GSoC2k9 - Torbutton Feature Fulfillment - Kory Kirk
Cookie Protections & The End of GSoC 
Wednesday, August 19, 2009, 12:05 PM
Posted by Administrator
So GSoC is over, or at least the coding part of it. I have finished all the features that I proposed originally to do. GSoC2009 - Torbutton Feature Fulfillment, mission accomplished - features fulfilled. So first I am going to describe the dev process of the last feature, the cookie protections, and then say how I feel about my work over the course of GSoC.

Cookie Protections are enabled through a dialog. This option for this dialog is initially disabled, because cookie protections are a more advanced user function. One has to enable through a radio button in the cookies tab of the Torbutton settings. The option brings up the cookie protections dialog. From here you see all the cookies that exist, you can choose to protect some of these cookies, which will store them on Tor toggle and restore on un-toggle. This works for both Tor and non-Tor states, so that you can keep some of your cookies in each individual identity.
I assimilated a lot of the code from CookieCuller, a Firefox extension with a similar UI to what I needed. CookieCuller allows you to protect cookies, but deletes them on the click of a button. And it also stored the protected cookies as a preference. We store protected cookies in a file, and have the unprotected cookies deleted on toggle. Even though most of the UI elements already existed, this feature was the hardest to code by far. But I am happy with the way it turned out.

I am proud of the work I did with Tor over GSoC and am definitely going to contribute additionally to Torbutton. I feel like I know the code base really well, and I have ideas for additional features that I would like to use. Coding all summer definitely helped my Javascript and XUL coding abilities. As I look back on the Firefox extension I wrote 2 years ago, I see really messy & bad code compared to what I wrote this summer. It was fun and a great learning experience.
1 comment ( 28 views )
Two link context options 
Sunday, July 19, 2009, 04:08 PM
Posted by Administrator
Today I committed some code for two link context menu options. The first one copies the url of the link to the clipboard and changes the scheme to tor. The second opens the url with the tor scheme in a new tab. Both of these are additions to the tor:// protocol implementation.

The next step is for the implementation of finer cookie control. This also begs the question of separate identities and a person can choose what cookies stay in an identity. As for the finer cookie control, I am going to look towards the CookieCuller code, and modify the UI for our purposes.
add comment ( 19 views )
Midterm Update 
Wednesday, July 8, 2009, 12:50 PM
Posted by Administrator
I filled out my midterm evaluation form a few days ago. From my original plan, I am on track with my progress. Today I committed the initial release of the referer spoofing feature. I implemented it as I had described in the previous entry.

note: "referer" is actually spelled referrer, according to US English, but in http headers it is spelled referer. Spelling fail?

I still have some things to work out with both the tor/s:// protocols and ref spoofing before they can be released. And I am hoping to have time to do a few bug fixes and maybe a another feature or two.
add comment ( 19 views )
Front end and refresh spoofing 
Sunday, June 28, 2009, 12:01 PM
Posted by Administrator
For the preferences, I have added a radio button group to the headers tab of the security settings tab of the preferences. This group contains options for different modes of referer spoofing, the four modes available are:
- Spoof root of the site (spoofs the referer as the directory the page your are accessing it from)
- Spoof site's domain (spoofs just the domain part not the path)
- Spoof no referer
- No spoofing

I am thinking that the default will be spoof site's domain. I am also adding a feature called "fake refresh," which is a check box that will spoof every request as if you were already on the page and calling a refresh. This sends the basic get request to the server, but we include an additional "is modified" header which has a time value. I will need to work out a time value that will not break pages, and I am not sure if that parameter really matters with refreshes, but we shall see.

add comment ( 21 views )
Referer Spoofing and more 
Monday, June 22, 2009, 03:12 PM
Posted by Administrator
I can't believe it has been 20 days since I have last updated this blog. I feel like a bad GSoC'er. But, can't be helped. Firstly I have my own SVN branch now, that I use to update my code - you can see it here. I have added the tor:// and tors:// protocols and their handling, although there are a number of instances which enable Tor that I want to get rid of. I made some tests here, I am going to assimilate some of cssblocker's code to find the origin of the protocol calls and then disable it.

Most recently, I have been working on the referer spoofer. In extension development, a lot of functional code is available from other extensions. But for this one, I tried to start from the ground up. I used some code in the extension RefControl as a guideline, but mainly based my code around an http-on-modify-request observer example that I found from MDC. Anyway, the basic functionality is now working, after a few days of trying to pinpoint some silly bugs. I am going to add a few more things to it and then add it to the svn later today.
add comment ( 28 views )

| 1 | 2 | Next> Last>>