[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?



On Sat, Feb 22, 2014 at 05:47:55PM +0000, Arlo Breault wrote:
>     It seems the right thing to do is mimic a browser, and I can think of at
>     least three ways to do that:
>     Â1. Try really hard, using NSS or some other library, to look like a
>     Â Â particular browser.
>     Â2. Run a second browser, apart from Tor Browser, that receives commands
>     Â Â from a client PT program and makes the HTTPS requests it is
>     Â Â commanded to.
>     Â3. Run a browser plugin *inside* Tor Browser, that makes HTTPS requests
>     Â Â *directly on the Internet, without going through Tor*. That is, the
>     Â Â plugin receives commands from the client PT program, and then
>     Â Â bypasses all of Tor Browser's proxy settings in order to send HTTPS
>     Â Â requests to the web site fronting the circumvention.
> 
>     It's the third option I want to ask about. The first option puts us on
>     the parrot treadmill. The second has the usability and distribution
>     problems of running two browsers at once.
> 
> Usability might not be such an issue if you're using a headless browser.
> Distribution still would be.

Thanks Arlo. I took this idea and some from IRC discussion and
summarized them here:

https://trac.torproject.org/projects/tor/wiki/doc/meek#HowtolooklikebrowserHTTPS

 1. Use your own HTTPS/TLS library, and take care to make sure your
    ciphersuites and extensions match those of a browser. There are
    [https://www.mozilla.org/projects/security/pki/python-nss/ Python bindings for NSS]
    that might make it easier. Chromium is
    [https://code.google.com/p/chromium/issues/detail?id=62803 moving to OpenSSL]
    in the future.
 2. Use a separate (headless) browser as an instrument for making HTTPS
    requests. This is what
    [https://raw.github.com/wiki/gsathya/htpt/Overall_architecture2.png htpt plans to do].
    [http://phantomjs.org/ PhantomJS] is a headless WebKit that is
    scriptable with JavaScript. Its compressed size is 7â13 MB.
    [https://github.com/ariya/phantomjs/blob/master/examples/postserver.js This postserver.js example]
    shows it running its own web server, which we could use as a means
    of communication:
      meek-client on localhost âHTTPâ PhantomJS on localhost âHTTPSâ www.google.com.
    Another option is to write an extension for some other browser and
    communicate with it using some custom IPC.
 3. Use an [https://developer.mozilla.org/en/Extensions extension] in
    Tor Browser itself. The plugin bypasses Tor Browser's normal proxy
    settings in order to issue HTTPS requests directly to the front
    domain.
     * [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
       https://lists.torproject.org/pipermail/tor-dev/2014-February/006266.html
    GeKo says that
    [https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsISocketTransportService nsISocketTransportService]
    is what we want to look at.
     * [https://stackoverflow.com/questions/10173811/how-to-connect-to-a-remote-server-using-nsisockettransportservice-in-a-firefox-e How to connect to a remote server using nsISocketTransportService in a firefox extension?]
     * [https://code.google.com/p/weaponry/source/browse/trunk/xulrunner/weaponry/distribution/bundles/common@xxxxxxxxxxxxxxxxxxxxxxx/components/WeaponryRawHttpRequest.js WeaponryRawHttpRequest.js]
       is doing what we want.
    [https://developer.mozilla.org/en-US/docs/Mozilla/XPCOM XPCOM] (a
    Firefox API) allows you to create
    [https://developer.mozilla.org/en-US/docs/WebAPI/TCP_Socket TCP sockets].

David Fifield
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev