TorFlow: Tor Network Analysis

TorFlow is set of python scripts written to scan the Tor network for misbehaving, misconfigured, and overloaded Tor nodes. The ultimate goal is to build an automated, distributed reputation system that feeds into the Tor directory servers and provides them with information on the stability, capacity, and trustworthiness of routers, so that they can set flags that clients can use in routing decisions. This is admittedly a lofty goal. In the meantime it should be able to figure out a bunch of neat stuff about Tor.

The utilities provided are built upon the TorCtl package, and contains the following scripts:

metatroller.py

The Metatroller provides high-level commands and settings for path construction via TorCtl.PathSupport, and gathers statistics on stream bandwidth, circuit construction time, circuit failures and stream failures. It also provides a meta control port for use by Tor scanners.

soat.pl/soat.py

soat.pl is a prototype exit scanner I wrote to do basic checks for content modification and injection by malicious or misconfigured exit nodes via several protocols. soat.py is the python reimplementation by Google Summer of Code student Aleksei Gorny.

speedracer.pl

SpeedRacer fetches a file repeatedly through circuits built by metatroller. It divides the Tor network into tiers based on percentiles of directory-reported node bandwidth and compiles statistics for each of these tiers itself and via metatroller.


For more detailed information on the current and future direction of these types of tools, see my Defcon 15 presentation on Securing the Tor Network.

Broken link

Great talk at Defcon this year. The link to the Torflow SVN is missing a ":"