[tor-commits] [meek/master] Comment #12146 caveat of Firefox helper.
dcf at torproject.org
dcf at torproject.org
Mon Jun 9 17:28:45 UTC 2014
commit ebda2c3a53bde9f21af0f7296abfe16a1cc12516
Author: David Fifield <david at bamsoftware.com>
Date: Mon Jun 9 09:55:06 2014 -0700
Comment #12146 caveat of Firefox helper.
People could get burned if they use an HTTP proxy with an unpatched
Firefox. ("Burned" in the same sense as if they made a plain Tor
connection--the censor knows they're using Tor and are trying to
circumvent.)
I'm not putting this fact into user-visible documentation because it
will affect few users, and be taken care of by a future Firefox release.
Those using the Browser Bundle are already covered. Only those
attempting to set up their own Firefox helper or BYOB setup will need to
know it.
---
firefox/components/main.js | 8 ++++++++
meek-client/meek-client.go | 9 +++++++++
2 files changed, 17 insertions(+)
diff --git a/firefox/components/main.js b/firefox/components/main.js
index 4de9532..a84b2d7 100644
--- a/firefox/components/main.js
+++ b/firefox/components/main.js
@@ -146,6 +146,14 @@ MeekHTTPHelper.buildProxyInfo = function(spec) {
// "direct"; i.e., no proxy. This is the default.
return MeekHTTPHelper.proxyProtocolService.newProxyInfo("direct", "", 0, flags, 0xffffffff, null);
} else if (spec.type === "http") {
+ // "http" proxy. Versions of Firefox before 32, and Tor Browser before
+ // 3.6.2, leak the covert Host header in HTTP proxy CONNECT requests.
+ // Using an HTTP proxy cannot provide effective obfuscation without such
+ // a patched Firefox.
+ // https://trac.torproject.org/projects/tor/ticket/12146
+ // https://gitweb.torproject.org/tor-browser.git/commitdiff/e08b91c78d919f66dd5161561ca1ad7bcec9a563
+ // https://bugzilla.mozilla.org/show_bug.cgi?id=1017769
+ // https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4
return MeekHTTPHelper.proxyProtocolService.newProxyInfo("http", spec.host, spec.port, flags, 0xffffffff, null);
} else if (spec.type === "socks5") {
// "socks5" is tor's name. "socks" is XPCOM's name.
diff --git a/meek-client/meek-client.go b/meek-client/meek-client.go
index 441348d..ff1ab04 100644
--- a/meek-client/meek-client.go
+++ b/meek-client/meek-client.go
@@ -351,6 +351,15 @@ func checkProxyURL(u *url.URL) error {
} else {
// With the helper we can use HTTP and SOCKS (because it is the
// browser that does the proxying, not us).
+ // For the HTTP proxy with the Firefox helper: versions of
+ // Firefox before 32 , and Tor Browser before 3.6.2, leak the
+ // covert Host header in HTTP proxy CONNECT requests. Using an
+ // HTTP proxy cannot provide effective obfuscation without such
+ // a patched Firefox.
+ // https://trac.torproject.org/projects/tor/ticket/12146
+ // https://gitweb.torproject.org/tor-browser.git/commitdiff/e08b91c78d919f66dd5161561ca1ad7bcec9a563
+ // https://bugzilla.mozilla.org/show_bug.cgi?id=1017769
+ // https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4
switch options.ProxyURL.Scheme {
case "http", "socks5", "socks4a":
default:
More information about the tor-commits
mailing list