Compare commits

..

1 Commits

Author SHA1 Message Date
Xavier Roche
6fd2c6255d Add native title tooltips to the webhttrack option pages
The web GUI carried per-control help via onMouseOver="info(...)", which
only wrote window.status. Browsers stopped honoring scripted window.status
writes years ago, so those hints render nowhere.

Emit each hint as a native title='...' attribute alongside the existing
handler, reusing the same ${html:LANG_*} string. Single-quoted so the
filter's ' -> &#39; (and <>&) escaping keeps the attribute well-formed; a
literal " is harmless inside single quotes. The window.status calls stay
(inert) to keep the diff to added attributes.

The webhttrack smoke test now also fetches an option page and requires a
rendered title=' tooltip.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Xavier Roche <roche@httrack.com>
2026-07-15 22:24:35 +02:00
48 changed files with 238 additions and 601 deletions

View File

@@ -103,7 +103,6 @@ ${LANG_PROXYTYPE}
title='${html:LANG_PROXYTYPETIP}' onMouseOver="info('${html:LANG_PROXYTYPETIP}'); return true" onMouseOut="info('&nbsp;'); return true"
>
<option value=""${ztest:proxytype: selected:}>HTTP</option>
<option value="2"${test:proxytype::: selected}>HTTP (CONNECT tunnel)</option>
<option value="1"${test:proxytype:: selected}>SOCKS5</option>
</select>
<br><br>

View File

@@ -192,7 +192,7 @@ ${do:end-if}
${test:logtype:::--extra-log:--debug-log}
${test:index:--index=0:}
${test:index2:--search-index=0:--search-index}
${test:prox:--proxy "}${do:if-not-empty:prox}${test:proxytype::socks5:connect}${test:proxytype:\3A//}${do:end-if}${do:output-mode:html}${prox}${test:prox:\3A}${portprox}${test:prox:"}
${test:prox:--proxy "}${do:if-not-empty:prox}${test:proxytype:socks5\3A//}${do:end-if}${do:output-mode:html}${prox}${test:prox:\3A}${portprox}${test:prox:"}
${test:ftpprox:--httpproxy-ftp=0:--httpproxy-ftp}
</textarea>

View File

@@ -1009,7 +1009,7 @@ A fatal error has occurred during this mirror
LANG_PROXYTYPE
Proxy type:
LANG_PROXYTYPETIP
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
LANG_COOKIEFILE
Load cookies from file:
LANG_COOKIEFILETIP

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Ôàòàëíà ãðåøêà ïðè ñúçäàâàíåòî íà òîçè îãëåäàëåí ñàéò
Proxy type:
Òèï íà ïðîêñè:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Ïðîòîêîë íà ïðîêñè. HTTP: ñòàíäàðòíî ïðîêñè. HTTP (CONNECT òóíåë): èçïðàùà âñÿêà çàÿâêà ïðåç CONNECT òóíåë, çà ïðîêñè ïîääúðæàùè ñàìî CONNECT êàòî HTTPTunnelPort íà Tor. SOCKS5: ïîðò ïî ïîäðàçáèðàíå 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Ïðîòîêîë íà ïðîêñè: HTTP èëè SOCKS5 (ñòàíäàðòíèÿò ïîðò íà SOCKS5 å 1080).
Load cookies from file:
Çàðåæäàíå íà 'áèñêâèòêè' îò ôàéë:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Ha ocurrido un error fatal durante esta copia
Proxy type:
Tipo de proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocolo del proxy. HTTP: proxy estándar. HTTP (túnel CONNECT): envía cada petición a través de un túnel CONNECT, para proxys que solo admiten CONNECT como el HTTPTunnelPort de Tor. SOCKS5: puerto predeterminado 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocolo del proxy: HTTP o SOCKS5 (el puerto SOCKS5 predeterminado es 1080).
Load cookies from file:
Cargar cookies desde un archivo:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Typ proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protokol proxy. HTTP: standardní proxy. HTTP (tunel CONNECT): odešle každý požadavek pøes tunel CONNECT, pro proxy podporující jen CONNECT jako HTTPTunnelPort v Toru. SOCKS5: výchozí port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protokol proxy: HTTP nebo SOCKS5 (výchozí port SOCKS5 je 1080).
Load cookies from file:
Naèíst cookies ze souboru:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
這鏡像發生了不可回復的錯誤
Proxy type:
proxy 類型:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
代理協定。HTTP標準代理。HTTPCONNECT 隧道):透過 CONNECT 隧道傳送每個請求,用於僅支援 CONNECT 的代理,例如 Tor 的 HTTPTunnelPort。SOCKS5預設連接埠 1080。
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
proxy 協定: HTTP 或 SOCKS5 (SOCKS5預設連接埠 1080)
Load cookies from file:
從檔案載入 cookies:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
代理类型:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
代理协议。HTTP标准代理。HTTPCONNECT 隧道):通过 CONNECT 隧道发送每个请求,用于仅支持 CONNECT 的代理,例如 Tor 的 HTTPTunnelPort。SOCKS5默认端口 1080。
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
代理协议: HTTP 或 SOCKS5 (SOCKS5默认端口 1080)
Load cookies from file:
从文件加载 cookies:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -932,8 +932,8 @@ A fatal error has occurred during this mirror
Tijekom ovog zrcaljenja je nastala fatalna pogreška
Proxy type:
Vrsta posrednika:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protokol posrednika. HTTP: standardni posrednik. HTTP (CONNECT tunel): ¹alje svaki zahtjev kroz CONNECT tunel, za posrednike koji podr¾avaju samo CONNECT poput Torovog HTTPTunnelPorta. SOCKS5: zadani port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protokol posrednika: HTTP ili SOCKS5 (zadani port za SOCKS5 je 1080).
Load cookies from file:
Uèitati kolaèiæe iz datoteke:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -978,8 +978,8 @@ HTTrack: could not save profile for '%s'!
HTTrack: kunne ikke gemme profil for '%s'!
Proxy type:
Proxytype:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxyprotokol. HTTP: standardproxy. HTTP (CONNECT-tunnel): sender hver forespørgsel gennem en CONNECT-tunnel, til proxyer der kun understøtter CONNECT som Tors HTTPTunnelPort. SOCKS5: standardport 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxyprotokol: HTTP eller SOCKS5 (SOCKS5 bruger som standard port 1080).
Load cookies from file:
Indlæs cookies fra fil:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Fataler Fehler während der Webseiten-Kopie
Proxy type:
Proxy-Typ:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy-Protokoll. HTTP: normaler Proxy. HTTP (CONNECT-Tunnel): sendet jede Anfrage durch einen CONNECT-Tunnel, für Proxys, die nur CONNECT unterstützen, wie Tors HTTPTunnelPort. SOCKS5: Standardport 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxy-Protokoll: HTTP oder SOCKS5 (Standardport von SOCKS5 ist 1080).
Load cookies from file:
Cookies aus Datei laden:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Proxy tüüp:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Puhverserveri protokoll. HTTP: tavaline puhverserver. HTTP (CONNECT-tunnel): saadab iga päringu läbi CONNECT-tunneli, ainult CONNECT-it toetavate puhverserverite jaoks nagu Tori HTTPTunnelPort. SOCKS5: vaikeport 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxy protokoll: HTTP või SOCKS5 (SOCKS5 vaikeport on 1080).
Load cookies from file:
Lae küpsised failist:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -978,8 +978,8 @@ HTTrack: could not save profile for '%s'!
HTTrack: could not save profile for '%s'!
Proxy type:
Proxy type:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Load cookies from file:
Load cookies from file:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -933,8 +933,8 @@ T
Proxy type:
Välityspalvelimen tyyppi:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Välityspalvelimen protokolla. HTTP: tavallinen välityspalvelin. HTTP (CONNECT-tunneli): lähettää jokaisen pyynnön CONNECT-tunnelin kautta, vain CONNECT-yhteyksiä tukeville välityspalvelimille kuten Torin HTTPTunnelPort. SOCKS5: oletusportti 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Välityspalvelimen protokolla: HTTP tai SOCKS5 (SOCKS5:n oletusportti on 1080).
Load cookies from file:
Lataa evästeet tiedostosta:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -978,8 +978,8 @@ Default referer URL
Champ referer par défaut
Proxy type:
Type de proxy :
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocole du proxy. HTTP : proxy standard. HTTP (tunnel CONNECT) : envoie chaque requête via un tunnel CONNECT, pour les proxys acceptant uniquement CONNECT comme le HTTPTunnelPort de Tor. SOCKS5 : port par défaut 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocole du proxy : HTTP ou SOCKS5 (le port SOCKS5 par défaut est 1080).
Load cookies from file:
Charger les cookies depuis un fichier :
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -932,8 +932,8 @@ A fatal error has occurred during this mirror
Ένα καταστροφικό σφάλμα προκλήθηκε κατά την αντιγραφή αυτού του τόπου
Proxy type:
Τύπος proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Πρωτόκολλο διαμεσολαβητή. HTTP: τυπικός διαμεσολαβητής. HTTP (σήραγγα CONNECT): στέλνει κάθε αίτημα μέσω σήραγγας CONNECT, για διαμεσολαβητές που υποστηρίζουν μόνο CONNECT όπως το HTTPTunnelPort του Tor. SOCKS5: προεπιλεγμένη θύρα 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Πρωτόκολλο proxy: HTTP ή SOCKS5 (η προεπιλεγμένη θύρα του SOCKS5 είναι 1080).
Load cookies from file:
Φόρτωση cookies από αρχείο:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Si è verificato un errore fatale durante la copia
Proxy type:
Tipo di proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocollo del proxy. HTTP: proxy standard. HTTP (tunnel CONNECT): invia ogni richiesta attraverso un tunnel CONNECT, per proxy che supportano solo CONNECT come l'HTTPTunnelPort di Tor. SOCKS5: porta predefinita 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocollo del proxy: HTTP o SOCKS5 (la porta SOCKS5 predefinita è 1080).
Load cookies from file:
Carica i cookie da un file:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
プロキシの種類:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
プロキシのプロトコル。HTTP: 標準のプロキシ。HTTP (CONNECT トンネル): すべてのリクエストを CONNECT トンネル経由で送信します。Tor の HTTPTunnelPort のような CONNECT のみのプロキシ用です。SOCKS5: 既定ポート 1080。
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
プロキシのプロトコル: HTTP または SOCKS5 (SOCKS5 既定ポート 1080)
Load cookies from file:
クッキーをファイルから読み込む:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Íàñòàíà ôàòàëíà ãðåøêà ïðè îâî¼ mirror
Proxy type:
ÂØß ÝÐ ßàÞÚáØ:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
¿àÞâÞÚÞÛ ÝÐ ßàÞÚáØ. HTTP: áâÐÝÔÐàÔÕÝ ßàÞÚáØ. HTTP (âãÝÕÛ CONNECT): ÓÞ ØáßàÐüÐ áÕÚÞÕ ÑÐàÐúÕ ßàÕÚã âãÝÕÛ CONNECT, ×Ð ßàÞÚáØ èâÞ ßÞÔÔàÖãÒÐÐâ áÐÜÞ CONNECT ÚÐÚÞ HTTPTunnelPort ÝÐ Tor. SOCKS5: áâÐÝÔÐàÔÝÐ ßÞàâÐ 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
