Tor v3 onion address auto-mode rule

hendursaga · January 8, 2022, 12:41am

I finally came up with an auto-mode rule that would automagically enable proxy-mode as well as exclude force-https-mode on v3 onion addresses!

((match-regex "^https?://([a-z0-9.-]+.)?[a-z2-7]{56}.onion") :included (nyxt/proxy-mode:proxy-mode) :excluded (nyxt/force-https-mode:force-https-mode))

And then here’s my proxy-mode config…

(define-configuration nyxt/proxy-mode:proxy-mode
  ((nyxt/proxy-mode:proxy (make-instance 'proxy
                                         :url (quri:uri "socks5://localhost:9050")
                                         :allowlist '("localhost")
                                         :proxied-downloads-p t))))

Perhaps someone has ideas for improvements? It’s possible, say, that the regex is slightly off, but so far, it’s worked for everything I gave it in real life!

aartaka · January 8, 2022, 7:53am

That’s a nice one!

Maybe we should enable something like it by default?

What is the ([a-z0-9.-]+.)? in the beginning for? Are some websites not following the [a-z2-7]{56} format?

This regex can be easily expanded to support v2 too (using an additional clause with {16})

danrobi · January 8, 2022, 11:31am

Nice! Thanks for sharing.

hendursaga · January 8, 2022, 7:01pm

It’s for URLs like Brave Search https://search.brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/, where it’s a subdomain of some onion address.

I would advise against v2 onion addresses, although I’m not entirely sure they are completely, absolutely unavailable these days. I know TBB doesn’t allow them anymore.

aartaka · January 8, 2022, 7:56pm

Oh, it never occured to me that .onion donains can have subdomains xD

Then there’s a dangerous unescaped dot before the closing parenthesis in your regex

hendursaga · January 10, 2022, 8:13pm

OK Mr. Smarty-Pants, does ^https?://([a-z0-9.-]+\.)?[a-z2-7]{56}\.onion look better to you?

aartaka · January 10, 2022, 8:30pm

Yes, it does xD

Sorry if I was being annoying

Actually, I always forget how much (one or two?) backslashes one needs to use in CL to hape properly escaped regex special characters, so it can still be “incorrect”

hendursaga · January 17, 2022, 12:08am

Another tip: instead of merely customizing proxy-mode, you can subclass it and use that instead, in case, say, you have more than just Tor for a proxy.

(define-mode tor-proxy-mode (nyxt/proxy-mode:proxy-mode)
  "Set proxy to local Tor SOCKS5 proxy."
  ((nyxt/proxy-mode:proxy (make-instance 'proxy
                                         :url (quri:uri "socks5://localhost:9050")
                                         :allowlist '("localhost")
                                         :proxied-downloads-p t))))

because · April 27, 2022, 6:02pm

It should be easy to test the correct number of escapes by running a minimal regex containing a single dot against a character other than dot and seeing whether it matches.

because · April 27, 2022, 6:03pm

Could one use this idea to match both Tor and I2P at the same time and switch based on the URL given?

hendursaga · April 29, 2022, 2:27am

Could one use this idea to match both Tor and I2P at the same time and switch based on the URL given?

I'm not sure I follow? Since Tor and I2P addresses are resolved differently, you'd have to create two rules and two proxy-mode classes..

because · April 29, 2022, 2:46am

That actually answers exactly what I was wondering, I just expressed myself poorly. More clearly stated my question was whether one could write rules such that Nyxt resolves I2P addresses via the I2P network, and Tor addresses via the Tor network.

This is really cool.