[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
TorButton and information disclosure on last OR
- To: or-talk@xxxxxxxx
- Subject: TorButton and information disclosure on last OR
- From: Mansur Marvanov <nanorobocop@xxxxxxxxx>
- Date: Sun, 31 Jan 2010 18:46:42 +0300
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 31 Jan 2010 10:47:07 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:content-type; bh=nXBlnLiQn3oLo9/U/wuPURbxWogObC/5c3eGEV05VtE=; b=fJdKx96KaKSTajj7y677k39CCGG9t6orMgaCYtVrQldRV9TESz8oBZFur4Xq6HB3AM 6ReWKFTE42MLR2biyWYuKuZhsN+ANlJYIQeCexe1T4s6VSG6Qn25T7hVwoi+CeePzSfz JD8vrwF5njCPnk5YL2Z8YzdR5erFuyyoRlIaU=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; b=wlgrHv/LYFQO2od2oAPJkOYwEQsTQ2w78e0NlXQilrf/oVN8PyDsm9wsqbspdgpU4u CyCjT+F+c9JEYhyl7/IIE4R21C9oDU6oWewM9tCtrvgrmIY/TkmvEeDyoc8LhEAgC7hJ SqUkfPMK0ATSCEdplvlw19Fe3qg6/lRTgwMdM=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Hello!
I have a Client machine with TorButton (Tor client + Firefox + Privoxy
+ TorButton) and a Server machine with Apache.
But when I'm trying to connect from Client to Server through TOR
network I see that there's my information on HTTP-headers on Server
side that last OR gives to my Apache.
So, AFAIU last OR has all information about me? Isn't it disclosure of
information?
I think that it would be better if TorButton changes or deletes
HTTP-headers that could disclose me.
For example, at least TorButton could hide my Host header, by it
doesn't.. Is it a bug or what?
GET / HTTP/1.1
Host: ***MY***REAL***IP***
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7
If-Modified-Since: Sat, 26 Sep 2009 15:50:51 GMT
If-None-Match: "883d5-2d-4747d076a8cc0"-gzip
Cache-Control: max-age=0
Connection: close
HTTP/1.1 200 OK
Date: Sun, 31 Jan 2010 14:08:29 GMT
Server: Apache/2.2.9 (Ubuntu)
Last-Modified: Sat, 26 Sep 2009 15:50:51 GMT
ETag: "883d5-2d-4747d076a8cc0"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 56
Connection: close
Content-Type: text/html
............(....I.O....0..,Q(./..V....l.!..`U\.QU.f-...
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/