As far as I know, the SOCKS credentials do not have the purpose of authentication, although may seem like it, it is only useful for Applications/Clients to follow along their streams, such as Tor Browser Bundle Tabs, where each tab has a circuit.
About ‘inject’:
- It can’t manipulate the stream as REDIRECTSTREAM is filtered
- It will reuse the circuit as the SOCKS credentials are the same, meaning it can confuse the client.
The SOCKS_USERNAME in the case of TBB is the host the stream is targeted to, so even if trying to not show the host, it will be shown.
As of know, as it is blocked the WS can still try to find every site it is trying to reach, but I prefer not to be the GW to show that information.
See onion-grater development - #58 by nyxnor
And yes, it is not a blocker, just mentioning.
Preferred by me.
Also good but without the item 2.
That is not something the browser knows via external means, such as using an IP checker, rather it tries the tor control method.