[tor-bugs] #4517 [Tor Browser]: drag-n-drop bypasses tor
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Nov 19 13:21:30 UTC 2011
#4517: drag-n-drop bypasses tor
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Requests for drag-and-drop thumbnails in Tor Browser is not sent through
the Tor network, but instead plain-text HTTP request.
How to reproduce:
- Download and start Tor Browser Bundle version 2.2.34-2 (current, this
one)
- Start up Wireshark and start logging your network interactively
- Using the Tor Browser, visit "www.gnome.org" (or any other HTTP site)
- See Wireshark sending all traffic encrypted to various Tor nodes
- When the site have loaded, drag the big image on the site
- See Wireshark logging a DNS request for "www.gnome.org" with reply
- See Wireshark logging a HTTP HEAD request for
"/wp-content/uploads/2011/09/gnome-3.2.png" on host "www.gnome.org",
sending this directly unencrypted to the IP returned from the DNS request.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4517>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list