[or-cvs] [torbutton/master 01/15] Added smart ref spoofing

mikeperry at torproject.org mikeperry at torproject.org
Thu Sep 30 13:33:44 UTC 2010 

Author: Mike Perry <mikeperry-git at fscked.org>
Date: Thu, 30 Sep 2010 05:43:50 -0700
Subject: Added smart ref spoofing
Commit: 6d8932396b026b7db3b6bbb1434a8760136a6e94

Conflicts:

	src/chrome/content/preferences.js
	src/chrome/content/preferences.xul
	src/components/torRefSpoofer.js
---
 src/chrome/content/preferences.js       |    7 +--
 src/chrome/content/preferences.xul      |   15 ++-----
 src/chrome/content/torbutton.js         |    6 +-
 src/chrome/locale/en/torbutton.dtd      |    5 ++-
 src/components/torRefSpoofer.js         |   73 ++++++++++++++++---------------
 src/defaults/preferences/preferences.js |    3 +-
 6 files changed, 53 insertions(+), 56 deletions(-)

diff --git a/src/chrome/content/preferences.js b/src/chrome/content/preferences.js
index 4520950..d8c0888 100644
--- a/src/chrome/content/preferences.js
+++ b/src/chrome/content/preferences.js
@@ -274,7 +274,7 @@ function torbutton_prefs_init(doc) {
     doc.getElementById('torbutton_closeTor').checked = o_torprefs.getBoolPref('close_tor');
     doc.getElementById('torbutton_closeNonTor').checked = o_torprefs.getBoolPref('close_nontor');
     doc.getElementById('torbutton_setUagent').checked = o_torprefs.getBoolPref('set_uagent');
-    doc.getElementById('torbutton_spoofRefresh').checked = o_torprefs.getBoolPref('fakerefresh');
+    doc.getElementById('torbutton_refererSpoofGroup').selectedIndex = o_torprefs.getIntPref('refererspoof');
     doc.getElementById('torbutton_spoofEnglish').checked = o_torprefs.getBoolPref('spoof_english');
     doc.getElementById('torbutton_clearHttpAuth').checked = o_torprefs.getBoolPref('clear_http_auth');
     doc.getElementById('torbutton_blockJSHistory').checked = o_torprefs.getBoolPref('block_js_history');
@@ -387,7 +387,7 @@ function torbutton_prefs_save(doc) {
     o_torprefs.setIntPref('gopher_port',      doc.getElementById('torbutton_gopherPort').value);
     o_torprefs.setCharPref('socks_host',      doc.getElementById('torbutton_socksHost').value);
     o_torprefs.setIntPref('socks_port',       doc.getElementById('torbutton_socksPort').value);
-
+    o_torprefs.setIntPref('refererspoof',doc.getElementById('torbutton_refererSpoofGroup').selectedIndex);
     if(doc.getElementById('torbutton_socksGroup').selectedItem ==
             doc.getElementById('torbutton_socksv4')) {
         o_torprefs.setIntPref('socks_version', 4); 
@@ -421,7 +421,7 @@ function torbutton_prefs_save(doc) {
         }
     }
     // o_torprefs.setBoolPref('prompt_before_visiting_excluded_sites', doc.getElementById('torbutton_warnUponExcludedSite').checked);
-
+  o_torprefs.setIntPref('refererspoof', doc.getElementById('torbutton_refererSpoofGroup').selectedIndex);
     o_torprefs.setBoolPref('no_tor_plugins', doc.getElementById('torbutton_disablePlugins').checked);
     o_torprefs.setBoolPref('clear_history', doc.getElementById('torbutton_clearHistory').checked);
     o_torprefs.setBoolPref('kill_bad_js', doc.getElementById('torbutton_killBadJS').checked);
@@ -493,7 +493,6 @@ function torbutton_prefs_save(doc) {
     o_torprefs.setBoolPref('no_updates', doc.getElementById('torbutton_noUpdates').checked);
 
