pureacetone 10 Dec 2021 at 11:13

HTTP headers in I2P. Why HTTP proxy is preferable to SOCKS

3 min

6.5K

Decentralized networks *Network technologies *I2P *

To access a hidden network I2P software required - I2P router: i2pd (C++) or I2P (Java). This application contains all the internal logic of I2P and ensures interaction with other network participants. The user's operating system does not know what to do with ".i2p" domain names, so they must be passed directly to the I2P router via a proxy at a local address (127.0.0.1:4447 - SOCKS, 127.0.0.1:4444 - HTTP). The situation is similar with onion domains ".onion", which are transferred directly to the Tor router without attempting to resolve it along with other domain names (ru, com, org, etc.) through a regular DNS server.

Two titans have gained a foothold in everyday use of proxy protocols: HTTP and SOCKS. The noticeable difference between them is that an HTTP proxy cannot transmit UDP traffic, since it actually works in text mode, while SOCKS transmits information between the user and the end server in binary form, which ultimately allows you to work with any type of traffic and including UDP, which ensures comfortable use of IP telephony, and also allows you to play any online games.

HTTP headers are an integral part of the HTTP protocol, which powers almost all resources on the Internet that you access through a web browser. They transmit the user request to the server and information about the client: language, operating system version, web browser version and sometimes other identification data. Basic information about the device is transmitted in the "User-Agent" value. It is assumed that additional information about the client should help the server provide the desired page in the best possible way: in the user’s native language, adapted to his browser, and so on..

Pay attention to the User-Agent line. If we are talking about privacy, then everything is bad here. Information about the operating system and web browser, together with other transmitted values, is very unique in order to accurately track (profile) a user who may not be authorized on the site and even regularly clean cookies.

The SOCKS proxy, beloved by many, a priori does not interfere with the transmitted headers, since it transmits all information in binary form, therefore, in order to sit privately through a SOCKS proxy, you need to replace the standard headers on the side of the web browser. Otherwise, the server sees what language you prefer to communicate in, what operating system and what web browser you use. By the way, Tor only provides SOCKS proxies.

I2P routers have both types of proxies by default, but it is recommended to use the HTTP proxy, since by using it you automatically anonymize your request. The I2P router cuts off sensitive information about you and replaces Uset-Agent with the mysterious string “MYOB/6.66 (AN/ON)”, which is the same for all users.

In addition, the i2pd HTTP proxy analyzes the requested URL on the fly and, if the required short domain from the “.i2p” zone is not available, offers to contact one of the on-line registrars for it. In a similar situation, the SOCKS proxy simply cannot find the destination and the user receives a standard error page in the web browser.

When asked about the meaning of the mysterious character set in the user agent of the I2P router, I answered in the development team chat:

"MYOB" can be translated as "None of your business", 6.66 is the number of the beast (a reference to the Bible, the book of Revelation aka Apocalypse), "AN/ON" is just a florid form of the word "anonymous"".

Personally, I don’t understand what the non-Orthodox number has to do with it, but I hope that this will not become a reason for banning I2P in Russia.

Tags:

Hubs:

acetone @pureacetone

Enthusiast for fault tolerant and hidden networks

Website

Comments 16

amarao 10 Dec 2021 at 11:22

Orthodoxy is not compatible with i2p, and any person who promotes i2p is automatically included in the list for expulsion from the church. This is an irreversible action.

lain8dono 10 Dec 2021 at 12:43

Is the list singly linked or doubly linked??

Wesha 10 Dec 2021 at 13:41

I can’t say this, but it’s definitely looped, because they talk about "circles Ada".

amarao 10 Dec 2021 at 14:37

ring of hell with zero divisors.

amarao 10 Dec 2021 at 14:36

This is a special divine list with o(1) for adding, o(bottom) for deleting, o(1) for searching, o(1) for determining length, o(1) for sorting, o(1) for randomization.

leon0399 11 Dec 2021 at 04:16

Hush, hush, I'll soon become a believer

qw1 11 Dec 2021 at 11:54

o small, this is not for you O big!

iChaos 11 Dec 2021 at 07:42

Using Unixes is also not a godly thing. It's all demons there! FreeBSD's mascot is a devil with horns and a pitchfork!

For using Apple products you will be immediately sent to the stake. Their emblem is a gnawed apple, which already hints. And their operating systems, under the hood, are the same Unixes, with godless demons! However, Android is also at the stake!

And the Internet is a devilish invention. That's where most of the servers on your Unixes work. Yes, and demons have been actively breaking into Windows lately..

They surrounded it on all sides. A God-fearing person can no longer take a single step. Everywhere you run into demons...

qw1 11 Dec 2021 at 11:55

Windows is Orthodox. There are icons, and instead of demons there are services.

nihlete 15 Dec 2021 at 04:46

Nevertheless there is https://ru.wikipedia.org/wiki/TempleOS, written in HolyC.

z3apa3a 11 Dec 2021 at 12:35

Everything about this article is wonderful, thank you. Drawing conclusions for myself:

Using User-Agent "MYOB/6.66 (AN/ON)" instead of the Google Chrome user agent of the current version for Windows is, of course, the best way to look invisible so that no one can identify it. Stirlitz walked through the streets of Berlin in a white camouflage robe covered with spruce branches, trying to look inconspicuous.
Disguising the User-Agent for a site that can receive information about the client (and a bunch of other parameters, including engine versions, screen resolution, etc.) via JS is super important. And most importantly, replacing the User-Agent in the browser is completely unrealistic.
Reading the version of the site designed for bots and Internet Explorer 6 users is much more interesting than the version of the site that is designed for current browsers (because on the server side, the User-Agent is used to select which version to give).
http is now a super-relevant protocol because https (in which the proxy knows nothing about the transmitted headers and cannot change them) has gone into oblivion.
You should definitely visit sites without encryption using tor or i2p. Without them, our traffic is seen by a bad provider and comrade major, who spend all their free time only sniffing, but with tor and i2p they are just a good, kind person who raised an exit node with obviously altruistic intentions, what could he do wrong? He obviously won’t slip any crap into the page
i2p with a torus is exactly what you need in order to always use your favorite Firefox. And read Facebook and Twitter and at the same time maintain anonymity.

PS (sarcasm off) using an http(s) proxy instead of a sox can actually be more effective where there is enough of it, but for a completely different reason - an http(s) proxy has a shorter handshake, but in the case where both the proxy and the client are on the same machine it has little effect.

pureacetone 11 Dec 2021 at 13:09

Glad for the eminent commentator! Ave 3proxy. I didn’t raise my hand to minus, but I don’t agree with your arguments.

Using User-Agent "MYOB/6.66 (AN/ON)" instead of the Google Chrome user agent of the current version for Windows is, of course, the best way to look inconspicuous so that no one can identify.

I2P by default does not imply the presence of output proxies. When replacing the user agent in this case, we are talking about the difficulty of identifying a user who needs privacy, and not fashionable landing pages with a ton of JS, because he climbed into the real darknet clearly not for this.

Disguising the User-Agent for a site that can receive information about the client (and a bunch of other parameters, including engine versions, screen resolution, etc.) via JS is super important. And most importantly, doing this in a browser is completely unrealistic.

You can’t protect against everything, so disabling JS rests on the shoulders of the user himself.

Reading the version of the site designed for bots and Internet Explorer 6 users is much more interesting than the version of the site that is designed for current browsers (because on the server side, the User-Agent is used to select which version to give).

Apparently you don't visit i2p sites often. Personally, I have not come across hidden sites that are selective about user agents and demanding the latest html features. IE6 will likely open most of them adequately.

http is now a super-relevant protocol because https (in which the proxy knows nothing about the transmitted headers and cannot change them) has gone into oblivion.

If we are talking about an output proxy server and https for such a case, the material in the article does not apply to such a case. I2P is primarily a “network in itself” with comprehensive transport encryption without the slightest need for https and by default not oriented towards access to the clearnet (unlike Tor, which this article is not devoted to).

