logs archiveIRC Archive / Oftc / #tor / 2015 / July / 4 / 1
hs
good day
I noticed a problem with privoxy. I send a HTTP 1.1 POST REQUEST with a full URL http://xyz/path and a Host: header to privoxy. Privoxy then forwards it via the socks proxy as POST /path with the same Host header. While technically correct I noticed that Akamai doesn't exactly like this and triggers a Bad Request. Is there an easy way to tell privoxy to change this behavior? Just compiled the latest version and did not find anything obvious in the m
qwerty1
sounds like it's working?
isn't that what proxies are supposed to do, if i read your question correctly?
this is offtopic btw
what do you want it to do differently?
hs
well, Postel's Law should apply but it triggers an error with Akamai/hilton.com. Just changed build_request_line() in privoxy to use http->url rather than http->path and that fixed the issue
qwerty1
kk
hs
privoxy sends POST /relativepath HTTP/1.1 while it received POST http://FQDN/path HTTP/1.1 from the client
that relative path breaks a web server on the other side (don't ask why)
velope
i don't know the answer, except i wonder whether a http proxy like privoxy is really necessary for the app you're using.
if it's a web browser, you should be using torbrowser, which doesn't need a http proxy. or anyway, most other browsers can use a SOCKS proxy (tor) directly
if it's not a web browser, well, curl for example can use a SOCKS proxy directly.
and there's torsocks to torify other apps that don't support SOCKS
hs
velope: I am using a Perl script with LWP. Perl only supports HTTP proxies but no socks :(
coderman_
(Action) seconds velope's torsocks suggestion -^ hs ^-
velope
hmm, i wonder if torsocks works with perl scripts.
but i don't wonder enough to try it.
"there's more than one way to do it" ... including ways that aren't perl
         

scrambler
hi
i need help on enabling SSL on lighttpd running in whonix
any ideas?
i have lighttpd with ssl conf, certs but the hidden service is not reachable over 443
please help
?
ok i think i got it
motor
hi, where can I read the weighted MTBF value of a tor node?
webchat5434
hi
SHADOWIMPACT
sup
webchat5434
does anyone mind if i ask frequently asked question?
ryonaloli_
ask away
webchat5434
a bit embarrasing to ask: there is some website that looks interesting. dont know if its a scam. it costs 0.3 BTC. is it worth trying it? doesnt seem to expensive, mostly afraid of accidently doing something wrong
SHADOWIMPACT
if it involves you giving personal details i think you should make sure that it is something well established yes
webchat5434
ah, makes sense
never bbought or used BTC, i guess its time to learn
thank you so much
SHADOWIMPACT
if it does not involve personal details for the most part you have only your bitcoins to worry about
now besides that the javascript etc issues are present in all sites but if this is about sketchy sites especially hidden services you might want to look into using physical isolation
webchat5434
happy to risk 0.3
never heard "physical isolation". i will look it up right now
SHADOWIMPACT
it is like having some computer run tor and then having your firefox etc run on a different computer
add virtual machines on top of that for some extra peace of mind
like what if this site is some cryptolocker variant which infects your bios or something and then messes all your files rofl
extreme yes but keep things like that in mind still
webchat5434
ooh hm now that you mentioned virtual machines: would lets say virtualbox on the computer running firefox and tor not be enough?
SHADOWIMPACT
when dealing with 1) javascript 2) hidden services 3) things involving possibly problematic transactions lol
webchat5434
ahh, do they get around VMs?
SHADOWIMPACT
webchat5434 look at whonix
they can
those extra steps are just supposed to make it a little bit more difficult
but running everything in a single vm no is not going to offer much extra security
like if the vm gets rooted it can easily get your external ip
even if you configure your host's firewall to only talk to tor ips
webchat5434
SHADOWIMPACT: i would have made mistakes if you had not helped me. i cant show my appreciation enough! i will delay for a week or two then and read up on some of the things you mentioned and buy a cheap computer. i hope you have great day!
SHADOWIMPACT
lol
sychill
someone do a test for me, and run: torsocks lynx https://torstatus.blutmagie.de/
does it say you are not using tor?
then run this: http_proxy=http://localhost:8118 lynx https://torstatus.blutmagie.de/
(assuming you have an http proxy that connects to tor)
TvdW
sychill: try the Tor Browser instead, it does a better job proxying than lynx
it is generally recommended to use the Tor Browser instead of configuring your own browser to connect via Tor
         

qwerty11
sychill: says i'm using tor
torstatus is sometimes slow to update
so if it thinks you're not using tor you still might be
sychill
qwerty1: did you use torsocks, or the explicit proxy?
"torsocks lynx.." has some success
qwerty1
torsocks
sychill
but "http_proxy=http://127.0.0.1:8118/ lynx ...." fails every time for me
qwerty1
it is an https url
sychill
and "HTTP_PROXY=http://127.0.0.1:8118/ w3m ...." also fails every time for me
qwerty1: i tried that too
qwerty1
s
hmm
it might not use the http_proxy for https
cacahuatl
er, http_proxy's http is the protocol not the proxy uses, not the protocol you want to speak to? also in some cases it's even stranger.
like the gpg under certain builds, http_proxy=socks5://... works for using socks5 because it passes it straight into curl
sychill
it's a bit dangerous that an environment variable is used by these tools (as opposed to commandline options). Very easy for it to silently go wrong
curl fails, but at least it makes some noise. Running "curl --proxy https://127.0.0.1:8118 https://torstatus.blutmagie.de/" gives "curl: (7) Failed to connect to 127.0.0.1 port 8118: Connection refused"
seems only firefox can connect through privoxy
none of the text-based browsers can use privoxy
cacahuatl
That seems...unlikely
tea__
sychill: --proxy http://127.0.0.1:8118 should work (not https)
sychill
tea__: same error
tea__
then your proxy isn't running or is blocking connections or is listening on another port
sychill
tea__: the proxy works for firefox
tea__
oh
use --proxy1.0
cacahuatl
You're using some kind of local access control system?
sychill
tea__: that gives the same error
qwerty1
for curl the var is HTTPS_PROXY or ALL_PROXY
tea__
and curl supports socks proxies
qwerty1
httpS
cacahuatl
also, try to capture the actual throughput with tcpflow or w/e, also stop using http proxies, they're terrible.
sychill
cacahuatl: not sure what you mean. you mean for privoxy? i did not configure privoxy to require a password
cacahuatl: i don't generally use http proxies.. i just needed to for testing/troubleshooting purposes, and stepped into a mess
cacahuatl
I mean instead of trying to guess at the esoteric error messages provided, look at the negotiation that firefox does compared to the other tools and see where it fails.
sychill
cacahuatl: do you know a way to run wireshark for just one app, instead of capturing all network traffic and then trying to pick out the relevant pieces?
cacahuatl
Yes, lern2filter ;)
sychill
SYN followed by RST,ACK
curl gets a RST ACK, while firefox gets a SYN ACK
« prev 1 2 3 next »