On Jan 1, 2008 7:52 AM, Mike Cardwell <
tor@xxxxxxxxxxxxxxxxxx> wrote:
Mark Manning wrote:
> That's awesome! That's exactly how I was thinking but to be honest I
> wasn't sure how to implement the background service that ties the query
> logs to the web server.
>
> If it wouldn't take too long, do you think you could talk about the
> specifics a little bit more?
1.) You visit
http://clayman.tor.grepular.com/torcheck.cgi
2.) The cgi generates a unique code. In this case, a 32 character
alphanumeric string. It then spits out some html containing several
triggers to try and make the web browser do a dns lookup on
"$code.tordnscheck.grepular.com" where $code is replaced by the unique
id it just generated. The triggers are inside the <head></head> and are:
<link rel="stylesheet" type="text/css"
href="" />
<link rel="shortcut icon" type="image/x-icon"
href="" />
<script type="text/_javascript_"
src="">
3.) A meta refresh then refreshes the page and adds ?code=$code to the
uri arguments.
4.) When the page is reloaded it "asks" a separate process that I will
describe in a moment, whether or not it knows the IP that did the lookup
of $code.tordnscheck.grepular.com, and if so it displays it.
5.) There is a separate process written in perl, which uses File::Tail
to monitor the bind query log. It's a threaded application. One thread
tails the log looking for entries like $code.tordnscheck.grepular.com.
When it comes across any, it stores the code and the ip together in a
shared variable, for up to 10 minutes
6.) The second thread accepts incoming socket connections. Basically,
the torcheck.cgi script makes a tcp connection to the app tailing the
log file and writes $code to it, and the app then returns the IP address
and closes the connection.
The gopher request works in a similar fashion. The trigger is:
<img src="" width="0" height="0" />
Then I have another application listening on the gopher port looking for
requests like "/torgophertest/$code" and then linking $code with the
client IP. Then it makes the information available to the cgi via the
same socket method.
I hope that all makes sense.
Mike