[tor-talk] Self-deleting scripts in http connections

[Jonathan Marquardt]

> This sequence of events got me thinking; the exit node queries servers on
> the behalf of the Tor Browser. Some sites simply cannot be connected to via
> HTTPS. Thus, the exit node must query the site requested in HTTP, which can
> be modified in transit. If done, what form of protections could a MitM do
> between the site and the exit node bypass by, say, inserting a CSS document
> that references an external JS script to force a query from the browser?

Such an attacker could insert some JS or cookies etc. to track a user around 
the web or more dangerous attacks like stealing user data. The possibilities 
of JS are far-reaching. In the worst case scenario, JS can be used to exploit 
a user's device and gain priviliges within the OS. Such an attack has just 
been discovered last month on this mailing list right here.