[tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 20 04:31:55 UTC 2019


#28168: Use ESNI via Firefox HTTPS helper
------------------------------+---------------------
 Reporter:  dcf               |          Owner:  dcf
     Type:  project           |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Obfuscation/meek  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:                    |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+---------------------

Comment (by dcf):

 As of [https://gitweb.torproject.org/pluggable-
 transports/meek.git/log/?h=webextension&id=e551c05e47a977d3941f4eabbdb3eb20adbe255f
 e551c05e47], the work in #29347 is far enough along to start experimenting
 with this. I didn't yet make a Cloudflare account to actually test ESNI,
 but I got Tor Browser running with meek-azure and an external Firefox 66
 doing DNS-over-HTTPS and all the other necessary configuration for ESNI.

 1. Enter meek/webextension/native and run `go build`. This produces the
 native component of the extension.
 1. Enter meek/webextension and run `make`. This zips up the extension
 files into an installable extension, !meek-http-
 helper at bamsoftware.com.xpi.
 1. Download [https://www.mozilla.org/en-US/firefox/developer/ Firefox
 Developer Edition]. You need the developer edition in order to
 [https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Distribution
 #Signing_your_add-ons install an unsigned extension]. I used
 firefox-66.0b9.
 1. Run `firefox/firefox --ProfileManager` and create a new "esni" profile.
 Go to `about:config` and set these prefs:
    {{{
 browser.dom.window.dump.enabled
 network.trr.mode=3
 network.trr.uri=https://1.1.1.1/dns-query
 network.security.esni.enabled=true
 toolkit.startup.max_resumed_crashes=-1
 xpinstall.signatures.required=false
    }}}
 1. Go to `about:addons`. Click Extensions. Click ⚙️ and select "Install
 Add-on From File...". Open meek/webextension/!meek-http-
 helper at bamsoftware.com.xpi. Say yes to the permissions dialog.
 1. Close Firefox.
 1. Edit meek/webextension/meek.http.helper.json and change the `"path"`
 field to be the absolute path to meek/webextension/native/native.
 1. Copy meek/webextension/meek.http.helper.json into the Tor Browser tree.
 (The path is [https://developer.mozilla.org/en-US/docs/Mozilla/Add-
 ons/WebExtensions/Native_manifests#Manifest_location different] on mac.)
    {{{
 mkdir -p tor-browser_en-US/Browser/.mozilla/native-messaging-hosts
 cp meek/webextension/meek.http.helper.json tor-browser_en-
 US/Browser/.mozilla/native-messaging-hosts/
    }}}
 1. Edit meek/meek-client-torbrowser/linux.go (or mac.go, windows probably
 doesn't work yet) and set the paths to the Firefox developer edition and
 the "esni" profile you created:
    {{{
 firefoxPath        = "/path/to/firefox/firefox"
 firefoxProfilePath = "/home/user/.mozilla/firefox/<RANDCHARS>.esni"
    }}}
 1. In meek/meek-client-torbrowser, run `go build`.
 1. Copy the resulting meek-client-torbrowser binary to tor-browser_en-
 US/Browser/TorBrowser/Tor/PluggableTransports/.
 1. Now you're good to go. Start up Tor Browser with meek-azure.

 The only step of this that is cheating--the one I don't know how to
 automate yet--is step 7, where the WebExtension host manifest needs to
 know the ''absolute'' path to the native executable. I suppose meek-
 client-torbrowser could do a `getcwd` and write the entire file anew each
 time.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28168#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list