¿àÞâÞÚÞÛ ÝÐ ßàÞÚáØ: HTTP ØÛØ SOCKS5 (áâÐÝÔÐàÔÝÐâÐ ßÞàâÐ ÝÐ SOCKS5 Õ 1080).
Load cookies from file:
²çØâÐø ÚÞÛÐçØúÐ ÞÔ ÔÐâÞâÕÚÐ:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Végzetes hiba történt a tükrözés közben
Proxy type:
Proxy típusa:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy protokoll. HTTP: szabványos proxy. HTTP (CONNECT alagút): minden kérést CONNECT alagúton keresztül küld, a csak CONNECT-et támogató proxykhoz, mint a Tor HTTPTunnelPortja. SOCKS5: alapértelmezett port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxy protokoll: HTTP vagy SOCKS5 (a SOCKS5 alapértelmezett portja 1080).
Load cookies from file:
Sütik betöltése fájlból:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Een fatale fout is opgetreden tijdens deze spiegeling
Proxy type:
Proxytype:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxyprotocol. HTTP: standaardproxy. HTTP (CONNECT-tunnel): stuurt elke aanvraag via een CONNECT-tunnel, voor proxy's die alleen CONNECT ondersteunen zoals Tors HTTPTunnelPort. SOCKS5: standaardpoort 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxyprotocol: HTTP of SOCKS5 (standaardpoort van SOCKS5 is 1080).
Load cookies from file:
Cookies uit bestand laden:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Proxytype:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxyprotokoll. HTTP: standard proxy. HTTP (CONNECT-tunnel): sender hver forespørsel gjennom en CONNECT-tunnel, for proxyer som bare støtter CONNECT som Tors HTTPTunnelPort. SOCKS5: standardport 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxyprotokoll: HTTP eller SOCKS5 (SOCKS5 bruker som standard port 1080).
Load cookies from file:
Last inn cookies fra fil:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Podczas tworzenia lustra wydarzyl sie fatalny blad.
Proxy type:
Typ proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protokó³ proxy. HTTP: standardowe proxy. HTTP (tunel CONNECT): wysy³a ka¿de ¿±danie przez tunel CONNECT, dla proxy obs³uguj±cych tylko CONNECT, jak HTTPTunnelPort w Torze. SOCKS5: port domy¶lny 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protokó³ proxy: HTTP lub SOCKS5 (domy¶lny port SOCKS5 to 1080).
Load cookies from file:
Wczytaj ciasteczka z pliku:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -978,8 +978,8 @@ HTTrack: could not save profile for '%s'!
HTTrack: não foi possível salvar o perfil para '%s'!
Proxy type:
Tipo de proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocolo do proxy. HTTP: proxy padrão. HTTP (túnel CONNECT): envia cada requisição através de um túnel CONNECT, para proxies que só suportam CONNECT como o HTTPTunnelPort do Tor. SOCKS5: porta padrão 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocolo do proxy: HTTP ou SOCKS5 (a porta SOCKS5 padrão é 1080).
Load cookies from file:
Carregar cookies de um arquivo:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Tipo de proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocolo do proxy. HTTP: proxy padrão. HTTP (túnel CONNECT): envia cada pedido através de um túnel CONNECT, para proxies que só suportam CONNECT como o HTTPTunnelPort do Tor. SOCKS5: porta predefinida 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocolo do proxy: HTTP ou SOCKS5 (a porta SOCKS5 predefinida é 1080).
Load cookies from file:
Carregar cookies de um ficheiro:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
A survenit o eroare fatală în timpul acestei clonări.
Proxy type:
Tip proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protocol proxy. HTTP: proxy standard. HTTP (tunel CONNECT): trimite fiecare cerere printr-un tunel CONNECT, pentru proxy care accepta doar CONNECT precum HTTPTunnelPort al lui Tor. SOCKS5: port implicit 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protocol proxy: HTTP sau SOCKS5 (portul SOCKS5 implicit este 1080).
Load cookies from file:
Încarca cookies dintr-un fisier:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Âî âðåìÿ òåêóùåé çàêà÷êè ïðîèçîøëà ôàòàëüíàÿ îøèáêà
Proxy type:
Òèï ïðîêñè:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Ïðîòîêîë ïðîêñè. HTTP: îáû÷íûé ïðîêñè. HTTP (òóííåëü CONNECT): îòïðàâëÿåò êàæäûé çàïðîñ ÷åðåç òóííåëü CONNECT, äëÿ ïðîêñè, ïîääåðæèâàþùèõ òîëüêî CONNECT, íàïðèìåð HTTPTunnelPort â Tor. SOCKS5: ïîðò ïî óìîë÷àíèþ 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Ïðîòîêîë ïðîêñè: HTTP èëè SOCKS5 (ïî óìîë÷àíèþ SOCKS5 èñïîëüçóåò ïîðò 1080).
Load cookies from file:
Çàãðóçèòü cookies èç ôàéëà:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Typ proxy:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protokol proxy. HTTP: ¹tandardné proxy. HTTP (tunel CONNECT): odo¹le ka¾dú po¾iadavku cez tunel CONNECT, pre proxy podporujúce len CONNECT ako HTTPTunnelPort v Tore. SOCKS5: predvolený port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protokol proxy: HTTP alebo SOCKS5 (predvolený port SOCKS5 je 1080).
Load cookies from file:
Naèíta» cookies zo súboru:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Vrsta proxyja:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Protokol proxy. HTTP: standardni proxy. HTTP (tunel CONNECT): poslje vsako zahtevo skozi tunel CONNECT, za posrednike, ki podpirajo samo CONNECT, kot je HTTPTunnelPort v Toru. SOCKS5: privzeta vrata 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Protokol proxy: HTTP ali SOCKS5 (privzeta vrata SOCKS5 so 1080).
Load cookies from file:
Nalozi piskotke iz datoteke:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Proxytyp:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxyprotokoll. HTTP: standardproxy. HTTP (CONNECT-tunnel): skickar varje begäran genom en CONNECT-tunnel, för proxyservrar som bara stöder CONNECT som Tors HTTPTunnelPort. SOCKS5: standardport 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxyprotokoll: HTTP eller SOCKS5 (SOCKS5 använder som standard port 1080).
Load cookies from file:
Läs in cookies från fil:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Bu yansýlama iþlemi sýrasýnda ölümcül bir hata oluþtu
Proxy type:
Proxy türü:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proxy protokolü. HTTP: standart proxy. HTTP (CONNECT tüneli): her isteði bir CONNECT tüneli üzerinden gönderir; Tor'un HTTPTunnelPort gibi yalnýzca CONNECT destekleyen proxy'ler için. SOCKS5: varsayýlan baðlantý noktasý 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proxy protokolü: HTTP veya SOCKS5 (SOCKS5 varsayýlan portu 1080).
Load cookies from file:
Çerezleri dosyadan yükle:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Proxy type:
Òèï ïðîêñ³:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Ïðîòîêîë ïðîêñ³. HTTP: ñòàíäàðòíèé ïðîêñ³. HTTP (òóíåëü CONNECT): íàäñèëຠêîæåí çàïèò ÷åðåç òóíåëü CONNECT, äëÿ ïðîêñ³, ùî ï³äòðèìóþòü ëèøå CONNECT, ÿê-îò HTTPTunnelPort ó Tor. SOCKS5: ïîðò çà çàìîâ÷óâàííÿì 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Ïðîòîêîë ïðîêñ³: HTTP àáî SOCKS5 (çà çàìîâ÷óâàííÿì SOCKS5 âèêîðèñòîâóº ïîðò 1080).
Load cookies from file:
Çàâàíòàæèòè cookies ç ôàéëó:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -930,8 +930,8 @@ A fatal error has occurred during this mirror
Joriy kochirish vaqtida jiddiy xatolik yuz berdi
Proxy type:
Proksi turi:
Proxy protocol. HTTP: standard proxy. HTTP (CONNECT tunnel): sends every request through a CONNECT tunnel, for CONNECT-only proxies like Tor's HTTPTunnelPort. SOCKS5: default port 1080.
Proksi protokoli. HTTP: oddiy proksi. HTTP (CONNECT tuneli): har bir so'rovni CONNECT tuneli orqali yuboradi; faqat CONNECT'ni qo'llab-quvvatlaydigan proksilar uchun, masalan Tor HTTPTunnelPort. SOCKS5: standart port 1080.
Proxy protocol: HTTP, or SOCKS5 (SOCKS5 default port is 1080).
Proksi protokoli: HTTP yoki SOCKS5 (SOCKS5 ning standart porti 1080).
Load cookies from file:
Fayldan cookies yuklamoq:
Preload cookies from a Netscape cookies.txt file before crawling.

View File

@@ -135,7 +135,7 @@ continue an interrupted mirror using the cache (\-\-continue)
mirror ALL links located in the first level pages (mirror links) (\-\-mirrorlinks)
.SS Proxy options:
.IP \-P
proxy use (\-P [socks5://|connect://][user:pass@]proxy:port) (\-\-proxy <param>)
proxy use (\-P [socks5://][user:pass@]proxy:port) (\-\-proxy <param>)
.IP \-%f
*use proxy for ftp (f0 don't use) (\-\-httpproxy\-ftp[=N])
.IP \-%b

View File

@@ -2696,12 +2696,9 @@ void back_wait(struct_back * sback, httrackp * opt, cache_back * cache,
int dispo = 0;
// probe the resolved address list once per fresh connect (cache hit:
// the host was resolved when this connect was opened). Not under a
// proxy: the socket dials the proxy, so resolving the origin here leaks
// its DNS and lets a proxy-connect failure fall back to dialing it
// direct.
// the host was resolved when this connect was opened)
if (cf->addr_count < 0 && back[i].r.soc != INVALID_SOCKET &&
!back[i].r.is_file && !back[i].r.req.proxy.active) {
!back[i].r.is_file) {
SOCaddr scratch[HTS_MAXADDRNUM];
cf->addr_count = hts_dns_resolve_all(opt, back[i].url_adr, scratch,
@@ -2757,28 +2754,6 @@ void back_wait(struct_back * sback, httrackp * opt, cache_back * cache,
}
}
// plain http tunneled through a CONNECT-only proxy (#564)
if (back[i].r.req.proxy.active &&
hts_proxy_is_connect(back[i].r.req.proxy.name) &&
!back[i].r.keep_alive
#if HTS_USEOPENSSL
&& !back[i].r.ssl
#endif
) {
const int timeout = back[i].timeout > 0 ? back[i].timeout : 30;
if (!http_proxy_tunnel(opt, &back[i].r, back[i].url_adr, timeout)) {
if (!strnotempty(back[i].r.msg))
strcpybuff(back[i].r.msg, "proxy CONNECT failed");
deletehttp(&back[i].r);
back[i].r.soc = INVALID_SOCKET;
back[i].r.statuscode = STATUSCODE_NON_FATAL;
back[i].status = STATUS_READY;
back_set_finished(sback, i);
continue;
}
}
#if HTS_USEOPENSSL
/* SSL mode */
if (back[i].r.ssl) {

View File

@@ -477,7 +477,7 @@ void help(const char *app, int more) {
(" Y mirror ALL links located in the first level pages (mirror links)");
infomsg("");
infomsg("Proxy options:");
infomsg(" P proxy use (-P [socks5://|connect://][user:pass@]proxy:port)");
infomsg(" P proxy use (-P [socks5://][user:pass@]proxy:port)");
infomsg(" %f *use proxy for ftp (f0 don't use)");
infomsg(" %b use this local hostname to make/send requests (-%b hostname)");
infomsg("");

View File

@@ -947,10 +947,9 @@ int http_sendhead(httrackp * opt, t_cookie * cookie, int mode,
/* widths bound method[256], url[HTS_URLMAXSIZE*2], protocol[256] */
if (sscanf(line, "%255s %2047s %255s", method, url, protocol) == 3) {
size_t ret;
// http proxy: absolute-URI; socks/CONNECT tunnel: origin-form
// absolute-URI for an http proxy; a socks tunnel takes origin-form
if (retour->req.proxy.active &&
!hts_proxy_is_socks(retour->req.proxy.name) &&
!hts_proxy_is_connect(retour->req.proxy.name)) {
!hts_proxy_is_socks(retour->req.proxy.name)) {
print_buffer(&bstr,
"%s http://%s%s %s\r\n", method, adr, url,
protocol);
@@ -986,10 +985,9 @@ int http_sendhead(httrackp * opt, t_cookie * cookie, int mode,
print_buffer(&bstr, "HEAD ");
}
// an http proxy needs an absolute URI; a socks or CONNECT tunnel does not
// an http proxy needs an absolute URI; a socks tunnel does not
if (retour->req.proxy.active &&
!hts_proxy_is_socks(retour->req.proxy.name) &&
!hts_proxy_is_connect(retour->req.proxy.name) &&
(strncmp(adr, "https://", 8) != 0)) {
if (!link_has_authority(adr)) { // default http
#if HDEBUG
@@ -1034,10 +1032,10 @@ int http_sendhead(httrackp * opt, t_cookie * cookie, int mode,
if (xsend)
print_buffer(&bstr, "%s", xsend); // éventuelles autres lignes
// https/connect://: auth rides the CONNECT; socks: the handshake
// for https, auth rides the CONNECT (the tunneled GET would leak it); for
// socks, the handshake
if (retour->req.proxy.active &&
!hts_proxy_is_socks(retour->req.proxy.name) &&
!hts_proxy_is_connect(retour->req.proxy.name) &&
strncmp(adr, "https://", 8) != 0) {
if (link_has_authorization(retour->req.proxy.name)) { // et hop, authentification proxy!
const char *a = jump_identification_const(retour->req.proxy.name);
@@ -3719,8 +3717,6 @@ const char *jump_protocol_const(const char *source) {
source += p;
else if ((p = strfield(source, "socks5:")))
source += p;
else if ((p = strfield(source, "connect:")))
source += p;
// net_path
if (strncmp(source, "//", 2) == 0)
source += 2;
@@ -3736,12 +3732,6 @@ hts_boolean hts_proxy_is_socks(const char *name) {
: HTS_FALSE;
}
hts_boolean hts_proxy_is_connect(const char *name) {
if (name == NULL)
return HTS_FALSE;
return strfield(name, "connect:") ? HTS_TRUE : HTS_FALSE;
}
// default proxy port for a -P argument, keyed on the scheme
static int proxy_default_port(const char *arg) {
return hts_proxy_is_socks(arg) ? 1080 : 8080;

View File

@@ -210,9 +210,6 @@ int check_writeinput_t(T_SOC soc, int timeout);
/* TRUE if this -P proxy name (which keeps its scheme) is a SOCKS5 proxy. */
hts_boolean hts_proxy_is_socks(const char *name);
/* TRUE if this -P proxy name is a "connect://" CONNECT-only proxy (#564). */
hts_boolean hts_proxy_is_connect(const char *name);
void treathead(t_cookie * cookie, const char *adr, const char *fil, htsblk * retour,
char *rcvd);
void treatfirstline(htsblk * retour, const char *rcvd);

View File

@@ -90,15 +90,12 @@ int http_proxy_tunnel(httrackp *opt, htsblk *retour, const char *adr,
if (soc == INVALID_SOCKET)
return 0;
// CONNECT needs an explicit host:port; default :80 for http, :443 for https
// CONNECT needs an explicit host:port; default the https port
authority[0] = '\0';
if (portsep != NULL)
strlcatbuff(authority, host, sizeof(authority)); // already host:port
else {
const int defport = (strncmp(adr, "https://", 8) == 0) ? 443 : 80;
snprintf(authority, sizeof(authority), "%s:%d", host, defport);
}
else
snprintf(authority, sizeof(authority), "%s:%d", host, 443);
// backstop: never let a stray CR/LF in the host smuggle a second line into
// the CONNECT request (the host is already sanitized upstream)
@@ -135,7 +132,7 @@ int http_proxy_tunnel(httrackp *opt, htsblk *retour, const char *adr,
}
strlcatbuff(req, H_CRLF, sizeof(req)); // end of request headers
// raw send(): sendc() would route to TLS when ssl is set (https tunnel)
// raw send: ssl is set, so sendc() would route to TLS
{
const char *p = req;
size_t remain = strlen(req);

View File

@@ -1365,12 +1365,9 @@ static int st_proxyurl(httrackp *opt, int argc, char **argv) {
return 1;
}
hts_parse_proxy(argv[0], name, sizeof(name), &port);
// host= is the resolved host (scheme/userinfo stripped); kind= the transport
printf("name=%s port=%d host=%s kind=%s\n", name, port,
jump_identification_const(name),
hts_proxy_is_socks(name) ? "socks"
: hts_proxy_is_connect(name) ? "connect"
: "http");
// host= is what the connect actually resolves (scheme + user:pass stripped)
printf("name=%s port=%d host=%s\n", name, port,
jump_identification_const(name));
return 0;
}

View File

@@ -5,51 +5,40 @@ set -euo pipefail
# hts_parse_proxy splits a -P argument "[scheme://][user:pass@]host[:port]" into
# the proxy host string and port. -#test=proxyurl <arg> prints
# "name=.. port=.. host=.. kind=..", where host= is what the connect resolves and
# kind= is the transport the scheme selects (http, socks or connect).
# "name=.. port=.. host=..", where host= is what the connect resolves.
p() {
test "$(httrack -O /dev/null -#test=proxyurl "$1")" == "$2" || exit 1
}
# bare host, with and without an explicit port
p 'proxy.example.com:8080' 'name=proxy.example.com port=8080 host=proxy.example.com kind=http'
p 'proxy.example.com' 'name=proxy.example.com port=8080 host=proxy.example.com kind=http'
p 'proxy.example.com:8080' 'name=proxy.example.com port=8080 host=proxy.example.com'
p 'proxy.example.com' 'name=proxy.example.com port=8080 host=proxy.example.com'
# user:pass@ is kept in name (for proxy auth) and stripped from host
p 'user:pass@proxy:3128' 'name=user:pass@proxy port=3128 host=proxy kind=http'
p 'user:pass@proxy' 'name=user:pass@proxy port=8080 host=proxy kind=http'
p 'user:pass@proxy:3128' 'name=user:pass@proxy port=3128 host=proxy'
p 'user:pass@proxy' 'name=user:pass@proxy port=8080 host=proxy'
# a scheme colon must not be read as a port: http://host with no port used to
# parse to name=http with a garbage port
p 'http://proxy:8080' 'name=http://proxy port=8080 host=proxy kind=http'
p 'http://proxy' 'name=http://proxy port=8080 host=proxy kind=http'
p 'http://proxy:8080' 'name=http://proxy port=8080 host=proxy'
p 'http://proxy' 'name=http://proxy port=8080 host=proxy'
# socks5/socks5h default to 1080 and resolve to the bare host
p 'socks5://host:1080' 'name=socks5://host port=1080 host=host kind=socks'
p 'socks5://host' 'name=socks5://host port=1080 host=host kind=socks'
p 'socks5h://host' 'name=socks5h://host port=1080 host=host kind=socks'
p 'socks5://host:1080' 'name=socks5://host port=1080 host=host'
p 'socks5://host' 'name=socks5://host port=1080 host=host'
p 'socks5h://host' 'name=socks5h://host port=1080 host=host'
# explicit port wins over the 1080 default, with and without userinfo
p 'socks5://host:9050' 'name=socks5://host port=9050 host=host kind=socks'
p 'socks5://user:pass@host:9050' 'name=socks5://user:pass@host port=9050 host=host kind=socks'
# connect:// is an http proxy driven with CONNECT for every request (#564); it
# defaults to the http 8080 port and resolves to the bare host
p 'connect://host' 'name=connect://host port=8080 host=host kind=connect'
p 'connect://host:8082' 'name=connect://host port=8082 host=host kind=connect'
p 'connect://user:pass@host:8082' 'name=connect://user:pass@host port=8082 host=host kind=connect'
# only the scheme selects connect mode: a host literally named "connect" is a
# plain http proxy, not a tunnel
p 'connect:8080' 'name=connect port=8080 host=connect kind=http'
p 'connect.example.com:3128' 'name=connect.example.com port=3128 host=connect.example.com kind=http'
p 'socks5://host:9050' 'name=socks5://host port=9050 host=host'
p 'socks5://user:pass@host:9050' 'name=socks5://user:pass@host port=9050 host=host'
# the split is byte-transparent: percent-escapes stay encoded (decoded later at
# auth time), only structural ASCII ':'/'@' delimit, and the last '@' ends the
# userinfo. So %40/%3A and UTF-8 bytes never mis-split host or port.
p 'socks5://user:p%40ss@host:1080' 'name=socks5://user:p%40ss@host port=1080 host=host kind=socks'
p 'socks5://us%3Aer:pass@host:1080' 'name=socks5://us%3Aer:pass@host port=1080 host=host kind=socks'
p 'socks5://a@b:c@host:1080' 'name=socks5://a@b:c@host port=1080 host=host kind=socks'
p 'socks5://naïve:pass@héllo:1080' 'name=socks5://naïve:pass@héllo port=1080 host=héllo kind=socks'
p 'socks5://user:p%40ss@host:1080' 'name=socks5://user:p%40ss@host port=1080 host=host'
p 'socks5://us%3Aer:pass@host:1080' 'name=socks5://us%3Aer:pass@host port=1080 host=host'
p 'socks5://a@b:c@host:1080' 'name=socks5://a@b:c@host port=1080 host=host'
p 'socks5://naïve:pass@héllo:1080' 'name=socks5://naïve:pass@héllo port=1080 host=héllo'
# a lone ':' must not underflow the backward scan
p ':' 'name= port=8080 host= kind=http'
p ':' 'name= port=8080 host='

View File

@@ -1,93 +0,0 @@
#!/bin/bash
#
# A crawl through a proxy must never resolve or dial the origin itself: the proxy
# does that. A dead proxy + a multi-address origin used to fall back to dialing
# the origin direct (bypassing the proxy, leaking its DNS and IP). The decoy
# origin here must therefore receive nothing.
set -euo pipefail
: "${top_srcdir:=..}"
# shellcheck source=tests/testlib.sh
. "$top_srcdir/tests/testlib.sh"
if test "${V6_SUPPORT:-}" == "no"; then
echo "no IPv6 support (resolver override compiled out), skipping"
exit 77
fi
python=$(find_python) || {
echo "python3 missing, skipping"
exit 77
}
server=$(nativepath "$top_srcdir/tests/local-server.py")
root=$(nativepath "$top_srcdir/tests/server-root")
tmpdir=$(mktemp -d)
serverpid=
cleanup() {
stop_server "$serverpid"
rm -rf "$tmpdir"
return 0
}
trap cleanup EXIT
# decoy origin: it must stay silent. LOCAL_SERVER_VERBOSE logs any request it gets.
LOCAL_SERVER_VERBOSE=1 "$python" "$server" --root "$root" --bind 127.0.0.1 \
>"$tmpdir/srv.out" 2>"$tmpdir/srv.err" &
serverpid=$!
port=
for _ in $(seq 1 50); do
line=$(head -n1 "$tmpdir/srv.out" 2>/dev/null || true)
if test "${line%% *}" == "PORT"; then
port="${line#PORT }"
break
fi
kill -0 "$serverpid" 2>/dev/null || {
echo "server exited early: $(cat "$tmpdir/srv.err")"
exit 1
}
sleep 0.1
done
test -n "$port" || {
echo "could not discover server port"
exit 1
}
# a proxy port nothing listens on: grab a free one and let it close (refuses).
deadproxy=$("$python" -c \
'import socket; s=socket.socket(); s.bind(("127.0.0.1",0)); print(s.getsockname()[1]); s.close()')
# origin resolves to two addresses so a fallback would have a second to dial;
# 127.0.0.1 (the decoy) is the one the old bypass reached.
out="$tmpdir/crawl"
HTTRACK_DEBUG_RESOLVE="decoyhost:127.0.0.2,127.0.0.1" \
httrack "http://decoyhost:$port/simple/basic.html" -O "$out" \
-P "127.0.0.1:$deadproxy" -c1 --robots=0 --timeout=5 --retries=0 --quiet -Z \
>"$tmpdir/log" 2>&1
log="$out/hts-log.txt"
# the origin must have seen no connection (no leak/bypass)
if grep -qE '"(GET|POST|HEAD|CONNECT) ' "$tmpdir/srv.err"; then
echo "FAIL: origin was contacted directly, bypassing the proxy"
cat "$tmpdir/srv.err"
exit 1
fi
# the crawl must fail at the proxy (proves it really tried the proxy, not a no-op)
grep -q 'Connect Error' "$log" || {
echo "FAIL: expected a proxy connect error"
cat "$log"
exit 1
}
# and it must not have tried an origin-address fallback under the proxy
if grep -q "trying next address" "$log"; then
echo "FAIL: fell back to an origin address under a proxy"
cat "$log"
exit 1
fi
echo "OK: a dead proxy fails cleanly without dialing the origin"

View File

@@ -1,168 +0,0 @@
#!/bin/bash
#
# Issue #564: plain http through a CONNECT-only proxy (tor HTTPTunnelPort). With
# a "connect://" proxy httrack must open a CONNECT tunnel to the origin and send
# the request origin-form, like https already does, instead of the absolute-URI
# form a CONNECT-only proxy rejects. Fully local: a plain-http origin behind a
# proxy that answers CONNECT and 501s everything else.
set -euo pipefail
: "${top_srcdir:=..}"
# shellcheck source=tests/testlib.sh
. "$top_srcdir/tests/testlib.sh"
python=$(find_python) || python=
if test -z "$python"; then
echo "python3 missing, skipping"
exit 77
fi
server=$(nativepath "$top_srcdir/tests/proxy-connect-server.py")
tmpdir=$(mktemp -d)
pids=
cleanup() {
for pid in $pids; do
stop_server "$pid"
done
rm -rf "$tmpdir"
}
trap cleanup EXIT
# start_server <logdir> <mode>: launches a proxy+origin pair, sets $origin_port
# and $proxy_port from its announced ephemeral ports.
start_server() {
local dir="$1" mode="$2" ports
mkdir -p "$dir"
ports="$dir/ports.txt"
dir_native=$(nativepath "$dir")
: >"$ports"
"$python" "$server" "$dir_native" "$mode" \
>"$ports" 2>"$dir/server.err" &
pids="$pids $!"
for _ in $(seq 1 100); do
grep -q "^ready" "$ports" 2>/dev/null && break
sleep 0.1
done
grep -q "^ready" "$ports" 2>/dev/null || {
echo "server ($mode) did not start" >&2
cat "$dir/server.err" >&2
exit 1
}
origin_port=$(awk '/^ORIGIN/{print $2}' "$ports")
proxy_port=$(awk '/^PROXY/{print $2}' "$ports")
}
# Kill httrack after a deadline so a hang surfaces as $HANG_RC, not a stalled job
# (a portable stand-in for `timeout`, which macOS lacks).
HANG_RC=137 # 128 + SIGKILL
run_crawl() {
local out="$1" proxy="$2" url="${4:-http://127.0.0.1:${3}/}"
rm -rf "$out"
httrack "$url" --proxy "$proxy" \
-O "$out" -r1 -s0 --timeout=10 >"$out.log" 2>&1 &
local pid=$!
(sleep 60 && kill -9 "$pid" 2>/dev/null) &
local guard=$!
local rc=0
wait "$pid" 2>/dev/null || rc=$?
kill "$guard" 2>/dev/null || true
wait "$guard" 2>/dev/null || true
return "$rc"
}
# --- working proxy ----------------------------------------------------------
ok="$tmpdir/ok"
start_server "$ok" ok
# 1. page fetched through a CONNECT tunnel, request delivered origin-form
run_crawl "$ok/out" "connect://127.0.0.1:${proxy_port}" "$origin_port"
grep -rq "ORIGIN-PAGE-564" "$ok/out" || {
echo "FAIL: origin page not downloaded through the CONNECT tunnel" >&2
cat "$ok/out.log" >&2
exit 1
}
grep -q "^CONNECT 127.0.0.1:${origin_port} " "$ok/proxy.log" || {
echo "FAIL: proxy never received a CONNECT for the plain-http origin" >&2
cat "$ok/proxy.log" >&2
exit 1
}
grep -q "^GET / HTTP/1" "$ok/origin-headers.log" || {
echo "FAIL: origin did not see an origin-form request line" >&2
cat "$ok/origin-headers.log" >&2
exit 1
}
if grep -q "^GET http://" "$ok/origin-headers.log"; then
echo "FAIL: absolute-URI request leaked through the tunnel to the origin" >&2
exit 1
fi
echo "OK: plain http tunneled origin-form through CONNECT"
# 2. default CONNECT port follows the origin scheme: a portless http origin
# tunnels to :80 (not the https :443). Nothing serves :80 here so the fetch
# fails; only the CONNECT target port is asserted. Reverting to a hardcoded 443
# makes this log ":443" and fail.
: >"$ok/proxy.log"
run_crawl "$ok/out_port" "connect://127.0.0.1:${proxy_port}" "" "http://127.0.0.1/" || true
grep -q "^CONNECT 127.0.0.1:80 " "$ok/proxy.log" || {
echo "FAIL: portless http origin did not CONNECT to the default port 80" >&2
cat "$ok/proxy.log" >&2
exit 1
}
echo "OK: portless http origin tunnels to the default port 80"
# 3. teeth: without connect://, httrack sends the absolute-URI form, which the
# CONNECT-only proxy rejects (501) -> nothing fetched. Proves the scheme is what
# flips the behavior and that the proxy really is CONNECT-only.
: >"$ok/proxy.log"
: >"$ok/origin-headers.log"
run_crawl "$ok/out_plain" "127.0.0.1:${proxy_port}" "$origin_port" || true
grep -rq "ORIGIN-PAGE-564" "$ok/out_plain" && {
echo "FAIL: absolute-URI form unexpectedly fetched through a CONNECT-only proxy" >&2
exit 1
}
grep -q "^GET http://127.0.0.1:${origin_port}/" "$ok/proxy.log" || {
echo "FAIL: a plain proxy should have received an absolute-URI GET" >&2
cat "$ok/proxy.log" >&2
exit 1
}
echo "OK: absolute-URI form (no connect://) rejected by the CONNECT-only proxy"
# 4. authenticated proxy: creds ride the CONNECT, never reach the origin
: >"$ok/proxy.log"
: >"$ok/origin-headers.log"
run_crawl "$ok/out2" "connect://user:secret@127.0.0.1:${proxy_port}" "$origin_port"
grep -rq "ORIGIN-PAGE-564" "$ok/out2" || {
echo "FAIL: origin page not downloaded through the authenticated proxy" >&2
exit 1
}
got=$(awk '/^AUTH Basic /{print $3}' "$ok/proxy.log" | head -1)
# base64("user:secret"); compared literally to stay portable (no base64 -d)
test "$got" == "dXNlcjpzZWNyZXQ=" || {
echo "FAIL: Proxy-Authorization not carried on CONNECT (got '$got')" >&2
cat "$ok/proxy.log" >&2
exit 1
}
if grep -qi "proxy-authorization" "$ok/origin-headers.log"; then
echo "FAIL: proxy credentials leaked to the origin through the tunnel" >&2
exit 1
fi
echo "OK: proxy credentials carried on CONNECT, not leaked to origin"
# --- hostile proxy ----------------------------------------------------------
# A proxy that answers 200 then streams headers forever must not hang the crawl.
flood="$tmpdir/flood"
start_server "$flood" flood
rc=0
run_crawl "$flood/out" "connect://127.0.0.1:${proxy_port}" "$origin_port" || rc=$?
test "$rc" -ne "$HANG_RC" || {
echo "FAIL: crawl hung on a flooding proxy (bounded read missing)" >&2
exit 1
}
grep -rq "ORIGIN-PAGE-564" "$flood/out" 2>/dev/null && {
echo "FAIL: flooding proxy unexpectedly served the page" >&2
exit 1
}
echo "OK: bounded proxy response, no hang on a flooding proxy"

View File

@@ -2,8 +2,7 @@
# explicitly: automake does not expand wildcards in EXTRA_DIST, so a glob would
# silently drop it from the dist tarball and break "make distcheck".
EXTRA_DIST = $(TESTS) crawl-test.sh run-all-tests.sh check-network.sh \
proxy-https-server.py socks5-server.py proxy-connect-server.py \
proxytestlib.py \
proxy-https-server.py socks5-server.py \
local-crawl.sh local-server.py testlib.sh server.crt server.key \
server-root/simple/basic.html server-root/simple/link.html \
server-root/stripquery/index.html server-root/stripquery/a.html \
@@ -133,8 +132,6 @@ TESTS = \
52_local-socks5.test \
53_local-proxytrack-cache-corrupt.test \
54_local-update-truncate-purge.test \
55_local-chunked.test \
56_local-proxy-noleak.test \
57_local-proxy-connect.test
55_local-chunked.test
CLEANFILES = check-network_sh.cache

View File

@@ -1,33 +0,0 @@
#!/usr/bin/env python3
"""Local CONNECT-only proxy + plain-HTTP origin for the issue #564 test.
Models a tor HTTPTunnelPort: an HTTP proxy that honours CONNECT and rejects
every other method with 501 (the classic absolute-URI form a normal HTTP proxy
accepts). Fronting it is a plain-HTTP origin. The proxy logs each request line
(and any Proxy-Authorization); the origin logs its request line and headers.
That lets the test assert a plain-http crawl tunneled through CONNECT, arrived
origin-form (not "GET http://host/..."), and never leaked proxy credentials.
Proxy modes (argv[2], default "ok"):
ok - honour CONNECT and tunnel to the origin
flood - answer 200 then stream headers forever with no blank line, to exercise
the client's bound on the proxy response (must not hang the crawl)
Usage: proxy-connect-server.py <logdir> [mode]
Prints "ORIGIN <port>", "PROXY <port>", then "ready" (one per line) on stdout.
"""
import sys
import proxytestlib
ORIGIN_BODY = b"<html><body>ORIGIN-PAGE-564</body></html>"
def main():
logdir = sys.argv[1]
mode = sys.argv[2] if len(sys.argv) > 2 else "ok"
proxytestlib.serve(logdir, ORIGIN_BODY, 80, mode)
if __name__ == "__main__":
main()

View File

@@ -15,17 +15,138 @@ Proxy modes (argv[3], default "ok"):
Usage: proxy-https-server.py <cert.pem> <logdir> [mode]
Prints "ORIGIN <port>", "PROXY <port>", then "ready" (one per line) on stdout.
"""
import http.server
import os
import socket
import socketserver
import ssl
import sys
import proxytestlib
import threading
ORIGIN_BODY = b"<html><body>ORIGIN-PAGE-85</body></html>"
PROXY_LOG = "proxy.log"
ORIGIN_LOG = "origin-headers.log"
def make_origin(logdir):
class Origin(http.server.BaseHTTPRequestHandler):
def do_GET(self):
with open(os.path.join(logdir, ORIGIN_LOG), "a") as handle:
for key in self.headers.keys():
handle.write(key + "\n")
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.send_header("Content-Length", str(len(ORIGIN_BODY)))
self.end_headers()
self.wfile.write(ORIGIN_BODY)
def log_message(self, *args):
pass
return Origin
def start_origin(certfile, logdir):
httpd = socketserver.TCPServer(("127.0.0.1", 0), make_origin(logdir))
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ctx.load_cert_chain(certfile)
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
port = httpd.socket.getsockname()[1]
threading.Thread(target=httpd.serve_forever, daemon=True).start()
return port
def pipe(src, dst):
try:
while True:
data = src.recv(65536)
if not data:
break
dst.sendall(data)
except OSError:
pass
finally:
for sock in (src, dst):
try:
sock.shutdown(socket.SHUT_RDWR)
except OSError:
pass
def handle_client(conn, logdir, mode):
rfile = conn.makefile("rb")
request_line = rfile.readline().decode("latin-1").strip()
auth = None
while True:
line = rfile.readline().decode("latin-1")
if line in ("\r\n", "\n", ""):
break
key, _, value = line.partition(":")
if key.strip().lower() == "proxy-authorization":
auth = value.strip()
with open(os.path.join(logdir, PROXY_LOG), "a") as handle:
handle.write(request_line + "\n")
if auth is not None:
handle.write("AUTH " + auth + "\n")
parts = request_line.split()
if not (len(parts) >= 2 and parts[0] == "CONNECT"):
conn.sendall(b"HTTP/1.0 501 Not Implemented\r\n\r\n")
conn.close()
return
if mode == "flood":
# 200, then an endless header stream with no terminating blank line: the
# client must bound this and give up, not hang.
try:
conn.sendall(b"HTTP/1.0 200 Connection established\r\n")
while True:
conn.sendall(b"X-Pad: 0123456789\r\n")
except OSError:
pass
conn.close()
return
host, _, port = parts[1].partition(":")
try:
upstream = socket.create_connection((host, int(port or 443)))
except OSError:
conn.sendall(b"HTTP/1.0 502 Bad Gateway\r\n\r\n")
conn.close()
return
conn.sendall(b"HTTP/1.0 200 Connection established\r\n\r\n")
threading.Thread(target=pipe, args=(conn, upstream), daemon=True).start()
pipe(upstream, conn)
def start_proxy(logdir, mode):
srv = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
srv.bind(("127.0.0.1", 0))
srv.listen(16)
port = srv.getsockname()[1]
def serve():
while True:
conn, _ = srv.accept()
threading.Thread(
target=handle_client, args=(conn, logdir, mode), daemon=True
).start()
threading.Thread(target=serve, daemon=True).start()
return port
def main():
certfile, logdir = sys.argv[1], sys.argv[2]
mode = sys.argv[3] if len(sys.argv) > 3 else "ok"
proxytestlib.serve(logdir, ORIGIN_BODY, 443, mode, certfile=certfile)
for name in (PROXY_LOG, ORIGIN_LOG):
open(os.path.join(logdir, name), "w").close()
origin_port = start_origin(certfile, logdir)
proxy_port = start_proxy(logdir, mode)
# Keep the port lines the caller parses LF: Windows would emit \r\n.
sys.stdout.reconfigure(newline="\n")
print("ORIGIN %d" % origin_port, flush=True)
print("PROXY %d" % proxy_port, flush=True)
print("ready", flush=True)
threading.Event().wait()
if __name__ == "__main__":

View File

@@ -1,146 +0,0 @@
#!/usr/bin/env python3
"""Shared helpers for the local proxy test servers.
A CONNECT proxy in front of an origin, as used by proxy-https-server.py (TLS
origin, #85) and proxy-connect-server.py (plain origin, #564). socks5-server.py
reuses the relay only; its origin is specialised for keep-alive reuse.
Importable because Python puts the running script's directory on sys.path.
"""
import http.server
import os
import socket
import socketserver
import ssl
import sys
import threading
PROXY_LOG = "proxy.log"
ORIGIN_LOG = "origin-headers.log"
def pipe(src, dst):
"""Relay bytes one way until EOF, then tear both ends down."""
try:
while True:
data = src.recv(65536)
if not data:
break
dst.sendall(data)
except OSError:
pass
finally:
for sock in (src, dst):
try:
sock.shutdown(socket.SHUT_RDWR)
except OSError:
pass
def make_origin(logdir, body):
class Origin(http.server.BaseHTTPRequestHandler):
def do_GET(self):
# the request line proves origin-form vs absolute-URI (#564)
with open(os.path.join(logdir, ORIGIN_LOG), "a") as handle:
handle.write(self.requestline + "\n")
for key in self.headers.keys():
handle.write(key + "\n")
self.send_response(200)
self.send_header("Content-Type", "text/html")
self.send_header("Content-Length", str(len(body)))
self.end_headers()
self.wfile.write(body)
def log_message(self, *args):
pass
return Origin
def start_origin(logdir, body, certfile=None):
"""Serve body on an ephemeral port, over TLS when certfile is given."""
httpd = socketserver.TCPServer(("127.0.0.1", 0), make_origin(logdir, body))
if certfile is not None:
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ctx.load_cert_chain(certfile)
httpd.socket = ctx.wrap_socket(httpd.socket, server_side=True)
port = httpd.socket.getsockname()[1]
threading.Thread(target=httpd.serve_forever, daemon=True).start()
return port
def handle_client(conn, logdir, mode, default_port):
rfile = conn.makefile("rb")
request_line = rfile.readline().decode("latin-1").strip()
auth = None
while True:
line = rfile.readline().decode("latin-1")
if line in ("\r\n", "\n", ""):
break
key, _, value = line.partition(":")
if key.strip().lower() == "proxy-authorization":
auth = value.strip()
with open(os.path.join(logdir, PROXY_LOG), "a") as handle:
handle.write(request_line + "\n")
if auth is not None:
handle.write("AUTH " + auth + "\n")
parts = request_line.split()
# CONNECT-only: reject the classic absolute-URI form a normal proxy accepts
if not (len(parts) >= 2 and parts[0] == "CONNECT"):
conn.sendall(b"HTTP/1.0 501 Not Implemented\r\n\r\n")
conn.close()
return
if mode == "flood":
# 200, then endless headers with no blank line: the client must not hang
try:
conn.sendall(b"HTTP/1.0 200 Connection established\r\n")
while True:
conn.sendall(b"X-Pad: 0123456789\r\n")
except OSError:
pass
conn.close()
return
host, _, port = parts[1].partition(":")
try:
# default_port only backstops a portless CONNECT; httrack sends host:port
upstream = socket.create_connection((host, int(port or default_port)))
except OSError:
conn.sendall(b"HTTP/1.0 502 Bad Gateway\r\n\r\n")
conn.close()
return
conn.sendall(b"HTTP/1.0 200 Connection established\r\n\r\n")
threading.Thread(target=pipe, args=(conn, upstream), daemon=True).start()
pipe(upstream, conn)
def start_proxy(logdir, mode, default_port):
srv = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
srv.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
srv.bind(("127.0.0.1", 0))
srv.listen(16)
port = srv.getsockname()[1]
def accept_loop():
while True:
conn, _ = srv.accept()
threading.Thread(
target=handle_client,
args=(conn, logdir, mode, default_port),
daemon=True,
).start()
threading.Thread(target=accept_loop, daemon=True).start()
return port
def serve(logdir, origin_body, default_port, mode="ok", certfile=None):
"""Start the origin+proxy pair, announce both ports, then block forever."""
for name in (PROXY_LOG, ORIGIN_LOG):
open(os.path.join(logdir, name), "w").close()
origin_port = start_origin(logdir, origin_body, certfile)
proxy_port = start_proxy(logdir, mode, default_port)
# Keep the port lines the caller parses LF: Windows would emit \r\n.
sys.stdout.reconfigure(newline="\n")
print("ORIGIN %d" % origin_port, flush=True)
print("PROXY %d" % proxy_port, flush=True)
print("ready", flush=True)
threading.Event().wait()

View File

@@ -16,8 +16,6 @@ import struct
import sys
import threading
from proxytestlib import pipe
# The one name the proxy answers for; a .invalid TLD never resolves (RFC 6761),
# so a locally-resolving client could not reach us -- success proves remote DNS.
REMOTE_HOST = b"socks-origin.invalid"
@@ -87,6 +85,23 @@ def recvn(conn, n):
return buf
def pipe(src, dst):
try:
while True:
data = src.recv(65536)
if not data:
break
dst.sendall(data)
except OSError:
pass
finally:
for sock in (src, dst):
try:
sock.shutdown(socket.SHUT_RDWR)
except OSError:
pass
def log(logdir, line):
with open(os.path.join(logdir, SOCKS_LOG), "a") as handle:
handle.write(line + "\n")