[tor-bugs] #12146 [meek]: Firefox meek-http-helper leaks Host header in CONNECT requests
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 28 17:27:49 UTC 2014
#12146: Firefox meek-http-helper leaks Host header in CONNECT requests
--------------------+---------------------
Reporter: dcf | Owner: dcf
Type: defect | Status: new
Priority: major | Milestone:
Component: meek | Version:
Keywords: | Actual Points:
Parent ID: #10935 | Points:
--------------------+---------------------
#12120 enabled the browser extension helper to use an upstream HTTP or
SOCKS proxy. I'm watching the requests that go to the proxy, and Firefox
is leaking the Host header in the proxy request:
{{{
CONNECT www.google.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101
Firefox/24.0
Proxy-Connection: keep-alive
Connection: keep-alive
Host: meek-reflect.appspot.com
}}}
The `Host: meek-reflect.appspot.com` is not supposed to be visible on the
wire. It's encrypted inside of HTTPS. But Firefox leaks it when configured
to use an HTTP proxy.
The Host header must be getting special treatment, because the extension
also sets X-Session-ID, and that's not showing up in the proxy request.
We have to turn off the HTTP proxy feature if we can't find a way to
prevent the Host from leaking.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12146>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list