[tor-bugs] #17303 [DirAuth]: Bad exits inject port 8123 into HTTP redirects

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 10 23:41:45 UTC 2015 

#17303: Bad exits inject port 8123 into HTTP redirects
----------------------+----------------------------------
 Reporter:  ikurua22  |          Owner:
     Type:  defect    |         Status:  new
 Priority:  High      |      Milestone:  Tor: unspecified
Component:  DirAuth   |        Version:  Tor: unspecified
 Severity:  Critical  |     Resolution:
 Keywords:            |  Actual Points:
Parent ID:            |         Points:
  Sponsor:            |
----------------------+----------------------------------

Comment (by teor):

 Replying to [comment:8 dcf]:
 > Here is what I have been able to find about these exits.
 >
 > They seem to only affect plain HTTP redirects. For example, the URL
 >   http://arstechnica.com/?p=716619
 > should redirect to the URL
 >   http://arstechnica.com/tech-policy/2015/07/crypto-activists-announce-
 vision-for-tor-exit-relay-in-every-library/
 > but some exits instead rewrite the URL to be
 >   http://arstechnica.com:8123/tech-policy/2015/07/crypto-activists-
 announce-vision-for-tor-exit-relay-in-every-library/
 >

 It looks like this is a misconfigured polipo or other caching proxy in
 front of the exit.
 I can't imagine how this sort of interference could be deliberate or
 useful.

 However, regardless of intent, it is interfering with traffic. It's also
 evidence that other, more subtle analysis/interference may be happening.

 Thanks for this analysis, dcf, and the detailed update.

 > I ran attachment:http-redirect.py three times in the past weeks.
 >  2015-10-04:: 54 bad exits
 >  2015-10-17:: 39 bad exits
 >  2015-11-10:: 8 bad exits

 I'm assuming that the exit numbers are decreasing because they're listed
 by the DirAuths as bad exits, in response to your emails (or running
 exitmap themselves).

 It seems we're solving the problem, albeit incrementally.

 Are the remaining exits new instances, or existing instances that haven't
 been blocked yet?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17303#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list