2022-11-07 11:38:22 +00:00
|
|
|
This extends nusenu's basic idea of using the stem library to
|
|
|
|
dynamically exclude nodes that are likely to be bad by putting them
|
|
|
|
on the ExcludeNodes or ExcludeExitNodes setting of a running Tor.
|
|
|
|
* https://github.com/nusenu/noContactInfo_Exit_Excluder
|
|
|
|
* https://github.com/TheSmashy/TorExitRelayExclude
|
|
|
|
|
|
|
|
The basic cut is to exclude Exit nodes that do not have a contact.
|
|
|
|
That can be extended to nodes that do not have an email in the contact etc.
|
|
|
|
|
|
|
|
But there's a problem, and your Tor notice.log will tell you about it:
|
2022-11-08 14:15:05 +00:00
|
|
|
you could exclude the nodes needed to access hidden services or
|
|
|
|
directorues. So we need to add to the process the concept of a whitelist.
|
|
|
|
In addition, we may have our own blacklist of nodes we want to exclude,
|
|
|
|
or use these lists for other applications like selektor.
|
2022-11-07 11:38:22 +00:00
|
|
|
|
|
|
|
So we make two files that are structured in YAML:
|
|
|
|
```
|
2022-11-08 14:15:05 +00:00
|
|
|
/etc/tor/yaml/torrc-goodnodes.yaml
|
|
|
|
GoodNodes:
|
|
|
|
Relays:
|
|
|
|
IntroductionPoints:
|
|
|
|
- NODEFINGERPRINT
|
2022-11-07 11:38:22 +00:00
|
|
|
...
|
|
|
|
By default all sections of the goodnodes.yaml are used as a whitelist.
|
|
|
|
|
2022-11-08 14:15:05 +00:00
|
|
|
/etc/tor/yaml/torrc-badnodes.yaml
|
|
|
|
BadNodes:
|
2022-11-07 11:38:22 +00:00
|
|
|
ExcludeExitNodes:
|
|
|
|
BadExit:
|
|
|
|
# $0000000000000000000000000000000000000007
|
|
|
|
```
|
|
|
|
That part requires [PyYAML](https://pyyaml.org/wiki/PyYAML)
|
|
|
|
https://github.com/yaml/pyyaml/
|
|
|
|
|
|
|
|
Right now only the ExcludeExitNodes section is used by we may add ExcludeNodes
|
|
|
|
later, and by default all sub-sections of the badnodes.yaml are used as a
|
|
|
|
ExcludeExitNodes but it can be customized with the lWanted commandline arg.
|
|
|
|
|
|
|
|
The original idea has also been extended to add different conditions for
|
|
|
|
exclusion: the ```--contact``` commandline arg is a comma sep list of conditions:
|
|
|
|
* Empty - no contact info
|
|
|
|
* NoEmail - no @ sign in the contact',
|
|
|
|
More may be added later.
|
|
|
|
|
|
|
|
Because you don't want to exclude the introduction points to any onion
|
2022-11-08 14:15:05 +00:00
|
|
|
you want to connect to, ```--white_onions``` should whitelist the
|
|
|
|
introduction points to a comma sep list of onions, but is
|
2022-11-07 11:38:22 +00:00
|
|
|
currently broken in stem 1.8.0: see:
|
|
|
|
* https://github.com/torproject/stem/issues/96
|
|
|
|
* https://gitlab.torproject.org/legacy/trac/-/issues/25417
|
|
|
|
|
2022-11-08 14:15:05 +00:00
|
|
|
```--torrc_output``` will write the torrc ExcludeNodes configuration to a file.
|
2022-11-07 11:38:22 +00:00
|
|
|
|
2022-11-08 14:15:05 +00:00
|
|
|
Now for the final part: we lookup the Contact info of every server
|
|
|
|
that is currently in our Tor, and check it for its existence.
|
|
|
|
If it fails to provide the well-know url, we assume its a bogus
|
|
|
|
relay and add it to a list of nodes that goes on ExcludeNodes -
|
|
|
|
not just exclude Exit.
|
2022-11-07 11:38:22 +00:00
|
|
|
|
2022-11-08 14:15:05 +00:00
|
|
|
If the Contact info is good we add the list of fingerprints to add
|
|
|
|
to ExitNodes, a whitelist of relays to use as exits.
|
|
|
|
|
|
|
|
```--proof_output``` will write the contact info as a ciiss dictionary
|
|
|
|
to a YAML file. If the proof is uri-rsa, the well-known file of fingerprints
|
|
|
|
is downloaded and the fingerprints are added on a 'fps' field we create
|
|
|
|
of that fingerprint's entry of the YAML dictionary. This file is read at the
|
|
|
|
beginning of the program to start with a trust database, and only new
|
|
|
|
contact info from new relays are added to the dictionary.
|
2022-11-07 05:35:14 +00:00
|
|
|
|
2022-11-08 14:15:05 +00:00
|
|
|
You can expect it to take an hour or two the first time this is run:
|
|
|
|
>700 domains.
|
|
|
|
|
|
|
|
For usage, do ```python3 exclude_badExits.py --help`
|