     o_torprefs.setBoolPref('set_uagent', doc.getElementById('torbutton_setUagent').checked);
-    o_torprefs.setBoolPref('fakerefresh', doc.getElementById('torbutton_spoofRefresh').checked);
     o_torprefs.setBoolPref('spoof_english', doc.getElementById('torbutton_spoofEnglish').checked);
 
     o_torprefs.setBoolPref('locked_mode', doc.getElementById('torbutton_lockedMode').checked);
diff --git a/src/chrome/content/preferences.xul b/src/chrome/content/preferences.xul
index e4c010f..c11250f 100644
--- a/src/chrome/content/preferences.xul
+++ b/src/chrome/content/preferences.xul
@@ -337,19 +337,12 @@
                    oncommand="torbutton_prefs_set_field_attributes(document)"/>
           <checkbox id="torbutton_jarCACerts" label="&torbutton.prefs.jar_ca_certs;" 
                    oncommand="torbutton_prefs_set_field_attributes(document)"/>
-
-          <checkbox id="torbutton_noReferer" label="&torbutton.prefs.disable_referer;"
-                   oncommand="torbutton_prefs_set_field_attributes(document)"/>
 -->
-            <checkbox id="torbutton_spoofRefresh" label="&torbutton.prefs.spoofreresh;" oncommand="torbutton_prefs_set_field_attributes(document)" />
-            <radiogroup id="torbutton_refererSpoofGroup" label="&torbutton.prefs.refereroptions;" oncommand="document.getElementById('torbutton_CustomRef').disabled = !document.getElementById('torbutton_CustomReferer').selected;">
+           <radiogroup id="torbutton_refererSpoofGroup" label="&torbutton.prefs.refererspoofing;">
+              <radio id="torbutton_smartSpoof" label="&torbutton.prefs.smartspoof;" oncommand="torbutton_prefs_set_field_attributes(document)" />              
               <radio id="torbutton_noRefSpoof" label="&torbutton.prefs.nospoof;" oncommand="torbutton_prefs_set_field_attributes(document)" />
-              <radio id="torbutton_SpoofRoot" label="&torbutton.prefs.spoofroot;" selected="true" oncommand="torbutton_prefs_set_field_attributes(document)" />
-              <radio id="torbutton_SpoofDomain" label="&torbutton.prefs.spoofdomain;" oncommand="torbutton_prefs_set_field_attributes(document)" />
-              <radio id="torbutton_BlankReferer" label="&torbutton.prefs.spoofblank;" oncommand="torbutton_prefs_set_field_attributes(document)" />
-              <radio id="torbutton_CustomReferer" label="Custom Referer" />
-            </radiogroup>
-           <textbox id="torbutton_CustomRef" value="" disabled="!document.getElementById('torbutton_CustomReferer').selected"/>
+              <radio id="torbutton_blankReferer" label="&torbutton.prefs.spoofblank;" oncommand="torbutton_prefs_set_field_attributes(document)" />
+          </radiogroup>
           <checkbox id="torbutton_fixGoogleSrch" label="&torbutton.prefs.fix_google_srch;"
                    oncommand="torbutton_prefs_set_field_attributes(document)"/>
           <spacer/>
diff --git a/src/chrome/content/torbutton.js b/src/chrome/content/torbutton.js
index 65e6ab5..b60c2a3 100644
--- a/src/chrome/content/torbutton.js
+++ b/src/chrome/content/torbutton.js
@@ -257,7 +257,6 @@ var torbutton_unique_pref_observer =
                 torbutton_update_status(
                         m_tb_prefs.getBoolPref("extensions.torbutton.tor_enabled"),
                         true);
-            case "extensions.torbutton.disable_referer":
             case "extensions.torbutton.disable_domstorage":
             case "extensions.torbutton.no_updates":
             case "extensions.torbutton.no_search":
@@ -1178,7 +1177,8 @@ function torbutton_update_status(mode, force_update) {
 
     // FIXME: This is not ideal, but the refspoof method is not compatible
     // with FF2.0
-    if(torprefs.getBoolPref("disable_referer")) {
+    // Taken out when updated to smart referer method -KK
+    /*if(torprefs.getIntPref("")) {
         torbutton_setBoolPref("network.http.sendSecureXSiteReferrer", 
                 "sendSecureXSiteReferrer", !mode, mode, changed);
         torbutton_setIntPref("network.http.sendRefererHeader", 
@@ -1188,7 +1188,7 @@ function torbutton_update_status(mode, force_update) {
                 "sendSecureXSiteReferrer", true, mode, changed);
         torbutton_setIntPref("network.http.sendRefererHeader", 
                 "sendRefererHeader", 2, mode, changed);
-    }
+    }*/
 
     if(torprefs.getBoolPref("disable_domstorage")) {
         torbutton_setBoolPref("dom.storage.enabled", 
diff --git a/src/chrome/locale/en/torbutton.dtd b/src/chrome/locale/en/torbutton.dtd
index 2d76094..e6a5caf 100644
--- a/src/chrome/locale/en/torbutton.dtd
+++ b/src/chrome/locale/en/torbutton.dtd
@@ -65,7 +65,10 @@
 <!ENTITY torbutton.prefs.disable_sessionstore "Disable Session Saving (recommended)">
 <!ENTITY torbutton.prefs.headers "Headers">
 <!ENTITY torbutton.prefs.spoof_english "Spoof US English Browser">
-<!ENTITY torbutton.prefs.disable_referer "Don't send referer during Tor usage (may break some sites)">
+<!ENTITY torbutton.prefs.refererspoofing "Referer spoofing">
+<!ENTITY torbutton.prefs.spoofblank "Spoof blank referer during Tor usage (may break some sites)">
+<!ENTITY torbutton.prefs.smartspoof "Smart referer spoof during Tor usage (spoofs cross domain referers)">
+<!ENTITY torbutton.prefs.nospoof "No referer spoof during Tor usage (sends referers as normal)">
 <!ENTITY torbutton.prefs.disable_domstorage "Disable DOM Storage during Tor usage (crucial)">
 <!ENTITY torbutton.prefs.forms "Forms">
 <!ENTITY torbutton.prefs.block_tforms "Block password+form saving during Tor (recommended)">
diff --git a/src/components/torRefSpoofer.js b/src/components/torRefSpoofer.js
index dcf0dfc..ad198a5 100644
--- a/src/components/torRefSpoofer.js
+++ b/src/components/torRefSpoofer.js
@@ -1,8 +1,8 @@
 function LOG(text)
 {
  var logger = Components.classes["@torproject.org/torbutton-logger;1"].getService(Components.interfaces.nsISupports).wrappedJSObject;
- logger.log("RefSpoof " + text);
-  /*var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
+ logger.log("RefSpoof: " + text);
+/*  var prompt = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
                         .getService(Components.interfaces.nsIPromptService);
   prompt.alert(null, "debug", text);
  */
@@ -35,45 +35,48 @@ var refObserver = {
   },
   onModifyRequest: function(oHttpChannel)
   {
-    var prefs = Components.classes["@mozilla.org/preferences-service;1"]
-    .getService(Components.interfaces.nsIPrefBranch);
-    var fake_refresh = prefs.getBoolPref("extensions.torbutton.fakerefresh");        
-    var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof");
-    try {
-    oHttpChannel.QueryInterface(Components.interfaces.nsIChannel);
-    var requestURI = oHttpChannel.URI;
+    var prefs = Components.classes["@mozilla.org/preferences-service;1"].getService(Components.interfaces.nsIPrefBranch);
     
+    var spoofmode = prefs.getIntPref("extensions.torbutton.refererspoof");
     
