NullHypothesis
commented
3 years ago Some thoughts on how to build this. AIUI, there are two separate problems:
- We need to make Brave in Tor mode interact with as many protocols and Web APIs as possible, to make sure that we catch edge cases that could result in leaks. One suggestion would be to use Web Platform Tests. We could also manually curate a small number of tests that are known-to-be-leaky.
- As Brave processes these tests, we need to spot packets that don't go into Tor. One way to accomplish this would be a script that launches tcpdump with some clever filters. Another possibility is to use the feature exposed via brave://net-export. Another idea by @pes10k: we could perhaps disable all UDP traffic in the test environment (UDP traffic would mean leaks) and look for any errors or warnings.
Ideally, we would build something that's easily integrated in CI but perhaps we shouldn't let the perfect be the enemy of the good and start with something simple and go from there.
(Also, feel free to assign this issue to me. I don't have permissions to do it myself.)
We should set up a test rig for Tor sessions that detects any network activity that does not go through the Tor proxy. E.g., we could mimic the iptables configuration in Tails, and automate doing tests of various kinds in this environment.
(This is a separate task from #4255, which is to do code analysis to find such leaks by studying code and thinking hard. Leaks found by such a test rig would demonstrate that we didn't study hard enough, and possibly inform where else we need to audit.)
[transcribed from https://github.com/brave/muon/issues/466]