[metrics-bugs] #33010 [Metrics/Exit Scanner]: Monitor cloudflare captcha rate: do a periodic onionperf-like query to a cloudflare-hosted static site
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 22 03:21:58 UTC 2020
#33010: Monitor cloudflare captcha rate: do a periodic onionperf-like query to a
cloudflare-hosted static site
----------------------------------+------------------------------
Reporter: arma | Owner: metrics-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Metrics/Exit Scanner | Version:
Severity: Normal | Resolution:
Keywords: network-health | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------+------------------------------
Comment (by cypherpunks):
>One catch is that Cloudflare currently gives alt-svc headers in response
to fetches from Tor addresses. So that means we need a web client that can
follow alt-srv headers -- maybe we need a full Selenium like client?
Tor Browser does not upgrade immediately, so that's not too much reason to
use real web browser. However, Cloudflare is doing fingerprinting of TLS
handshake Client Hello (cipher suites and group in tls 1.3) to tell real
Tor Browser from spoofed. Must build curl from NSS and set correct headers
and cipher suites to pass.
Cloudflare have also different levels of protection, and some
grandfathered protection levels have no Tor Browser whitelisting. Should
test them all.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33010#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the metrics-bugs
mailing list