[or-cvs] r12779: Initial checkin of current check.torproject.org site. The in (in check/trunk: . cgi-bin)
ioerror at seul.org
ioerror at seul.org
Wed Dec 12 09:07:59 UTC 2007
Author: ioerror
Date: 2007-12-12 04:07:58 -0500 (Wed, 12 Dec 2007)
New Revision: 12779
Added:
check/trunk/cgi-bin/
check/trunk/cgi-bin/index.pl
check/trunk/cgi-bin/tor-detector.pl
check/trunk/tor-detector-apache2-conf
check/trunk/tor-off.png
check/trunk/tor-on.png
Log:
Initial checkin of current check.torproject.org site. The index.pl/tor-detector.pl was derived from an idea in the wiki. Most of this was hacked on at PET 2007 and it wasn't quite finished but it functions. This should run on any server without modifications to the code.
Added: check/trunk/cgi-bin/index.pl
===================================================================
--- check/trunk/cgi-bin/index.pl (rev 0)
+++ check/trunk/cgi-bin/index.pl 2007-12-12 09:07:58 UTC (rev 12779)
@@ -0,0 +1,138 @@
+#!/usr/bin/perl
+#
+# This software was released into the public domain as of 06-21-07 at PET 2007.
+#
+# tor-detector.pl
+# A small CGI script to check if a user is routing through Tor.
+# by Jacob Appelbaum <jacob at appelbaum.net>
+#
+# This requires Net::DNS <http://www.net-dns.org/>
+#
+# To make a mirror of this you should follow these steps:
+# 1. Get a copy of this script (and the Vadila images for good measure)
+# 2. Configure apache (see the sample below)
+# 3. Place the copy of the program in the apache cgi-bin directory
+# 4. Test it.
+# 5. Tell people about it.
+# 6. Come to PET and learn fun stuff.
+#
+# Configure with apache like so:
+#<VirtualHost *:80>
+# ServerAdmin tordnsel at torproject.org
+# ServerName check.torproject.org
+#
+# DocumentRoot /var/www/tor-detector/
+#
+# ScriptAlias /cgi-bin/ /var/www/tor-detector/cgi-bin/
+#
+# <Directory "/var/www/tor-detector/">
+# DirectoryIndex /cgi-bin/index.pl
+# AllowOverride None
+# Options Indexes -MultiViews +SymLinksIfOwnerMatch
+# Order allow,deny
+# Allow from all
+# </Directory>
+#
+# ServerSignature Off
+#
+#</VirtualHost>
+#
+
+use strict;
+use warnings;
+use Net::DNS::Resolver;
+use CGI ':standard';
+
+# The client in question
+my $srcip = remote_host();
+
+# Exit check to check.torproject.org or your exit checking website
+my $dstip = "209.237.247.217";
+my $dstport = 80;
+
+# The DNSEL server to query
+my $dnsel = "exitlist.torproject.org";
+
+$| = 1;
+
+# Construct our DNSEL query
+# It consists of: a source address, a destination address, a destination port and a DNSEL server.
+# IP addresses should be in dotted-decimal notation.
+sub build_query {
+ my ($srcip, $dstip, $dstport, $dnsel) = @_;
+ ($srcip, $dstip) = map { join '.', reverse split /\./ } $srcip, $dstip;
+ "$srcip.$dstport.$dstip.ip-port.$dnsel.";
+}
+
+# query_exitlist($srcip, $dstip, $dstport, $dnsel) queries the Tor DNS Exit List server.
+# The result of the query is one of the following:
+# undef : DNS lookup failed or an unexpected response was received.
+# 0 : $srcip does not appear to be a Tor exit.
+# 1 : $srcip is a known Tor exit for the provided destination IP / port.
+sub query_exitlist {
+ my ($srcip, $dstip, $dstport, $dnsel) = @_;
+
+ # Create our resolver and talk to the DNSEL directly.
