[liberationtech] New Yorker debut's Aaron Swartz's 'Strongbox.'
Michael Zeltner
m at niij.org
Sat May 18 05:21:13 PDT 2013
On 18 May 13:32, Fabio Pietrosanti (naif) wrote:
> On 5/18/13 12:38 PM, Michael Zeltner wrote:
> >Hmm, interesting. A friend and I have recently "discovered" an easy Tor
> >configuration hack to do something similar: https://www.cryptoparty.at/tor2tcp
> >
> >Would be interested to hear what you think of that. I haven't delved into why
> >using that instance of Tor for anything else makes it stop accepting
> >connections, but as a bare configuration it's remarkably simple to set up.
> That's a nice hack!
>
> However to make http proxying working properly there's a lot of hackery
> related to varios header and html tag rewriting.
Sure, I'm familiar with tor2web, I'm even on the mailing list ;) But as far as
I can tell, this is because the .onion does not necessarily expect to get a
request for https://duskgytldkxiuqc6.tor2web.org/ and not
http://duskgytldkxiuqc6.onion/ - but as far as I understand translation mode,
it's meant for enabling hidden (web) services to be accessible from for example
a regular mobile browser, yes? With the config from above, it's trivial to get
the HS to respond to https://exampledomain.org/ (shouldn't be a problem serving
the correct SSL certificate from the HS itself, even though I haven't tested) -
the magic of adding headers and disclaimers wouldn't be done by tor2web but
you'd have to handle that on the hidden service itself ... Which is still easy
because you do actually get passed the Host: header enabling distinguishing
connections.
> Additionally tor2web is faster than torhs direct access because it use a
> custom version of Tor (Tor2web Mode) that *remove* the anonymity on the
> "client side" of the access.
> In fact a user accessing Tor2web is not anonymous.
Right, see https://www.cryptoparty.at/tor2tcp#anonymity
The connection pooling is cool though, and the part that I have the least
understanding of.
I'm not advocating this as an alternative to tor2web or even anonymous access
to anything, but I guess it's just a more lightweight approach to the
"translation mode"? It only works with one hidden service per public IP anyway.
My interest mostly stems from trying to run a SMTP hidden service that also
works with SSL on clearnet, giving the "public face" VPS as few as possible
(i.e. no SSL key, no MTA that might even cache messages if the HS isn't
responsive) ... But that's enough veering off the original topic for now.
Best, Michael
--
https://niij.org/
More information about the liberationtech
mailing list