[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proper TOR DNS Configuration Testing Help

Mark Manning wrote:
That's awesome! That's exactly how I was thinking but to be honest I wasn't sure how to implement the background service that ties the query logs to the web server. If it wouldn't take too long, do you think you could talk about the specifics a little bit more?

1.) You visit http://clayman.tor.grepular.com/torcheck.cgi

2.) The cgi generates a unique code. In this case, a 32 character alphanumeric string. It then spits out some html containing several triggers to try and make the web browser do a dns lookup on "$code.tordnscheck.grepular.com" where $code is replaced by the unique id it just generated. The triggers are inside the <head></head> and are:

<link rel="stylesheet" type="text/css" href="http://$code.tordnscheck.grepular.com/style.css"; /> <link rel="shortcut icon" type="image/x-icon" href="http://$code.tordnscheck.grepular.com/favicon.ico"; /> <script type="text/javascript" src="http://$code.tordnscheck.grepular.com/script.js";></script>

3.) A meta refresh then refreshes the page and adds ?code=$code to the uri arguments.

4.) When the page is reloaded it "asks" a separate process that I will describe in a moment, whether or not it knows the IP that did the lookup of $code.tordnscheck.grepular.com, and if so it displays it.

5.) There is a separate process written in perl, which uses File::Tail to monitor the bind query log. It's a threaded application. One thread tails the log looking for entries like $code.tordnscheck.grepular.com. When it comes across any, it stores the code and the ip together in a shared variable, for up to 10 minutes

6.) The second thread accepts incoming socket connections. Basically, the torcheck.cgi script makes a tcp connection to the app tailing the log file and writes $code to it, and the app then returns the IP address and closes the connection.

The gopher request works in a similar fashion. The trigger is:

<img src="gopher://grepular.com/torgophertest/$code"; width="0" height="0" />

Then I have another application listening on the gopher port looking for requests like "/torgophertest/$code" and then linking $code with the client IP. Then it makes the information available to the cgi via the same socket method.

I hope that all makes sense.