1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
Special Hostnames in Tor
Nick Mathewson
Table of Contents
1. Overview
2. .exit
3. .onion
4. .noconnect
1. Overview
Most of the time, Tor treats user-specified hostnames as opaque: When
the user connects to www.torproject.org, Tor picks an exit node and uses
that node to connect to "www.torproject.org". Some hostnames, however,
can be used to override Tor's default behavior and circuit-building
rules.
These hostnames can be passed to Tor as the address part of a SOCKS4a or
SOCKS5 request. If the application is connected to Tor using an IP-only
method (such as SOCKS4, TransPort, or NATDPort), these hostnames can be
substituted for certain IP addresses using the MapAddress configuration
option or the MAPADDRESS control command.
2. .exit
SYNTAX: [hostname].[name-or-digest].exit
[name-or-digest].exit
Hostname is a valid hostname; [name-or-digest] is either the nickname of a
Tor node or the hex-encoded digest of that node's public key.
When Tor sees an address in this format, it uses the specified hostname as
the exit node. If no "hostname" component is given, Tor defaults to the
published IPv4 address of the exit node.
It is valid to try to resolve hostnames, and in fact upon success Tor
will cache an internal mapaddress of the form
"www.google.com.foo.exit=64.233.161.99.foo.exit" to speed subsequent
lookups.
The .exit notation is disabled by default as of Tor 0.2.2.1-alpha, due
to potential application-level attacks.
EXAMPLES:
www.example.com.exampletornode.exit
Connect to www.example.com from the node called "exampletornode".
exampletornode.exit
Connect to the published IP address of "exampletornode" using
"exampletornode" as the exit.
3. .onion
SYNTAX: [digest].onion
[ignored].[digest].onion
Version 2 addresses (deprecated since 0.4.6.1-alpha), the digest is the first
eighty bits of a SHA1 hash of the identity key for a hidden service, encoded
in base32.
Version 3 addresses, the digest is defined as:
onion_address = base32(PUBKEY | CHECKSUM | VERSION)
CHECKSUM = H(".onion checksum" | PUBKEY | VERSION)[:2]
where:
- PUBKEY is the 32 bytes ed25519 master pubkey of the onion service.
- VERSION is a one byte version field (default value '\x03')
- ".onion checksum" is a constant string
- CHECKSUM is truncated to two bytes before inserting it in onion_address
When Tor sees an address in this format, it tries to look up and connect to
the specified onion service. See rend-spec-v3.txt for full details.
The "ignored" portion of the address is intended for use in vhosting, and
is supported in Tor 0.2.4.10-alpha and later.
4. .noconnect
SYNTAX: [string].noconnect
When Tor sees an address in this format, it immediately closes the
connection without attaching it to any circuit. This is useful for
controllers that want to test whether a given application is indeed
using the same instance of Tor that they're controlling.
This feature was added in Tor 0.1.2.4-alpha, and taken out in Tor
0.2.2.1-alpha over fears that it provided another avenue for detecting
Tor users via application-level web tricks.
|
