[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proper TOR DNS Configuration Testing Help

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Proper TOR DNS Configuration Testing Help
From: Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
Date: Tue, 01 Jan 2008 12:52:09 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 01 Jan 2008 07:52:23 -0500
In-reply-to: <b8dea49e0712311851l6889fa2ch1f7b5c37102fe29e@xxxxxxxxxxxxxx>
References: <b8dea49e0712291259g54eb7903lc9b97f524638c1f3@xxxxxxxxxxxxxx> <4777763A.4080906@xxxxxxxxxxxxxxxxxx> <b8dea49e0712311851l6889fa2ch1f7b5c37102fe29e@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
Sp4mtr4p: D0 N0T EM4IL <sp4m-tr4p-d0-n0t-em4il@xxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.9 (Macintosh/20071031)

Mark Manning wrote:

That's awesome! That's exactly how I was thinking but to be honest Iwasn't sure how to implement the background service that ties the querylogs to the web server.If it wouldn't take too long, do you think you could talk about thespecifics a little bit more?


1.) You visit http://clayman.tor.grepular.com/torcheck.cgi

2.) The cgi generates a unique code. In this case, a 32 characteralphanumeric string. It then spits out some html containing severaltriggers to try and make the web browser do a dns lookup on"$code.tordnscheck.grepular.com" where $code is replaced by the uniqueid it just generated. The triggers are inside the <head></head> and are:

<link rel="stylesheet" type="text/css"href="http://$code.tordnscheck.grepular.com/style.css"; /><link rel="shortcut icon" type="image/x-icon"href="http://$code.tordnscheck.grepular.com/favicon.ico"; /><script type="text/javascript"src="http://$code.tordnscheck.grepular.com/script.js";></script>

3.) A meta refresh then refreshes the page and adds ?code=$code to theuri arguments.

4.) When the page is reloaded it "asks" a separate process that I willdescribe in a moment, whether or not it knows the IP that did the lookupof $code.tordnscheck.grepular.com, and if so it displays it.

5.) There is a separate process written in perl, which uses File::Tailto monitor the bind query log. It's a threaded application. One threadtails the log looking for entries like $code.tordnscheck.grepular.com.When it comes across any, it stores the code and the ip together in ashared variable, for up to 10 minutes

6.) The second thread accepts incoming socket connections. Basically,the torcheck.cgi script makes a tcp connection to the app tailing thelog file and writes $code to it, and the app then returns the IP addressand closes the connection.


The gopher request works in a similar fashion. The trigger is:

<img src="gopher://grepular.com/torgophertest/$code"; width="0" height="0" />

Then I have another application listening on the gopher port looking forrequests like "/torgophertest/$code" and then linking $code with theclient IP. Then it makes the information available to the cgi via thesame socket method.


I hope that all makes sense.

Mike

Follow-Ups:
- Re: Proper TOR DNS Configuration Testing Help
  - From: Mark Manning

Prev by Author: Re: filesharing with tor and offsystem online storage
Next by Author: Re: SORBS vs Tor and the world
Previous by thread: [Long!] Re: Darknetting and hidden services [Was: Re: virtues of middlemen]
Next by thread: Re: Proper TOR DNS Configuration Testing Help
Index(es):
- Author
- Thread