New release of Advanced TOR: version 0.1.0.5.
Changes:
- corrected: if LoadLibrary failed in target process, it was still shown as intercepted
- corrected: when unloading the AdvTor.dll, UnloadDLL did not wait for PipeThread to finish
- corrected: high CPU usage if no running exit nodes were found (thanks to RoLex for reporting this problem)
- corrected: system tray menus were not closed when the user clicked outside them
- corrected: AdvTor.dll did not always close handles of remote threads
- corrected: AdvTor.dll did not always free the memory it allocated in other processes
- corrected: AdvTor.dll did not intercept process creation functions if the option to fake local time was disabled
- corrected: intercepted processes that were not updated in GUI were not released when AdvTor exited
- corrected: intercepting functions in suspended processes sometimes failed
- corrected: AdvTor.dll could re-hook same procedure twice if a previous instance was terminated from task manager
- corrected: AdvTor.exe will no longer attempt to intercept itself if the user selects it from process list (thanks to RoLex for reporting this error)
- if no running exit nodes can be found for selected country, the notification message is shown only once, until a good exit node is found (thanks to RoLex for reporting this problem)
- the confusing message "attempt to bypass proxy settings" is replaced with "redirecting connection from address" (thanks to Meka][Meka for reporting this problem)
- system tray menu has a new submenu "Release" with all intercepted processes to allow unloading AdvTor.dll from them
- AdvTor.dll now shows more information about interception failures
- AdvTor.dll no longer loads user32.dll in intercepted processes
- AdvTor.dll also intercepts functions gethostbyname, WSAAsyncGetHostByName, gethostbyaddr, WSAAsyncGetHostByAddr (Windows 2000+), getnameinfo, GetNameInfoW, getaddrinfo, GetAddrInfoW (Windows XP SP2+) (thanks to RoLex for helping with tests)
- programs that are intercepted by AdvTor will have all DNS queries and reverse DNS queries resolved by OR network
- programs that are intercepted can access .onion addresses, AdvTor.dll will resolve them to an IP within range 127.16.* (localhost) and will keep a cache with geneated IPs and corresponding .onion addresses to use in connection requests
- process tree also shows PID values when selecting a window
- when AdvTor.dll sends a notification about an intercepted process that doesn't respect proxy settings, it also shows the PID for that process (requested by RoLex)
- the lists with exit nodes will also have an entry "no exit", for those who want only to see where an intercepted program would connect, but without allowing it to connect or to send anything
- added verification for "localhost" so an intercepted process won't try to use OR network to resolve it (Opera resolves "localhost" every time you save a file)
- added verification for "wpad" to prevent vulnerable applications from using OR network to resolve it (Chrome, IE, Yahoo Messenger, etc.)
Download:
Version 0.1.0.5 of Advanced TOR can intercept all DNS / reverse DNS queries and redirect them to OR network. If an application doesn't always use its configured proxy settings, a warning message is shown in Debug window and its connection attempts and DNS queries are redirected. Those familiar with Tor know that Tor can work with addresses that can not be resolved by normal name servers. Addresses of hidden services (*.onion) are valid only in OR network but they are connect-only and they don't resolve to an IP. In this particular case, when a program calls a resolve function for an .onion address, AdvTor will return a fake IP in range 127.16.* and it will keep a cache with fake IPs + corresponding .onion addresses that will be used when a program wants to connect to one of these addresses.
As an example, let's see how we can use telnet to connect to the hidden wiki. First, we start a command prompt and use the "Force TOR" option to intercept its process creation functions and Winsock calls.
To use telnet to connect to the hidden wiki, we can use the following command:
| Code: | | telnet kpvz7ki2v5agwt35.onion 80 |
|
When the connection is established, a good HTTP request can be sent with telnet:
| Code: | GET /wiki/index.php/Main_Page HTTP/1.0
Accept: */*
Accept-Language: en-us
Accept-Encoding: identity
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: kpvz7ki2v5agwt35.onion
Connection: Keep-Alive
|
|
See also:
|
