[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Recommendations for browsing via Tor pre tor-browser?
From: |
Christopher Lemmer Webber |
Subject: |
Re: Recommendations for browsing via Tor pre tor-browser? |
Date: |
Fri, 20 Jul 2018 12:11:49 -0400 |
User-agent: |
mu4e 1.0; emacs 26.1 |
Chris Marusich writes:
> I think you're right: the fact that a malicious actor can induce
> requests to your localhost endpoint is cause for concern, even if the
> exact methods of exploitation are not obvious.
>
> I looked into this. I learned that Firefox (and our IceCat) supports a
> SOCKS proxy using UNIX domain sockets [1]. If you've started TOR with a
> socks socket at /var/run/tor/socks-sock, you can tell IceCat (or
> Firefox) to use it by entering the socket path as your SOCKS proxy.
> Specifically, in the IceCat built by Guix, you would do this:
>
> * Click on the "hamburger menu" in the upper right (the icon looks like
> three fat lines stacked on top of one another).
> * Go to Preferences > Advanced > Connection > Settings.
> * Select "Manual proxy configuration".
> * Select SOCKS v5 (because v5, unlike v4, supports sending DNS queries
> through the SOCKS proxy).
> * Enter "file:///var/run/tor/socks-sock" in the SOCKS Host field (no
> quotes required). The UI still makes it seem like you need to enter a
> port, but you can put any value in here, and it won't matter, since
> UNIX domain sockets don't use ports.
> * Scroll to the bottom and make sure "Proxy DNS when using SOCKS v5" is
> checked.
> * Click OK.
>
> Assuming that TOR is running and the permissions on its SOCKS socket
> allow you access, you can browse to https://check.torproject.org/ and it
> should tell you that you're connected over TOR. You can also check the
> TOR messages sent to /var/log/messages to confirm that stuff is
> happening.
Heck yeah! This is awesome!
> Since using a UNIX domain socket for TOR is probably better than using a
> localhost endpoint, we should make it easy to run a configuration like
> this via the tor-service. Currently, it's a little awkward to do, since
> to set it up, you need to arrange for the directory that contains the
> socket to have certain permissions, or else TOR refuses to start. If
> nobody beats me to it, I could try my hand at this in a few days' time.
Please do.
While you're taking a crack at it, it might be cool if the
tor-hidden-services stuff could also accept unix domain sockets? What
do you think?
Re: Recommendations for browsing via Tor pre tor-browser?, Nils Gillmann, 2018/07/16
Re: Recommendations for browsing via Tor pre tor-browser?, Devan Carpenter, 2018/07/19