[tor-dev] Tor + Apache Traffic Server w/ SOCKS - works now!
So I've been looking for a long time for something modern to sit between my browser and Tor -- something modern, capable, and efficient (i.e. doesn't fork every connection). Years ago Yahoo got some proxy software from an acquisition, a few years later they made it open source as Apache Traffic Server ( http://trafficserver.apache.org/), and today its the backbone of Yahoo's infrastructure. They have a number of full time engineers that work on it full time, they use it in production, and they are implementing cutting edge features like IPv6, SPDY, and HTTP/2 support. SOCKS is was one of the legacy features of Apache Traffic Server. However, it hasn't been maintained. If you build from git right now you'll find SOCKS support completely broken at least four ways (a couple bad asserts, wrong byte order, and an uninitialized field). They took the documentation on the SOCKS feature out a while ago but never got around to removing the code. Since it was there I spent some time over the weekend and fixed it. There are still some issues around SOCKS still but it works well enough that you can surf though tor with it. If there is interest in it here I'd be happy to put together a how-to for Linux and MacOS to get it built and configured. I'd also like to encourage people to make some noise - Yahoo does have SOCKS servers internally but they don't test using Traffic Server with them because they don't think anyone uses the feature (and they are right, there is no way the code works for anyone in the present state). But if there was interest then maybe they'd keep the code fresh going forward. I'm including a copy of the patch with this e-mail just to get it out. You can pull their git repository (https://github.com/apache/trafficserver) and apply it to the master master branch. diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst index a9a2c68..8b03894 100644 --- a/doc/reference/configuration/records.config.en.rst +++ b/doc/reference/configuration/records.config.en.rst @@ -2639,6 +2639,74 @@ Plug-in Configuration on a dedicated thread pool, freeing the network threads to service additional requests. +SOCKS Processor +=== + +.. ts:cv:: CONFIG proxy.config.socks.socks_needed INT 0 + + Enables (``1``) or disables (``0``) the SOCKS processor + +.. ts:cv:: CONFIG proxy.config.socks.socks_version INT 4 + + Specifies the SOCKS version (``4``) or (``5``) + +.. ts:cv:: CONFIG proxy.config.socks.socks_config_file STRING socks.config + + The socks_onfig file allows you to specify ranges of IP addresses + that will not be relayed to the SOCKS server. It can also be used + to configure AUTH information for SOCKSv5 servers. + +.. ts:cv:: CONFIG proxy.config.socks.socks_timeout INT 100 + + The activity timeout value (in seconds) for SOCKS server connections. + +.. ts:cv:: CONFIG proxy.config.socks.server_connect_timeout INT 10 + + The timeout value (in seconds) for SOCKS server connection attempts. + +.. ts:cv:: CONFIG proxy.config.socks.per_server_connection_attempts INT 1 + +The total number of connection attempts allowed per SOCKS server, +if multiple servers are used. + +.. ts:cv:: CONFIG proxy.config.socks.connection_attempts INT 4 + + The total number of connection attempts allowed to a SOCKS server + Traffic Server bypasses the server or fails the request + +.. ts:cv:: CONFIG proxy.config.socks.server_retry_timeout INT 300 + + The timeout value (in seconds) for SOCKS server connection retry attempts. + +.. ts:cv:: CONFIG proxy.config.socks.default_servers STRING + + Default list of SOCKS servers and their ports. + +.. ts:cv:: CONFIG proxy.config.socks.server_retry_time INT 300 + + The amount of time allowed between connection retries to a SOCKS + server that is unavailable. + +.. ts:cv:: CONFIG proxy.config.socks.server_fail_threshold INT 2 + + The number of times the connection to the SOCKS server can fail + before Traffic Server considers the server unavailable. + +.. ts:cv:: CONFIG proxy.config.socks.accept_enabled INT 0 + + Enables (1) or disables (0) the SOCKS proxy option. As a SOCKS + proxy, Traffic Server receives SOCKS traffic (usually on port + 1080) and forwards all requests directly to the SOCKS server. + +.. ts:cv:: CONFIG proxy.config.socks.accept_port INT 1080 + + Specifies the port on which Traffic Server accepts SOCKS traffic. + +.. ts:cv:: CONFIG proxy.config.socks.http_port INT 80 + + Specifies the port on which Traffic Server accepts HTTP proxy requests + over SOCKS connections.. + Sockets === diff --git a/iocore/net/Socks.cc b/iocore/net/Socks.cc index a0350f6..a253842 100644 --- a/iocore/net/Socks.cc +++ b/iocore/net/Socks.cc @@ -54,20 +54,12 @@ SocksEntry::init(ProxyMutex *m, SocksNetVC *vc, unsigned char socks_support, uns SET_HANDLER(SocksEntry::startEvent); - ats_ip_copy(target_addr, vc-get_local_addr()); - #ifdef SOCKS_WITH_TS
Re: [tor-dev] Tor + Apache Traffic Server w/ SOCKS - works now!
I think we have differing goals, however your or-ctl-filter is very cool and I think I will need to add it to my stack. On Tue, May 5, 2015 at 12:20 PM, David Stainton dstainton...@gmail.com wrote: i don't see any benefit from running yet another c program on my computer... why not run something like Yawning's or-ctl-filter between your tor and tbb? at least it's written in a safer language and does useful things like filter OR commands: https://github.com/Yawning/or-ctl-filter anyone who knows golang could easily write more socks servers and clients; super easy! also python would be an even better choice from the perspective of language safety and their are a few socks (twisted) client and server libraries you can use. On Tue, May 5, 2015 at 1:47 PM, CJ Ess zxcvbn4...@gmail.com wrote: So I've been looking for a long time for something modern to sit between my browser and Tor -- something modern, capable, and efficient (i.e. doesn't fork every connection). Years ago Yahoo got some proxy software from an acquisition, a few years later they made it open source as Apache Traffic Server (http://trafficserver.apache.org/), and today its the backbone of Yahoo's infrastructure. They have a number of full time engineers that work on it full time, they use it in production, and they are implementing cutting edge features like IPv6, SPDY, and HTTP/2 support. SOCKS is was one of the legacy features of Apache Traffic Server. However, it hasn't been maintained. If you build from git right now you'll find SOCKS support completely broken at least four ways (a couple bad asserts, wrong byte order, and an uninitialized field). They took the documentation on the SOCKS feature out a while ago but never got around to removing the code. Since it was there I spent some time over the weekend and fixed it. There are still some issues around SOCKS still but it works well enough that you can surf though tor with it. If there is interest in it here I'd be happy to put together a how-to for Linux and MacOS to get it built and configured. I'd also like to encourage people to make some noise - Yahoo does have SOCKS servers internally but they don't test using Traffic Server with them because they don't think anyone uses the feature (and they are right, there is no way the code works for anyone in the present state). But if there was interest then maybe they'd keep the code fresh going forward. I'm including a copy of the patch with this e-mail just to get it out. You can pull their git repository (https://github.com/apache/trafficserver) and apply it to the master master branch. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] working back to socks_request_t
Thanks for going into so much detail, you've given me a lot to think about. The real solution is probably the one that nobody wants to take on - having an application HTTP port that could take direct input from HTTP aware stuff and utilize a richer set of information then SOCKS allows for. I've spent a couple evenings looking to see if I could take the code stuff from the dirport and use it for that purpose. I need to spend another couple evenings and and go back and look at the SOCKS4 stuff, I've just recently realized that the state machine for that is closer to an http request/response. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] working back to socks_request_t
So I'm doing a bit of an experiment, the idea being that if you have a group of tor users sharing common infrastructure then its a slightly different situation then one lone user, and you wantto emphasize that resources should not be shared, caching should be minimal and non-persistent, you need to keep usage from standing out, etc. The problem with my original idea is that everything that does HTTP SOCKS is one or two decades old, and draws a lot of attention because it forks for every connection or is some strange process that nobody has ever seen before. So plan B is everyone involved runs their socks speaking browser on their desktop/laptop, everyone runs a tor client on the same device as their browser, we use the HTTPProxy/HTTPSProxy feature of the clients to navigate the firewall, everyone uses their own credentials instead of having one ID draw attention for high utilization, and the presence of the Proxy-Authorization header takes care of any caching/session sharing issues along the way. To make that work, the one question I have for tor-dev is if its possible Here: https://github.com/torproject/tor/blob/24f170a11f59e26dec3a24d076b749c8acc793ca/src/or/connection.c#L1865 To work back to the socks_req, so that I can pass through the username and password to the upstream proxy instead of the one global username/password? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] working back to socks_request_t
