Opened 6 years ago

Last modified 2 years ago

#10762 needs_review defect

TorBridy should try both SOCKS port 9050 and 9150

Reported by: mikeperry Owned by: ioerror
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Normal Keywords:
Cc: isis Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

TorBridy's SOCKS configuration should try both 9050 and 9150 and use the one that works.

You can crib Torbutton's local tor check here (which requires access to the control port):
https://gitweb.torproject.org/torbutton.git/blob/master:/src/chrome/content/torbutton.js#l1701

We wrap that with the option to fall back to the remote check if transproxy is set here:
https://gitweb.torproject.org/torbutton.git/blob/master:/src/chrome/content/torbutton.js#l1675

The remote check is here:
https://gitweb.torproject.org/torbutton.git/blob/master:/src/chrome/content/torbutton.js#l1770

Unfortunately if you perform any network activity (including a remote tor check) with a socks port set, you may run into #8511, causing any hosts you contact to become unreachable after you change SOCKS settings. I am not sure if that caching behavior is present in Thunderbird too. The local tor check won't be affected by this bug, though.

Child Tickets

Change History (5)

comment:1 Changed 6 years ago by mikeperry

Note that Tor Browser provides cookie access to the control port, so if you support cookie auth, you should probably try that and port 9150 first.

comment:2 Changed 6 years ago by isis

For background context, this came from helping a Windows Tor Birdy (TB) user
after a Tor/Tails workshop that ioerror was giving. The following are the
experiments the user tried in the process of trying to get TB working.

1) TB enabled. TBB running. Email went through, but didn't use tor. User
compared IP addresses in email headers to see if the email was sent over tor.

2) TB disabled. TBB running. Sending email produced a popup message saying
"sending sending sending". Nothing in the sent folder, unclear if it sent or
not. Either way, it didn't fail closed with the expected "couldn't connect
to SOCKS host" message.

3) TB re-enabled. TBB running. Email went through, but didn't use tor.

4) I showed them how to determine the SocksPort of the tor running in TBB and
how to change TB's proxy settings to manual and type in the TBB ones. then the
email went through tor and the user verified it in the headers.

4a) If TBB is closed, another email will fail to send with a popup which warns
"it can't connect to the proxy".

4b) I asked them to exit TB completely and restart it, to check that it still
uses 9150 and that the email sends over tor if TBB is running, and fails closed
otherwise. These checks passed.

comment:3 Changed 5 years ago by Viggy_prabhu

I have fixed this bug by checking if TOR Daemon is running by just trying to connect to port 9050. If connection successful, then it uses port 9050, else it just sticks to port 9150.
The fix is in the branch "fixingDefaultTorPort" here, https://github.com/viggyprabhu/torbirdy/tree/fixingDefaultTorPort
Please check it and let me know if something needs to be modified.

There is an obvious issue that if some other service is running on 9050, then it will still assume that TOR Daemon is running but I am assuming that it is a rare situation.

Last edited 5 years ago by Viggy_prabhu (previous) (diff)

comment:4 Changed 5 years ago by Viggy_prabhu

Status: newneeds_review

comment:5 Changed 2 years ago by jflory7

Severity: Normal

For what it's worth, there seems to be a few places in TorBirdy that aren't updated if the Tor port is changed. For example, when refreshing keys in Enigmail, the local proxy is hard-coded to 127.0.0.1:9150, which will always fail unless changed manually.

Note: See TracTickets for help on using tickets.