Tor Misconfiguration can Expose Hidden IP Address


Staff member
Mar 3, 2018
Security Researcher Yonathan Klijnsma discovered a vulnerability in many sites on the anonymized Tor network. These sites are configured to listen to any IP address, allowing the RiskIQ web-crawling service to identify the servers' IP addresses through SSL certificates. As he publicly exposed the IPs of several .onion sites, users on Twitter accused Klijnsma of attacking the Tor service. Klijnsma responded by saying he's trying to secure the Tor network, not sabotage it, and that Tor websites should be properly configured to "only listen on"

When asked how often he sees misconfigured servers that expose their public IP address, he told us that it is quite common. "Continuously. I'm not even kidding. Some don't listen on http/https, so I don't know what they are, but they have onion addresses and live on both clear and dark web." Klijnsma told BleepingComputer.