Personally, I would say this is a bad idea for pen-testers. As you probably already know, whoever is in control of the exit-node, or the last person in the chain of Tor routes, would be able to sniff that traffic as if it was originating from their network. Just because the Tor traffic is encrypted between nodes, doesn't mean it can encrypt the traffic to the final destination, unless it was encrypted in the first place.

That means whatever information discovered during a pen-test, which is supposed to help reveal security faults before the public can exploit it, would then have a chance of being disclosed to an anonymous person in the Tor community. And if you've signed a nondisclosure agreement, that would not be good for you if it was to be released to the public.

That's how I see it, anyway.

Thanks for both replies. I dont intend to do this on assignment, but I would like to know how this is done, As Grendel said, it could be useful one day. Besides, I dont know how many tor users are hackers, most being pirates and users in countries with "great firewalls". The one i'm in has a "little firewall".

I found a video on youtube that shows one way to do it, it requires proxychains, which is a linux program. There also appears to be a commercial product that does the same thing, Protoport Proxy Chain,but it has low reviews in terms of functionality. http://download.cnet.com/Protoport-Proxy-Chain/3000-2144_4-10497250.html

Thanks for the info, I have set it aside for later, once I get a linux PT box set up. Are you familiar with any ways to do the same on Windows? Im fairly sure that proxychains is *nix only.

Thanks for the heads up!

Hey TT,

I replied to your message a few days ago, wasnt sure if you received it?