[tor-commits] [tor-browser-bundle/master] Set a blackhole proxy in the meek-http-helper profile.

gk at torproject.org gk at torproject.org
Mon Aug 4 09:14:40 UTC 2014 

commit 92e501a980295a06c2eb94bf03370b66ef8e5563
Author: David Fifield <david at bamsoftware.com>
Date:   Sun Jul 27 09:53:07 2014 -0700

    Set a blackhole proxy in the meek-http-helper profile.
    
    https://trac.torproject.org/projects/tor/ticket/12674
    
    The extension manually overrides the proxy setting for every request, so
    this doesn't affect the functioning of the extension. It's intended as a
    failsafe to prevent network interaction in case something goes wrong and
    the user manages to disable the extension and open the profile with a
    normal browser window. In order to cause that to happen, I had to do:
    
    ./Browser/firefox -safe-mode -profile Data/Browser/profile.meek-http-helper/
    
    Prior to this commit, running the above command would have given you an
    ordinary unproxied Firefox. Now you will get "The proxy server is
    refusing connections."
---
 Bundle-Data/PTConfigs/meek-http-helper-user.js |   20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/Bundle-Data/PTConfigs/meek-http-helper-user.js b/Bundle-Data/PTConfigs/meek-http-helper-user.js
index a95a6ec..cddc237 100644
--- a/Bundle-Data/PTConfigs/meek-http-helper-user.js
+++ b/Bundle-Data/PTConfigs/meek-http-helper-user.js
@@ -4,13 +4,6 @@
 // to stdout.
 user_pref("browser.dom.window.dump.enabled", true);
 
-// 0 is "No proxy".
-user_pref("network.proxy.type", 0);
-
-// Allow unproxied DNS.
-// https://trac.torproject.org/projects/tor/ticket/11183#comment:6
-user_pref("network.proxy.socks_remote_dns", false);
-
 // Enable TLS session tickets (disabled by default in Tor Browser). Otherwise
 // there is a missing TLS extension.
 // https://trac.torproject.org/projects/tor/ticket/11183#comment:9
@@ -21,4 +14,17 @@ user_pref("security.enable_tls_session_tickets", true);
 // https://support.mozilla.org/en-US/questions/951221#answer-410562
 user_pref("toolkit.startup.max_resumed_crashes", -1);
 
+// Set a failsafe blackhole proxy of 127.0.0.1:9, to prevent network interaction
+// in case the user manages to open this profile with a normal browser UI (i.e.,
+// not headless with the meek-http-helper extension running). Port 9 is
+// "discard", so it should work as a blackhole whether the port is open or
+// closed. network.proxy.type=1 means "Manual proxy configuration".
+// http://kb.mozillazine.org/Network.proxy.type
+user_pref("network.proxy.type", 1);
+user_pref("network.proxy.socks", "127.0.0.1");
+user_pref("network.proxy.socks_port", 9);
+// Make sure DNS is also blackholed. network.proxy.socks_remote_dns is
+// overridden by meek-http-helper at startup.
+user_pref("network.proxy.socks_remote_dns", true);
+
 user_pref("extensions.enabledAddons", "meek-http-helper at bamsoftware.com:1.0");

More information about the tor-commits mailing list