[tor-bugs] #16917 [Tor Browser]: Support torified torsocks ssh -D socks proxy ports (for wingnuts)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 28 04:24:29 UTC 2015
#16917: Support torified torsocks ssh -D socks proxy ports (for wingnuts)
----------------------------------------------+----------------------------
Reporter: mikeperry | Owner:
Type: enhancement | cypherpunks
Priority: normal | Status: new
Component: Tor Browser | Milestone:
Keywords: tbb-usability-stoppoint-wingnuts | Version:
Parent ID: | Actual Points:
| Points:
----------------------------------------------+----------------------------
When Tor is blocked by a website, wingnuts sometimes resort to using ssh
-D proxies in combination with torsocks (so that the connection to the ssh
server goes over Tor, and then when you connect to the SSH proxy port on
localhost, it gets routed through Tor and then it uses your SSH server as
your exit IP).
Unfortunately, in TBB 4.5 we added socks username+password isolation to
Torbutton, and there is no way to disable this easily. For example, see
this sad panda: https://superuser.com/questions/941136/how-can-i-bypass-
proxy-using-tunneling (though that guy is still doing it wrong. ssh -D is
way more flexible, if TBB 4.5+ supported it).
The following Torbutton patch works to completely disable the use of SOCKS
auth in TBB (which also disables circuit isolation):
{{{
--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -71,8 +71,8 @@ tor.socksProxyCredentials = function (originalProxy,
domain) {
return mozilla.protocolProxyService
.newSOCKSProxyInfo(proxy.host,
proxy.port,
- domain, // username
- tor.noncesForDomains[domain].toString(), //
password
+ null, //domain, // username
+ null,
//tor.noncesForDomains[domain].toString(), // password
proxy.flags,
proxy.failoverTimeout,
proxy.failoverProxy);
}}}
You also need to set the following about:config prefs to false:
'''extensions.torbutton.local_tor_check''' and
'''extensions.torbutton.test_enabled'''.
You also need to start TBB with TOR_SOCKS_PORT=4444, or whatever your ssh
-D SOCKS port is.
Finally, you need to set 'AllowInbound 1' in /etc/tor/torsocks.conf (or
wherever torsocks.conf lives).
If some random cypherpunk(s) want to turn that Torbutton patch into a
Torbutton pref and either script the rest of this or document this process
better, I would merge the patch and add a link to the script to the TBB
Hacking Guide. We should also put the answer on a few stackoverflow
questions like the one I linked. There probably are more.
The following Hacking Guide sections may be useful in this process:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#BuildingJustTorLauncherOrTorbutton
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#UsinganExistingTorProcess
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16917>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list