> > https://anonymous-proxy-servers.net/en/anontest > As I understand it, Polipo can't scrub the headers of an HTTPS request,
Nothing in the open source field can do so yet afaik. To do it, a shim needs to be coded and placed between the application and Tor. user <-> browser <-> [optional tool] <-> shim <-> tor:9050 The shim needs to listen on a proxy port (and or two configurable ports (for http and https)) and connect out to the world (or tor) to a proxy port (socks) (and or two other ports (for http and https or whatever port the input protocol used)). It would pass http unmodified. It would break end to end https. If the destination site had an invalid cert, it would present an invalid self-generated one to the client. If the destination site had a valid cert, it would present a self-generated and self-signed one to the client (which had obviously included the shim's root as a trusted cert), simply to signify to the client as to validity. Identity would be available from verbose logging in the shim and via an http[s] port on the shim itself. It could furthermore 'tee' off two output ports from it's bottom and receive two input ports from it's top. These would be a more general hook into 'optional toolchains' located in between the client and server side, decoding and shuffling the data stream in and out to a toolset at that point. It should have no 'censoring', caching or other features.. as that is what the optional toolsets do best. Note that 'browser' could be anything that can speak http[s], not just FF/MSIE. So 'plugins' are a non option. And that the 'optional tool' might be squid or polipo or whatever. And lastly, erasing your OS and other info from your headers makes you stand out as an obvious eraser. It's better to use a dead common and up to date os and browser and then mind your sessions properly. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/