[tor-bugs] #28168 [Obfuscation/meek]: Use ESNI via Firefox HTTPS helper
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 20 04:31:55 UTC 2019
#28168: Use ESNI via Firefox HTTPS helper
------------------------------+---------------------
Reporter: dcf | Owner: dcf
Type: project | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/meek | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+---------------------
Comment (by dcf):
As of [https://gitweb.torproject.org/pluggable-
transports/meek.git/log/?h=webextension&id=e551c05e47a977d3941f4eabbdb3eb20adbe255f
e551c05e47], the work in #29347 is far enough along to start experimenting
with this. I didn't yet make a Cloudflare account to actually test ESNI,
but I got Tor Browser running with meek-azure and an external Firefox 66
doing DNS-over-HTTPS and all the other necessary configuration for ESNI.
1. Enter meek/webextension/native and run `go build`. This produces the
native component of the extension.
1. Enter meek/webextension and run `make`. This zips up the extension
files into an installable extension, !meek-http-
helper at bamsoftware.com.xpi.
1. Download [https://www.mozilla.org/en-US/firefox/developer/ Firefox
Developer Edition]. You need the developer edition in order to
[https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Distribution
#Signing_your_add-ons install an unsigned extension]. I used
firefox-66.0b9.
1. Run `firefox/firefox --ProfileManager` and create a new "esni" profile.
Go to `about:config` and set these prefs:
{{{
browser.dom.window.dump.enabled
network.trr.mode=3
network.trr.uri=https://1.1.1.1/dns-query
network.security.esni.enabled=true
toolkit.startup.max_resumed_crashes=-1
xpinstall.signatures.required=false
}}}
1. Go to `about:addons`. Click Extensions. Click ⚙️ and select "Install
Add-on From File...". Open meek/webextension/!meek-http-
helper at bamsoftware.com.xpi. Say yes to the permissions dialog.
1. Close Firefox.
1. Edit meek/webextension/meek.http.helper.json and change the `"path"`
field to be the absolute path to meek/webextension/native/native.
1. Copy meek/webextension/meek.http.helper.json into the Tor Browser tree.
(The path is [https://developer.mozilla.org/en-US/docs/Mozilla/Add-
ons/WebExtensions/Native_manifests#Manifest_location different] on mac.)
{{{
mkdir -p tor-browser_en-US/Browser/.mozilla/native-messaging-hosts
cp meek/webextension/meek.http.helper.json tor-browser_en-
US/Browser/.mozilla/native-messaging-hosts/
}}}
1. Edit meek/meek-client-torbrowser/linux.go (or mac.go, windows probably
doesn't work yet) and set the paths to the Firefox developer edition and
the "esni" profile you created:
{{{
firefoxPath = "/path/to/firefox/firefox"
firefoxProfilePath = "/home/user/.mozilla/firefox/<RANDCHARS>.esni"
}}}
1. In meek/meek-client-torbrowser, run `go build`.
1. Copy the resulting meek-client-torbrowser binary to tor-browser_en-
US/Browser/TorBrowser/Tor/PluggableTransports/.
1. Now you're good to go. Start up Tor Browser with meek-azure.
The only step of this that is cheating--the one I don't know how to
automate yet--is step 7, where the WebExtension host manifest needs to
know the ''absolute'' path to the native executable. I suppose meek-
client-torbrowser could do a `getcwd` and write the entire file anew each
time.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28168#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list