De-Anonymization Techniques in the Tor Network Using an Experimental Testbed

Tor is an anonymization network that enables access to hidden services and protects user identity through layered encryption. While its core technology offers strong privacy, users can still be exposed through indirect attack methods or configuration mistakes. This research not only explores de-anonymization techniques but also provides a practical guide for constructing a fully functional experimental Tor environment using virtual machines. The custom-built testbed allows for safe simulation of attacks without impacting the public Tor network. Within this environment, three key information-gathering approaches were evaluated: (1) malware-based reverse shells that establish external communication, (2) malicious PDF and Office files used to trigger outbound connections, and (3) analysis of service misconfigurations that may reveal the IP address of hidden services. The results confirm that although the Tor network itself is resilient, user behavior, improper configurations, and insecure content handling can lead to significant privacy risks. By combining practical environment setup with real-world attack scenarios, this paper serves both as a reference for building experimental Tor networks and as a security-oriented analysis of known de-anonymization vectors. The findings emphasize the critical need for user awareness and precise configuration in privacy-focused technologies.