[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Pretend to be Tor Browser on HTTP Requests to .onion Domains?


#1

I had a look at sdwdate for T650 and noticed that you make a simple HTTP 1.0 HEAD request (which saves bandwidth).

Would it make sense for such applications that send HTTP requests to .onion domains to pretend to be the Tor Browser by sending the same headers as it?

For Tor Browser 7.0a4 the request would look like:

GET / HTTP/1.1
Host: 0123456789abcedf.onion
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

(on HTTPS connections brotli compression is also supported in TB 7, so that header would become Accept-Encoding: gzip, deflate, br)

For Tor Browser 6.5.2:

GET / HTTP/1.1
Host: 0123456789abcedf.onion
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

#2

Maybe to fool someone not even remotely looking it would work.

No way to emulate Tor Browser or any browser without actually using that
browser. (They fetch more than just that page.) The only way to do that
would be using browser automation, which is not simple and that may also
be less secure. Not sure that’s worth it.


#3

I thought at least in cases where only a single request is made (file download, sdwdate, etc.) this might be useful, as an adversary has only header information on the first request to determine what client is connecting and would have to trust that and thus treat us the same way as a regular TB user.
Of course if a regular web page is requested the adversary may notice later that no other resources were fetched by the client, but at that point our initial request is already completed and we got what we were interested in.
Emulating the entire Tor Browser would introduce way too much unnecessary complexity, but sending the same header information would be a minor modification with little maintenance (update when TB uses a newer Firefox version).