Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?

Subject: Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?

From: Arlo Breault <arlo@xxxxxxxxxxxxxx>

Date: Sat, 22 Feb 2014 17:47:55 +0000

Delivery-date: Sat, 22 Feb 2014 12:48:05 -0500

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=eD65Imcxnd88Z05AMoHSpObIniKSynw5ij6/hrDaHrY=; b=xRAtfbbXyx81TYs3zQ89lUsKsWuzBBaFxkUHm6LmWc0BSNw3myfLIWI3iOF+s67N7p N512ArEWYhNX1AZv0vgkBgdK7AQQhentiWNb6vwXWNHSKK5jx8JoQ+GwvT6dHCa+4fnd GXxNQtItj9Ukf8BAkGNkvoihYLrHO+DR3HSu+sQrk8Hpkpk//rwOJrADgwu5QNtlYpdY b9KrM+KqC4COIJEd1AMrBbqW+0El7Ebi/GEyRuU2C/PyyPu5EzAAApeqpRzMMx6GOWC6 3V5G3PDLskcVSUckHxHl5+QGTuxitLaP2O+ap6RfrnSOdWByM3E3uitAY7H1QUbjtTF0 2kBA==

In-reply-to: <20140222040859.GI23755@xxxxxxxxxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-dev/>

List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>

List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>

List-post: <mailto:tor-dev@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>

References: <20140222040859.GI23755@xxxxxxxxxxxxxxxxxxxxx>

Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

It seems the right thing to do is mimic a browser, and I can think of at
least three ways to do that:
1. Try really hard, using NSS or some other library, to look like a
particular browser.
2. Run a second browser, apart from Tor Browser, that receives commands
from a client PT program and makes the HTTPS requests it is
commanded to.
3. Run a browser plugin *inside* Tor Browser, that makes HTTPS requests
*directly on the Internet, without going through Tor*. That is, the
plugin receives commands from the client PT program, and then
bypasses all of Tor Browser's proxy settings in order to send HTTPS
requests to the web site fronting the circumvention.

It's the third option I want to ask about. The first option puts us on
the parrot treadmill. The second has the usability and distribution
problems of running two browsers at once.

Usability might not be such an issue if you're using a headless browser.

Distribution still would be.

_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev