-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 grarpamp: >> Has anyone tried using continuous integration tools like Travis >> CI to find proxy leaks in applications? The rough idea I had was >> to run all the existing unit/integration tests for the >> application, wrapped in something like: >> [snip] >> >> and use grep on the resulting output to find any results that >> connect to anything other than the configured proxy. (This >> assumes that the application has good test coverage already.) >> I'm curious if someone has already tried to tackle this, or if >> there's a better way. >> >> (H/t to pabouk at https://tor.stackexchange.com/a/118 for the >> idea of using strace.) > > Assuming you're not going to read the code to find such instances > and test mode is nice but not covering real world usage, caveats, > threats and exploits, nor does strace block anything, better to > packet filter and log everything default deny. Run all the tests > and real world you want inside that.
Just to be clear, the intention here isn't to block proxy leaks, only to detect them. I strongly doubt that Travis CI or similar infrastructure cares about being deanonymized. Also, "real-world usage" isn't feasible to automate in CI tests; the main intention is to identify accidental code that doesn't use the desired proxy, as soon as it's committed to a project repo or submitted in a pull request. Detecting or blocking code that can be exploited to bypass a proxy is out of scope for my interest. I suspect that detecting without blocking is actually better than blocking for this use case, because blocking packets would interfere with the remainder of the test (and therefore make it difficult to tell whether any additional leaks were made undetectable by the change in program behavior caused by the initial leak being blocked). Hope I'm making sense, and apologies if my initial post was unclear. Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmob...@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jer...@veclabs.net is having technical issues at the moment. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZNRbAAAoJELPy0WV4bWVwZr8QAJW9RiYNv99II3PTlUwoX9U/ kQBIX0SaGyHdpmaMM8yUEkwP2y7dnQ0Re+MW1yu/hpwb4twODcJkkbbmtqj0FnlQ XbLN2yNfG1H2C6DiwCwg3n3dAVkXvoxO5eRT1SHAhW9C1RFdh2luqOSDLVCUHQfa 9EIeyDh1qCyUseLhq3t5uFxQMdZVjgKSfT0Hqa+78nsLWhT3KlDjpUNtbkHIBI0O 1HFPXwLFxoGetnpnbIJlf9dbvQfrYzgr9484qqB2ySmDjKRo/XpmHG/HC21K5sIk 9XqSwr3KrUVSGCdVSqlblLAYRmuZu/9jBb7cx6m2lPcpw5jbEnJFA7LhaH0JktDX G7b/XyMSnzlqBj98o/3PKLoivYoEB61IjHfvN2CH6HSpBHIdHszUG05LiML6mTG7 +na6zol3EOLJBcGMnG+KEMjAWf3u99dpi0hC3GWw51vawIFh/wkIq4ROAPv+nWme SH7WmrYS0fp7ywOiDFIW7M/EaZf3gDp47Fs2aVM2HaXcqOOcw9cCujHKMjnf12Od CVYDINOqMt6HRd4lRzfIya19GaiEN7XxPz+yTUfW8iazxa3bIbtaoqU7cySvmjFk 7kq+tDjHrr+hTpv2YihKptSYMZM1Z+vX0wA24omG1LtSdj0Iyrul36k+Q2dkYYlA OrAiuqnQUuwUEqHhXIBC =OffZ -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk