[tor-dev] Dumb or-ctl-filter tricks (Was: [tor-talk] SOCKS proxy to sit between user and Tor?)

Yawning Angel yawning at schwanenlied.me
Wed Jun 3 21:07:20 UTC 2015


I just pushed a fairly large update to or-ctl-filter, that lets you do
lots of interesting things, most of them probably unsafe.  In
particular or-ctl-filter now ships with a SOCKS5 client/server
implementation and a stub control port implementation.

A picture is worth a thousand words:

What it does:

 * Filters the control port exposed to Tor Browser for things that
   (IMO) the browser has no business knowing just in terms of attack
   surface.  In particular this intentionally breaks the circuit
   display feature as part of 4.5.x.

 * Allows easy integration of Tor Browser with a system tor service

   (NB: I run a system tor service with the Tor Browser circuit
    lifespan patch, if you do not, you will get behavior that is
    different from other users.  You have been warned.)

 * Supports transparently redirecting ".i2p" requests to an I2P
   instance.  Tor does not need to be running for this.

 * Enforces isolation to attempt to guard the local I2P web server and
   management interface from cross protocol trickery, evil Javascript
   and whatnot.

 * Supports running without Tor or I2P at all, essentially changing Tor
   Browser into Firefox with a bunch of patches.


 * NEWNYM does not affect I2P tunnels.

 * "New Tor Circuit For This Site" does not affect I2P tunnels either.

 * Only cookie authentication is supported because I'm lazy, and it is
   the superior authentication method.

 * Launching Tor/I2P is not or-ctl-filter's problem and will never be
   part of the feature set.  I have systemd for that.


 * Very alpha.  It is entirely possible that I screwed up enforcing
   isolation.  You can hard disable access to locally hosted i2p
   services like the management console in the config file.

   It is still probably 3 million times better than using
   privoxy/random sketch addons to do something like this because I
   actually do look at circuit isolation from Tor Browser and propagate
   it to Tor (or enforce it as best as I can otherwise).

 * If you enable logging, it will happily splatter destinations,
   authentication credentials, and everything else to the log, because
   it is a debugging feature, so don't.

 * If you enable the option named "UnsafeAllowDirect" and disable Tor,
   it will happily connect directly to the internet, destroying your

 * Untested on Windows.  Should work, don't care if it doesn't.
   Patches will sit in my INBOX forever; ignored, and unloved, just
   like the operating system they target.  The same goes for OSX.[0]

Code: https://github.com/Yawning/or-ctl-filter/tree/master

Yawning Angel

[0]: Honestly, I'll merge trivial things, but I won't bust out my
windows box to test/debug this, and I don't have an OSX box.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150603/202dc5f3/attachment.sig>

More information about the tor-dev mailing list