anonym: > This is how I imagine the onionshare filter configuration Whonix > needs would look like: > > - match-hosts: > - '10.1.1.42' > commands: > GETINFO: > - 'version' > - 'onions/current' > - pattern: 'net/listeners/socks' > response: '250-net/listeners/socks="127.0.0.1:9150"' > GETCONF: > - '__owningcontrollerprocess' > ADD_ONION: > - pattern: 'NEW:BEST Port=80,(176\d\d)' > replacement: 'NEW:BEST Port=80,10.137.6.41:{}' > DEL_ONION: > - '.+' > events: > SIGNAL: > suppress: true > CONF_CHANGED: > suppress: true > HS_DESC:
I've pushed some improvements, in particular for making the rewriting system more general; now we can rewrite commands before they are sent, rewrite responses from commands (even a rewritten one!), and rewrite received events. Because of this the profile above needs a slight adjustment (the only change is for `GETINFO net/listeners/socks`): - match-hosts: - '10.1.1.42' commands: GETINFO: - 'version' - 'onions/current' - pattern: 'net/listeners/socks' response: - pattern: '.*' replacement: '250-net/listeners/socks="127.0.0.1:9150"' ADD_ONION: - pattern: 'NEW:BEST Port=80,(176([0-4][0-]|50))' replacement: 'NEW:BEST Port=80,10.137.6.41:{}' DEL_ONION: - '.+' confs: __owningcontrollerprocess: events: SIGNAL: suppress: true CONF_CHANGED: suppress: true HS_DESC: ... in case you want to test it in Whonix. :) To highlight the possibilities of the rewriting system, we now allow rules like this to fool an application about what hosts are connected to through tor: commands: GETINFO: - pattern: 'stream-status' response: - pattern: '(.*)whonix\.org(.*)' replacement: '{}tails.boum.org{}' - pattern: '(.*)tails\.boum\.org(.*)' replacement: '{}whonix.org{}' events: STREAM: response: [ Same two (pattern, replacement)-pairs as above ] Only one replacement will ever be done on the same string, and the matching is done from top to bottom, as defined in the configuration file. With the empty string as `replacement`, the matched response would simply be dropped instead. If we replace the above (pattern, replacement)-pairs with only: pattern: '(\d+ STREAM \d+ \S+ \d+) [^:]+:(.+)' replacement: '{} tails.boum.org:{}' we fool the application where all tor streams go. The question is, however, whether this is a useful feature at all. :) Cheers! _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.