[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] [GSoC 2016] Orfox - Report 2
On Thu, Jun 16, 2016, at 10:37 PM, Tom Ritter wrote:
> On 16 June 2016 at 18:45, Amogh Pradeep <amoghbl1@xxxxxxxxx> wrote:
> Is a code audit the most efficient and reliable way to look for proxy
> leaks? (At least at this stage?)
I think he means a few things by this, or at least we have a few tasks
underway:
- mentor (me) reviewing code quality and implementation choices for how
proxy features were added
- inspection of esr45 Android Java code for new network code and other
potentially leaky / deanon features
- review of tor browser, noscript and other mobile relevant extensions
for portability to android
> I would do dynamic analysis by setting up a bridge and a proxy,
> exercising lots of different functionality of the app (HTTP, HTTPS,
> FTP, update checking, safebrowsing disabling/enabling, extension
> installation, extension update checking, extension calls to third
> party APIs, etc), and looking for any traffic not going to the single
> bridge configured.
We use NoRoot firewall on Android for doing this in a quick manner. It
is like LittleSnitch.
Thanks for the feedback Tom!
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev