Changeset 03ff26ac


Ignore:
Timestamp:
Dec 7, 2010 9:38:13 PM (9 years ago)
Author:
mathiasdm <mathiasdm@…>
Branches:
master
Children:
022e77d
Parents:
26356ce
Message:

Hide HTTP server name (replace by I2PServer) to avoid server detection
(flaw successfully tested by Adrian Crenshaw — thanks!).

Files:
2 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java

    r26356ce r03ff26ac  
    193193                //     at net.i2p.util.I2PThread.run(I2PThread.java:71)
    194194                try {
    195                     serverin = _webserver.getInputStream(); 
     195                    serverin = _webserver.getInputStream();
    196196                } catch (NullPointerException npe) {
    197197                    throw new IOException("getInputStream NPE");
    198198                }
    199199                CompressedResponseOutputStream compressedOut = new CompressedResponseOutputStream(browserout);
     200
     201                //Change headers to protect server identity
     202                StringBuilder command = new StringBuilder(128);
     203                Properties headers = readHeaders(serverin, command);
     204                headers.setProperty("Server", "I2PServer");
     205                String modifiedHeaders = formatHeaders(headers, command);
     206                compressedOut.write(modifiedHeaders.getBytes());
     207
    200208                Sender s = new Sender(compressedOut, serverin, "server: server to browser");
    201209                if (_log.shouldLog(Log.INFO))
     
    329337    private static final int MAX_HEADERS = 60;
    330338
    331     private Properties readHeaders(InputStream in, StringBuilder command) throws IOException {
     339    private static Properties readHeaders(InputStream in, StringBuilder command) throws IOException {
    332340        Properties headers = new Properties();
    333341        StringBuilder buf = new StringBuilder(128);
     
    349357            }
    350358        }
    351         if (trimmed > 0)
    352             getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0);
     359        //if (trimmed > 0)
     360        //    getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0);
    353361       
    354362        int i = 0;
  • history.txt

    r26356ce r03ff26ac  
     12010-12-07 Mathiasdm
     2    * I2PTunnel: Security fix: change server reply
     3      to return 'I2PServer' instead of the actual servername.
    142010-12-06 dr|z3d
    25    * I2PSnark:
Note: See TracChangeset for help on using the changeset viewer.