We won't need Tor anymore
Hi, anybody who speaks German read this: http://www.heise.de/newsticker/meldung/89086 Everybody else please use the google translation service. This is just shocking. This has got to be the most shocking news ever. I am dead serious! I was looking for a gotcha - you went for it line at the bottom of that article. But there wasn't any. I am not sure what is going on in Europe right now. Maybe global warming has already fried the brains of the politicians in Europe. They want to make providers store every single login and password, nicks to every interactive website visited. Also owners of private websites are supposed to store all connection details. Germany is a close friend of France and whatever has been spoken out load in Europe will eventually become reality. Will the terrorist really be the only ones to be able to surf anonymously in the future? Using other people's hijacked machines? The first thing before anything will be that Tor is outlawed. To the free people outside Europe: If you read this, please help us. Please help the oppressed Europeans. The People's Republic of Europe needs your help. -- JT [EMAIL PROTECTED] -- http://www.fastmail.fm - Access all of your messages and folders wherever you are
Re: Crazy with Exit nodes
Mr. Blue [EMAIL PROTECTED] wrote: At the moment of writing this email Node tamaribuchi worked great for me. So I'll base this example on it. I have a great need to use exact exit nodes. When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / NameLast modified Size Description [DIR] Parent Directory20-Sep-2006 00:00 - [DIR] cgi-bin/19-Apr-2006 11:04 - Apache/1.3.37 Server at www.server1.some-domain.com.zz Port 80 OR when I alter it to http://www.domain.net.tamaribuchi.exit/index.php Not Found The requested URL /index.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.37 Server at www.server1.smileyhosting.com.zz Port 80 OR (in worst case) Great Success ! Apache is working on your cPanel® and WHM Server... (You know the rest of story) BUT when I access all this site withot .tamaribuchi.exit part ALL is well. I must access those site with prefered exit node so what am I doing wrong here? Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. If the web server ignores the Host header anyway, it doesn't matter, otherwise you get an error message because the web server isn't aware of any host with Tor exit node notation at the end. Some servers also simply use a default host instead of an error message. You'll either have to find a way to tell the browser not to add the exit node notation to the Host header, or remove the exit node notation later on. The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. I assume there are extensions that can do it automatically as well, but I haven't looked for them. Note that many HTTP proxies rebuild the host header from the URL in which case removing the Tor exit node notation in the browser is futile. Fabian signature.asc Description: PGP signature
Re: Tor nodes blocked by e-gold
Somehow I do not believe this thing, because I assume it to be an unlikely decision for a site with commercial interests to block a range like whole /16 subnets (if you want to block the changing addresses of dial up exit nodes) or a multitude of them from accessing their site. Unless forced to. Not only, as repeatedly mentioned by the Tor developers and others, is it pretty easy to block access originating from Tor nodes to a server by the the servers' operators. Also an adversary with much power might block a particular server of interest (like e-gold) ONLY for Tor nodes without knowledge of the servers' operators, maybe only necessary for those with distance 9 or higher, but permits access for the rest of the world. It should then be trivial to analyze the servers' traffic. Call it an attack to anonymity software via social hacking, aiming at creating panic under those who believe their assets are about to be lost. Someone in this panic situation just might unfold his identity by trying to save his money/assets. And bingo... Now not every Toruser is a mad computer scientist or cares about things like referrers, user-agents, javascript, flashy blinky animations or else (I rarely eat cookies when I use my computer). So a machine accessing the blocked server naked might be recognized as the one doing this and that before with Tor, but this time with the real IP. Further on, this machine could later be identified even if using Tor after Tornodes are unblocked again. All the nat -ed machines finally can be associated with a real ID. (Correct me if I'm wrong, especially about reading the IP with whatsoever on nat -ed machines.) For e-gold all the usual save-the-world-from-the-apocalypse legitimation for doing anything a professionally paranoid brain might wish, are listed in the indictment against e-golds' owners, see http://www.theregister.co.uk/2007/05/01/e-gold_indictment/ or the real thing, also linked from the above article http://www.usdoj.gov/opa/pr/2007/April/07_crm_301.html and, it's for money, meaning that is generally enough reason for any prosecution. Even if none of the accusations against e-gold might succeed, it might seriously damage or destroy this particular business, and worse, harvest data for the ever growing databases of so called evildoers. And has cracked Tor. Original Message From: KT [EMAIL PROTECTED] Apparently from: [EMAIL PROTECTED] To: or-talk@freehaven.net Subject: Re: Tor nodes blocked by e-gold Date: Wed, 2 May 2007 04:57:40 +0100 On 4/27/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: ...Since 24 hours, e-gold has decided to block all TOR nodes...snip Didn't do them much good[1], did it? [1] http://www.e-gold.com/letter3.html
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 10:46:28, Fabian Keil wrote: Mr. Blue [EMAIL PROTECTED] wrote: When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. ... The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. The privoxy rule by itself won't work in most cases. At least my installation of firefox does use this: GET http://www.example.com.node.exit/path/to/somewhere HTTP/1.1 Host: www.example.com.node.exit X-SomeHeaders: value The Host: will be modified, but not the GET. This is still futile since I encountered many a webserver ignoring the Host: header with the query as above. Please name at least one example of a web server that expects or relies on the host being part of the request line. The request you cited above is a proxy request, the last HTTP proxy in the proxy chain will strip the http://www.example.com.node.exit; before connecting to the target server. As a result the target server should never see the exit node notation in the request line. Privoxy's hide-tor-exit-notation filter doesn't modify the request line because Privoxy will be either the last HTTP proxy in the chain in which case there's nothing to filter, or there will be another HTTP proxy behind Privoxy which has to see the Tor exit node notation to forward it to Tor. The hide-tor-exit-notation filter should work as long as Privoxy is the last HTTP proxy in the proxy chain, or no HTTP proxy behind Privoxy rebuilds the Host header based on the request line. Here's an example request: [EMAIL PROTECTED] ~ $curl -X HEAD -v http://tor.eff.org.zwiebelsuppe.exit/ * About to connect() to proxy 10.0.0.1 port 8118 (#0) * Trying 10.0.0.1... connected * Connected to 10.0.0.1 (10.0.0.1) port 8118 (#0) HEAD http://tor.eff.org.zwiebelsuppe.exit/ HTTP/1.1 User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3 Host: tor.eff.org.zwiebelsuppe.exit Pragma: no-cache Accept: */* Proxy-Connection: Keep-Alive HTTP/1.1 200 OK Date: Wed, 02 May 2007 09:51:37 GMT Server: Apache Content-Location: index.html.en Vary: negotiate,accept-language,Accept-Encoding TCN: choice Accept-Ranges: bytes Content-Length: 6789 Connection: close Content-Type: text/html Content-Language: en * transfer closed with 6789 bytes remaining to read curl: (18) transfer closed with 6789 bytes remaining to read * Closing connection #0 And here's what Privoxy did with it: 11:51:25.138 08160600 Header: New HTTP Request-Line: HEAD / HTTP/1.1 11:51:25.139 08160600 Header: HEAD / HTTP/1.1 11:51:25.139 08160600 Header: Tagger 'http-method' added tag 'HEAD'. No action bits update necessary. 11:51:25.139 08160600 Header: Tagger 'variable-test' added tag 'Complete URL is http://tor.eff.org.zwiebelsuppe.exit/, host is tor.eff.org.zwiebelsuppe.exit and the request came from 10.0.0.1'. No action bits update necessary. 11:51:25.139 08160600 Header: Tagger 'client-ip-address' added tag 'IP-ADDRESS: 10.0.0.1'. No action bits update necessary. 11:51:25.139 08160600 Header: scan: User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3 11:51:25.139 08160600 Header: Tagger 'user-agent' added tag 'User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3'. No action bits update necessary. 11:51:25.139 08160600 Header: scan: Host: tor.eff.org.zwiebelsuppe.exit 11:51:25.139 08160600 Header: scan: Pragma: no-cache 11:51:25.140 08160600 Header: scan: Accept: */* 11:51:25.140 08160600 Header: scan: Proxy-Connection: Keep-Alive 11:51:25.140 08160600 Header: Modified: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-CH; rv:1.8.1.2) Gecko/20070327 Firefox/2.0.0.2 11:51:25.140 08160600 Header: crumble crunched: Proxy-Connection: Keep-Alive! 11:51:25.140 08160600 Header: Transforming Host: tor.eff.org.zwiebelsuppe.exit to Host: tor.eff.org 11:51:25.140 08160600 Re-Filter: 'hide-tor-exit-notation' hit 1 time, changing size from 35 to 17 11:51:25.140 08160600 Header: Adding: Connection: close 11:51:25.140 08160600 Redirect: Decoding / if necessary. 11:51:25.140 08160600 Redirect: Checking / for redirects. 11:51:25.140 08160600 Request: tor.eff.org.zwiebelsuppe.exit/ 11:51:25.140 08160600 Connect: to tor.eff.org.zwiebelsuppe.exit 11:51:48.215 08160600 Header: scan: HTTP/1.1 200 OK 11:51:48.215
