[tor-bugs] #28741 [Core Tor/sbws]: sbws should send scanner metadata as part of every HTTP request

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 5 23:18:19 UTC 2018


#28741: sbws should send scanner metadata as part of every HTTP request
---------------------------+-----------------------------------
 Reporter:  teor           |          Owner:  (none)
     Type:  defect         |         Status:  new
 Priority:  Medium         |      Milestone:  sbws: 1.0.x-final
Component:  Core Tor/sbws  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+-----------------------------------

Comment (by teor):

 Replying to [comment:1 iang]:
 > > Non-standard HTTP headers start with "X-".
 >
 > I thought RFC 6648 deprecated that convention?

 Thanks for letting us know.

 Replying to [ticket:28741 teor]:
 > Here's some things we might want:
 > * software-name: sbws
 > * software-version

 These might be user-agent, unless requests sets its own user agent.

 > * scanner-nickname

 I'm not sure if there is a generic HTTP header for a nickname or other
 client identifier.

 > * scanner-IP-address? (pro: discover users who haven't set nickname,
 con: discover users)

 We should look for a generic HTTP header for the client IP address.
 sbws doesn't guarantee any anonymity, and discovering rogue scanners is
 more important than the risk of malicious servers using the IP address.

 > Assigning to 1.0, because this is vital debugging info.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28741#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list