A security researcher spent a month to find bad TOR exit nodes by setting up a honeypot kind of website which has a fake login page – To find the nodes that sniffs the traffic and attempts to steal the password.
He used a simple login script that allowed any password ending wiht “sbtc”. He created a random password ending with “sbtc” (eg:d25799f05fsbtc) and used it via tor nodes.
The script also saves the login attempts and successful logins in a file with user agent, IP and time – This will help him to find the bad nodes.
“The results are not so surprising, but what is most surprising about this is that 2 nodes with the ‘guard’ flag had logged in twice. Also, none of these nodes has been flagged even though I reported them to Tor.” Researcher said in his blog.
He released the result of the test; He tested more than 130k Exit nodes within 32 days. He found that there were 12 failed-login attempts, 16 successful logins that had not come from the researcher.