Further Tor Vulnerabilities Discovered: Public IP Address of Tor Hidden Sites Identified via SSL Certificates

Published on:
TOR in the form of binary code, 3D illustration
A security researcher at RiskIQ has found a way of identifying the public IP addresses of misconfigured Tor hidden services via SSL certificates.

Millions of people all over the world depend on the Tor network to browse the internet securely and privately every day.

However, Tor is not 100 percent safe from compromise. Tor users can misuse the tools to access the network and give away their identity.

This occurrence is currently being highlighted as an internet security researcher has discovered a new Tor vulnerability.

Yonathan Klijnsma, who is a threat researcher at California-based cybersecurity firm RiskIQ, recently found a way to identify the public IP addresses of misconfigured Tor hidden services.

This discovery highlights the dangers of improperly configuring a Tor hidden service. The main purpose of setting up a darknet site on Tor is to allow the owner of the website to stay anonymous.

However, the site administrator has to configure the web server properly to keep the site anonymized.

Your TOR usage is being watched

Proper configuration means that the web server listens only on localhost ( as opposed to an IP address that is available to the public via the internet.

As shown in a tweet, Klijnsma found that there are numerous sites on Tor that use SSL certificates and have hidden services accessible via the internet that are not properly configured.

Misconfigured Tor Services a Major Problem

RiskIQ crawls the Internet, and any SSL certificate that it discovered is associated with its hosted IP address.

As such, it took little effort for Klijnsma to associate misconfigured Tor services to their public IP addresses.

The lead researcher stated that he comes across improperly configured servers on a regular basis.

This indicates that there may be a significantly large number of Tor hidden services with exposed public IP addresses.

Text sign showing Vulnerability. Conceptual photo Information susceptibility systems bug exploitation attacker Keyboard brown keys yellow laptop idea create computer keypad laptop.
Millions of people all over the world depend on the Tor network to browse the internet securely and privately every day.

Klijnsma’s findings didn’t seem to go well with some of the Tor users. They felt that Klijnsma’s research was an attack on Tor and similar services.

But the security researcher was quick to clarify the purpose of his research. Through another tweet, he further stated that he seeks to shed some light onto the dangers associated with improperly configuring of a Tor hidden service.

He emphasized on the inherent security differences of setting up the listening host for servers as and

The researcher reiterated the importance of only listening on the former to protect Tor hidden services from exposure.

Tor & SSL Certificates

It is rather ironic that SSL certificates can contribute to a vulnerability in the Tor network. SSL is the backbone of the secure internet, and it serves to protect sensitive information.

The SSL drawback in regard to anonymity here is that the certificates can help to identify the public IP addresses of sites on the dark web.

When the administrator of a Tor hidden service includes an SSL certificate to their website, the .onion domain is associated with the certificate.

If the operator misconfigures the Tor site such that it listens on a public IP address, that certificate with the .onion domain will also be used for the IP address. 

Write for us


The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.