| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Initial Python3 support
Closes #1
See merge request tpo/network-health/exitmap!1
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All default modules are now in Python3
Uses PySocks module for the actual Socks support.
One now can do DNS query over the proxy using
`resolve()` method.
```
t = torsockets.torsocket()
print(t.resolve("torproject.org"))
```
This commit also fixes a few typos in the torsocks.py file based
on the review feedback.
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| | |
Python 3.3 doesn't work with the suppress module, which is included by
one our modules.
|
| | |
| |
| |
| | |
This fixes a Travis build issue.
|
| | |
| |
| |
| | |
Replace Atlas with Metrics link.
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update Cloudflare CAPTCHA signature, it looks like they started to
use `Cloudflare` instead of `CloudFlare`.
Update user agent header to match that of current stable Tor Browser.
Interestingly, I stopped getting CAPTCHAS after updating the UA string.
Add missing `Upgrade-Insecure-Requests` header.
Update `Accept-Encoding` header.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
It looks like WikiLeaks' DNS servers no longer give you all IPv4 records
in a single DNS response, meaning that we end up with a lot of false
positives in a scan. It's better to just get rid of the domain.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
The KAU relay is no more, so let's use a pseudo fingerprint instead.
|
| |
|
|
|
| |
Executing the file is throwing an error "ValueError: Too many values to unpack".
This error is occurring because pyflakes is also returning the exact code where the error has occurred.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
If we catch all exceptions inside get_relays_in_country(), we cannot
test the function properly. In particular, we are unable to distinguish
Onionoo failure from the function's failure. Handling the exceptions in
the calling function fixes this.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Fixes pep8 violations and cleans up code
(#22)(#53)
* Reverts some styling and updates
Reverts some fixes back to previous style
Changes the spacing of a new line before one comment
(#22)(#53)
|
| |
|
|
|
|
|
|
| |
* Catch exception in path selection
Occurs when the exit is not in the cached-consensus loaded from disk
* Fix exception where os.makedirs(None) was called
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds the command line options "-o" and "--logfile" that
enable logging to file. This functionality required minor restructuring
that led to a simplification of the logging code. In particular:
- We get rid of log.py because it was never really necessary.
- We use named loggers, so it's easier to figure out what module logged
a given message.
- We rename our logging object from "logger" to "log" to make the code
more readable.
- The restructuring means that we now also get to see Stem's logging
messages.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This command line option hopefully makes it a little bit more difficult
for vigilant adversaries to discover our scanning activity. It adds a
random value to the time delay between two subsequent circuit creations.
As a result, if an adversary monitors circuit creation timings, our
signal should be less periodic and thus less obvious.
We implement this feature by exposing a command line argument that
determines a random time delay in the interval [0, DELAY_NOISE). This
delay is then either added to or subtracted from (both with probability
0.5) the given build delay. By default, the argument is 0, and
therefore not in effect.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Travis CI discovered that PyPy in version 2.6.1 apparently lacks the
ENOTSUP variable. This commit defines the variable if it does not exist
already. The exact test error was:
============================= test session starts ==============================
platform linux2 -- Python 2.7.10[pypy-2.6.1-final], pytest-2.8.5, py-1.4.31, pluggy-0.3.1
rootdir: /home/travis/build/NullHypothesis/exitmap, inifile:
plugins: cov-2.2.1
collected 8 items / 1 errors
test/test_relayselector.py .
test/test_stats.py .
test/test_util.py ......
==================================== ERRORS ====================================
____________________ ERROR collecting test/test_torsocks.py ____________________
test/test_torsocks.py:24: in <module>
import torsocks
src/torsocks.py:61: in <module>
0x07: errno.ENOTSUP, # Command not supported / protocol error
E AttributeError: 'module' object has no attribute 'ENOTSUP'
|
| |
|
|
|
| |
After torsocks.py and relayselector.py have been refactored, we will
have to rewrite the unit tests.
|
| | |
|
| |\
| |
| | |
RFC: New module 'rtt' and a bunch of changes in aid of what it does
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The preceding changes are all in aid of this module. Note that it
currently isn't 100% robust. It works well for _one_ exit, but
if you try to run it over many destinations and all exits, fewer
and fewer connections will work correctly as time goes by. I could
use some debugging help.
selectors34.py and six.py are third-party code licensed under MIT-like
licenses. They are backports of Python 3.(>=4) standard library
functionality to Python 2, and redistributing them in this fashion
is encouraged by their authors.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Formerly, only exits that could connect to _all_ of a module's requested
destinations were included in the set of exits to be probed. Now,
instead, every exit that can connect to _at least one_ of a module's
requested destinations will be included, and probe() receives a new
keyword argument, destinations=, that tells it which destinations it
can use for each exit. (The destinations list will be a proper subset
of module.destinations, with all hostnames resolved to IP addresses.)
This does not affect the behavior of any existing module, because all
of the existing modules use only a single destination.
|
| | |
| |
| |
| |
| |
| | |
This is forward-compatibility for the next change, in which
a new kwarg (that none of them need, but a new module does)
will be added.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This was a major revision to the torsocks module, but the _effect_
is simple to explain: a probe module can now do
s = socket.socket(AF_UNIX, SOCK_STREAM)
s.setblocking(False)
err = s.connect_ex(addr)
if err == errno.EINPROGRESS:
select.select([s], [], [])
and the select() will return when the connection is complete. (In a real
module that needs this, one would have _several_ pending connections and
process them as they become available.) Note that there is a visible
difference from how a normal socket behaves, here: you select for the
socket to become _readable_ before continuing. A normal socket becomes
_writable_ when the TCP handshake completes.
There's a bunch of secondary work in here in aid of making the emulation
of non-blocking half-open socket behavior as accurate as possible, and
an ancillary change (too difficult to disentangle into its own commit)
in which we make the monkey-patching of socket.socket more robust. It
is no longer necessary to put back the original socket.socket around
event queue operations, and the monkey-patching will be 100% cleaned
up if a module throws an uncaught exception.
|
| |/
|
|
|
|
|
|
|
|
|
| |
eventhandler.EventHandler.check_finished is called by both the queue
thread and the main thread, but the tear-down operations that it performs
must only happen once. The call to sys.exit() DOES NOT prevent the
tear-down from happening twice. (Is the "queue_thread.daemon = False"
line in EventHandler.__init__ perhaps meant to be "= True"? It wouldn't
fix the race here, but it might prevent other problems, e.g. the program
hanging forever if a module throws an uncaught exception.) Anyway,
add an explicit lock.
|
| | |
|
| |
|
|
|
|
|
| |
The idea is to resolve a domain that has a deliberately broken DNSSEC
record, and see if that works. If we can resolve it, the exit relay's
resolver does not validate DNSSEC, which is bad. We don't control
www.dnssec-failed.org, and have to hope that it does what it claims.
|
| |
|
|
|
|
|
|
| |
The module is imported in our dnspoison module, but was not part of the
requirements file. Thanks to Mridul for finding this bug!
This fixes issue 47:
<https://github.com/NullHypothesis/exitmap/issues/47>
|
| | |
|
