[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Easy Firefox hacks to improve anonymity (HTTPS Header Scrubbing)
- To: or-talk@xxxxxxxxxxxxx
- Subject: Easy Firefox hacks to improve anonymity (HTTPS Header Scrubbing)
- From: Anothony Georgeo <anogeorgeo@xxxxxxxxx>
- Date: Tue, 23 May 2006 18:09:17 -0700 (PDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 23 May 2006 21:09:25 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=wu4vF0Kk6majItf9BJyGaGOv+zmRJcrqFC/wVk2yo7W7GMBjDY+BAHoAFTlGclLq9g8whXubcJy9gRoGlPJSa99h+/zWUekTpbyPmbu5P/4xINFLncrD5Ro15ucoq+tE2JTEJIX90Huyo2XIP8W6GlS/Z9UzXnpCv+gGCvijpLs= ;
- In-reply-to: <20060524002023.86298.qmail@web37811.mail.mud.yahoo.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
-----------
*CONCEPT*
There has been bit of dicussion latley about filtering
HTTP/S environmental variable headers and creating a
default HTTP/S header template for Tor users.
The last big hurdle (now solved) in header scrubbing
is the scrubbing of HTTPS headers.
I think the solution is to use Firefox or FF
extensions to filter the HTTPS headers as FF and FF
extensions have access to the verifed and decrypted
HTTPS headers on-the-fly by default.
I will describe how to edit the "about:config" menu
and how to configure the FF extensions "User Agent
Switcher" and "RefControl".
The goal is to enable HTTPS header scrubbing while
using the *same* anonymity set charastics as those
which may be used by future relases of Tor bundled
with Privoxy (using the default template).
<http://archives.seul.org/or/talk/May-2006/msg00327.html>
For example, FF and FF extensions should make the
HTTPS headers identical the HTTP headers created by
Privoxy. Thus inceasing the anonymity set and
everyone's anonymity in general.
The anonymity set that I am attempting to use is as
follows:
A. User-Agent:
Mozilla, Windows XP, 128-bit encryption, English
(non-localized), Firefox.
-
Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
rv:1.7.10) Gecko/20050716 Firefox/1.0.5
-
B. Referer(Referrer):
Is set to the root (home page) of the site you are
currently visiting (eg."http://www.example-root.com").
I think it is wise to use {forge} for the template
Referer setting. If we use a real domain with the
{custom} paramiter it may get Tor in trouble with the
real domain's owners. I am pretty sure we can not use
{block} as it breakes many sites.
Note:
HTTPS referrer from one HTTPS URL directly to another
HTTPS URL is set to {block} incase RegControl can not
properly handle these headers. This is because I have
not tested (and I don't know) HTTPS to HTTPS referrer
headers.
-Questions:
-Can 'referer' {custom} be set to a fake URL without
breaking sites?
- 'referer' {forge} will generate random headers for
Tor users, will this increase anonymity set?
C. Keep-Alive:
Close
D. Compression:
Prevented
E. X-Forwarded-for:
Not removed or spoofed as FF does not have this
capibility. Besides, the entry node removes your real
"X-Forwarded-for:" header and it already has your real
IP.
F. Ping:
FF will supress the Ping function in HTTP/S.
-----------
**PROOF**
(More testing required)
1. Results from HTTPS (eg. SSL) envrionmental variable
test at
<http://www.stilllistener.com/checkpoint1/ssi/>
++++
REMOTE_ADDR:
149.9.0.21
HTTP_ACCEPT:
text/xml,application/xml,application/xhtml+xml,
text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING:
gzip;q=0,deflate;q=0,compress;q=0
HTTP_ACCEPT_LANGUAGE:
en-us,en;q=0.5
HTTP_CONNECTION:
close
HTTP_COOKIE:
$1
HTTP_HOST:
www.stilllistener.com
HTTP_REFERER:
http://www.stilllistener.com/
HTTP_USER_AGENT:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
rv:1.7.10) Gecko/20050716 Firefox/1.0.5
++++
2. Results from HTTP envrionmental variable test at
<http://www.stilllistener.com/checkpoint1/test2/>
++++
REMOTE_ADDR:
64.74.207.50
HTTP_ACCEPT:
text/xml,application/xml,application/xhtml+xml,
text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET:
ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING:
gzip;q=0,deflate;q=0,compress;q=0
HTTP_ACCEPT_LANGUAGE:
en-us,en;q=0.5
HTTP_CONNECTION:
close
HTTP_COOKIE:
$1
HTTP_HOST:
www.stilllistener.com
HTTP_REFERER:
http://www.stilllistener.com/
HTTP_USER_AGENT:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
rv:1.7.10) Gecko/20050716 Firefox/1.0.5
++++
-----------
**Directions**
--
Note:
I will attached the settings for Privoxy's
"user.actions" file which mirror those here in my next
post in this thread.