You should definitely visit sites without encryption using tor or i2p. Without them, our traffic is seen by a bad provider, and with them it’s just a good, kind person who raised an exit node with obviously altruistic intentions, what harm could he do??

An absurd accusation. In no case do I recommend using anonymous public output nodes, especially in the absence of end-to-end encryption with the end resource! And where is naked http on the clearnet these days??)

The article mentions HTTP as the most popular protocol for web surfing, and there is no lie in that. HTTPS is a layer for this protocol, which in no way excludes the presence of the HTTP headers in question.

This article focuses on I2P and the I2P router, which, as a rule, passes user traffic that does not have additional encryption in the form of HTTPS, since hidden networks provide a comprehensive level of encryption, which, however, begins just below the user’s local proxy - after hitting to an I2P router. Consequently, in 99% of cases, an I2P router works with user headers in clear text and their replacement is the first line of battle against elementary deanonymization.

Please don't write articles for the sake of articles, give copywriters a break.

I write notes without any regulatory requirements for their quantity, solely out of personal inspiration. I consider the material useful, because... the topic of HTTP headers in I2P is completely absent as a phenomenon in RuNet.

PS Probably, your violent negative reaction to the material was born as a result of your close acquaintance with the proxy realities of the modern Internet, however, although this article contains terminology familiar to you, it talks about a slightly different plane of the subject, where even the word “proxy” means a non-optional network an intermediary, but a direct gateway to a hidden network.

z3apa3a 11 Dec 2021 at 13:43

I'm afraid you don't understand what the sarcasm is about.

Firefox receives css in your screenshot. CSS allows you to fingerprint the browser via media query without any JS. To minimize such risks, TorBrowser (you are comparing it with tor), for example, starts with a random window size and randomizes several other parameters so that the fingerprint turns out different for different launches.

If you have only an HTTP proxy registered in your browser, then switching to some protocols (for example, HTTP/3 or using WebRTC, if again you are using a “general purpose” browser) will lead to the disclosure of the real address, because the request simply will not go to the proxy ( and, as a consequence, in I2P). With SOCKS, by the way, such risks are somewhat lower + the same tor browser correctly configures tor as a proxy and disables WebRTC support. All this can be initiated by the i2p site from which you are hiding, and in the same way it can initiate a request via protocols other than http.

Therefore, it is much more important NOT to use tor or i2p through a regular browser, just as NOT to use them for regular browsing. Cutting out the User-Agent is otherwise just ridiculous. Even by uncut Transfer-Encoding headers you can figure out the browser, by the way.

In the case of I2p, you do not need to replace the User-Agent, but write your own MYOB/6.66 browser in which there will be much less functionality than in IE6, no information about the client will leak by design and all requests, again by design, will go to i2p and only via http.

original 11 Dec 2021 at 14:47

There is another reason for the preferred use of http: the server I2P tunnel inserts additional headers with the client's I2P address, which allows the HTTP server to use them for its own purposes..

PS: Is it planned to implement the gopher protocol in 3proxy??

z3apa3a 11 Dec 2021 at 15:38

I don’t know if you’re serious or not, but gopher can work via HTTP(s) and SOCKS proxies, but there is no special application-specific type of proxy for it, the host is not transmitted in the protocol.

yes, and, of course, the fact that a SOCKS proxy cannot edit HTTP headers is also not true; in 3proxy you can change or add headers for a client connecting via SOCKS. SOCKS is just a client connection interface, then you can do whatever you want with the traffic if it is not encrypted or if you can decrypt it, the question is solely in the implementation of i2pd.

original 11 Dec 2021 at 16:44

>I don't know if you're serious or not, but gopher can work through HTTP(s) and SOCKS proxies,

I couldn’t get 3proxy to lynx as a gopher proxy (HTTP). Perhaps I did something wrong, and somewhere in the documentation it was mentioned that it is not supported.

>yes, and, of course, the fact that a SOCKS proxy cannot edit HTTP headers is also not true

We were talking about http vs. https - why I2P uses http and not https. Well, in I2P there is simply no special server SOCKS tunnel.

Only full-fledged users can leave comments. Sign in, Please.