[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Feasibility of using a Tor Browser plugin as a PT component?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
From: David Fifield <david@xxxxxxxxxxxxxxx>
Date: Fri, 21 Feb 2014 20:08:59 -0800
Cc: Chang Lan <clan@xxxxxxxxxxxxxxxxx>
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Feb 2014 23:09:36 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

We're making progress on meek (https://trac.torproject.org/projects/tor/wiki/doc/meek),
the transport that hides your traffic in HTTPS requests to an
unblockable web site. It's already doing a good job at reliably
transfering bits. What we'd like to do next is remove trivial means of
blocking it based on network fingerprinting. We're currently using the
golang HTTPS library, and at https://trac.torproject.org/projects/tor/wiki/doc/meek#Distinguishability
you can see meek's TLS differs from Chromium's in its ciphersuites and
extensions.

It seems the right thing to do is mimic a browser, and I can think of at
least three ways to do that:
1. Try really hard, using NSS or some other library, to look like a
particular browser.
2. Run a second browser, apart from Tor Browser, that receives commands
from a client PT program and makes the HTTPS requests it is
commanded to.
3. Run a browser plugin *inside* Tor Browser, that makes HTTPS requests
*directly on the Internet, without going through Tor*. That is, the
plugin receives commands from the client PT program, and then
bypasses all of Tor Browser's proxy settings in order to send HTTPS
requests to the web site fronting the circumvention.

It's the third option I want to ask about. The first option puts us on
the parrot treadmill. The second has the usability and distribution
problems of running two browsers at once. The third is slightly crazy,
but more usable and easier to deploy. The third option is definitely
what I would do if I were using a browser other than Tor Browser and
designing purely for circumvention and not anonymity.

Is it even possible to run a plugin that bypasses the proxy settings? (I
know a binary plugin like Flash can do it--but does that use the
browser's HTTP engine or do they cook up their own HTTP with sockets?)
Would Tor Browser's customizations, for example the modified User-Agent
string, defeat the purpose of looking like an ordinary browser? Anything
else I'm missing?

This is just brainstorming; negative answers won't be the end of the
project. The first option might not be too bad if we use NSS directly.

David Fifield
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
  - From: Arlo Breault
- Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
  - From: Ximin Luo

Prev by Author: Re: [tor-dev] obfsproxy dns transport
Next by Author: Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
Previous by thread: Re: [tor-dev] Accessing hidden services with TAP or ntor
Next by thread: Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
Index(es):
- Author
- Thread