[tbb-bugs] #25672 [Applications/Tor Browser]: Debugger in developer tools is fetching website over catch-all circuit

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 11 06:05:51 UTC 2018


#25672: Debugger in developer tools is fetching website over catch-all circuit
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-linkability           |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:3 sysrqb]:
 > I should also mention
 https://trac.torproject.org/projects/tor/ticket/15599#comment:9 is another
 instance of this. I noticed this in my logs, too. An OCSP fetch should
 happen over the domain isolated circuit.
 >
 > {{{
 > [04-11 00:04:30] Torbutton INFO: tor SOCKS: https://twitter.com/search-
 advanced via
 >                        --unknown--:71e69d27f4adff41fb754a6dc960dfeb
 > [04-11 00:04:30] Torbutton INFO: controlPort >> 650 STREAM 51 NEW 0
 twitter.com:443 SOURCE_ADDR=127.0.0.1:46898 PURPOSE=USER
 > [04-11 00:04:30] Torbutton INFO: controlPort >> 650 STREAM 51
 SENTCONNECT 36 twitter.com:443
 > [04-11 00:04:30] Torbutton INFO: controlPort >> 650 STREAM 51 REMAP 36
 104.244.42.65:443 SOURCE=EXIT
 > [04-11 00:04:30] Torbutton INFO: controlPort >> 650 STREAM 51 SUCCEEDED
 36 104.244.42.65:443
 > [04-11 00:04:31] Torbutton INFO: tor SOCKS: http://ocsp.digicert.com/
 via
 >                        --unknown--:71e69d27f4adff41fb754a6dc960dfeb
 > [04-11 00:04:31] Torbutton INFO: controlPort >> 650 STREAM 52 NEW 0
 ocsp.digicert.com:80 SOURCE_ADDR=127.0.0.1:46900 PURPOSE=USER
 > [04-11 00:04:31] Torbutton INFO: controlPort >> 650 STREAM 52
 SENTCONNECT 36 ocsp.digicert.com:80
 > [04-11 00:04:31] Torbutton INFO: controlPort >> 650 STREAM 52 REMAP 36
 93.184.220.29:80 SOURCE=EXIT
 > [04-11 00:04:31] Torbutton INFO: controlPort >> 650 STREAM 52 SUCCEEDED
 36 93.184.220.29:80
 > [04-11 00:06:26] Torbutton INFO: controlPort >> 650 STREAM 52 CLOSED 36
 93.184.220.29:80 REASON=DONE
 > [04-11 00:06:27] Torbutton INFO: controlPort >> 650 STREAM 51 CLOSED 36
 104.244.42.65:443 REASON=DONE
 > }}}
 >
 > Considering how often it seems this occurs, I'm guessing plumbing the
 first party URI through the layers is more complicated than expected.

 How is that related to the developer tools? And #15599? That comment there
 said that the pdf download related OCSP requests go over the catch-all
 circuit as well which is not surprising given that the download itself
 started over the download button went over the catch-all circuit. BUT: how
 does that related to your your Twitter related log snippet?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25672#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list