Easy Firefox hacks to improve anonymity (HTTPS Header Scrubbing)
Michael Holstein
michael.holstein at csuohio.edu
Wed May 24 14:10:26 UTC 2006
Why not just install the "User Agent Switcher" plugin for firefox?
http://releases.mozilla.org/pub/mozilla.org/extensions/user_agent_switcher/user_agent_switcher-0.6.8-fx+fl+mz.xpi
Does the same thing on the fly.
~Mike.
Anothony Georgeo wrote:
> -----------
>
> *CONCEPT*
>
> There has been bit of dicussion latley about filtering
> HTTP/S environmental variable headers and creating a
> default HTTP/S header template for Tor users.
>
> The last big hurdle (now solved) in header scrubbing
> is the scrubbing of HTTPS headers.
>
> I think the solution is to use Firefox or FF
> extensions to filter the HTTPS headers as FF and FF
> extensions have access to the verifed and decrypted
> HTTPS headers on-the-fly by default.
>
> I will describe how to edit the "about:config" menu
> and how to configure the FF extensions "User Agent
> Switcher" and "RefControl".
>
> The goal is to enable HTTPS header scrubbing while
> using the *same* anonymity set charastics as those
> which may be used by future relases of Tor bundled
> with Privoxy (using the default template).
> <http://archives.seul.org/or/talk/May-2006/msg00327.html>
>
> For example, FF and FF extensions should make the
> HTTPS headers identical the HTTP headers created by
> Privoxy. Thus inceasing the anonymity set and
> everyone's anonymity in general.
>
> The anonymity set that I am attempting to use is as
> follows:
>
> A. User-Agent:
> Mozilla, Windows XP, 128-bit encryption, English
> (non-localized), Firefox.
>
> -
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
> rv:1.7.10) Gecko/20050716 Firefox/1.0.5
> -
>
> B. Referer(Referrer):
> Is set to the root (home page) of the site you are
> currently visiting (eg."http://www.example-root.com").
>
>
> I think it is wise to use {forge} for the template
> Referer setting. If we use a real domain with the
> {custom} paramiter it may get Tor in trouble with the
> real domain's owners. I am pretty sure we can not use
> {block} as it breakes many sites.
>
> Note:
> HTTPS referrer from one HTTPS URL directly to another
> HTTPS URL is set to {block} incase RegControl can not
> properly handle these headers. This is because I have
> not tested (and I don't know) HTTPS to HTTPS referrer
> headers.
>
> -Questions:
> -Can 'referer' {custom} be set to a fake URL without
> breaking sites?
> - 'referer' {forge} will generate random headers for
> Tor users, will this increase anonymity set?
>
> C. Keep-Alive:
> Close
>
> D. Compression:
> Prevented
>
> E. X-Forwarded-for:
> Not removed or spoofed as FF does not have this
> capibility. Besides, the entry node removes your real
> "X-Forwarded-for:" header and it already has your real
> IP.
>
> F. Ping:
> FF will supress the Ping function in HTTP/S.
>
> -----------
>
> **PROOF**
> (More testing required)
>
> 1. Results from HTTPS (eg. SSL) envrionmental variable
> test at
> <http://www.stilllistener.com/checkpoint1/ssi/>
>
> ++++
> REMOTE_ADDR:
> 149.9.0.21
>
> HTTP_ACCEPT:
> text/xml,application/xml,application/xhtml+xml,
> text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>
> HTTP_ACCEPT_CHARSET:
> ISO-8859-1,utf-8;q=0.7,*;q=0.7
>
> HTTP_ACCEPT_ENCODING:
> gzip;q=0,deflate;q=0,compress;q=0
>
> HTTP_ACCEPT_LANGUAGE:
> en-us,en;q=0.5
>
> HTTP_CONNECTION:
> close
>
> HTTP_COOKIE:
> $1
>
> HTTP_HOST:
> www.stilllistener.com
>
> HTTP_REFERER:
> http://www.stilllistener.com/
>
> HTTP_USER_AGENT:
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
> rv:1.7.10) Gecko/20050716 Firefox/1.0.5
> ++++
>
>
> 2. Results from HTTP envrionmental variable test at
> <http://www.stilllistener.com/checkpoint1/test2/>
>
> ++++
> REMOTE_ADDR:
> 64.74.207.50
>
> HTTP_ACCEPT:
> text/xml,application/xml,application/xhtml+xml,
> text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
>
> HTTP_ACCEPT_CHARSET:
> ISO-8859-1,utf-8;q=0.7,*;q=0.7
>
> HTTP_ACCEPT_ENCODING:
> gzip;q=0,deflate;q=0,compress;q=0
>
> HTTP_ACCEPT_LANGUAGE:
> en-us,en;q=0.5
>
> HTTP_CONNECTION:
> close
>
> HTTP_COOKIE:
> $1
>
> HTTP_HOST:
> www.stilllistener.com
>
> HTTP_REFERER:
> http://www.stilllistener.com/
>
> HTTP_USER_AGENT:
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
> rv:1.7.10) Gecko/20050716 Firefox/1.0.5
> ++++
>
>
>
> -----------
>
> **Directions**
>
> --
> Note:
>
> I will attached the settings for Privoxy's
> "user.actions" file which mirror those here in my next
> post in this thread.
