[tor-bugs] #7886 [EFF-HTTPS Everywhere]: Implement a network-layer test harness for HTTPS Everywhere corectness
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 29 08:05:24 UTC 2013
#7886: Implement a network-layer test harness for HTTPS Everywhere corectness
----------------------------------+-----------------------------------------
Reporter: pde | Owner: schoen
Type: task | Status: needs_revision
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by zyan):
I put Seth's code on Github and started fixing the two false positive
issues mentioned above at https://github.com/diracdeltas/unapplied-rule-
finder
Done:
* Exclude non-Firefox requests using http.user_agent
* Detect redirection loops by parsing stdout from Firefox concurrently as
tshark is running. This possibly leads to a race condition since, in order
for false positives to be detected, Firefox must output a redirect loop
warning before the unapplied rule finder checks the output from Firefox. I
tried to make this condition unlikely by keeping a list of the last 500
unique URLs with redirection loops in memory.
It gave the expected results for the following test URLs:
* https://www.nsa.gov (covered by ruleset, contains redirect loop): Output
a long list of redirection loop warnings.
* http://www.nosebridge.net (not covered by ruleset, http only): Output
"OK"
* https://www.androidpolice.com (covered by ruleset, contains redirect
loop): Output a redirect warning, but also found an unapplied rule ("BAD:
http://ocsp.startssl.com/sub/class2/server/ca should have been transformed
to https://ocsp.startssl.com/sub/class2/server/ca")
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7886#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list