Proxy trough static URL (es: http://x.tor2web.org)

[vecna]

Issue:

• In some corporate environment the browser client have a new Certification Authority SSL. This permit SSL mitm by the corporate firewall, and works like a proxy even in HTTPS connection.
• hiddenservice.tor2web.org bring to a DNS leak by the client

descriptive solution:

• tor2web may support a special hostname x.tor2web.org and wait via POST the hidden service request and the accessed URL, avoiding both SSL proxy recording and DNS leaking.

Feature description:

when "x." subdomain is connected, all the parameters expected via GET and the destination host, are expected via POST

security and scalability

• This would not provide a complete security against this kind of threat, because having SSL CA compromised would bring to a complete traffic interception, but would be almost a nice way to avoid the proxy logging (and start in support special security trigger selected by the hostname)
• by hypothesis, x.tor2web.org would support this feature, and in future y.tor2web.org other, and then k.tor2web.org ... this is out of scope in this release, but develop "x" with this mindset would help future extensions

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/14807262-proxy-trough-static-url-es-http-x-tor2web-org?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F318575&utm_medium=issues&utm_source=github).

[fpietrosanti]

I do not thing that:

• The hostname "x" should be generalized to something that will be configured by the user
• The POST related handling it may not be useful.
  Any proxy being able to do SSL MITM it's also able also to inspect POST content
  Any users to reach an URL, will need to pass trough the "disclaimer access URL" that may break the matter.

I see as the only valuable element that we can make cheaper/simpler to run a tor2web node:

• The tor2web node administrator does not need to buy expensive * Wildcard SSL Certificate but cheap ones for a single hostname
• The tor2web node administrator can still use DNS wildcard:
  User goes on http://blahblahblah.hisdomain.org
  User get redirected in SSL to https://static.hisdomain.org/blahblahblah.onion

[fpietrosanti]

As additional topic, we should remind that x.tor2web.org suffer from vulnerabilities like:

• XSS
• Cookie stealing vulnerabilities

A similar advantage, but without the vulnerabilities, should imho be implemented trough #15 and #33 .

cc @hellais @evilaliv3

[hellais]

I believe this feature is of utmost importance. Without such a feature a user of tor2web.org has no way of avoiding that the site they are visiting is leaked in plaintext.

[hellais]

Moreover this feature may be of interest to people that wish to deploy tor2web as an "add on" to their website.

For example somebody may wish to host a tor2web instance under a special path on their website:

i.e:
example.com/tor2web/something.onion

I think the issue of cookie stealing and XSS, I believe are secondary as MITM on SSL is of much greater effort than DNS based sniffing.

@fpietrosanti @evilaliv3