-      switch(spoofmode)
-      {
-         //no spoof, should give the regular referer (not recommended)        
-        case 0:
-          return;        
-        //spoof document root  
-        case 1:
-          var path = requestURI.path.substr(0,requestURI.path.lastIndexOf("/")+1);            
-          this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host + path);        
-        break;
-        //spoof domain
-        case 2:
-          this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host);
-        break;
-        //spoof no referer
-        case 3:
-          this.adjustRef(oHttpChannel, "");
-        break; 
-        case 4:
-          this.adjustRef(oHttpChannel, prefs.getCharPref("extensions.torbutton.customref"));
-        break;     
-      }
-      if (fake_refresh)      
-        oHttpChannel.setRequestHeader("If-Modified-Since","Sat, 29 Oct 1989 19:43:31 GMT",false);
-        //this will make the server think it is a refresh      
+    var ios = Components.classes["@mozilla.org/network/io-service;1"]
+                    .getService(Components.interfaces.nsIIOService);
 
+    if (spoofmode == 0)
+    try {
+      oHttpChannel.QueryInterface(Components.interfaces.nsIChannel);
+      var referer;
+      try{
+        referer = oHttpChannel.getRequestHeader("Referer");
+        referer = ios.newURI(referer,null,null);//make a nsIURI object for referer
+      }catch(referr) {
+        return;//no referer available or invalid uri
+      }
+      var requestURI = oHttpChannel.URI; //request nsIURI object
+      var refererHost = referer.host; //referer host w/o scheme
+      var requestHost = oHttpChannel.URI.host;//request host without scheme
+      
+      //get rid of www. to compare root domain
+      if (refererHost.match("^www."))
+        refererHost = refererHost.substring(4);
       
-    } catch (ex) {
+      if (requestHost.match("^www."))
+        requestHost = requestHost.substring(4);
+ 
+      //if they're in the same domain(if we can tell) or have the same host, keep the referer     
+      if (requestHost.split(".").length >= refererHost.split(".").length && requestHost.match(refererHost))
+        return;
+      else if (refererHost.split(".").length >= requestHost.split(".").length && refererHost.match(requestHost))
+        return;
+      //if they do not have the same host
+      this.adjustRef(oHttpChannel, requestURI.scheme + "://" + requestURI.host);      
+        LOG("Adjusting Referer from " + refererHost + " to " + requestURI.host);
+    }
+     catch (ex) {
       LOG("onModifyRequest: " + ex);
     }
+    else if (spoofmode == 2)
+      this.adjustRef(oHttpChannel, "");
   },
   adjustRef: function(oChannel, sRef)
   {
diff --git a/src/defaults/preferences/preferences.js b/src/defaults/preferences/preferences.js
index 8995f0d..58c2bcf 100644
--- a/src/defaults/preferences/preferences.js
+++ b/src/defaults/preferences/preferences.js
@@ -70,7 +70,6 @@ pref("extensions.torbutton.saved.download_retention", 2);
 pref("extensions.torbutton.saved.formfill", true);
 pref("extensions.torbutton.saved.remember_signons", true);
 pref("extensions.torbutton.saved.sendSecureXSiteReferrer", true);
-pref("extensions.torbutton.saved.sendRefererHeader", 2);
 pref("extensions.torbutton.saved.dom_storage", true);
 pref("extensions.torbutton.saved.mem_cache", true);
 pref("extensions.torbutton.saved.offline_cache", true);
@@ -136,7 +135,7 @@ pref("extensions.torbutton.spoof_english",true);
 pref("extensions.torbutton.spoof_charset",'iso-8859-1,*,utf-8');
 pref("extensions.torbutton.spoof_language",'en-us, en');
 pref("extensions.torbutton.spoof_locale",'en-US');
-pref("extensions.torbutton.disable_referer",false);
+pref("extensions.torbutton.refererspoof", 0); //0=smart referer, 1=blank, 2=no spoofing
 pref("extensions.torbutton.shutdown_method",1); // 0=none, 1=tor, 2=all
 pref("extensions.torbutton.block_tforms",true);
 pref("extensions.torbutton.block_ntforms",false);
-- 
1.7.1

More information about the tor-commits mailing list