[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] which apps require an http proxy?



On 10/30/2011 05:37 PM, Roger Dingledine wrote:
> On Sun, Oct 30, 2011 at 05:31:34PM -0700, Jacob Appelbaum wrote:
>>  otherwise, I sometimes use a
>> HTTP proxy with proxychains to prevent DNS leaky applications that have
>> not and will never implement SOCKS.
> 
> This is the crux of the question: which ones? And are they applications
> that we think are safe enough to use in general with Tor, or are they
> applications where if we learned you were using them we'd tell you to
> give up on trying to be safe? If there are enough apps in the former
> category, we should think about either a) getting an http proxy into
> the bundles we ship, or b) writing clear instructions for how people
> can bolt on an http proxy if they want one.

wget is the most common example that other people use - with wget, I set
the HTTP headers match Torbutton:

HTTP_PROXY=http://127.0.0.1:8118/
http_proxy=http://127.0.0.1:8118/
FTP_PROXY=http://127.0.0.1:8118/
HTTPS_PROXY=http://127.0.0.1:8118/
https_proxy=http://127.0.0.1:8118/
ftp_proxy=http://127.0.0.1:8118/
usewithtor wget -e robots=off --random-wait --wait 3.145
--user-agent="Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101
Firefox/5.0" -m -np http://www.example.com/

Python's web/http processing libraries could probably be improved in the
core language to always use SOCKS proxies that are set:
https://github.com/ioerror/TeaTime/blob/master/teatime.py#L46

Those are both useful building blocks.

Again, I also use a lot of Gnome programs and set both HTTP and SOCKS
proxies - so sometimes I'll watch a video and I am fairly certain it
used the HTTP proxy rather than the SOCKS proxy, etc.

Almost all the time, I use usewithtor to wrap a program when I worry it
might leak and then I instruct it to use a local proxy for anything
else. This method seems to block nearly all leaking and then I have
iptables for TransPort to catch anything else - I rarely find anything
but when I do, I generally report it as a bug in torsocks...

I wish we'd ship torsocks as part of the bundle. It helps advanced
users. It also would be a useful TBB helper to prefix any other program
for safer execution. I'd rather it than any old HTTP proxy but I think
we still will need an HTTP proxy in some cases.

All the best,
Jake
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk