commit 92e501a980295a06c2eb94bf03370b66ef8e5563 Author: David Fifield david@bamsoftware.com Date: Sun Jul 27 09:53:07 2014 -0700
Set a blackhole proxy in the meek-http-helper profile.
https://trac.torproject.org/projects/tor/ticket/12674
The extension manually overrides the proxy setting for every request, so this doesn't affect the functioning of the extension. It's intended as a failsafe to prevent network interaction in case something goes wrong and the user manages to disable the extension and open the profile with a normal browser window. In order to cause that to happen, I had to do:
./Browser/firefox -safe-mode -profile Data/Browser/profile.meek-http-helper/
Prior to this commit, running the above command would have given you an ordinary unproxied Firefox. Now you will get "The proxy server is refusing connections." --- Bundle-Data/PTConfigs/meek-http-helper-user.js | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js index a95a6ec..cddc237 100644 --- a/Bundle-Data/PTConfigs/meek-http-helper-user.js +++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js @@ -4,13 +4,6 @@ // to stdout. user_pref("browser.dom.window.dump.enabled", true);
-// 0 is "No proxy". -user_pref("network.proxy.type", 0); - -// Allow unproxied DNS. -// https://trac.torproject.org/projects/tor/ticket/11183#comment:6 -user_pref("network.proxy.socks_remote_dns", false); - // Enable TLS session tickets (disabled by default in Tor Browser). Otherwise // there is a missing TLS extension. // https://trac.torproject.org/projects/tor/ticket/11183#comment:9 @@ -21,4 +14,17 @@ user_pref("security.enable_tls_session_tickets", true); // https://support.mozilla.org/en-US/questions/951221#answer-410562 user_pref("toolkit.startup.max_resumed_crashes", -1);
+// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction +// in case the user manages to open this profile with a normal browser UI (i.e., +// not headless with the meek-http-helper extension running). Port 9 is +// "discard", so it should work as a blackhole whether the port is open or +// closed. network.proxy.type=1 means "Manual proxy configuration". +// http://kb.mozillazine.org/Network.proxy.type +user_pref("network.proxy.type", 1); +user_pref("network.proxy.socks", "127.0.0.1"); +user_pref("network.proxy.socks_port", 9); +// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is +// overridden by meek-http-helper at startup. +user_pref("network.proxy.socks_remote_dns", true); + user_pref("extensions.enabledAddons", "meek-http-helper@bamsoftware.com:1.0");