So underlying idea in this case is to pass thru the proxy credentials from the browser, so they don't have to be had coded in plain text in the tor config - you exit the browser and the credential goes away (or maybe its encrypted in the browser password manager), if you change your password you don't have to go update the tor config and bounce it, if its a shared device you don't have to reconfigure and possibly leave your credentials around, etc. That sounds good conceptually, but to implement I somehow need to work back from the connection_t passed into the function I mentioned to something that has the socks info (circuit? associated edge connection?) I tried to trace it though and nothing jumped out at me but maybe there is some type casting happening and I'm missing it. The other option would be to pass the info down through extra arguments or copied into extra field members. Either way I'm speculating there might be a really simple way to do this and worth the time writing up the question. If I get it working I'd be happy to send in a patch to the this list. On Sun, May 3, 2015 at 11:06 AM, teor teor2...@gmail.com wrote: Date: Sun, 3 May 2015 02:50:46 -0400 From: CJ Ess zxcvbn4...@gmail.com So I'm doing a bit of an experiment, the idea being that if you have a group of tor users sharing common infrastructure then its a slightly different situation then one lone user, and you wantto emphasize that resources should not be shared, caching should be minimal and non-persistent, you need to keep usage from standing out, etc. The problem with my original idea is that everything that does HTTP SOCKS is one or two decades old, and draws a lot of attention because it forks for every connection or is some strange process that nobody has ever seen before. So plan B is everyone involved runs their socks speaking browser on their desktop/laptop, everyone runs a tor client on the same device as their browser, we use the HTTPProxy/HTTPSProxy feature of the clients to navigate the firewall, everyone uses their own credentials instead of having one ID draw attention for high utilization, and the presence of the Proxy-Authorization header takes care of any caching/session sharing issues along the way. To make that work, the one question I have for tor-dev is if its possible Here: https://github.com/torproject/tor/blob/24f170a11f59e26dec3a24d076b749c8acc793ca/src/or/connection.c#L1865 To work back to the socks_req, so that I can pass through the username and password to the upstream proxy instead of the one global username/password? Hi CJ, It sounds like you're looking for one of the HTTP(S)ProxyAuthenticator options - you can configure a different username and password in the torrc file on each client's desktop/laptop. If you are going to run a SOCKS-speaking browser, why not run the Tor Browser? It does a lot more to protect your anonymity than most. From the tor manual page: HTTPProxyAuthenticator username:password If defined, Tor will use this username:password for Basic HTTP proxy authentication, as in RFC 2617. This is currently the only form of HTTP proxy authentication that Tor supports; feel free to submit a patch if you want it to support others. HTTPSProxyAuthenticator username:password If defined, Tor will use this username:password for Basic HTTPS proxy authentication, as in RFC 2617. This is currently the only form of HTTPS proxy authentication that Tor supports; feel free to submit a patch if you want it to support others. If these options aren't what you're looking for, can you explain what you want done with the SOCKS request in a bit more detail? teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7 ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Experimenting with private tor setup
No worry, I won't try to use these settings on anything connected to the public tor network. I will try out your fix - I'm working with v0.2.7.0-alpha-dev from the git repository now. In the mean time it looks like I've been successful in bootstrapping a private network without the testing flag, despite everything being on one server (with only a 172.16/12 interface). The directory authorities are voting, the routers are passing the reachability and bandwidth tests, and I can start a client and make requests through it. I think that just leaves a couple questions for now: - I know the directory authority's certificate needs to be renewed periodically (looks like 12 months default). Since it asked for a password that is something I need to do manually then send a HUP, correct? Later on I'll try to hack generating a cert with days or hours of time just to see what happens, but would like to know what the correct way to handle it is. - All of my routers have done the bandwidth tests, but I see this warning on the DAs with each vote: Apr 22 22:39:41.000 [warn] Consensus with empty bandwidth: G=0 M=5 E=0 D=243 T=248 Is this something that will fill out as the uptime of the instances increase? Or is this something I should look into? On Wed, Apr 22, 2015 at 11:05 AM, teor teor2...@gmail.com wrote: On 22 Apr 2015, at 23:24 , teor teor2...@gmail.com wrote: … It appears that my original fix to bug #13924 didn't anticipate anyone using ExtendAllowPrivateAddresses 1 without TestingTorNetwork 1. I'll submit a patch which swaps TestingTorNetwork for ExtendAllowPrivateAddresses. This will preserve the existing fix, because TestingTorNetwork 1 implies ExtendAllowPrivateAddresses 1. The relevant line is here: https://github.com/torproject/tor/blob/cc10f13408e25eaf04f849d0f761680f383fa61d/src/or/circuitbuild.c#L1401 … CJ, I have made this change and it's waiting for review in the Tor Project Trac system. Please see: https://trac.torproject.org/projects/tor/ticket/15771 Or on github: Branch: bug-15771-reachability Repository: https://github.com/teor2345/tor.git teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7 ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Experimenting with private tor setup
I've been experimenting with a private tor setup - I've managed to setup a couple directory authorities, six routers/exit nodes (which seemed to be the minimum to bootstrap everything), and a client. Its a pretty normal setup (aside from everything running on my development box) and passes traffic as expected. So I'm wondering what would happen if I set TestingTorNetwork to 0, so I picked one onion router instance and made that change. Because its all running on one box I had to keep some of the special settings: DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AuthDirMaxServersPerAddr 0 AuthDirMaxServersPerAuthAddr 0 ExtendAllowPrivateAddresses 1 And that almost works, I got this far: Apr 21 00:50:09.000 [notice] Bootstrapped 100%: Done Apr 21 00:50:09.000 [notice] Now checking whether ORPort xxx.18.110.101:5106 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Apr 21 01:10:09.000 [warn] Your server (xxx.18.110.101:5106) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Apr 21 01:30:09.000 [warn] Your server (xxx.18.110.101:5106) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. It looks like the is reachable is determined by opening a circuit. I see this message several times in the logs: Apr 21 01:38:56.000 [info] channel_tls_process_netinfo_cell(): Got good NETINFO cell from xxx.18.110.101:5002; OR connection is now open, using protocol version 4. Its ID digest is 41373151BCC461FEFEFCC1BAF6DCEFD89922014C. Our address is apparently xxx.18.110.101. I don't see any warnings or errors, it looks like the circuits are being opened successfully. Any ideas why this doesn't translate to getting past the ORPort being reachable test? ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Experimenting with private tor setup
Chutney sounds really cool, but this is more of a learning exercise so I'll keep at it manually for a bit. I read someplace that test instances on the public tor are near useless, so I tried setting TestingTorNetwork 0 on all he routers and one of the directory servers in case there was some logic guarding against instances with different values. The directory authority came up and did participate in consensus generation but never decided that the orport/dirport was reachable. None of the routers did any better. However they do seem to be successfully creating circuits to other routers and the directory authorities. I turned on debug logging and went through it line for line, and if there are any complaints they are not being logged. It looks like there are only a few bits of code involved in the reachability tests, I'll throw in some printfs and see if I can catch whats happening. That failing I have a good test case I can submit. I'm using Tor v0.2.6.7 for all this BTW. On Tue, Apr 21, 2015 at 9:01 AM, teor teor2...@gmail.com wrote: Date: Tue, 21 Apr 2015 02:13:48 -0400 From: CJ Ess zxcvbn4...@gmail.com I've been experimenting with a private tor setup - I've managed to setup a couple directory authorities, six routers/exit nodes (which seemed to be the minimum to bootstrap everything), and a client. With the latest versions of tor and chutney, the basic-min configuration bootstraps a testing tor network with 3 authorities (non-exits), 1 exit relay, and 1 client. I'm pretty sure this is the minimum number of tor instances to bootstrap, as bootstrapping requires each relay to create a 3-hop path through other relays which have already bootstrapped (or, in this case, the 3 authorities, which assume their own reachability). I'm not sure if you're using chutney to set up your network. chutney simplifies the setup of local tor networks using a templating and launch system. The latest version can be downloaded using: git clone https://git.torproject.org/chutney.git Its a pretty normal setup (aside from everything running on my development box) and passes traffic as expected. So I'm wondering what would happen if I set TestingTorNetwork to 0, so I picked one onion router instance and made that change. Because its all running on one box I had to keep some of the special settings: DirAllowPrivateAddresses 1 EnforceDistinctSubnets 0 AuthDirMaxServersPerAddr 0 AuthDirMaxServersPerAuthAddr 0 ExtendAllowPrivateAddresses 1 And that almost works, I got this far: Apr 21 00:50:09.000 [notice] Bootstrapped 100%: Done Apr 21 00:50:09.000 [notice] Now checking whether ORPort xxx.18.110.101:5106 is reachable... (this may take up to 20 minutes -- look for log messages indicating success) Apr 21 01:10:09.000 [warn] Your server (xxx.18.110.101:5106) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Apr 21 01:30:09.000 [warn] Your server (xxx.18.110.101:5106) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. It looks like the is reachable is determined by opening a circuit. I see this message several times in the logs: Apr 21 01:38:56.000 [info] channel_tls_process_netinfo_cell(): Got good NETINFO cell from xxx.18.110.101:5002; OR connection is now open, using protocol version 4. Its ID digest is 41373151BCC461FEFEFCC1BAF6DCEFD89922014C. Our address is apparently xxx.18.110.101. I don't see any warnings or errors, it looks like the circuits are being opened successfully. Any ideas why this doesn't translate to getting past the ORPort being reachable test? If you're using a version of tor before 0.2.6.1, then it's possible that bug #13924 may be the culprit: https://trac.torproject.org/projects/tor/ticket/13924 Reachability testing and channel is_local assume private addresses are local (and therefore discount the local/private addresses for the purposes of reachability testing). Alternately, you could have discovered a similar bug which occurs when all tor instances in a network are on the same, public IP address. Please feel free to log a bug if this behaviour is still showing up in tor versions after 0.2.6.1 - and reference #13924 so we know the history of the issue. https://trac.torproject.org/projects/tor/newticket You could also disable reachability testing entirely using: AssumeReachable 1 TestingTorNetworks also allow you to skip several boring minutes of bootstrap by just voting everything a guard and an exit (only in recent versions of tor): TestingDirAuthVoteExit * TestingDirAuthVoteHSDir * Let us know how you go. teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
Re: [tor-dev] TBB for Ubuntu Touch?
On 03/05/2015 11:21 AM, Amogh Pradeep wrote: Hey CJ, Where are you right now? I'd be interested in trying this out too and I'd love to get it working on my nexus 7 as well! I'm sitting by the entrance and my nametag reads the same as my nick which is amoghbl1. Best, amoghbl1 Heya amoghbl1, hmm, didn't see your mail earlier — and not really sure to know which entrance you're speaking of. Currently backuping the device, and I'll follow the steps as described here: https://developer.ubuntu.com/en/start/ubuntu-for-devices/installing-ubuntu-for-devices/ After that, I'll play around in order to see how it works, what can be done and if a simple apt-get install tor might work (I do have some doubts ;) ). Will post my findings. Cheers, C. On 05/03/15 11:24, CJ wrote: Hello, I just saw Ubuntu Touch might be installed on some devices, for example a nexus7, or nexus4, or nexus10. Is there anything to do in order to get TBB on Ubuntu Touch, knowing it's a more or less standard Linux system? Did anyone tried it? I think I'll give a try to Touch on my nexus 7 — might be the time to do some tests regarding Tor on this kind of OS ;). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] TBB for Ubuntu Touch?
