[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #11183 [Pluggable transport]: Make an HTTP requestor Firefox extension for meek-client
#11183: Make an HTTP requestor Firefox extension for meek-client
-------------------------------------+----------------------
Reporter: dcf | Owner: dcf
Type: project | Status: assigned
Priority: normal | Milestone:
Component: Pluggable transport | Version:
Resolution: | Keywords: meek
Actual Points: | Parent ID: #10935
Points: |
-------------------------------------+----------------------
Comment (by dcf):
In [https://lists.torproject.org/pipermail/tor-dev/2014-March/006441.html
this post] I reported that I had a prototype browser extension that worked
in Iceweasel but not in Tor Browser. Mark
[https://lists.torproject.org/pipermail/tor-dev/2014-March/006447.html
discovered] that the connection was throwing
[https://developer.mozilla.org/en-US/docs/Table_Of_Errors
NS_ERROR_UNKNOWN_PROXY_HOST (0x804B002A)]. Mike traced the cause to this
patch that is specific to Tor Browser:
* https://gitweb.torproject.org/tor-
browser.git/commitdiff/5069a3ee8fa51546a8ad582e6004be66bc9748aa
Specifically, [https://gitweb.torproject.org/tor-
browser.git/blob/5069a3ee8fa51546a8ad582e6004be66bc9748aa:/netwerk/dns/nsDNSService2.cpp#l615
here in nsDNSService::AsyncResolve] is where the error is returned. If I
comment out the error return, the extension works in Tor Browser just like
in Iceweasel. That is, it does DNS and and HTTPS requests for
www.google.com outside of the proxy, just as intended.
The 5069a3ee Tor Browser patch has a reason for existing, though, so we
shouldn't simply undo it. It's meant to guard against unexpected DNS leaks
in Firefox and extensions. I've thought of two potential ways to deal with
the situation:
1. Make a special API or key that allows DNS lookups by a "direct" type
proxy, which still prohibiting it from all other callers. Maybe the key is
mere use of the "direct" type; maybe it's a magic string in the host
field, or something like that.
2. Run a second copy of Firefox solely for making meek HTTP requests. The
second browser would have network.proxy.socks_remote_dns=false, which
setting is enough to disable the Tor Browser patch that breaks name
lookups.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11183#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs