[tor-bugs] #28741 [Core Tor/sbws]: sbws should send scanner metadata as part of every HTTP request
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Dec 7 15:21:49 UTC 2018
#28741: sbws should send scanner metadata as part of every HTTP request
---------------------------+-----------------------------------
Reporter: teor | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: sbws: 1.0.x-final
Component: Core Tor/sbws | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+-----------------------------------
Comment (by juga):
> Replying to [ticket:28741 teor]:
> > Here's some things we might want:
> > * software-name: sbws
> > * software-version
>
> These might be user-agent, unless requests sets its own user agent.
Python Requests allows to setup custom User-Agent (http://docs.python-
requests.org/en/master/community/faq/#custom-user-agents)
So, this would be: `User-Agent: sbws/x.y.z`
>
> > * scanner-nickname
>
> I'm not sure if there is a generic HTTP header for a nickname or other
client identifier.
Can't find any in
https://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Standard_request_fields
Following https://tools.ietf.org/html/rfc6648#appendix-B ("incorporate the
organization's name"), this could be: `Tor-bwauth-Nickname:`
>
> > * scanner-IP-address? (pro: discover users who haven't set nickname,
con: discover users)
>
> We should look for a generic HTTP header for the client IP address.
> sbws doesn't guarantee any anonymity, and discovering rogue scanners is
more important than the risk of malicious servers using the IP address.
I also can't find any. It could be: `Tor-bwauth-Address:`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28741#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list