[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: https proxy [was polipo]
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: https proxy [was polipo]
- From: grarpamp <grarpamp@xxxxxxxxx>
- Date: Sat, 21 Aug 2010 21:18:41 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 21 Aug 2010 21:18:46 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=I5cjqok4oE/SAZ5/CSli2ZOIjhG3kirrvpeizQOtmNE=; b=LveheoW7BtIXsB6tmi4XLvWRJYsNpOjaP6DHEnEnPntuI7Mkv+Qd+5ruvyIFmrchjv nmGbDPnGvEOz5z/z7j9eJ4RGIv73VWbhd83nwkJ+Fbr26lVdB3Woo6Ld2K8vyXM0uqHc IFifqGaO6N10kTB/2Fuif/UFn9TUG58Z8ZnuE=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=JqAag4nN9u7ZUxynjJwaoVKUhlC9qRffJILi0w5KlxEOZD+RsVqDSHxDPrRelZ0sxe HNy+rzD4WJyEVM0zO8IVUO9zvEf6D+0Vp1OVGtSMiErjPlm0gdPhn7fy+YzRg1ck59FK J21/NLlbGQ5Dih/l2Fgi2vlIsAxArItqQrcbE=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
> > https://anonymous-proxy-servers.net/en/anontest
> As I understand it, Polipo can't scrub the headers of an HTTPS request,
Nothing in the open source field can do so yet afaik.
To do it, a shim needs to be coded and placed between the application and Tor.
user <-> browser <-> [optional tool] <-> shim <-> tor:9050
The shim needs to listen on a proxy port (and or two configurable
ports (for http and https)) and connect out to the world (or tor) to a
proxy port (socks) (and or
two other ports (for http and https or whatever port the input protocol used)).
It would pass http unmodified.
It would break end to end https. If the destination site had an invalid cert,
it would present an invalid self-generated one to the client. If the destination
site had a valid cert, it would present a self-generated and self-signed one to
the client (which had obviously included the shim's root as a trusted
cert), simply
to signify to the client as to validity. Identity would be available
from verbose
logging in the shim and via an http[s] port on the shim itself.
It could furthermore 'tee' off two output ports from it's bottom and receive
two input ports from it's top. These would be a more general hook into
'optional toolchains' located in between the client and server side,
decoding and shuffling the data stream in and out to a toolset at that point.
It should have no 'censoring', caching or other features.. as that is what
the optional toolsets do best.
Note that 'browser' could be anything that can speak http[s], not
just FF/MSIE. So 'plugins' are a non option.
And that the 'optional tool' might be squid or polipo or whatever.
And lastly, erasing your OS and other info from your headers makes you
stand out as an obvious eraser. It's better to use a dead common and up
to date os and browser and then mind your sessions properly.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/