Force exitnode oddness
Fabian Keil
freebsd-listen at fabiankeil.de
Tue Sep 30 16:25:40 UTC 2008
Geoff Down <downie at castlecops.net> wrote:
> Those nice people at Privoxy have anticipated the need :)
> +filter {hide-tor-exit-notation}
> +filter-client-headers
> .exit/
In Privoxy 3.0.8 and later, it's:
{+client-header-filter{hide-tor-exit-notation}}
/
Using "/", as Referer headers send to "normal" URLs
while leaving .exit URLs can leak the exit notation
as well (if they aren't blocked anyway).
> It looks like cookies are sent properly even though they are stored
> under the modified domain name.
> It also looks like some page requisites (images etc) may be fetched
> from a different circuit i.e. not respecting the forced exit node.
> Could be a problem if the page contains absolute URIs.
While it's a bit more work than simply adding the exit notation
in the browser, you can have Privoxy add it behind the browser's back.
Another advantage is that it works for SSL as well (no certificate warnings).
For an example have a look at:
http://www.fabiankeil.de/blog-surrogat/2008/02/01/privoxy-3.0.8.html#rewrite
(note that the fingerprint has changed, though)
And in case you aren't using Privoxy, there's always MapAddress.
Quoting tor(1):
| MapAddress address newaddress
| When a request for address arrives to Tor, it will rewrite it to
| newaddress before processing it. For example, if you always want
| connections to www.indymedia.org to exit via torserver (where
| torserver is the nickname of the server), use "MapAddress
| www.indymedia.org www.indymedia.org.torserver.exit".
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080930/7f446ad3/attachment.pgp>
More information about the tor-talk
mailing list