[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Force exitnode oddness

Thanks, that's very helpful, I understand what's going on a bit better now. The Tor bundle comes with Privoxy 3.0.6 still, I had some issues with the Privoxy Utility in 3.0.10 not running properly so I reverted.
On 30 Sep 2008, at 17:25, Fabian Keil wrote:

Geoff Down <downie@xxxxxxxxxxxxxx> wrote:

Those nice people at Privoxy have anticipated the need :)
+filter {hide-tor-exit-notation}

In Privoxy 3.0.8 and later, it's:


Using "/", as Referer headers send to "normal" URLs
while leaving .exit URLs can leak the exit notation
as well (if they aren't blocked anyway).

It looks like cookies are sent properly even though they are stored
under the modified domain name.
It also looks like some page requisites (images etc) may be fetched
from a different circuit i.e. not respecting the forced exit node.
Could be a problem if the page contains absolute URIs.

While it's a bit more work than simply adding the exit notation
in the browser, you can have Privoxy add it behind the browser's back.
Another advantage is that it works for SSL as well (no certificate warnings).

For an example have a look at:
http://www.fabiankeil.de/blog-surrogat/2008/02/01/privoxy -3.0.8.html#rewrite
(note that the fingerprint has changed, though)

And in case you aren't using Privoxy, there's always MapAddress.
Quoting tor(1):
| MapAddress address newaddress
| When a request for address arrives to Tor, it will rewrite it to | newaddress before processing it. For example, if you always want | connections to www.indymedia.org to exit via torserver (where | torserver is the nickname of the server), use "MapAddress
|       www.indymedia.org www.indymedia.org.torserver.exit".