> --
>
>
>
> 1.
> Start Firefox
>
>
>
> 2.
> Type this into the URL bar and hit [enter]:
>
> about:config
>
>
>
> 3. -HTTPS Referrer-
> <http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer>
>
> 3a. Copy/paste the following line into the "Filter:"
> bar:
>
> "network.http.sendSecureXSiteReferrer"
>
> 3b. Right click on the title and choose "toggle"
> ensure the 'Value' entry reads "False".
>
> {false} = Don't send the Referer header when
> navigating from a https site to another https site.
>
>
>
> 4. -Keep-Alive(proxy connection)-
> <http://kb.mozillazine.org/Network.http.proxy.keep-alive>
>
> 4a. Copy/paste the following line into the "Filter:"
> bar:
>
> "Network.http.proxy.keep-alive"
>
> 4b. Right click on the title and choose "toggle"
> ensure the 'Value' entry reads "False".
>
> {false} = Never use keep-alive connections.
>
>
>
> 5. -Keep-Alive-
> <http://kb.mozillazine.org/Network.http.keep-alive>
>
> 5a. Copy/paste the following line into the "Filter:"
> bar:
>
> "Network.http.keep-alive"
>
> 5b. Right click on the title and choose "toggle"
> ensure the 'Value' entry reads "False".
>
> {false} = Never use keep-alive connections.
>
>
>
> 6. -Accept-Encoding-
> <http://kb.mozillazine.org/Network.http.accept-encoding>
> Prevent compression of HTTP/S data.
>
> 6a. Copy/paste the following line into the "Filter:"
> bar:
>
> "network.http.accept-encoding"
>
> 6b. Right click on the title and choose "modify".
>
> 6c. Delete the text from the box and copy/paste the
> following line into the box:
>
> "gzip;q=0,deflate;q=0,compress;q=0"
>
> 6d. Now click "OK"
>
> {gzip;q=0,deflate;q=0,compress;q=0} = No compression
>
>
>
> 7. -Send Ping-
> <http://kb.mozillazine.org/Browser.send_pings>
>
> 7a. This option is not required, you do not need to
> use it.
>
> 7b. Right click anywhere in the 'about:config' window
> and select "New > Boolean".
>
> 7c. Copy/paste the following line into the 'Perference
> Name" box:
>
> "Browser.send pings"
>
> 7d. In the next window select "false"
>
> {false} = Ignore the ping attribute.
>
>
>
> 8. -User_Agent-
> <http://en.wikipedia.org/wiki/User_agent>
> "User Agent Switcher" is a great FireFox extension.
>
> 8a. Install "User Agent Switcher"
> <https://addons.mozilla.org/firefox/59/>
>
> 8b. Restart Firefox
>
> 8c. Click on "Tools > User Agent Switcher > Options >
> Options...".
>
> 8d. In the next window click the text "User Agents"
>
> 8e. Then click the "Add" button and enter the
> following text in the appropriate boxes:
>
> Note: Lines should not be wrapped.
>
> --
> Description: Mozilla, Windows XP, 128-bit encryption,
> English
>
> User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
> en; rv:1.7.10) Gecko/20050716 Firefox/1.0.5
>
> App Name: Firefox
>
> App version: 5.0 (Windows; U; Windows NT 5.1; en;
> rv:1.7.10) Gecko/20050716 Firefox/1.0.5
>
> Platform: Win32
>
> Vendor:
>
> Vendor Sub:
> --
>
> 8f. Now close and reopen Firefox again and select
> "Tools > Mozilla, Windows XP, 128-bit encryption,
> English"
>
>
>
> 9. -HTTP/S Referrer-
> The FF extension "RefControl" is a great tool.
>
> 9a. Install "RefControl"
> <http://www.stardrifter.org/refcontrol/>
>
> 9b. Restart Firefox
>
> 9c. Click on "Tools > RefControl Options..."
>
> 9d. In the window that loads click the button "Edit"
>
> 9e. Then click the button "Forge" then the buttons
> "OK" and "OK".
>
>
>
> -----------
>
>
> Please try this out and let me know how you fare and
> where improvments may be made.
>
>
> -----------
>
> **TESTING**
>
> After following the directions...
>
> A. Go to the following site and record your results:
> <http://www.stilllistener.com/checkpoint1/test2/>
>
> B. Then goto this site and record your results:
> <http://www.stilllistener.com/checkpoint1/ssi/>
>
> C. Then compare the results from both tests. The
> results should be the same as each other and the same
> as Tor's official Privoxy configuration.
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
More information about the tor-talk
mailing list