On 18 May 13:32, Fabio Pietrosanti (naif) wrote: > On 5/18/13 12:38 PM, Michael Zeltner wrote: > >Hmm, interesting. A friend and I have recently "discovered" an easy Tor > >configuration hack to do something similar: > >https://www.cryptoparty.at/tor2tcp > > > >Would be interested to hear what you think of that. I haven't delved into why > >using that instance of Tor for anything else makes it stop accepting > >connections, but as a bare configuration it's remarkably simple to set up. > That's a nice hack! > > However to make http proxying working properly there's a lot of hackery > related to varios header and html tag rewriting.
Sure, I'm familiar with tor2web, I'm even on the mailing list ;) But as far as I can tell, this is because the .onion does not necessarily expect to get a request for https://duskgytldkxiuqc6.tor2web.org/ and not http://duskgytldkxiuqc6.onion/ - but as far as I understand translation mode, it's meant for enabling hidden (web) services to be accessible from for example a regular mobile browser, yes? With the config from above, it's trivial to get the HS to respond to https://exampledomain.org/ (shouldn't be a problem serving the correct SSL certificate from the HS itself, even though I haven't tested) - the magic of adding headers and disclaimers wouldn't be done by tor2web but you'd have to handle that on the hidden service itself ... Which is still easy because you do actually get passed the Host: header enabling distinguishing connections. > Additionally tor2web is faster than torhs direct access because it use a > custom version of Tor (Tor2web Mode) that *remove* the anonymity on the > "client side" of the access. > In fact a user accessing Tor2web is not anonymous. Right, see https://www.cryptoparty.at/tor2tcp#anonymity The connection pooling is cool though, and the part that I have the least understanding of. I'm not advocating this as an alternative to tor2web or even anonymous access to anything, but I guess it's just a more lightweight approach to the "translation mode"? It only works with one hidden service per public IP anyway. My interest mostly stems from trying to run a SMTP hidden service that also works with SSL on clearnet, giving the "public face" VPS as few as possible (i.e. no SSL key, no MTA that might even cache messages if the HS isn't responsive) ... But that's enough veering off the original topic for now. Best, Michael -- https://niij.org/
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
