Re: Insecurities in Privoxy Configurations - Details

[Roger Dingledine <arma@xxxxxxx>]

On Thu, Nov 29, 2007 at 12:13:08PM -0600, Gregory Fleischer (Lists) wrote:
> 1) If the 'enable-remote-http-toggle' option is set, any client side
>    technology that can generate HTTP headers can bypass Privoxy
>    content filtering by adding a header of: "X-Filter: No".
> 
> 2) If the 'enable-remote-toggle' option is set, then any web browser
>    vulnerabilities that can spoof HTTP Referer headers can be used to
>    completely disable Privoxy filtering.
> 
> 3) If the 'enable-edit-actions' option is set, then any web browser
>    vulnerability that can spoof HTTP Referer headers and determine the
>    modification time of the 'user.action' file can modify the Privoxy
>    configuration.

Thanks Greg.

Two further comments:

1) Those of us who use polipo should pay attention too, and make sure
to put
disableLocalInterface=true
in our polipo config file. Otherwise a remote attacker can reconfigure
our polipo out from underneath us, examine our cache to see where we've
been browsing, etc.

For more suggested polipo config options, check out
https://tor-svn.freehaven.net/svn/incognito/trunk/root_overlay/etc/polipo/config

2) For a truly stunning array of browser-based attacks that can allow
this sort of attack (lest you think that you're safe because you're
running an up-to-date browser), check out "Protecting Browsers from DNS
Rebinding Attacks" by some good folks at Stanford:
http://crypto.stanford.edu/dns/

--Roger