Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 741ef2a8cd
Branches Tags
tor
/
doc
/
spec
/
proposals
/
132-browser-check-tor-service.txt

132-browser-check-tor-service.txt 6.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 
  1. Filename: 132-browser-check-tor-service.txt
    2. 

  2. Title: A Tor Web Service For Verifying Correct Browser Configuration
    3. 

  3. Version: $Revision$
    4. 

  4. Last-Modified: $Date$
    5. 

  5. Author: Robert Hogan
    6. 

  6. Created: 2008-03-08
    7. 

  7. Status: Draft
    8. 

  8. 

  9. Overview:
    10. 

  10. 

  11.   Tor should operate a primitive web service on the loopback network device
    12. 

  12.   that tests the operation of user's browser, privacy proxy and Tor client.
    13. 

  13.   The tests are performed by serving unique, randomly generated elements in
    14. 

  14.   image URLs embedded in static HTML. The images are only displayed if the DNS
    15. 

  15.   and HTTP requests for them are routed through Tor, otherwise the 'alt' text
    16. 

  16.   may be displayed. The proposal assumes that 'alt' text is not displayed on
    17. 

  17.   all browsers so suggests that text and links should accompany each image
    18. 

  18.   advising the user on next steps in case the test fails.
    19. 

  19. 

  20.   The service is primarily for the use of controllers, since presumably users
    21. 

  21.   aren't going to want to edit text files and then type something exotic like
    22. 

  22.   127.0.0.1:9999 into their address bar. In the main use case the controller
    23. 

  23.   will have configured the actual port for the webservice so will know where
    24. 

  24.   to direct the request. It would also be the responsibility of the controller
    25. 

  25.   to ensure the webservice is available, and tor is running, before allowing
    26. 

  26.   the user to access the page through their browser.
    27. 

  27. 

  28. Motivation:
    29. 

  29. 

  30.   This is a complementary approach to proposal 131. It overcomes some of the
    31. 

  31.   limitations of the approach described in proposal 131: reliance
    32. 

  32.   on a permanent, real IP address and compatibility with older versions of
    33. 

  33.   Tor. Unlike 131, it is not as useful to Tor users who are not running a
    34. 

  34.   controller.
    35. 

  35. 

  36. Objective:
    37. 

  37. 

  38.   Provide a reliable means of helping users to determine if their Tor
    39. 

  39.   installation, privacy proxy and browser are properly configured for
    40. 

  40.   anonymous browsing.
    41. 

  41. 

  42. Proposal:
    43. 

  43. 

  44.   When configured to do so, Tor should run a basic web service available
    45. 

  45.   on a configured port on 127.0.0.1. The purpose of this web service is to
    46. 

  46.   serve a number of basic test images that will allow the user to determine
    47. 

  47.   if their browser is properly configured and that Tor is working normally.
    48. 

  48. 

  49.   The service can consist of a single web page with two columns. The left
    50. 

  50.   column contains images, the right column contains advice on what the
    51. 

  51.   display/non-display of the column means.
    52. 

  52. 

  53.   The rest of this proposal assumes that the service is running on port
    54. 

  54.   9999. The port should be configurable, and configuring the port enables the
    55. 

  55.   service. The service must run on 127.0.0.1.
    56. 

  56. 

  57.   In all the examples below [uniquesessionid] refers to a random, base64
    58. 

  58.   encoded string that is unique to the URL it is contained in. Tor only ever
    59. 

  59.   stores the most recently generated [uniquesessionid] for each URL, storing 3
    60. 

  60.   in total. Tor should generate a [uniquesessionid] for each of the test URLs
    61. 

  61.   below every time a HTTP GET is received at 127.0.0.1:9999 for index.htm.
    62. 

  62. 

  63.   The most suitable image for each test case is an implementation decision.
    64. 

  64.   Tor will need to store and serve images for the first and second test
    65. 

  65.   images, and possibly the third (see 'Open Issues').
    66. 

  66. 

  67.   1. DNS Request Test Image
    68. 

  68.   
    69. 

  69.   This is a HTML element embedded in the page served by Tor at
    70. 

  70.   http://127.0.0.1:9999:
    71. 

  71. 

  72.   <IMG src="http://[uniquesessionid]:9999/torlogo.jpg" alt="If you can see
    73. 

  73.   this text, your browser's DNS requests are not being routed through Tor."
    74. 

