News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Can the tor exit node see/sniff credentials even if using https? : OpSec | Torhoo darknet markets

Of course it can see destination (website domain) but can it see data that one obviously doesn't want to be shared such as login credentials?

If no,
What prevents the owner of the exit node to set something like wireshark up in order to steal such data?

Been looking into running a private exit node for this reason. (Would be hosted offshore and unable to be tied to me besides the data passing through it)
/u/zuberdriver Atlas
1 points
1 year ago
You can try to sniff the exit node https traffic using mitmproxy. But the tor network might see your traffic latency issues and tag your node as bad. The usual risks of being admin of an exit node apply of course.
/u/HeadJanitor ۩ 𝓜𝓘𝓐 ۩
1 points
1 year ago
An exit node acts as a regular man-in-the-middle (passive or active), so the standard TLS properties apply.

When the exit node receives its packet, it will remove the last layer of encryption with its key. The exit node will see the destination address and forward the packet to that address but being protected by SSL it cannot see your login or credentials.
/u/Amphora Scam Detector
-2 points
1 year ago
[removed]
/u/HugBunter A (っ♡⃛人♡⃛)っ🐛
4 points
1 year ago

1
Awards Received
Bronze
1
They could however profile you and find out what account is yours on Dread, for example.


No they couldn't... don't talk about things you don't understand, its dangerous.
/u/Amphora Scam Detector
1 points
1 year ago
Thank you for the correction!
/u/pixie Notorious G.I.T.
3 points
1 year ago
Where did you get that idea?

As MITM you know the domain, but not the called path.

Only the sender and receiver know the path, query and fragment of the URI. Only the scheme and the authority part are known to those acting between the sender and receiver.

To make it clear:
scheme://user@host:port/path?query#fragment
Everything that comes after the port is unreadable for third parties with HTTPS.
/u/Amphora Scam Detector
1 points
1 year ago
Thank you for the correction!
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo