idk/i2p.166.host-aware-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
i2p.166.host-aware-proxy/TESTING.md
eyedeekay 886901d759 Share attack results with old vs new proxy
2024-06-03 15:04:31 -04:00

143 lines
8.6 KiB
Markdown
Raw Permalink Blame History

# Prop166 Test Matrix:
Divided into 2 sections.
Basic tests confirm that the functionality works as-implemented.
Extended tests ensure that features are not broken.
## Very basic tests:
**\1.** Run the test scripts.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on port 8888.
2. Open a terminal.
3. Run the ./test-attack-is-working.sh script
4. Run the ./test-attack-is-broken.sh script
3. View attack.log and attack-broken.log files. Observe that attack.log indicates correlation, and attack-broken.log indicates no correlation.
```
## Basic Tests:
**\1.** Confirm isolation works on both HTTP and HTTPS URL's within I2P.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on any port. Remember the port
2. Open a terminal.
3. Set an environment variable with your chosen port: `export http_port=port_number`
4. Set up the `http_proxy` environment variable: `export http_proxy=http://localhost:$http_port`
5. Set up the `https_proxy` environment variable: `export https_proxy=http://localhost:$http_port`
Continue in the shell.
+------------------------+-------------------------------------------------------------------+-----------+
| Using curl: | Desired Result: | Result: |
+------------------------+-------------------------------------------------------------------+-----------+
| curl http://idk.i2p/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | A b32 for it's unpublished destination should appear in the log. | |
+------------------------+-------------------------------------------------------------------+-----------+
| curl https://idk.i2p/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | A b32 for it's unpublished destination should appear in the log. | |
| | It should be the same as for http://idk.i2p above | |
+------------------------+-------------------------------------------------------------------+-----------+
|curl http://stats.i2p/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | A b32 for it's unpublished destination should appear in the log. | |
| | It should differ from the one for http*://idk.i2p above. | |
+------------------------+-------------------------------------------------------------------+-----------+
|curl https://stats.i2p/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | A b32 for it's unpublished destination should appear in the log. | |
| | It should be the same as for http://stats.i2p above | |
+------------------------+-------------------------------------------------------------------+-----------+
```
**\2.** Confirm outproxies and in-I2P traffic do not share a destination.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on any port. Remember the port
2. Open a terminal.
3. Set an environment variable with your chosen port: `export http_port=port_number`
4. Set up the `http_proxy` environment variable: `export http_proxy=http://localhost:$http_port`
5. Set up the `https_proxy` environment variable: `export https_proxy=http://localhost:$http_port`
Continue in the shell.
+------------------------+-------------------------------------------------------------------+-----------+
| Using curl: | Desired Result: | Result: |
+------------------------+-------------------------------------------------------------------+-----------+
| curl http://i2p.net/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | The log will report the use of the "null or outproxy client" | |
| | A b32 for it's unpublished destination should appear in the log. | |
| | It will differ from any b32 logged for any in-I2P URL. | |
+------------------------+-------------------------------------------------------------------+-----------+
| curl https://i2p.net/ | Observe the logs, a new proxy on a new port should be created. | As Desired|
| | A b32 for it's unpublished destination should appear in the log. | |
| | It should be the same as for http://i2p.net above | |
+------------------------+-------------------------------------------------------------------+-----------+
```
**\3.** Confirm isolation works in a normal web browser.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on any port. Remember the port
2. Open a terminal.
3. Set an environment variable with your chosen port: `export http_port=port_number`
4. Set up the `http_proxy` environment variable: `export http_proxy=http://localhost:$http_port`
5. Set up the `https_proxy` environment variable: `export https_proxy=http://localhost:$http_port`
6. Set up the `colluder_one` environment variable: `export colluder_one=http://`
7. Set up the `colluder_two` environment variable: `export colluder_two=http://`
8. Set up the `colluder_three` environment variable: `export colluder_three=http://`
Continue in the shell:
+---------------------------+-------------------------------------------------------------------+-----------+
| Using firefox: | Desired Result: | Result: |
+---------------------------+-------------------------------------------------------------------+-----------+
| /usr/bin/firefox \ | Colluder should report a unique destination, not present on any | As Desired|
| --profile=./tmp \ | other colluder. Should be consistent across refresh. | |
| "$colluder_one" | | |
+---------------------------+-------------------------------------------------------------------+-----------+
| /usr/bin/firefox \ | Colluder should report a unique destination, not present on any | As Desired|
| --profile=./tmp \ | other colluder. Should be consistent across refresh. | |
| "$colluder_two" | | |
+---------------------------+-------------------------------------------------------------------+-----------+
| /usr/bin/firefox \ | Colluder should report a unique destination, not present on any | As Desired|
| --profile=./tmp \ | other colluder. Should be consistent across refresh. | |
| "$colluder_three" | | |
+---------------------------+-------------------------------------------------------------------+-----------+
```
Extended Test:
**\1.** Confirm that blinded LeaseSets still work and that they isolate based on destination.
**\3.** Confirm isolation works in a normal web browser.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on any port. Remember the port
2. Open a terminal.
3. Set an environment variable with your chosen port: `export http_port=port_number`
4. Set up the `http_proxy` environment variable: `export http_proxy=http://localhost:$http_port`
5. Set up the `https_proxy` environment variable: `export https_proxy=http://localhost:$http_port`
6. Set up the `colluder_one` environment variable: `export colluder_one=http://`
7. Set up the `colluder_two` environment variable: `export colluder_two=http://`
8. Set up the `colluder_three` environment variable: `export colluder_three=http://`
```
**\2.** Confirm that encrypted LeaseSets still work and that they isolate based on destination.
```md
Set up:
1. Configure an I2PTunnelHTTPBrowserClient(Tabbed HTTP Proxy) on any port. Remember the port
2. Open a terminal.
3. Set an environment variable with your chosen port: `export http_port=port_number`
4. Set up the `http_proxy` environment variable: `export http_proxy=http://localhost:$http_port`
5. Set up the `https_proxy` environment variable: `export https_proxy=http://localhost:$http_port`
6. Set up the `colluder_one` environment variable: `export colluder_one=http://`
7. Set up the `colluder_two` environment variable: `export colluder_two=http://`
8. Set up the `colluder_three` environment variable: `export colluder_three=http://`
```
Reference in New Issue View Git Blame Copy Permalink