search

guardianproject / haven

Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors
https://guardianproject.github.io/haven/
GNU General Public License v3.0
6.64k stars 728 forks source link

Onion service should listen on port 80 instead of 8888 #33

Open micahflee opened 7 years ago

micahflee commented 7 years ago

I'm having trouble connecting to the PhoneyPot onion service from OnionBrowser in iOS. When I load http://[myaddress].onion:8888/ I get the error message:

Cannot Open Page An error occured: The requested URL was not found on this server. (Error "NSURLErrorDomain: -1100")

I think that this is due to an OnionBrowser bug where it's parsing the URL incorrectly, and isn't actually trying to connect to port 8888. I should open an OnionBrowser bug to address this.

However, there's no need to listen on a port other than 80 anyway. PhoneyPot can still listen on 127.0.0.1:8888 on the device, and the onion service can just forward port 80 to port 8888. (This is how OnionShare works as well, the actual web service is on some high port, but the onion service forwards port 80.) It's just a matter of configuring the hidden service.

n8fr8 commented 7 years ago

This does seem like a big in OB that needs to be fixed. @Mtigas can we get Micah on the latest testflight beta and see how it fairs?

Otherwise, agreed and understand how to do it as you say. The issue is that Orbot doesn't currently support the two separate port values in its HS configuration. We will need to update Orbot and the HS API to make this possible.

n8fr8 commented 7 years ago

@micahflee info on the OB2 preview here: https://www.patreon.com/posts/quick-onion-2-0-12054247

micahflee commented 7 years ago

Oh nice, it seems likely that the new OB will solve this issue so that it's at least usable in iOS. Still though, it would be nice to use port 80 for the onion service at some point (and it would be cool to have better HS support in Orbot), but it's obviously not very critical.

mtigas commented 7 years ago

Have absolutely no idea why a URI with explicit port seems to fail in OB1; just tested and can confirm that it happens. But Onion Browser 2 works just fine.

gripedthumbtacks commented 6 years ago

Won't you require CAP_NET_ADMIN or root to listen on ports 80? Isn't that why it's listening on a high port because some people won't have root access on their devices, etc?

xloem commented 6 years ago

@DtpEJsaYXDU4GDH8dE4MyI9VrieF0UZpPZ0K76K Tor allows low-level ports in the tor network to be forwarded to high-level ports on the device, so there would be no special privileges needed. The number '80' is only a value inside the Tor service.