--
1.
Start Firefox
2.
Type this into the URL bar and hit [enter]:
about:config
3. -HTTPS Referrer-
<http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer>
3a. Copy/paste the following line into the "Filter:"
bar:
"network.http.sendSecureXSiteReferrer"
3b. Right click on the title and choose "toggle"
ensure the 'Value' entry reads "False".
{false} = Don't send the Referer header when
navigating from a https site to another https site.
4. -Keep-Alive(proxy connection)-
<http://kb.mozillazine.org/Network.http.proxy.keep-alive>
4a. Copy/paste the following line into the "Filter:"
bar:
"Network.http.proxy.keep-alive"
4b. Right click on the title and choose "toggle"
ensure the 'Value' entry reads "False".
{false} = Never use keep-alive connections.
5. -Keep-Alive-
<http://kb.mozillazine.org/Network.http.keep-alive>
5a. Copy/paste the following line into the "Filter:"
bar:
"Network.http.keep-alive"
5b. Right click on the title and choose "toggle"
ensure the 'Value' entry reads "False".
{false} = Never use keep-alive connections.
6. -Accept-Encoding-
<http://kb.mozillazine.org/Network.http.accept-encoding>
Prevent compression of HTTP/S data.
6a. Copy/paste the following line into the "Filter:"
bar:
"network.http.accept-encoding"
6b. Right click on the title and choose "modify".
6c. Delete the text from the box and copy/paste the
following line into the box:
"gzip;q=0,deflate;q=0,compress;q=0"
6d. Now click "OK"
{gzip;q=0,deflate;q=0,compress;q=0} = No compression
7. -Send Ping-
<http://kb.mozillazine.org/Browser.send_pings>
7a. This option is not required, you do not need to
use it.
7b. Right click anywhere in the 'about:config' window
and select "New > Boolean".
7c. Copy/paste the following line into the 'Perference
Name" box:
"Browser.send pings"
7d. In the next window select "false"
{false} = Ignore the ping attribute.
8. -User_Agent-
<http://en.wikipedia.org/wiki/User_agent>
"User Agent Switcher" is a great FireFox extension.
8a. Install "User Agent Switcher"
<https://addons.mozilla.org/firefox/59/>
8b. Restart Firefox
8c. Click on "Tools > User Agent Switcher > Options >
Options...".
8d. In the next window click the text "User Agents"
8e. Then click the "Add" button and enter the
following text in the appropriate boxes:
Note: Lines should not be wrapped.
--
Description: Mozilla, Windows XP, 128-bit encryption,
English
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5
App Name: Firefox
App version: 5.0 (Windows; U; Windows NT 5.1; en;
rv:1.7.10) Gecko/20050716 Firefox/1.0.5
Platform: Win32
Vendor:
Vendor Sub:
--
8f. Now close and reopen Firefox again and select
"Tools > Mozilla, Windows XP, 128-bit encryption,
English"
9. -HTTP/S Referrer-
The FF extension "RefControl" is a great tool.
9a. Install "RefControl"
<http://www.stardrifter.org/refcontrol/>
9b. Restart Firefox
9c. Click on "Tools > RefControl Options..."
9d. In the window that loads click the button "Edit"
9e. Then click the button "Forge" then the buttons
"OK" and "OK".
-----------
Please try this out and let me know how you fare and
where improvments may be made.
-----------
**TESTING**
After following the directions...
A. Go to the following site and record your results:
<http://www.stilllistener.com/checkpoint1/test2/>
B. Then goto this site and record your results:
<http://www.stilllistener.com/checkpoint1/ssi/>
C. Then compare the results from both tests. The
results should be the same as each other and the same
as Tor's official Privoxy configuration.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com