Forum rules


Warning !
Avoid using binary softwares from untrusted users.
Prefer compiling it yourself and verify sources.



Reply to topic  [ 4 posts ] 
Bitproxy - experimental local .bit proxy with TLS 
Author Message

Posts: 1625
Reply with quote
Post Bitproxy - experimental local .bit proxy with TLS
https://github.com/phelix/bitproxy

Already quite a while ago I played with pymiproxy. With knowledge gained from discussions about NMControl with Domob and particularly Biolizard I thought I would give it another shot.

Installing the local root cert is cumbersome. Biolizard is working on solving this automatically, maybe this could be used for Bitproxy.

Comments appreciated.

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Wed Oct 14, 2015 9:55 am
Profile

Posts: 1919
os: linux
Reply with quote
Post Re: Bitproxy - experimental local .bit proxy with TLS
phelix wrote:
https://github.com/phelix/bitproxy

Already quite a while ago I played with pymiproxy. With knowledge gained from discussions about NMControl with Domob and particularly Biolizard I thought I would give it another shot.

Installing the local root cert is cumbersome. Biolizard is working on solving this automatically, maybe this could be used for Bitproxy.

Comments appreciated.


My opinion is that pymiproxy's lack of maintenance is concerning. mitmproxy has much more active development. A while back I rigged NMControl to use mitmproxy, although I never got around to doing custom certificate validation. The flip side is that mitmproxy's codebase is larger, so potentially more attack surface. However, with the "tcp" flag I don't think most of their code is actually called at all.

I don't think proxies are a great way to implement .bit, given that for both TLS validation and Tor support there are better, safer ways of doing it. However, if there's interest, I can publish the mitmproxy NMControl code that I have, as long as it's 100% clear that I don't endorse its usage in anything serious.

_________________
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5


Sun Oct 18, 2015 6:27 am
Profile

Posts: 1625
Reply with quote
Post Re: Bitproxy - experimental local .bit proxy with TLS
biolizard89 wrote:
phelix wrote:
https://github.com/phelix/bitproxy

Already quite a while ago I played with pymiproxy. With knowledge gained from discussions about NMControl with Domob and particularly Biolizard I thought I would give it another shot.

Installing the local root cert is cumbersome. Biolizard is working on solving this automatically, maybe this could be used for Bitproxy.

Comments appreciated.


My opinion is that pymiproxy's lack of maintenance is concerning. mitmproxy has much more active development. A while back I rigged NMControl to use mitmproxy, although I never got around to doing custom certificate validation. The flip side is that mitmproxy's codebase is larger, so potentially more attack surface. However, with the "tcp" flag I don't think most of their code is actually called at all.

There are versions of pymiproxy being (actively?) used by the internet archive. They seem better maintained. It should be relatively easy to rebase:
https://github.com/ikreymer/certauth
https://github.com/internetarchive/warc ... tmproxy.py (unfortunately the name is confusing, this is pymiproxy without the certauth class)

mitmproxy really looks huge, probably overkill for this purpose. The relevant pymiproxy code is only a little more than 300 lines!

Quote:
I don't think proxies are a great way to implement .bit, given that for both TLS validation and Tor support there are better, safer ways of doing it.

Yet there has not come up a single specific argument: https://forum.namecoin.info/viewtopic.php?f=5&t=2425

_________________
nx.bit - some namecoin stats
nf.bit - shortcut to this forum


Mon Oct 19, 2015 8:57 am
Profile

Posts: 1919
os: linux
Reply with quote
Post Re: Bitproxy - experimental local .bit proxy with TLS
mitmproxy is big, but we would only be using libmproxy, rather than the full mitmdump or mitmproxy UI's. Furthermore, we would be using "tcp" mode, which disables all of libmproxy's HTTP protocol parsing. So while it's still bigger than pymiproxy, it's not as big as it looks. I was actually unaware of the newer pymiproxy fork by IA; that's interesting.

I've replied in the linked thread about TLS applications. For Tor applications, we would probably want to either use Yawning's SOCKS proxy, or fork Jesse Victors's OnioNS. Trying to use a proxy that's not carefully designed for Tor will subtly break anonymity, e.g. it will break stream isolation.

_________________
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5


Tue Oct 20, 2015 2:57 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 4 posts ] 

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.