[tor-bugs] #25737 [Applications/Tor Browser]: Tor Browser Bundle IP Leak
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 7 22:03:27 UTC 2018
#25737: Tor Browser Bundle IP Leak
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I am on macOS, and my current setup involves an isolation proxy, custom pf
rules, an application firewall and the tor browser bundle (7.5.3).
The firefox process has only localhost access to the tor.real process.
The tor.real process has only localhost access to the obf4proxy process.
The obfs4proxy process can only access the remote IP/port tuple.
I modified the tbb-torrc adding `UseBridges 1`.
During the latest (vidalia) startup, my application firewall warned me
that a process named `xpcproxy` was attempting to directly connect to
`82.195.75.101/443tcp`.
Since a reverse dns lookup resolves to `listera.torproject.org`, I believe
this to be non malicious, but I'd count the behaviour as a potential IP
leak.
Firefox should wait for the tor process to be ready and spawn the call
over a tor circuit; if not, a malicious ISP (eg) has the potential to
enumerate users.
I denied the access and restarted the browser, but have not been able to
reproduce yet. So this is possibly a race condition between firefox and
vidalia, because of this I am unsure if this should be a tor browser or a
tor launcher ticket.
How can I inspect this?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25737>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list