Hi again everyone! It's Eli ...
So thanks to Teor and Nick's help, my python client (tor OP) is finally able to successfully establish a three-hop circuit with any TOR relays in the whole public network!
Now It's on to the Data Cells... As of writing this, I can send and receive the proper RELAY_BEGIN and RELAY_CONNECTED to and from my exit node, but I'm not quite sure what to do next...
Do I just start sending RELAY_DATA cells (where the "data" of the cell is literally the encoded HTTP requests)?
I've tried connecting to 'www.facebook.com:443' with the RELAY_BEGIN cells as a test (I do get a Relay Connected Cell so at least I know that part works).
After getting back the RELAY_CONNECTED cell, I send a RELAY_DATA cell with the data of the cell being the following 'utf-8' encoded string:
* #######this is how i wrote the literal in python#### * *'GET / HTTP/1.1\r\nHost: www.facebook.com http://www.facebook.com\r\nUser-Agent: python-requests/2.23.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n\r\n'.encode() *
What I get back is a short couple of bytes:
*\x15\x03\x03\x00\x02\x022*
I had no idea what this meant but after digging around a bit I found that this seems to be some part of the TLS handshake that is used in HTTPS.
So now two questions arise:
1. Is this a good TLS response? What does it mean exactly?
2. Generally speaking, is this how the RELAY_DATA cells are supposed to be sent and received? Just to clarify it would be great if I could get an exact example of how the stream of data should look. For example, if someone could maybe break down the steps of how a basic HTTP GET request would work through a TOR circuit (starting from sending a RELAY_BEGIN cell) that would help me tremendously.
Thanks again to everyone who've helped me so far, and thanks in advance to anyone with an answer to any of my questions!
Regards, Eli
On Tue, May 05, 2020 at 08:05:36PM +0300, Eli Vakrat wrote:
As of writing this, I can send and receive the proper RELAY_BEGIN and RELAY_CONNECTED to and from my exit node, but I'm not quite sure what to do next...
Great. Now you have a socket open, and you talk to the remote server (e.g. webserver) over it. That is, you can pretend that you just opened that socket directly to the remote server. You put bytes into your RELAY DATA cells, and those bytes get sent to the remote server.
Do I just start sending RELAY_DATA cells (where the "data" of the cell is literally the encoded HTTP requests)?
Yes, almost. You make the data be whatever you want the other side to get. But now you need to understand what protocols the webserver thinks you'll speak, as you see below:
I've tried connecting to 'www.facebook.com:443' with the RELAY_BEGIN cells as a test (I do get a Relay Connected Cell so at least I know that part works).
www.facebook.com:443, also known as https://www.facebook.com/, will expect you to speak TLS to it. If you send it plaintext http requests, it will give you a tls error in response.
After getting back the RELAY_CONNECTED cell, I send a RELAY_DATA cell with the data of the cell being the following 'utf-8' encoded string:
- #######this is how i wrote the literal in python#### *
*'GET / HTTP/1.1\r\nHost: www.facebook.com http://www.facebook.com\r\nUser-Agent: python-requests/2.23.0\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\n\r\n\r\n'.encode() *
Yeah, you are trying to send http, when instead you should be starting your tls handshake.
What I get back is a short couple of bytes:
*\x15\x03\x03\x00\x02\x022*
I had no idea what this meant but after digging around a bit I found that this seems to be some part of the TLS handshake that is used in HTTPS.
That makes sense.
So now two questions arise:
- Is this a good TLS response? What does it mean exactly?
I haven't checked, but I assume it means "error, that thing you sent me was not the proper beginning of a tls handshake."
- Generally speaking, is this how the RELAY_DATA cells are supposed to be
sent and received?
Yes.
You might try sending your http text to www.facebook.com:80, which expects http without any tls.
At this point it sounds like your Tor is working, and your new question is "what's the right way to interact with a webserver?"
Hope this helps, --Roger
-
Eli Vakrat -
Roger Dingledine