[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Force exitnode oddness



Geoff Down <downie@xxxxxxxxxxxxxx> wrote:

> Those nice people at Privoxy have anticipated the need :)
> +filter {hide-tor-exit-notation}
> +filter-client-headers
> .exit/

In Privoxy 3.0.8 and later, it's:

{+client-header-filter{hide-tor-exit-notation}}
/

Using "/", as Referer headers send to "normal" URLs
while leaving .exit URLs can leak the exit notation
as well (if they aren't blocked anyway).
 
> It looks like cookies are sent properly even though they are stored 
> under the modified domain name.
> It also looks like some page requisites (images etc) may be fetched 
> from a different circuit i.e. not respecting the forced exit node. 
> Could be a problem if the page contains absolute URIs.

While it's a bit more work than simply adding the exit notation
in the browser, you can have Privoxy add it behind the browser's back.
Another advantage is that it works for SSL as well (no certificate warnings).

For an example have a look at:
http://www.fabiankeil.de/blog-surrogat/2008/02/01/privoxy-3.0.8.html#rewrite
(note that the fingerprint has changed, though)

And in case you aren't using Privoxy, there's always MapAddress.
Quoting tor(1):
| MapAddress address newaddress
|       When a request for address arrives to Tor, it will rewrite it to
|       newaddress before processing it. For example, if you always want
|       connections  to  www.indymedia.org  to exit via torserver (where
|       torserver is  the  nickname  of  the  server),  use  "MapAddress
|       www.indymedia.org www.indymedia.org.torserver.exit".

Fabian

Attachment: signature.asc
Description: PGP signature