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 12:00:33, Fabian Keil wrote: Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 10:46:28, Fabian Keil wrote: Mr. Blue [EMAIL PROTECTED] wrote: When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. ... The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. The privoxy rule by itself won't work in most cases. At least my installation of firefox does use this: GET http://www.example.com.node.exit/path/to/somewhere HTTP/1.1 Host: www.example.com.node.exit X-SomeHeaders: value The Host: will be modified, but not the GET. This is still futile since I encountered many a webserver ignoring the Host: header with the query as above. Please name at least one example of a web server that expects or relies on the host being part of the request line. Full disclosure: this is my own webserver. [EMAIL PROTECTED]:/etc/privoxy# tail user.action # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. # patterns: # { +set-image-blocker{blank} } #/ ## set vi:nowrap tw=72 { +filter{hide-tor-exit-notation} } / [EMAIL PROTECTED]:/etc/privoxy# telnet localhost 8118 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET http://blog.crash-override.net.zwiebelsuppe.exit/ HTTP/1.1 Host: blog.crash-override.net.zwiebelsuppe.exit HTTP/1.1 403 Forbidden Date: Wed, 02 May 2007 10:19:33 GMT Server: Apache Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 Connection: close !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p hr addressApache Server at a href=mailto:[EMAIL PROTECTED]blog.crash-override.net.zwiebelsuppe.exit/a Port 80/address /body/html Connection closed by foreign host. Looks like you forgot to enable client-header filtering: http://www.privoxy.org/user-manual/actions-file.html#FILTER-CLIENT-HEADERS Fabian signature.asc Description: PGP signature
Re: Crazy with Exit nodes
On 02.05.2007 13:01:28, Fabian Keil wrote: Benjamin Schieder [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/etc/privoxy# tail user.action # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. # patterns: # { +set-image-blocker{blank} } #/ ## set vi:nowrap tw=72 { +filter{hide-tor-exit-notation} } / [EMAIL PROTECTED]:/etc/privoxy# telnet localhost 8118 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET http://blog.crash-override.net.zwiebelsuppe.exit/ HTTP/1.1 Host: blog.crash-override.net.zwiebelsuppe.exit HTTP/1.1 403 Forbidden Date: Wed, 02 May 2007 10:19:33 GMT Server: Apache Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 Connection: close !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p hr addressApache Server at a href=mailto:[EMAIL PROTECTED]blog.crash-override.net.zwiebelsuppe.exit/a Port 80/address /body/html Connection closed by foreign host. Looks like you forgot to enable client-header filtering: http://www.privoxy.org/user-manual/actions-file.html#FILTER-CLIENT-HEADERS Interesting. Why isn't this listed in the help for hide-tor-exit-notation? I've been searching for a viable solution for this for a while. Also, would it be possible to do it the other way around? Inserting an existing exit node notation into links in the page? -- The Nethack IdleRPG! Idle to your favorite Nethack messages! http://pallas.crash-override.net/nethackidle/ pgpYSao6hsybv.pgp Description: PGP signature
Re: Crazy with Exit nodes
Ok thanks guys. I've solved it! Mr.Blue __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 13:01:28, Fabian Keil wrote: Benjamin Schieder [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/etc/privoxy# tail user.action # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. # patterns: # { +set-image-blocker{blank} } #/ ## set vi:nowrap tw=72 { +filter{hide-tor-exit-notation} } / Looks like you forgot to enable client-header filtering: http://www.privoxy.org/user-manual/actions-file.html#FILTER-CLIENT-HEADERS Interesting. Why isn't this listed in the help for hide-tor-exit-notation? I don't remember. Probably I either assumed that it would be too obvious and that calling it a header filter would be enough of a hint, or I just didn't think about it. I've been searching for a viable solution for this for a while. Please consider writing a problem report the next time a Privoxy feature doesn't appear to be working. So far there wasn't any feedback for hide-tor-exit-notation, so my assumption was that it worked as expected for everyone who cared about it. Also, would it be possible to do it the other way around? Inserting an existing exit node notation into links in the page? There's no official Privoxy filter to do that, but you might try something like: FILTER: add-tor-exit-notation Adds the Tor exit node notation to absolute link targets s@[^]*(?:src|href)\s*=\s*[']?\s*http://[^/[EMAIL PROTECTED]@gis I assume it works but I only tested it with a few examples. It wont work for relative URLs, but if you already used the Tor exit node notation to reach the page it doesn't matter because the browser will treat the exit note notation as part of the host. With Privoxy's CVS version one could solve that problem with dynamic pcrs commands and the $host variable, but it would make more sense to leave the page source alone and just redirect the browser's requests to a rewritten version of the request URL: {+redirect{s@(http://[^/]*)/@$1.zwiebelsuppe.exit/@Ui} \ } tor.eff.org/ (Requires a Privoxy version above 3.0.6) Fabian signature.asc Description: PGP signature