+ my $res = Net::DNS::Resolver->new;
+ $res->nameservers("$dnsel");
+ $res->retrans(2);
+ $res->retry(3);
+ $res->usevc(0);
+
+ # Rewrite this to make it clear
+ # Perform our DNS query
+ if (defined(my $pkt = $res->send(build_query $srcip, $dstip, $dstport, $dnsel))) {
+ if (grep $_->type eq 'A', $pkt->answer) {
+ # an A record was returned: this is a Tor exit node
+ return 1;
+ } elsif ($pkt->header->rcode eq 'NXDOMAIN') {
+ # NXDOMAIN: this is not a Tor exit node
+ return 0;
+ }
+ }
+
+ # the DNS query failed or something unexpected was returned
+ return undef;
+}
+
+# Finally, ask the DNSEL about our client
+my $result = query_exitlist $srcip, $dstip, $dstport, $dnsel;
+
+# Lets make a pretty website for our clients
+print header();
+print start_html('Are you using Tor?');
+print "<center>\n";
+
+if ($result) {
+ print "<img src='http://check.torproject.org/tor-on.png'>\n<br>";
+ print "<h1 style='color: #0A0'>";
+ print "Congratulations. You are (probably) using Tor.<br><br>";
+ print "</h1>";
+ print "Please refer to the <a href='http://tor.eff.org/'>Tor website</a> for further information about using Tor safely.<br><br>";
+
+} elsif (defined $result) {
+
+ print "<img src='http://check.torproject.org/tor-off.png'>\n<br>";
+ print "<h1 style='color: #A00'>";
+ print "Sorry. You are (probably) not using Tor.\n<br><br>";
+ print "</h1>";
+ print "If you are attempting to use a Tor client, please refer to the <a href='http://tor.eff.org/'>Tor website</a> and specifically the <a href='http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork'>instructions for configuring your Tor client</a>.<br><br>";
+
+} else {
+
+ print "<img src='http://check.torproject.org/tor-off.png'>\n<br>";
+ print "Sorry, your query failed or an unexpected response was received.\n<br><br>";
+ print "A temporary service outage prevents us from determining if your source IP address is a <a href='http://tor.eff.org/'>Tor</a> node. For other ways to test whether you are using Tor, please visit <a href='http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate'>this FAQ entry</a>.<br><br>";
+}
+ print "<br>\n";
+ print "<small>\n";
+ print "<p><tt>The fine print\:<br>\n";
+ print "Your IP appears to be: <b>$srcip</b><br>\n";
+ print "This small script is powered by <a href='http://exitlist.torproject.org/'>tordnsel</a><br><br>";
+ print "This server does not log <i>any</i> information about visitors.</tt></p>";
+
+ print "</small>\n";
+ print "</center>\n";
+ print end_html();
+
+exit 0;
Property changes on: check/trunk/cgi-bin/index.pl
___________________________________________________________________
Name: svn:executable
+ *
Added: check/trunk/cgi-bin/tor-detector.pl
===================================================================
--- check/trunk/cgi-bin/tor-detector.pl (rev 0)
+++ check/trunk/cgi-bin/tor-detector.pl 2007-12-12 09:07:58 UTC (rev 12779)
@@ -0,0 +1,174 @@
+#!/usr/bin/perl
+#
+# This software was released into the public domain as of 06-21-07 at PET 2007.
+#
+# tor-detector.pl
+# A small CGI script to check if a user is routing through Tor.
+# by Jacob Appelbaum <jacob at appelbaum.net>
+#
+# This requires Net::DNS <http://www.net-dns.org/>
+#
+# To make a mirror of this you should follow these steps:
+# 1. Get a copy of this script (and the Vadila images for good measure)
+# 2. Configure apache (see the sample below)
+# 3. Place the copy of the program in the apache cgi-bin directory
+# 4. Test it.
+# 5. Tell people about it.
+# 6. Come to PET and learn fun stuff.
+#
+# Configure with apache like so:
+#<VirtualHost *:80>
+# ServerAdmin tordnsel at torproject.org
+# ServerName check.torproject.org
+#
+# DocumentRoot /var/www/tor-detector/
+#
+# ScriptAlias /cgi-bin/ /var/www/tor-detector/cgi-bin/
+#
+# <Directory "/var/www/tor-detector/">
+# DirectoryIndex /cgi-bin/index.pl
+# AllowOverride None
+# Options Indexes -MultiViews +SymLinksIfOwnerMatch
+# Order allow,deny
+# Allow from all
+# </Directory>
+#
+# ServerSignature Off
+#
+#</VirtualHost>
+#
+
+use strict;
+use warnings;
+use Net::DNS::Resolver;
+use CGI ':standard';
+
+# The client in question
+my $srcip = remote_host();
+
+# Exit check to check.torproject.org or your exit checking website
+my $dstip = "209.237.247.217";
+my $dstport = 80;
+
+# The DNSEL server to query
+my $dnsel = "exitlist.torproject.org";
+
+$| = 1;
+
+# Construct our DNSEL query
+# It consists of: a source address, a destination address, a destination port and a DNSEL server.
+# IP addresses should be in dotted-decimal notation.
+sub build_query {
+ my ($srcip, $dstip, $dstport, $dnsel) = @_;
+ ($srcip, $dstip) = map { join '.', reverse split /\./ } $srcip, $dstip;
+ "$srcip.$dstport.$dstip.ip-port.$dnsel.";
+}
+
+# query_exitlist($srcip, $dstip, $dstport, $dnsel) queries the Tor DNS Exit List server.
+# The result of the query is one of the following:
+# undef : DNS lookup failed or an unexpected response was received.
+# 0 : $srcip does not appear to be a Tor exit.
+# 1 : $srcip is a known Tor exit for the provided destination IP / port.
+sub query_exitlist {
+ my ($srcip, $dstip, $dstport, $dnsel) = @_;
+
+ # Create our resolver and talk to the DNSEL directly.
+ my $res = Net::DNS::Resolver->new;
+ $res->nameservers("$dnsel");
+ $res->retrans(2);
+ $res->retry(3);
+ $res->usevc(0);
+
+ # Rewrite this to make it clear
+ # Perform our DNS query
+ #if (defined(my $pkt = $res->send(build_query $srcip, $dstip, $dstport, $dnsel))) {
+ # if (grep $_->type eq 'A', $pkt->answer) {
+ # # an A record was returned: this is a Tor exit node
+ # return 1;
+ # } elsif ($pkt->header->rcode eq 'NXDOMAIN') {
+ # # NXDOMAIN: this is not a Tor exit node
+ # return 0;
+ # }
+ #}
+ #
+
+ my $query = $res->send(build_query $srcip, $dstip, $dstport, $dnsel);
+
+ # We probably want to ensure a more obvious return code sequence
+ # This is an 'A' record
+ print $query->print;
+ print $query->answer;
+ print $query->header;
+ print $query->header->rcode;
+
+ if ($query->header->rcode eq "NOERROR") {
+ print $query->address;
+ if ($query->address eq "127.0.0.2") {
+ print "1";
+ return 1;
+ }
+ } elsif ($query->header->rcode eq "NXDOMAIN") {
+ print "0";
+ return 0;
+ } elsif ($query->header->rcode eq "SERVFAIL") {
+ print "2";
+ return 2;
+ } elsif ($query->header->rcode eq "SOA") {
+ print "3";
+ return 3;
+ } else {
+ # The DNS query failed or something unexpected was returned
+ print $query->header->rcode;
+ print "4";
+ return 4;
+ }
+ print "5";
+ print "6 and " . $query->header->rcode . " done";
+ return undef;
+}
+
+# Lets make a pretty website for our clients
+print header();
+print start_html('Are you using Tor?');
+print "<center>\n";
+
+my $result = query_exitlist $srcip, $dstip, $dstport, $dnsel;
+
+print $result;
+print $result;
+print $result;
+print $result;
+
+if ($result eq 1) {
+ print "<img src='http://check.torproject.org/tor-on.png'>\n<br>";
+ print "<h1 style='color: #0A0'>";
+ print "Congratulations. You are (probably) using Tor.<br><br>";
+ print "</h1>";
+ print "Please refer to the <a href='http://tor.eff.org/'>Tor website</a> for further information about using Tor safely.<br><br>";
+} elsif ($result eq 0) {
+ print "<img src='http://check.torproject.org/tor-off.png'>\n<br>";
+ print "<h1 style='color: #A00'>";
+ print "Sorry. You are (probably) not using Tor.\n<br><br>";
+ print "</h1>";
+ print "If you are attempting to use a Tor client, please refer to the <a href='https://tor.eff.org/documentation#RunningTor'>Tor website</a> and specifically the <a href='http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ItDoesntWork'>instructions for configuring your Tor client</a>.<br><br>";
+} elsif ($result eq 4) {
+ print "wtf?";
+} elsif ($result eq undef) {
+ print "<img src='http://check.torproject.org/tor-off.png'>\n<br>";
+ print "Sorry, your query failed or an unexpected response was received.\n<br><br>";
+ print "A temporary service outage prevents us from determining if your source IP address is a <a href='http://tor.eff.org/'>Tor</a> node. For other ways to test whether you are using Tor, please visit <a href='http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#IsMyConnectionPrivate'>this FAQ entry</a>.<br><br>";
+} else { print "else";}
+
+ print "<br>\n";
+ print "<small>\n";
+ print "<p><tt>The fine print\:<br>\n";
+ print "Your IP appears to be: <b>$srcip</b><br>\n";
+ print("Debugging result code: " . $result . " <br>\n");
+ print "This small script is powered by <a href='http://exitlist.torproject.org/'>tordnsel</a><br><br>";
+ print "This server does not log <i>any</i> information about visitors.</tt></p>";
+
+ print "</small>\n";
+ print "</center>\n";
+ print end_html();
+
+exit 0;
Property changes on: check/trunk/cgi-bin/tor-detector.pl
___________________________________________________________________
Name: svn:executable
+ *
Added: check/trunk/tor-detector-apache2-conf
===================================================================
--- check/trunk/tor-detector-apache2-conf (rev 0)
+++ check/trunk/tor-detector-apache2-conf 2007-12-12 09:07:58 UTC (rev 12779)
@@ -0,0 +1,48 @@
+# This is a virtual host config for apache2
+# Move it into production like so:
+#
+# cp tor-detector-apache2-conf /etc/apache2/sites-available/tor-detector
+# a2ensite tor-detector
+#
+# The vhost runs a single cgi with two images in the document root.
+# Create the document root and populate it like so:
+#
+# mkdir -p /var/www/tor-detector/cgi-bin/
+# cp -rv tor-off.png tor-on.png /var/www/tor-detector/
+# cp -rv cgi-bin/index.pl /var/www/tor-detector/cgi-bin/index.pl
+#
+# Don't log requests or anything about users who are checking their IP. Ever.
+#
+# -jake <jacob at appelbaum.net>
+#
+<VirtualHost *>
+ ServerAdmin webmaster at lostinthenoise.net
+ ServerName check.torproject.org
+ ServerAlias check.torproject.org
+
+ DocumentRoot /var/www/tor-detector/
+ DirectoryIndex /cgi-bin/index.pl
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ ScriptAlias /cgi-bin/ /var/www/tor-detector/cgi-bin/
+ <Directory "/var/www/tor-detector/cgi-bin">
+ AllowOverride None
+ Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+ </Directory>
+
+ # Don't log after you move this into production
+ #ErrorLog /var/log/apache2/tor-detector-error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ # Don't log here either!
+ #CustomLog /var/log/apache2/tor-detector-access.log combined
+ ServerSignature Off
+
+</VirtualHost>
Added: check/trunk/tor-off.png
===================================================================
(Binary files differ)
Property changes on: check/trunk/tor-off.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
Added: check/trunk/tor-on.png
===================================================================
(Binary files differ)
Property changes on: check/trunk/tor-on.png
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:mime-type
+ application/octet-stream
More information about the tor-commits
mailing list