-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathonion2web.lua
125 lines (113 loc) · 3.54 KB
/
onion2web.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
local socks5 = require 'socks5'
local ngx = require 'ngx'
local onion2web = {}
local hidden_base = "(" .. string.rep("%w", 16) .. ")"
local hidden_onion = hidden_base .. '%.onion'
local show_confirmation_form = function()
local host = ngx.req.get_headers()['Host']
local onion = host:match(hidden_base) .. '.onion'
if ngx.req.get_method() == 'POST' and
ngx.var.uri:match('^/confirm') then
ngx.header['Set-Cookie'] = 'onion2web_confirmed=true;'
return ngx.redirect("/")
end
ngx.say(([[<html>
<head>
<title>Onion2web</title>
<body>
<h1>Onion2web</h1>
<br/><br/>
<b>%s does not host this content</b>;
the service is simply a proxy connecting Internet users
to content hosted inside the <a
href="https://www.torproject.org/docs/hidden-services.html.en">
Tor network.</a>
Please be aware that when you access this site through a
Onion2web proxy you are not anonymous.
To obtain anonymity, you are strongly advised to <a
href="https://www.torproject.org/download/">
download the Tor Browser Bundle</a>
and access this content over Tor.
<br>
By accessing this site you acknowledge
that you have understood:
<ul>
<li>What Tor Hidden Services are and how they works;</li>
<li>What Onion2web is and how it works;</li>
<li>That Onion2web operator running cannot
block this site in any way;</li>
<li>The content of the %s website is
responsibility of it's editor.</li>
</ul>
<br/>
<div>By the way, just to be clear:</div>
<br/><br/>
<center><b>THIS SERVER IS A PROXY AND IT'S NOT
HOSTING THE TOR HIDDEN SERVICE SITE %s</b>
<br/><br/>
<form method="post" action="/confirm">
<input type="submit"
value="I agree with the terms, let me access the content"/>
</form>
</center>
<a href="https://ahmia.fi/blacklist/">Report the site</a>
<a href="https://github.com/starius/onion2web">
<img style="position: absolute; top: 0; right: 0; border: 0;"
src="https://s3.amazonaws.com/github/ribbons/forkme_right_darkblue_121621.png"
alt="Fork me on GitHub"
>
</a>
</body>
</html>
]]):format(host, onion, onion))
end
onion2web.handle_onion2web = function(onion_replacement,
torhost, torport, confirmation, blocklist)
if not torhost then
torhost = '127.0.0.1'
end
if not torport then
torport = 9050
end
if confirmation == nil then
confirmation = true
end
local host = ngx.req.get_headers()['Host']
-- Check against the blocklist.
local onion = host:match(hidden_base) .. '.onion'
local digest = ngx.md5(onion)
if blocklist and blocklist[digest] then
ngx.say('Domain ' .. host .. ' is blocked ' ..
'in the name of good and justice')
return
end
local repl = hidden_base .. onion_replacement
if not host:match('^' .. repl .. '$') and
not host:match('%.' .. repl .. '$') then
ngx.say('Bad domain: ' .. host)
return
end
local cookies = ngx.req.get_headers()['Cookie']
if confirmation and
(not cookies or
not cookies:match('onion2web_confirmed=true')) then
show_confirmation_form()
return
end
local change_only_html = true
socks5.handle_request(torhost, torport,
function(clheader)
return clheader
:gsub("HTTP/1.1(%c+)", "HTTP/1.0%1")
:gsub(repl, "%1.onion")
:gsub("Connection: keep%-alive", "Connection: close")
:gsub("Accept%-Encoding: [%w%p ]+%c+", "")
end,
function(soheader)
return soheader
:gsub(hidden_onion, "%1" .. onion_replacement)
end,
change_only_html
)
end
return onion2web