Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #16917

Closed (moved)
Open
Opened Aug 28, 2015 by Mike Perry@mikeperry

Support torified torsocks ssh -D socks proxy ports (for wingnuts)

When Tor is blocked by a website, wingnuts sometimes resort to using ssh -D proxies in combination with torsocks (so that the connection to the ssh server goes over Tor, and then when you connect to the SSH proxy port on localhost, it gets routed through Tor and then it uses your SSH server as your exit IP).

Unfortunately, in TBB 4.5 we added socks username+password isolation to Torbutton, and there is no way to disable this easily. For example, see this sad panda: https://superuser.com/questions/941136/how-can-i-bypass-proxy-using-tunneling (though that guy is still doing it wrong. ssh -D is way more flexible, if TBB 4.5+ supported it).

The following Torbutton patch works to completely disable the use of SOCKS auth in TBB (which also disables circuit isolation):

--- a/src/components/domain-isolator.js
+++ b/src/components/domain-isolator.js
@@ -71,8 +71,8 @@ tor.socksProxyCredentials = function (originalProxy, domain) {
   return mozilla.protocolProxyService
            .newSOCKSProxyInfo(proxy.host,
                               proxy.port,
-                              domain, // username
-                              tor.noncesForDomains[domain].toString(), // password
+                              null, //domain, // username
+                              null, //tor.noncesForDomains[domain].toString(), // password
                               proxy.flags,
                               proxy.failoverTimeout,
                               proxy.failoverProxy);

You also need to set the following about:config prefs to false: extensions.torbutton.local_tor_check and extensions.torbutton.test_enabled.

You also need to start TBB with TOR_SOCKS_PORT=4444, or whatever your ssh -D SOCKS port is.

Finally, you need to set 'AllowInbound 1' in /etc/tor/torsocks.conf (or wherever torsocks.conf lives).

If some random cypherpunk(s) want to turn that Torbutton patch into a Torbutton pref and either script the rest of this or document this process better, I would merge the patch and add a link to the script to the TBB Hacking Guide. We should also put the answer on a few stackoverflow questions like the one I linked. There probably are more.

The following Hacking Guide sections may be useful in this process: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#BuildingJustTorLauncherOrTorbutton https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking#UsinganExistingTorProcess

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#16917