[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Clearnet/Onion access for website

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Clearnet/Onion access for website
From: Alec Muffett <alecm@xxxxxx>
Date: Thu, 13 Nov 2014 20:59:34 +0000
Accept-language: en-GB, en-US
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 13 Nov 2014 16:27:22 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=facebook; bh=i6GbrS5NYAVf5khSCi7mdBb0PXDijtp01JnMo4mBDLc=; b=TmD2/lWi8z4YcbhAwFvCr5CDafnBi4kI+2K8xpzOcENCAHhEVzSOa+VWW8BCzamChz8Y v3yNWYRBrG26ewcYXMwU5U1nMi92CFtp339FXxis3rMq7sXpaWTlxV5edftEZU94OPuv 3aTnerOQ3e27Qa4fdQ7YLihk6WFj3sWFKwY=
In-reply-to: <20141113145358.Horde.0Gsp88XT1I-0X9pMLmqI4Q1@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20141113145358.Horde.0Gsp88XT1I-0X9pMLmqI4Q1@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQHP/1beK5r3WjYEzU26PmsMRTgp+ZxfkOAA
Thread-topic: [tor-talk] Clearnet/Onion access for website

Hi,

It rather depends upon the complexity of your âcleartextâ website.

If you have a small, simple website with no cookies and where all of the
URLs are ârelativeâ then maybe you could set up a Tor daemon and have the
hidden service to point at your usual webserver, but there would probably
be errors and without extensive testing/fixing the results are very likely
to be flaky. 

For any complex website it would be worse.

We did our initial proof-of-concept using âmitmproxyâ such that a Tor
daemon hosting a hidden service spoke to mitmproxy via localhost:443; this
terminated SSL and then a selection of commandline arguments rewrote the
content bidirectionally, such that:

- incoming request headers - Host/Referer/etcâ - which referenced the
onion address were rewritten in terms of the normal web address

- outgoing json/javascript/css/html in the response body which referenced
the normal web address was rewritten in terms of the onion address

- outgoing response headers which referenced the normal web address were
rewritten in terms of the onion address

- outgoing cookies had their domains changed in terms of the onion address

- caching was disabled, because debugging.

âand then the traffic was then forwarded to the normal web address over a
new HTTPS connection.

Overall the proof-of-concept was a single shellscript containing
approximately a single commandline with perhaps ten options.

Most of the site functioned over the onion address via this mechanism, if
somewhat clunkily.

This experiment worked sufficiently well for us to see what modifications
needed to be done to the main website code to make a solution that was fit
for production.

    - alec

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Clearnet/Onion access for website
  - From: tor

Prev by Author: [tor-talk] facebookcorewwwi cdn (Was: ...
Next by Author: [tor-talk] ChatSecure Problem?
Previous by thread: Re: [tor-talk] Clearnet/Onion access for website
Next by thread: [tor-talk] Defense against DDoS Attacks in Tor
Index(es):
- Author
- Thread