inject harmful plug-in contents.
  6. Explaining why browser plug-ins are disabled by default in Tor Browser.
  7. Anonymity on QuickSand: Using BGP to Compromise Tor
  8. This is done in three different ways: BGP routing changes that increase the number of ASes that can analyze a user's traffic; manipulating BGP announcements so ASes are selected on paths to and from relay nodes; and performing timing analysis on unidirectional traffic at both communication ends.
  9. Torben: A Practical Side-Channel Attack for Deanonymizing Tor Communication
  10. The research suggests these markers can be detected with an accuracy of over 91%, with no false positives.
  11. Attacking Tor through Unpopular Ports:

    The experimental analysis shows that by injecting a relatively small number of compromised relays (30 pairs of relays) allowing a certain unpopular port, more than 50% of constructed circuits are compromised.

  12. CARONTE: Detecting Location Leaks for Deanonymizing Tor Hidden Services
  13. When applied to 1,974 hidden services, the IP address was fully recovered in 101 (5%) of cases. This is technically not a Tor vulnerability, since it relies on mistakes by the hidden service administrator in the server configuration.
  14. Protocol-level hidden server discovery
  15. Off-path Man-in-the-Middle Attack on Tor Hidden Services
  16. Notably the adversary does not need to be located in the path between the client and the server for this attack.
  17. Deanonymizing schemes of hidden services in tor network: A survey
  18. CellFlood: Attacking Tor Onion Routers on the Cheap
  19. The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network
  20. The source paper notes:

    ...our experiments show that an adversary may consume a victim relay’s memory by as much as 2187 KiB/s while using at most only 92 KiB/s of upstream bandwidth. We extend our experimental results to estimate the threat against the live Tor network and find that a strategic adversary could disable all of the top 20 exit relays in only 29 minutes, thereby reducing Tor’s bandwidth capacity by 35 percent.

  21. Tor Bridge Discovery: Extensive Analysis and Large-scale Empirical Evaluation
  22. Low-Cost Traffic Analysis of Tor
  23. Browser-based attacks on Tor
  24. Timing Attacks in Low-Latency Mix Systems

No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.

Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.

Random News:

Don't mind having your name connected to Whonix ™? Follow us on Twitter / Facebook.

https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.