Randomize the "/001/" in psiphon URLs

Bug #457377 reported by root on 2009-04-01
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Obsolete Junk
Psiphon-2.4-20091028-213542
Fix Committed
Undecided
Unassigned
psiphon
Unknown
e.fryntov

Bug Description

Was this meant to be randomized or customized by Hosts? One way or another, we should remove this blocking and enumeration vulnerability

root (n-root-psiphon-ca) wrote :

Random dictionary word, perhaps? Not sure.... We should also think about this in light of the possibility (probability?) that we will be using hostname-based psiphon URLs (as opposed to IP-based URLs) in the not-so-distant future. (In order to enable signed certs.)

                For Psiphon to be usable from 'net cafes (which is, after all, one of its main design principles) the hostname _and_ this "suffix" must be relatively easy to memorize.

root (n-root-psiphon-ca) wrote :

Oops. Accidentally removed assignment and changed component specification. Sorry. (I put it back...)

root (n-root-psiphon-ca) wrote :

Also...remind me why we have this suffix? Is it to make the page most likely to be actively scanned (document root, at the node's IP address) easier to camouflage? (In other words, attempts to "disguise" that page don't have to incorporate a login dialog into their fake design? Were/are there other reasons?

root (n-root-psiphon-ca) wrote :

Replying to [comment:5]:

                I'm not sure what purpose the /001 serves, but the purpose of a randomized or a custom /NNN suffix per user or per proxy is to prevent scanning attacks: attacker scans for hosts that serve a known, fixed "signature" URL. Again, /001 seems counter productive in this sense.

                One issue with random is users remembering the URL to browse to. We do have that issue now with /001 so it's partially addressed with the welcome email containing the full "https://<proxy IP>/001/" URL. Another suggestion was to allow users to specify their own, custom suffix if that's easier to remember.

                > Also...remind me why we have this suffix? Is it to make the page most likely to be actively scanned (document root, at the node's IP address) easier to camouflage? (In other words, attempts to "disguise" that page don't have to incorporate a login dialog into their fake design? Were/are there other reasons?

root (n-root-psiphon-ca) wrote :

May 09 Release.

root (n-root-psiphon-ca) wrote :

* The goal is to hide every static resource that can be scanned/fingerprinted by an unauthenticated client.
                * All pages, scripts, CSS, images, Javascript resources require authentication. Give standard looking 404 when unauth.
                * Generate a unique 128-bit (hex digit) prefix for each proxy and store in database. This prefix must be known/provided to access gateways into authentication.
                * When generating links (invites, guest browsing), this prefix is used in place of 001
                * Auth page gateway: Apache configured to check path for prefix.
                * Other exclusions: create_account (invite/capcha), guest browsing. Modify invite to *require* valid invite code param or 404; ensure guest browsing 404 on invalid token; capcha mode -- require proxy prefix as input param or else 404?

Adam P (adam+) on 2009-10-28
Changed in psiphon:
status: In Progress → New
Adam P (adam+) on 2009-10-28
Changed in psiphon:
assignee: root (n-root-psiphon-ca) → e.fryntov (e-fryntov)
Adam P (adam+) on 2009-10-29
Changed in psiphon:
status: New → Confirmed
Chris (poser) on 2009-10-30
tags: added: poser
Chris (poser) on 2009-10-30
tags: removed: poser
Rod (rod-psiphon) on 2009-11-24
visibility: private → public
e.fryntov (e-fryntov) on 2009-12-14
Changed in psiphon:
milestone: none → 2.4
e.fryntov (e-fryntov) on 2009-12-16
Changed in psiphon:
status: Confirmed → In Progress
e.fryntov (e-fryntov) on 2010-03-03
Changed in psiphon:
status: In Progress → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers