Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
Nathan of Guardian: > > On Sun, Feb 14, 2016, at 09:56 AM, Mark Murphy wrote: >> On Sun, Feb 14, 2016, at 09:45, Nathan of Guardian wrote: >>> We can add a helper function called >>> makeSureIAmReallyUsingTor() that hits that and verifies the response. >>> Does that work from your perspective, Mark? >> >> I agree that developers (and users) could use that. However, given >> NetCipher's current scope, implementing it is something that developers >> themselves need to do. You can't request that URL without a >> fully-configured HTTP client stack, and that's something that developers >> need to set up today. > > Right. I think support HttpUrlConnection would be good, either as sample > code, or through a method you can pass your instance to. > >> Now, if we envision a future NetCipher that has packaged integrations >> tying it to popular Android HTTP client stacks (e.g., HttpURLConnection, >> Apache's independent HttpClient packaging, OkHttp, Volley), those >> integrations could offer such a method. The developer configures the >> integration, calls the validation method, and proceeds from there. > > Yes. Let's envision that, and realize that! Sounds like something to note for a round 2 of this work. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex=0xE9E28DEA00AA5556 ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
On Sun, Feb 14, 2016, at 01:21, grarpamp wrote: > https://check.torproject.org/api/ip > But that's only for browsers. I'd argue it's for Web service clients as well, which happens to be my test case. A JSON return payload is very cool, and it seems to be working. Many thanks! -- Mark Murphy (a Commons Guy) https://commonsware.com | https://github.com/commonsguy https://commonsware.com/blog | https://twitter.com/commonsguy ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
On Sun, Feb 14, 2016, at 08:24 AM, Mark Murphy wrote: > On Sun, Feb 14, 2016, at 01:21, grarpamp wrote: > > https://check.torproject.org/api/ip > > But that's only for browsers. > > I'd argue it's for Web service clients as well, which happens to be my > test case. A JSON return payload is very cool, and it seems to be > working. > Yes, that is what I hoped. We can add a helper function called makeSureIAmReallyUsingTor() that hits that and verifies the response. Does that work from your perspective, Mark? Agreed the MITM is not the right solution. Seems like there has been a lot of unfortunate implementations of that in the news recently. +n ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
[guardian-dev] NetCipher: How Do I Know That It Is Working?
If I am writing an app, and I (try to) integrate NetCipher, and I make an HTTP request of a regular Web server, and I get a valid response back... how do I know that the request made it through Orbot's HTTP proxy and Tor, versus somehow being re-routed to the Web server directly? I have tried enabling "Debug Log" in Orbot, but I do not know if it logs request information (or what that might look like), and I do not know if anything is needed beyond checking the checkbox (e.g., restart Orbot, reboot device). Thanks! -- Mark Murphy (a Commons Guy) https://commonsware.com | https://github.com/commonsguy https://commonsware.com/blog | https://twitter.com/commonsguy ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
On Sat, Feb 13, 2016, at 01:05 PM, Mark Murphy wrote: > If I am writing an app, and I (try to) integrate NetCipher, and I make > an HTTP request of a regular Web server, and I get a valid response > back... how do I know that the request made it through Orbot's HTTP > proxy and Tor, versus somehow being re-routed to the Web server > directly? There is no built-in method for this. I suppose you could request check.torproject.org and parse it to match for the "you are connected to Tor" string. Tor also has an API for this now that I can dig up. > > I have tried enabling "Debug Log" in Orbot, but I do not know if it logs > request information (or what that might look like), and I do not know if > anything is needed beyond checking the checkbox (e.g., restart Orbot, > reboot device). We don't currently log individual request but I think we could, especially using the polipo HTTP proxy server that sits between port 8118 and Tor SOCKS on 9050. +n > > Thanks! > > -- > Mark Murphy (a Commons Guy) > https://commonsware.com | https://github.com/commonsguy > https://commonsware.com/blog | https://twitter.com/commonsguy > ___ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org -- Nathan of Guardian nat...@guardianproject.info ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
On Sat, Feb 13, 2016, at 02:21 PM, Mark Murphy wrote: > On Sat, Feb 13, 2016, at 14:03, Nathan of Guardian wrote: > > On Sat, Feb 13, 2016, at 01:05 PM, Mark Murphy wrote: > > > If I am writing an app, and I (try to) integrate NetCipher, and I make > > > an HTTP request of a regular Web server, and I get a valid response > > > back... how do I know that the request made it through Orbot's HTTP > > > proxy and Tor, versus somehow being re-routed to the Web server > > > directly? > > > > There is no built-in method for this. > > Gulp. For apps that want to absolutely guarantee access via Tor, you can also setup a .Onion hidden service. This would.not resolve if your request is not being proxied. > > > We don't currently log individual request but I think we could, > > especially using the polipo HTTP proxy server that sits between port > > 8118 and Tor SOCKS on 9050. > > Another possibility would be to add some X- header to the response from > the HTTP proxy (e.g., X-Orbot-Diagnostics, with perhaps a meaningful bit > of data as a value), for use in debug mode. That would allow for > validation as part of HTTP response processing, such as for test suites. That is a good idea. I think polipo can do this. > > Thanks for the info! > Great questions! ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
Re: [guardian-dev] NetCipher: How Do I Know That It Is Working?
On 2/13/16, Nathan of Guardianwrote: > On Sat, Feb 13, 2016, at 01:05 PM, Mark Murphy wrote: >> back... how do I know that the request made it through Orbot's HTTP >> proxy and Tor, versus somehow being re-routed to the Web server >> directly? > check.torproject.org and parse it to match for the "you are connected to > Tor" string. Tor also has an API for this now that I can dig up. https://check.torproject.org/api/ip But that's only for browsers. What made it around tor: packet filter What made it into tor: tor controller setevents stream If you want to make that more useful to users: https://trac.torproject.org/projects/tor/ticket/11179 > We don't currently log individual request but I think we could, > especially using the polipo HTTP proxy server that sits between port > 8118 and Tor SOCKS on 9050. If you're doing TLS you won't see it. And X-mitm your own TLS streams to indicate is just weird. Also, polipo had network issues back when I tested it, privoxy stripped of rules worked fine to replace its function. ___ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org