[tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
David Fifield
david at bamsoftware.com
Sat Feb 22 20:36:28 UTC 2014
On Sat, Feb 22, 2014 at 05:47:55PM +0000, Arlo Breault wrote:
> It seems the right thing to do is mimic a browser, and I can think of at
> least three ways to do that:
> 1. Try really hard, using NSS or some other library, to look like a
> particular browser.
> 2. Run a second browser, apart from Tor Browser, that receives commands
> from a client PT program and makes the HTTPS requests it is
> commanded to.
> 3. Run a browser plugin *inside* Tor Browser, that makes HTTPS requests
> *directly on the Internet, without going through Tor*. That is, the
> plugin receives commands from the client PT program, and then
> bypasses all of Tor Browser's proxy settings in order to send HTTPS
> requests to the web site fronting the circumvention.
>
> It's the third option I want to ask about. The first option puts us on
> the parrot treadmill. The second has the usability and distribution
> problems of running two browsers at once.
>
> Usability might not be such an issue if you're using a headless browser.
> Distribution still would be.
Thanks Arlo. I took this idea and some from IRC discussion and
summarized them here:
https://trac.torproject.org/projects/tor/wiki/doc/meek#HowtolooklikebrowserHTTPS
1. Use your own HTTPS/TLS library, and take care to make sure your
ciphersuites and extensions match those of a browser. There are
[https://www.mozilla.org/projects/security/pki/python-nss/ Python bindings for NSS]
that might make it easier. Chromium is
[https://code.google.com/p/chromium/issues/detail?id=62803 moving to OpenSSL]
in the future.
2. Use a separate (headless) browser as an instrument for making HTTPS
requests. This is what
[https://raw.github.com/wiki/gsathya/htpt/Overall_architecture2.png htpt plans to do].
[http://phantomjs.org/ PhantomJS] is a headless WebKit that is
scriptable with JavaScript. Its compressed size is 7–13 MB.
[https://github.com/ariya/phantomjs/blob/master/examples/postserver.js This postserver.js example]
shows it running its own web server, which we could use as a means
of communication:
meek-client on localhost ←HTTP→ PhantomJS on localhost ←HTTPS→ www.google.com.
Another option is to write an extension for some other browser and
communicate with it using some custom IPC.
3. Use an [https://developer.mozilla.org/en/Extensions extension] in
Tor Browser itself. The plugin bypasses Tor Browser's normal proxy
settings in order to issue HTTPS requests directly to the front
domain.
* [tor-dev] Feasibility of using a Tor Browser plugin as a PT component?
https://lists.torproject.org/pipermail/tor-dev/2014-February/006266.html
GeKo says that
[https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsISocketTransportService nsISocketTransportService]
is what we want to look at.
* [https://stackoverflow.com/questions/10173811/how-to-connect-to-a-remote-server-using-nsisockettransportservice-in-a-firefox-e How to connect to a remote server using nsISocketTransportService in a firefox extension?]
* [https://code.google.com/p/weaponry/source/browse/trunk/xulrunner/weaponry/distribution/bundles/common@weaponry.gnucitizen.org/components/WeaponryRawHttpRequest.js WeaponryRawHttpRequest.js]
is doing what we want.
[https://developer.mozilla.org/en-US/docs/Mozilla/XPCOM XPCOM] (a
Firefox API) allows you to create
[https://developer.mozilla.org/en-US/docs/WebAPI/TCP_Socket TCP sockets].
David Fifield
More information about the tor-dev
mailing list