  74.   width="200" height="200" align="middle" border="2">
    75. 

  75. 

  76.   If the browser's DNS request for [uniquesessionid] is routed through Tor,
    77. 

  77.   Tor will intercept the request and return 127.0.0.1 as the resolved IP
    78. 

  78.   address. This will shortly be followed by a HTTP request from the browser
    79. 

  79.   for http://127.0.0.1:9999/torlogo.jpg. This request should be served with
    80. 

  80.   the appropriate image.
    81. 

  81. 

  82.   If the browser's DNS request for [uniquesessionid] is not routed through Tor
    83. 

  83.   the browser may display the 'alt' text specified in the html element. The
    84. 

  84.   HTML served by Tor should also contain text accompanying the image to advise
    85. 

  85.   users what it means if they do not see an image. It should also provide a
    86. 

  86.   link to click that provides information on how to remedy the problem. This
    87. 

  87.   behaviour also applies to the images described in 2. and 3. below, so should
    88. 

  88.   be assumed there as well.
    89. 

  89. 

  90. 

  91.   2. Proxy Configuration Test Image
    92. 

  92. 

  93.   This is a HTML element embedded in the page served by Tor at
    94. 

  94.   http://127.0.0.1:9999:
    95. 

  95. 

  96.   <IMG src="http://torproject.org/[uniquesessionid].jpg" alt="If you can see
    97. 

  97.   this text, your browser is not configured to work with Tor." width="200"
    98. 

  98.   height="200" align="middle" border="2">
    99. 

  99. 

  100.   If the HTTP request for the resource [uniquesessionid].jpg is received by
    101. 

  101.   Tor it will serve the appropriate image in response. It should serve this
    102. 

  102.   image itself, without attempting to retrieve anything from the Internet.
    103. 

  103. 

  104.   If Tor can identify the name of the proxy application requesting the
    105. 

  105.   resource then it could store and serve an image identifying the proxy to the
    106. 

  106.   user.
    107. 

  107. 

  108.   3. Tor Connectivity Test Image
    109. 

  109. 

  110.   This is a HTML element embedded in the page served by Tor at
    111. 

  111.   http://127.0.0.1:9999:
    112. 

  112. 

  113.   <IMG src="http://torproject.org/[uniquesessionid]-torlogo.jpg" alt="If you
    114. 

  114.   can see this text, your Tor installation cannot connect to the Internet."
    115. 

  115.   width="200" height="200" align="middle" border="2">
    116. 

  116. 

  117.   The referenced image should actually exist on the Tor project website. If
    118. 

  118.   Tor receives the request for the above resource it should remove the random
    119. 

  119.   base64 encoded digest from the request (i.e. [uniquesessionid]-) and attempt
    120. 

  120.   to retrieve the real image.
    121. 

  121. 

  122.   Even on a fully operational Tor client this test may not always succeed. The
    123. 

  123.   user should be advised that one or more attempts to retrieve this image may
    124. 

  124.   be necessary to confirm a genuine problem.
    125. 

  125. 

  126. Open Issues:
    127. 

  127. 

  128.   The final connectivity test relies on an externally maintained resource, if
    129. 

  129.   this resource becomes unavailable the connectivity test will always fail.
    130. 

  130.   Either the text accompanying the test should advise of this possibility or
    131. 

  131.   Tor clients should be advised of the location of the test resource in the
    132. 

  132.   main network directory listings.
    133. 

  133. 

  134.   Any number of misconfigurations may make the web service unreachable, it is
    135. 

  135.   the responsibility of the user's controller to recognize these and assist
    136. 

  136.   the user in eliminating them. Tor can mitigate against the specific
    137. 

  137.   misconfiguration of routing HTTP traffic to 127.0.0.1 to Tor itself by
    138. 

  138.   serving such requests through the SOCKS port as well as the configured web
    139. 

  139.   service report.
    140. 

  140. 

  141.   Now Tor is inspecting the URLs requested on its SOCKS port and 'dropping'
    142. 

  142.   them. It already inspects for raw IP addresses (to warn of DNS leaks) but
    143. 

  143.   maybe the behaviour proposed here is qualitatively different. Maybe this is
    144. 

  144.   an unwelcome precedent that can be used to beat the project over the head in
    145. 

  145.   future. Or maybe it's not such a bad thing, Tor is merely attempting to make
    146. 

  146.   normally invalid resource requests valid for a given purpose.
    147. 

  147.