i2pd's socks proxy doesn't overwrite the UA to the common i2p UA

[Gitusersomegie]

"403 Denied

Inproxy access denied. You must run I2P to access this site."

Is what happens when you try to go to those sites.

[khumarahn]

hmmm... I cannot reproduce:

$ curl -v -x localhost:4444 http://zzz.i2p/
*   Trying ::1...
* Connected to localhost (::1) port 4444 (#0)
> GET http://zzz.i2p/ HTTP/1.1
> Host: zzz.i2p
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Runtime: 198
< Content-Length: 34297
< ETag: "c648fb77f5d9727e5d37fde556c5c7cf"
< Cache-Control: private, max-age=0, must-revalidate
< Connection: close
< Date: Tue, 31 May 2016 14:35:55 GMT
< Server: lighttpd/1.4.35
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <meta name="generator" content="http://github.com/trevorturk/eldorado/" />
  <meta name="description" content="zzz.i2p: Development discussions" />
  <title>zzz.i2p: Development discussions</title>
  <!-- I2P
<link href="http://zzz.i2p/articles.rss" rel="alternate" title="Blog" type="application/rss+xml" />
-->
<link href="http://zzz.i2p/topics.rss" rel="alternate" title="Forum" type="application/rss+xml" />

<!-- I2P
  <script src="/javascripts/all.js?1414346321" type="text/javascript"></script>
-->
  <script src="/javascripts/all.js?1414346321" type="text/javascript"></script>

  <style type="text/css">.header { background: url('/headers/randomactsofcode.png'); }</style>
  <style type="text/css">@import url('/themes/red2.css');</style>
  <script type="text/javascript">
    hljs.initHighlightingOnLoad();
  </script>
</head>
<body>
...

[majestrate]

are you using the i2p socks proxy?

[Gitusersomegie]

Yes tried with the http proxy didn't get a 403 should probably change the bug to sites like zzz and stats consider i2pd's socks proxy to be a Inproxy

[majestrate]

I have seen that when using the socks proxy some headers are included that may trigger the inproxy filter. Would have to check java i2p to see which ones those are.

[Gitusersomegie]

Ok, it turns out it rejects the client because the socks proxy doesn't change the UA to a UA with MYOB at the start says if (!ua.startsWith("MYOB")) in /apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java from the source tarball

[orignal]

It's supposed to be implemented in HTTP proxy, not sure about socks.

[Gitusersomegie]

Must not be, changing my browser's UA to "MYOB/6.66 (AN/ON)" and going to the site using the socks proxy works, no 403.

Just in case you need to reproduce this problem faster, curl supports changing your UA which I couldn't find a day ago in the man page.

curl -v --socks5-hostname 127.0.0.1:4447 http://zzz.i2p

* Rebuilt URL to: http://zzz.i2p/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
> GET / HTTP/1.1
> Host: zzz.i2p
> User-Agent: curl/7.49.0
> Accept: */*
> 
< HTTP/1.1 403 Denied
< Content-Type: text/html; charset=iso-8859-1
< Cache-control: no-cache
< Connection: close
< Proxy-Connection: close
< 
<html><head><title>403 Denied</title></head>
<body><h2>403 Denied</h2>
<p>Inproxy access denied. You must run <a href="https://geti2p.net/">I2P</a> to access this site.</p>
* Closing connection 0
</body></html>

curl -v -A "MYOB/6.66 (AN/ON)" --socks5-hostname 127.0.0.1:4447 http://zzz.i2p

* Rebuilt URL to: http://zzz.i2p/
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 4447 (#0)
> GET / HTTP/1.1
> Host: zzz.i2p
> User-Agent: MYOB/6.66 (AN/ON)
> Accept: */*
> 
< HTTP/1.1 200 OK
< Content-Type: text/html; charset=utf-8
< X-Runtime: 332
< Content-Length: 34290
< ETag: "acad8f219c705e9b3dd475a0202ffe2f"
< Cache-Control: private, max-age=0, must-revalidate
< Connection: close
< Date: Wed, 01 Jun 2016 15:41:40 GMT
< Server: lighttpd/1.4.35
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <meta name="generator" content="http://github.com/trevorturk/eldorado/" />
  <meta name="description" content="zzz.i2p: Development discussions" />
  <title>zzz.i2p: Development discussions</title>
  <!-- I2P
<link href="http://zzz.i2p/articles.rss" rel="alternate" title="Blog" type="application/rss+xml" />
-->
<link href="http://zzz.i2p/topics.rss" rel="alternate" title="Forum" type="application/rss+xml" />

I'm Cutting it not using a pastebin with this!

[hagen-i2p]

SOCKS Proxy should not change transmitted data, it's simple data-pipe.

In case of http-proxy your browser simple connects to some address/port, and send a request, then proxy try to detect from this request the host you want to connect.

Socks proxy works differently: you explicitly request connection to some host and then send your data unchanged untill connection close.

If you want to use socks for http - use additional software like polipo/privoxy, which will multiplex connections for different domains for you. Otherwise it will be inefficient.

[Gitusersomegie]

@hagen-i2p Yeah, I jumped the gun on this bug report a tiny bit, should of dropped it after I found out that the http proxy filters the UA but socks doesn't for being a data-pipe.

I mainly forgot about something I read a year ago when I used normal i2p, which I found again http://zzz.i2p/topics/1989-i2p-leaking-browser-information-during-addresshelper-requests

Regardless something I did learn is privoxy is able to also filter out the UA via an actions config, which is also able to use wild cards "*.i2p". ...even after using it for 4 years

I would like it if privoxy would implement a socks5p like the socks5t they did for tor, so that all the configuration for i2p's socks is auto... This doesn't seam to be in there todo list http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/TODO?view=markup