Integration with Tor

[KitchM]

Expected Behavior

The Tor browser plugin for KeePassXC should work seamlessly, as it does for Firefox.

Current Behavior

The icon on the button bar is greyed out. Selecting it gives:

message:KeePassXC-Browser has encountered an error:

Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings.

Selecting Reload gives:

KeePassXC-Browser has encountered an error:

Key exchange was not successful.

Possible Solution

None known.

Steps to Reproduce (for bugs)

1. Open Tor broswer
2. Navigate to web site needing authentication
3. Select KeePassXC icon

Debug info

TorSettings: loadFromPrefs() TorSettings.jsm:516:21 TorConnect: Init TorConnect.jsm:238:21 Content Security Policy: Couldn’t parse invalid host 'wasm-eval' 2 TorConnect: observed profile-after-change TorConnect.jsm:245:21 TorConnect: observing topic 'TorBootstrapStatus' TorConnect.jsm:257:33 TorConnect: observing topic 'TorBootstrapError' TorConnect.jsm:257:33 TorConnect: observing topic 'TorProcessExited' TorConnect.jsm:257:33 TorConnect: observing topic 'TorLogHasWarnOrErr' TorConnect.jsm:257:33 TorSettings: observed profile-after-change TorSettings.jsm:321:21 TorConnect: observing topic 'torsettings:ready' TorConnect.jsm:257:33 [12-20 23:20:33] Torbutton NOTE: Initializing security-prefs.js [12-20 23:20:33] Torbutton NOTE: security-prefs.js initialization complete Unexpected event profile-after-change URLQueryStrippingListService.jsm:224 Content Security Policy: Couldn’t parse invalid host 'wasm-eval' 2 TorSettings: observed TorProcessIsReady TorSettings.jsm:321:21 TorSettings: applySettings() TorSettings.jsm:651:21 [12-20 23:20:34] TorLauncher NOTE: control connection is in use 2 Bootstrapped manifest not allowed to use 'resource' directive. chrome.manifest:2 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: observed TorBootstrapStatus topic while in state TorConnectState.Initial TorConnect.jsm:284:29 [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 707" data: no] 18 L10nRegistry.jsm:707:19 TorConnect: will load after bootstrap => [about:tor] TorConnect.jsm:493:21 Tor NOTICE: New control connection opened from 127.0.0.1. 2 TorConnect: observed torsettings:ready TorConnect.jsm:245:21 TorConnect: beginBootstrap() TorConnect.jsm:377:21 TorConnect: transitioning state from Initial to Bootstrapping TorConnect.jsm:224:21 Tor NOTICE: DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. [12-20 23:20:34] Torbutton WARN: Local Tor check: unexpected GETINFO response:

250 OK Tor NOTICE: Opening Socks listener on 127.0.0.1:9150 Tor NOTICE: Opened Socks listener connection (ready) on 127.0.0.1:9150 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 5% complete (Connecting to a Tor relay) TorConnect.jsm:293:29 Tor NOTICE: Bootstrapped 5% (conn): Connecting to a relay TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 5% complete (Connecting to a Tor relay) TorConnect.jsm:293:29 [Exception... "Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIAppStartup.secondsSinceLastOSRestart]" nsresult: "0x80004001 (NS_ERROR_NOT_IMPLEMENTED)" location: "JS frame :: resource:///modules/BrowserGlue.jsm :: _collectStartupConditionsTelemetry :: line 1680" data: no] BrowserGlue.jsm:1680:9 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 10% complete (Connected to a Tor relay) TorConnect.jsm:293:29 Tor NOTICE: Bootstrapped 10% (conn_done): Connected to a relay Could not load engine blockchair-onion@search.mozilla.org: Error: Extension is invalid SearchService.jsm:609:17 1640042434879 addons.webextension. ERROR Loading extension 'null': Reading manifest: Error processing chrome_settings_overrides.search_provider.search_form: String "http://blkchairbknpn73cfjhevhla7rkp4ed5gg2knctvv7it4lioy22defid.onion/search/?q={searchTerms}" must match /^(https:\/\/|http:\/\/(localhost|127.0.0.1|[::1])(:\d)?(\/|$)).$/ Log.jsm:723 [12-20 23:20:34] Torbutton NOTE: no SOCKS credentials found for current document. Error: Can't find profile directory. XULStore.jsm:66:15 TypeError: Cc[aContract] is undefined XPCOMUtils.jsm:161:9 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 14% complete (Negotiating with a Tor relay) TorConnect.jsm:293:29 Tor NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay Error: Please use $(ref:runtime.getURL). restart.js:1 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 15% complete (Finished negotiating with a Tor relay) TorConnect.jsm:293:29 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 Tor NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done Tor NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits TorConnect: Bootstrapping 75% complete (Finished loading relay information) TorConnect.jsm:293:29 Unchecked lastError value: Error: Could not establish connection. Receiving end does not exist. store.js:135 ExtensionError: No such native application org.keepassxc.keepassxc_browser ExtensionUtils.jsm:58:5 [12-20 23:20:35] Torbutton NOTE: no SOCKS credentials found for current document. 2 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 90% complete (Building circuits: Finished negotiating with a Tor relay) TorConnect.jsm:293:29 Tor NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 TorConnect: Bootstrapping 95% complete (Building circuits: Establishing a Tor circuit) TorConnect.jsm:293:29 Tor NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit ExtensionError: No such native application time.restart.sender ExtensionUtils.jsm:58:5 TorConnect: observed TorBootstrapStatus TorConnect.jsm:245:21 Tor NOTICE: Bootstrapped 100% (done): Done TorConnect: Bootstrapping 100% complete (Connected to the Tor network!) TorConnect.jsm:293:29 TorConnect: bootstrapComplete() TorConnect.jsm:404:21 TorConnect: transitioning state from Bootstrapping to Bootstrapped TorConnect.jsm:224:21 [12-20 23:20:36] Torbutton NOTE: no SOCKS credentials found for current document. Tor NOTICE: New control connection opened from 127.0.0.1. [12-20 23:20:36] Torbutton NOTE: no SOCKS credentials found for current document. ExtensionError: No such native application time.restart.sender ExtensionUtils.jsm:58:5 sendRemoveListener on closed conduit RestartBrowser@timerestart.ga.274877907048 ConduitsChild.jsm:108 [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 707" data: no] 2 L10nRegistry.jsm:707:19 [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 707" data: no] 2 L10nRegistry.jsm:707:19 [12-20 23:20:50] Torbutton NOTE: no SOCKS credentials found for current document. [12-20 23:21:00] Torbutton NOTE: no SOCKS credentials found for current document. Key event not available on GTK2: key=“u” modifiers=“accel shift” id=“torbutton-new-identity-key” browser.xhtml Key event not available on some keyboard layouts: key=“r” modifiers=“accel,alt” id=“key_toggleReaderMode” browser.xhtml Key event not available on some keyboard layouts: key=“i” modifiers=“accel,alt,shift” id=“key_browserToolbox” browser.xhtml Error: Could not get children of file(/home/jolly/Programs/tor-browser_en-US/Browser/TorBrowser/Data/Browser/Caches/profile.default/thumbnails) because it does not exist PromiseWorker.jsm:106 ExtensionError: No such native application org.keepassxc.keepassxc_browser ExtensionUtils.jsm:58:5 this.ports.get(...) is undefined ExtensionParent.jsm:372

KeePassXC - 2.3.4 KeePassXC-Browser - {VERSION} Operating system: Linux, Debian 11 Browser: Tor

[droidmonkey]

You are EXTREMELY outdated. Update your keepassxc.

[KitchM]

Okay, I updated to using the latest AppImage. That would be the one available this morning on the web site.

Now I have a different program view and it works okay. However, there still is no connection with the browser. Should I be using a different plug-in for the browser?

[varjolintu]

Please check the Tor related section of https://github.com/keepassxreboot/keepassxc-browser/wiki/Troubleshooting-guide

[KitchM]

Okay. My file system matches the section that states:

/home//.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/

Inside that is a file named org.keepassxc.keepassxc_browser.json.

Do I need to do something with a symlink? If so, how is that done?

[KitchM]

I also notice that there is no icon in Tor any longer, even though I have reinstalled the browser integration plugin.

[KitchM]

Repo problem, too:

E: The repository 'http://ftp.ca.debian.org/debian/pool/main/k/keepassxc/keepassxc_2.6.6+dfsg.1-1_amd64.deb buster Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

[Francis1993Z]

I think the notification "key exchange failed" should hint possible problem and solutions. Like A click button that open troubleshooting guide and mention the whole native messaging host file and different app that can block the proxy like apparmor or firejail. The key exchange notification is not helpful for casual users.

[droidmonkey]

Good suggestion. @varjolintu how about that message and then state: "Having trouble connecting to KeePassXC? Try our troubleshooting guide." With link there

[varjolintu]

We should definitely add a link to the guide. Good idea! Having more detailed error messages however at not possible because Native Messaging does not give any more details. Of course we could also add the Native Messaging error message to the popup so there's no need to start the JavaScript console for that.

[droidmonkey]

Maybe a "See more details" type scenario?

[KitchM]

I decided to try and tackle this problem again. On my Debian 11 system, there is no "Tor Browser: ~/.tor-browser/app/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts" as the guide states under Linux.

So that brings me to the next section that states "Tor Browser installed via the official .tar.gz package..." which does not apply since it was installed from Apt. Also, none of those paths exist anyway on my system.

The next section specified a path that has to do with the installation of Tor from some launcher, which does not apply either. However, that was the directory path that does indeed exist. Bizarre.

At least I think I'm on the right path, so to speak. ;)

Now about that symlink. I don't have a clue since I don't do symlinks.

That takes us to section 2, where we find this odd statement: "After finding the org.keepassxc.keepassxc_browser.json....." What? Since when was this found?

Obviously, this guide needs reworking. I'd be glad to help once I figure this out, but without a translator, I haven't a clue.