Hello, I just saw Ubuntu Touch might be installed on some devices, for example a nexus7, or nexus4, or nexus10. Is there anything to do in order to get TBB on Ubuntu Touch, knowing it's a more or less standard Linux system? Did anyone tried it? I think I'll give a try to Touch on my nexus 7 — might be the time to do some tests regarding Tor on this kind of OS ;). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Fwd: Orbot v15-alpha-3 with VPN and Meek!
On 14/02/15 08:58, Nathan Freitas wrote: - Original message - From: Nathan of Guardian nat...@guardianproject.info To: guardian-...@lists.mayfirst.org Subject: Orbot v15-alpha-3 with VPN and Meek! Date: Sat, 14 Feb 2015 02:57:34 -0500 More progress on Orbot VPN support, and now, thanks to our new PLUTO library (https://github.com/guardianproject/pluto), support for Meek (https://trac.torproject.org/projects/tor/wiki/doc/meek) and soon Obfs4 as well. Currently you can use Meek or you can use VPN, but you can't use both together... still working on that, as I can't get Meek to talk to the passthrough HTTP proxy I use to allow socket connections out of the VPN filter. To use Meek, just enable the Bridges button on the home screen, without using any bridge config info, and it will default to using the Meek Azure instance. If you set the bridge line to 0 it will use Google, and 1 it will use Amazon, and 2 it will use Azure. The VPN mode is just as easy, just enable VPN using the homescreen toggle button, then start/restart Orbot. All apps on your phone should now be running through Tor. Remember, Bridges and VPN don't work at the same time, for now... but please test both features separately, and let me know how well they work for you. APK: https://guardianproject.info/releases/Orbot-v15.0.0-ALPHA-3.apk SIG: https://guardianproject.info/releases/Orbot-v15.0.0-ALPHA-3.apk.asc Source: https://gitweb.torproject.org/n8fr8/orbot.git/log/?h=v15-dev or https://github.com/n8fr8/orbot/tree/v15-dev Hello Nathan! Glad seeing this VPN part going further! I just have concerns regarding my app compatibility (orwall): does orbot still opens ports on localhost, and are they still the same, or shall I detect orbot version and/or probe for opened ports? I'll give a try to this alpha version shortly hopefully (time is a weird thing fleeing at light speed). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Revisiting exit node notification page
Heya! While I re-built my server and my exit node, I took some time in order to get a fancier notification page for the exit node: https://tor.tengu.ch/ It might be good/interesting to provide something a bit better than the default HTML in the package (at least debian package). The current page I got is based on bootstrap and, thus, might have some license issue if this has to be included in a package, but I'm pretty sure we might get something independent. Would you, the dev team, be interested in such a new look for this page? If so, I might take some time in order to provide html/css stuff without any dependence on some other stuff (though, on my page, all is included locally). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Revisiting exit node notification page
On 18/01/15 01:48, Zack Weinberg wrote: On Sat, Jan 17, 2015 at 3:18 PM, CJ t...@tengu.ch wrote: Heya! While I re-built my server and my exit node, I took some time in order to get a fancier notification page for the exit node: https://tor.tengu.ch/ This page isn't loading for me right now, just fyi. Fuu… Tor xen domU seems to make the whole dom0 crash in a weird way. Uncool at least :/. Would you, the dev team, be interested in such a new look for this page? If so, I might take some time in order to provide html/css stuff without any dependence on some other stuff (though, on my page, all is included locally). Personally, I would be interested in improvements to the language first and the style second. I'd prefer a page that can be served via DirPortFrontPage (so, no external resources, not even images) and there should definitely be no JavaScript whatsoever. Sure that. I'm not so good at English (not my mother tongue) — for the no image, it might be a bit austere… anyway, we might as well embed images as b64 encoded content, I already saw that. Regarding JS: sure. in my case it's just for the responsive part, but that's not really useful anyway. I'll try to understand *why* my tor VM makes xen crash first… Cheers, C. zw ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] Transparent Proxy: how does it work?
