I read a security paper a long time ago about the attack surfaces for Tor Onion Services. I thought it was a good read and wanted to share a paraphrased version on Dread.

This post delves into various potential attacks on Onion Services. These attacks are often theoretical and not yet observed in practice, but they are possible. The type of attack you’re vulnerable to depends on the adversary’s interests and capabilities.

To provide clarity, I will categorise adversaries into four groups: 1) Client, 2) Network, 3) Local, and 4) Global.


1) Client

Client adversaries, utilizing only a Tor client and regular internet access, can potentially perform several types of attacks on onion services:

  • Determine Exploitability: A client adversary could assess if a specific onion service is exploitable and potentially exploit it, thereby learning its IP address or other deanonymising information.
  • Locate Public IP: They might also identify whether a particular onion service is exposed on a public IP address by scanning the wider internet.
  • Timing Correlation: A client adversary could deduce if a given onion service goes offline at the same time as a public Tor relay experiences downtime.
  • OnionBalance Suspicions: A client adversary could suspect the use of OnionBalance for load balancing in an onion service via distinct descriptors and microdescriptors.
  • Guard Suspicions: They may suspect that a particular onion service is using a specific Guard relay.

2) Network

Network adversaries, who control Tor relays or compromise them, have the potential to execute various attacks on onion services:

  • Guard Relay Discovery: They can determine the Guard relays you are using if any of these are their Layer2 middle relays.
  • Guard or Layer2 Relay Confirmation: They could verify if a specific onion service uses their Guard or Layer2 middle relays.
  • Non-usage Confirmation: They can ascertain if a specific onion service is not utilizing their Guard or Layer2 middle relays.
  • Client Access Suspicions: A network adversary may strongly suspect when your client accesses a specific service by controlling one of your Guard relays.
  • Service Operator Suspicions: They could strongly suspect that you operate a certain service by controlling one of your Guard relays.

3) Local

Local adversaries, such as WiFi router administrators, ISPs, or VPN providers, have a reduced level of surveillance compared to network adversaries. Their capabilities include:

  • Tor Network Usage Confirmation: Local adversaries can determine that you are using the Tor network due to the public list of Tor relays.
  • Unknown Onion Service Suspicions: They may suspect that your Tor client is hosting an unknown onion service due to distinctive traffic patterns.
  • Specific Onion Service Confirmation: If they are interested in a particular service, they could confirm its presence by observing relevant traffic.
  • Service Operator Suspicions: A local adversary could suspect you run a service if access to it is infrequent.
  • Client Access Suspicions: They may suspect your client’s access to an onion service, particularly when other client activities are limited.

4) Global

Global adversaries with extensive internet visibility, like the Fourteen Eyes, possess broader attack capabilities:

  • IP List Extraction: They can determine a list of IPs connecting to the Tor network.
  • Onion Service Suspicions: Global adversaries might suspect which IPs are hosting onion services.
  • Specific Onion Service Confirmation: If interested, they may confirm an IP hosting a specific onion service.
  • Service Operator Suspicions: They could suspect your operation of a specific service, especially if access is sporadic.
  • Client Access Suspicions: Similar to local adversaries, they may suspect your client’s access to specific services.

The actions to enhance security against these adversaries include:

  • Good Opsec: Ensure your onion service doesn’t leak information and follow best practices.
  • Use Bridges or Run a Relay/Bridge: Employ bridges or relays within your service to mitigate traffic analysis.
  • Configure OnionBalance: Implement OnionBalance for better traffic distribution and obfuscation.
  • Monitor Your Service: Keep an eye on your service for unusual activity or attacks.


These paragraphs provide a breakdown of each adversary’s capabilities, you need to assess which capabilities you are vulnerable to and devise a strategy to combat them – there are many Tor Control plugins that can help with this. For the sake of brevity, this post’s content has been heavily reduced. If you wish to know more, DM me for the full write-up.

Please let me know if you have any questions or feedback and have a super day!

Steve Dark

By Steve Dark

Steve Gais is a seasoned cybersecurity professional with over 10 years of experience in the field. He holds a Bachelor's degree in Computer Science from Stanford University and a Master's degree in Cybersecurity from MIT. Steve is known for his meticulous attention to detail and his ability to identify even the most subtle security vulnerabilities. When he's not researching protocols or playing in HackTheBox, Steve enjoys sipping on his favorite tea blend while munching on his favorite cookies. Despite his serious profession, Steve has a playful side and loves engaging in cybergames. Steve's twitter: https://twitter.com/stevegais