On Thu, Jul 9, 2015 at 7:03 PM, Arthur D. Edelstein <arthuredelstein@gmail.com> wrote:
Hi Sherief,

>>>> Karsten insisted that I have to run a local copy of torproject.org
>>>> <http://torproject.org> using a web server while the automated script
>>>> runs since we can't estimate or depend on the connection speed. The
>>>> major blocker in this is that the browser redirects to
>>>> https://torproject.org/ whenever I try to map 127.0.0.1 to
>>>> torproject.org <http://torproject.org> (or www.torproject.org
>>>> <http://www.torproject.org>) in my /etc/hosts file.

So you're trying to get http, but you get https, correct? Sounds like
it might be the HSTS Preload list. See
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
torproject.org is among the domains on Firefox's preload list:
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsSTSPreloadList.inc

I think you can turn off HSTS Preloading by creating an integer pref
named "test.currentTimeOffsetSeconds", and setting it to 11491200.
(Under about:config, right-click and choose "New > Integer".)

Arthur

Hi Arthur,

I've tested the pref and unfortunately it doesn't work. I still get the https version of torproject.org.

--
Sherief Alaa
pgp 0x8623B882