[tor-bugs] #11183 [Pluggable transport]: Make an HTTP requestor Firefox extension for meek-client

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 16 09:08:59 UTC 2014 

#11183: Make an HTTP requestor Firefox extension for meek-client
-------------------------------------+----------------------
     Reporter:  dcf                  |      Owner:  dcf
         Type:  project              |     Status:  assigned
     Priority:  normal               |  Milestone:
    Component:  Pluggable transport  |    Version:
   Resolution:                       |   Keywords:  meek
Actual Points:                       |  Parent ID:  #10935
       Points:                       |
-------------------------------------+----------------------

Comment (by dcf):

 In [https://lists.torproject.org/pipermail/tor-dev/2014-March/006441.html
 this post] I reported that I had a prototype browser extension that worked
 in Iceweasel but not in Tor Browser. Mark
 [https://lists.torproject.org/pipermail/tor-dev/2014-March/006447.html
 discovered] that the connection was throwing
 [https://developer.mozilla.org/en-US/docs/Table_Of_Errors
 NS_ERROR_UNKNOWN_PROXY_HOST (0x804B002A)]. Mike traced the cause to this
 patch that is specific to Tor Browser:
  * https://gitweb.torproject.org/tor-
 browser.git/commitdiff/5069a3ee8fa51546a8ad582e6004be66bc9748aa
 Specifically, [https://gitweb.torproject.org/tor-
 browser.git/blob/5069a3ee8fa51546a8ad582e6004be66bc9748aa:/netwerk/dns/nsDNSService2.cpp#l615
 here in nsDNSService::AsyncResolve] is where the error is returned. If I
 comment out the error return, the extension works in Tor Browser just like
 in Iceweasel. That is, it does DNS and and HTTPS requests for
 www.google.com outside of the proxy, just as intended.

 The 5069a3ee Tor Browser patch has a reason for existing, though, so we
 shouldn't simply undo it. It's meant to guard against unexpected DNS leaks
 in Firefox and extensions. I've thought of two potential ways to deal with
 the situation:
  1. Make a special API or key that allows DNS lookups by a "direct" type
 proxy, which still prohibiting it from all other callers. Maybe the key is
 mere use of the "direct" type; maybe it's a magic string in the host
 field, or something like that.
  2. Run a second copy of Firefox solely for making meek HTTP requests. The
 second browser would have network.proxy.socks_remote_dns=false, which
 setting is enough to disable the Tor Browser patch that breaks name
 lookups.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11183#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list