[tor-bugs] #18628 [Obfuscation/Snowflake]: Devise some way for the browser proxy to forward metadata to the bridge before the OR data

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 14 23:47:17 UTC 2017 

#18628: Devise some way for the browser proxy to forward metadata to the bridge
before the OR data
-----------------------------------+---------------------
 Reporter:  arlolra                |          Owner:
     Type:  defect                 |         Status:  new
 Priority:  High                   |      Milestone:
Component:  Obfuscation/Snowflake  |        Version:
 Severity:  Normal                 |     Resolution:
 Keywords:                         |  Actual Points:
Parent ID:                         |         Points:
 Reviewer:                         |        Sponsor:
-----------------------------------+---------------------
Changes (by dcf):

 * cc: cmm32 (added)
 * priority:  Medium => High


Comment:

 Replying to [ticket:18628 arlolra]:
 > In order to report true client IP addresses, we will need to devise some
 way for the browser proxy to forward that metadata to the bridge before
 the OR data.

 I realized a good way to do this: put the client IP address in the
 WebSocket URL. Currently we have
 {{{
 new WebSocket("wss://snowflake.bamsoftware.com/")
 }}}
 We could just change that to (imagine proper escaping):
 {{{
 new WebSocket("wss://snowflake.bamsoftware.com/?client_ip=" + client_ip)
 }}}
 The WebSocket server can extract the IP address by inspecting the URL it
 gets in the request, and provide that IP address to the pt.DialOr
 function.

 The alternative of sending the client IP address in an HTTP header
 [[#13171|à la meek]] won't work, because the
 [https://developer.mozilla.org/en-US/docs/Web/API/WebSocket WebSocket API]
 doesn't provide a way to set headers. The only information you can provide
 to the constructor is a URL and an optional list of sub-protocol names.

 Unfortunately the WebSocket implementation used by snowflake-server (the
 one inherited from flash proxy) doesn't expose the URL of the client
 request (and in fact [https://gitweb.torproject.org/pluggable-
 transports/websocket.git/tree/websocket/websocket.go?id=6dc990ad6a898bc507605c51a5aa860fb9f74201#n336
 requires the path to be `/`]). But that shouldn't be hard to change.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18628#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list