[tor-qa] Fwd: Re: 3.5.4-meek-1 (meek bundles with browser TLS camouflage)

Wilton Gorske wilton at riseup.net
Sun Apr 20 19:17:40 UTC 2014


> On Sat, Apr 12, 2014 at 12:22:47PM +0000, Wilton Gorske wrote:
>> TBB Launches successfully: yes, *****but launches two browsers?
> 
> David Fitfield: Thanks for testing. Launching two browsers is expected--the second
> browser is the one that hosts the browser extension that meek uses to
> make its HTTP requests (see https://trac.torproject.org/projects/tor/ticket/11183
> and https://trac.torproject.org/projects/tor/wiki/doc/meek#HowtolooklikebrowserHTTPS).
> But the fact that it shows two icons on OS X is a bug, one I don't know
> how to fix yet (https://trac.torproject.org/projects/tor/ticket/11429).

No problem. Thanks for the clarification.

>> Connections to google.com, evintl-oscp.versigin.com, and
>> calendar.google.com.
> 
> David Fitfield: google.com and evintl-oscp.verisign.com are expected. That's because all
> your traffic is being routed through Google's App Engine servers. I'm
> surprised at calendar.google.com though. how did you get those names?
> Through reverse DNS? Google can you different frontend IPs and maybe one
> of them reverse-resolves to calendar.google.com.

The connections were observed using Little Snitch
(http://www.obdev.at/products/littlesnitch/index.html).

The PCAP file:
TorBrowser-4:12:14 at 14:13.pcap -
https://drive.google.com/file/d/0B8a32woongSmcHRQSGtXNlc2M1k/edit?usp=sharing






More information about the tor-qa mailing list