[Francis1993Z]

I was able to make it work on debian 11. Look at this thread ending.

https://github.com/keepassxreboot/keepassxc-browser/issues/1399#issuecomment-1066215739

[KitchM]

Thank you. However, the number of possible paths is overwhelming and it does not help with standard installation setups. It is all very confusing.

Adding to that is the issue of the unexplained "apparmor" and "complain". Very odd.

[varjolintu]

There's no standard path for Tor settings, so here we are, trying our best.

[KitchM]

I hear ya, and totally sympathize. It is crazy, isn't it. Making it worse is that it is build on Firefox and even on the same OS the layout between it and Firefox is widely divergent. I would have thought that the OS standards of my Debian would preclude such a situation.

[Francis1993Z]

Could Keepassxc use find command to lookup for the native-messaging-host file on the user system? Maybe come with a .sh helper you can lunch using a button. Then it list all occurrence and try each one. If it fail, go to next file, then wait for a success signal from the keepass-browser extension. Also, give a apparmor custom profile or a script that add an exception during installation. I dont know about SELinux, but I suspect its can prevent the keepassxc from functioning correctly.

[varjolintu]

@Francis1993Z In this situation there's no host file at all in the path where Tor Browser tries to read it. So, KeePassXC has no idea where to copy it. The only way to figure out the path is to use strace or a similar tool to figure our the browser's real config file path.

[KitchM]

I think, based upon what Francis is saying, that there could be a list of possible locations. This list could be expanded from users' experiences. So when KeePassXC tries to look up the location of the important information, it would check thru all the possible locations found in the list. Users could also edit the list to add whatever they found on their own system.

The guide shows a few paths, and I have found a couple, so there is the beginning of the list. This way the programmers only have to add a command to look up the possible paths in the list if it exists.

I must confess that I do not understand the need for knowing where something is located when the program does not give the user the option of specifying where things are. And the only thing that should matter is the location of the database file. Everything else should be in the program's own code.

[varjolintu]

@KitchM That is one possibility.

[KitchM]

I wonder if there are others.

[youareallidiots]

one (1) question, how dumb are you all? i hate i even have to break protocol to even comment on this but its just infuriating. Idiot aka varjolintu has been asking this question for well over a year and all you other guys should be fucking bitch slapped for even answering.

all you have done is expose important and vital pieces of the puzzle located within the Tor Browser that keep people anonymous.

a quote from varjolintu: "There's no standard path for Tor settings, so here we are, trying our best." NO THERE ISNT YOU IMBECILE!! thats how you stay anonymous!! and thats why you don't work for Tor or code or probably get all the shit off you ass because well, you are pathetic and should have been, per natural selection, a meal for a lion but there you sit, in your house, on your laptop contributing nothing. yo

and kitchM... posting all the debugging. i mean how dumb are you guys?? i mean im quite sure you are borderline retards.. IQ 42.

you 2 idiots need to stay on the clearnet. all you are doing is making it easier for those, that actually know what they are doing, to get caught up and in trouble

and btw. don't you think if this could be done and you could stay anonymous, you would have an answer by now?

look there is a way to do it. but it involves taking a file and altering it a bit and saving in a different folder from whence it came. so yes it can be done but as literally idiotic as you guys are dont you think creating that file in that manner would trigger a file to be created in another area that would seriously hinder your ability to stay anonymous??

the answer to that question is out there and im sure you saw that but it wasnt the answer you wanted to read so you just kept on.

well i for one, am sick of little fucks like you.. sick of it... get a new hobby.. stay on tor and you will go to prison or have a dozen hackers sent to ruin your life...

your just fucking idiots. use what your given and be happy, if you have a problem you cant find the answer too,. its probably because its not a problem for anyone but you. the rest of us realize that it is how it is for a reason.

rant over!! now fucking burn your laptops and go eat a fucking cupcake and take up stamp collecting!!

[youareallidiots]

fucking idiots!

[youareallidiots]

"I think, based upon what Francis is saying, that there could be a list of possible locations. This list could be expanded from users' experiences. So when KeePassXC tries to look up the location of the important information, it would check thru all the possible locations found in the list. Users could also edit the list to add whatever they found on their own system."

Kitch m.. you fucking idiot... dont you think if it could be fixed and you stay anonymous you wouldnt be typing all this bs on github?? dont you think if there was a fix that wouldnt sacrafice your anonymity the folks at tor would have let you know.. its not solved because there is no solution. i mean come on man... just go jump off a roof.,, whip skip bip

[varjolintu]

@youareallidiots That's pretty toxic, even from an anonymous person like you.

[KitchM]

Thank you, varjolintu. I agree. Pretty toxic. However, exactly what I'd expect from anonymous.

We are moving into an age when many people do not accept other individuals' rights to express themselves.

I can honestly say that I do not mean anything negative, but only wish to improve the product so wonderfully created by others' hard work.

The bottom line here is a pretty basic and simple one of a problem with integration. Some unknown issue is blocking the creators' expectations. I wish I could help with that.

Thanks again.