[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: https proxy [was polipo]



>  > https://anonymous-proxy-servers.net/en/anontest
> As I understand it, Polipo can't scrub the headers of an HTTPS request,

Nothing in the open source field can do so yet afaik.

To do it, a shim needs to be coded and placed between the application and Tor.
user <-> browser <-> [optional tool] <-> shim <-> tor:9050

The shim needs to listen on a proxy port (and or two configurable
ports (for http and https)) and connect out to the world (or tor) to a
proxy port (socks) (and or
two other ports (for http and https or whatever port the input protocol used)).

It would pass http unmodified.
It would break end to end https. If the destination site had an invalid cert,
it would present an invalid self-generated one to the client. If the destination
site had a valid cert, it would present a self-generated and self-signed one to
the client (which had obviously included the shim's root as a trusted
cert), simply
to signify to the client as to validity. Identity would be available
from verbose
logging in the shim and via an http[s] port on the shim itself.

It could furthermore 'tee' off two output ports from it's bottom and receive
two input ports from it's top. These would be a more general hook into
'optional toolchains' located in between the client and server side,
decoding and shuffling the data stream in and out to a toolset at that point.

It should have no 'censoring', caching or other features.. as that is what
the optional toolsets do best.

Note that 'browser' could be anything that can speak http[s], not
just FF/MSIE. So 'plugins' are a non option.

And that the 'optional tool' might be squid or polipo or whatever.

And lastly, erasing your OS and other info from your headers makes you
stand out as an obvious eraser. It's better to use a dead common and up
to date os and browser and then mind your sessions properly.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/