Hello dear torrorists :) I'm wanting to do some weird things with iptables in order to force some connections through Tor's TransProxy, but before that I have an interrogation on its internals: How does it detect if we're wanting to use, let's say, SMTP over Tor? Is there any kind of sniffer that tells tor ok, so this one wants to go to mail.google.com:25, this other one to www.ethack.org:443 with SSL ? If so, how does it work? It seems it may cause some problems when using Tor on a gateway, like some android device with tethering: forcing tethered connections through tor [orbot] seems to be really hard. Thank you in advance for your enlightenment. Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor API doc?
On 08/11/2014 11:21 AM, Nusenu wrote: I've searched, but didn't find anything regarding how we can interact with Tor API (through the Administration Port). Would be nice if you could provide some link :). If you are talking about tor's ControlPort: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=control-spec.txt Hello, Yes! sorry for the wrong name, this may explain why I didn't find what I needed :). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor API doc?
On August 11, 2014 4:13:00 PM CEST, Zack Weinberg za...@panix.com wrote: Also, https://stem.torproject.org/ is a client library for the API (that is, a library for writing programs that use the control port). Yep, but working with java ;). But it's ok, I have what I nees now. Cheers, C. On Mon, Aug 11, 2014 at 6:07 AM, CJ t...@tengu.ch wrote: On 08/11/2014 11:21 AM, Nusenu wrote: I've searched, but didn't find anything regarding how we can interact with Tor API (through the Administration Port). Would be nice if you could provide some link :). If you are talking about tor's ControlPort: https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=control-spec.txt Hello, Yes! sorry for the wrong name, this may explain why I didn't find what I needed :). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] [android dev] probably a stupid noob question… but
… how may I add netcipher lib to an Android Studio project? I've searched on the Net, but nothing seems to match my needs :( sorry for this stupid question, but I'm a bit stuck (yes, first android app, blah)… Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] [android dev] probably a stupid noob question… but
On 07/31/2014 05:54 PM, Lunar wrote: CJ: … how may I add netcipher lib to an Android Studio project? I've searched on the Net, but nothing seems to match my needs :( sorry for this stupid question, but I'm a bit stuck (yes, first android app, blah)… I'm not sure there is much knowledge about Android apps amongst tor-dev subscribers. Maybe the Guardian Project's mailing list is more appropriate? https://lists.mayfirst.org/mailman/listinfo/guardian-dev Hello Lunar, thanks for the hint, I wasn't really sure it was the right place in here… Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
[tor-dev] orbot: get its ports from another app
Hello, I'm currently developping orwall, a UI over iptables allowing to block all IP traffic and forcing selected apps through Orbot (while blocking the others), among other things. I'm wondering if there's a way to ask Orbot, if installed, its SOCKS and TransPort configuration. I think NetCipher lib may do it, but I'm not that sure. Thanks in advance for your answer/help :). Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] orbot: get its ports from another app
On 29/07/14 21:19, Nathan Freitas wrote: On 07/29/2014 03:03 PM, CJ wrote: I'm currently developping orwall, a UI over iptables allowing to block all IP traffic and forcing selected apps through Orbot (while blocking the others), among other things. I'm wondering if there's a way to ask Orbot, if installed, its SOCKS and TransPort configuration. I think NetCipher lib may do it, but I'm not that sure. This feature is underway. You can add a ticket on Github or via our dev tracker: https://dev.guardianproject.info/projects/onionkit For most users, it will be default (9040, 9050, etc), but its definitely possible that people can change them, especially if they have the dreaded Samsung Link conflict. As for the implementation, it will simply be an Intent you send to Orbot and it will respond with the values. +n Hello Nathan, Thanks for the tip, I'll open a feature request :). In the meanwhile, I suppose I'll get the current setting the user may edit. I'll use this lib in order to detect Orbot and propose the installation, as it seems to do it properly. Happy to be able to play a bit with that. Cheers, C. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev