Firefox through Tor
mikepery at fscked.org
Thu Apr 27 19:55:31 UTC 2006
Thus spake Mike Perry (mikepery at fscked.org):
> > but if you're asking whether XPCOM allows one to use a proxy on/off
> > based on a page and all its components (images, css files, js files), the
> > answer is yes.
> Yes, excellent. That is the property that is needed. If you use that
> level of control, you are fine.
> Incidentally, the problem above can happen with ftp://, gopher:// and
> whatever other protocol the browser might accept, so make sure you are
> updating all proxy settings for each page.
So I've noticed a couple other gotchas when looking at the html
content of a couple of sites.
1. Frames and iframes. Frames are not very common on email sites, but
I believe about.com does use them and has been known to pass
information between frames. iframes are used by google adsense. I
could easily see XPCOM interpreting frames/iframes as being distinct
2. Links. Say I want to know who baz at yahoo.com is. I send them a mail
(possibly spoofed to look like it's from a previous correspondent of
theirs) instructing them to click on some link that I control that no
one else has seen. This can happen inadvertantly or accidentally even,
I know I've accidentally clicked on an ad banner/stray link here or
Can you provide some sort of option so that the proxy stays enabled
for links clicked from a proxy-enabled page? Would be useful for those
of us with over-sensitive touchpads :)
Mad Computer Scientist
fscked.org evil labs
More information about the tor-talk