[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit notation stripping

To: or-talk@xxxxxxxxxxxxx
Subject: Re: exit notation stripping
From: Drake Wilson <drake@xxxxxxxxxxxx>
Date: Fri, 10 Jul 2009 03:00:23 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 10 Jul 2009 04:00:31 -0400
In-reply-to: <200907100644.n6A6iMBl028636@xxxxxxxxxxxxx>
Mail-followup-to: or-talk@xxxxxxxxxxxxx
References: <200907100644.n6A6iMBl028636@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

Quoth Scott Bennett <bennett@xxxxxxxxxx>, on 2009-07-10 01:44:22 -0500:
> Next, privoxy sends an HTTP GET request, which contains no hostname,
> domainname, Nickname.exit, nor IP address through the connection to
> the web server at the other end.

Someone's either been living in HTTP/0.9 days or hasn't been reading
the specs.  HTTP/1.1 requires a Host field because multiple domains
may be hosted at one TCP endpoint, and that's exactly the problem: the
full URI is (albeit in pieces) passed through the whole way at the
application layer, and the exit notation is included in the URI.  A
full example flow is:

  - Browser sends GET http://example.net.example.exit/ to an HTTP proxy
    that is not aware of exit notation.

  - The HTTP proxy connects to the Tor SOCKS proxy, requesting a
    connection to example.net.example.exit.

  - Tor builds its circuit and makes the connection.

  - The HTTP proxy passes through GET http://example.net.example.exit/
    to the origin server.

  - The origin server looks up whether it knows of any site to serve
    under "example.net.example.exit", finds that it doesn't, and
    returns an error.  Alternatively, it uses a default site, which
    may be the wrong one.  Alternatively, it does whatever it usually
    does but now has mostly-definitive information that this user is
    using Tor and has requested a specific exit node.

This is why Privoxy includes a filter to strip the exit notation from
the Host header when passing the request through, and why this filter
should be enabled when using Privoxy for Tor purposes.

   ---> Drake Wilson

Follow-Ups:
- Re: exit notation stripping
  - From: grarpamp

References:
- Re: Yahoo Mail and Tor
  - From: Scott Bennett

Prev by Author: Re: Safe destinations
Next by Author: Re: 25 tbreg relays in directory
Previous by thread: Re: Yahoo Mail and Tor
Next by thread: Re: exit notation stripping
Index(es):
- Author
- Thread