tor: use random credentials for circuit isolation

2025-12-25 19:18:25 +01:00
parent 9ba965c87f
commit 68e8b88afa
2 changed files with 26 additions and 5 deletions
--- a/fetch.py
+++ b/fetch.py
@@ -1,4 +1,4 @@
-import re, random, time
+import re, random, time, string
 import threading
 import rocksock
 import network_stats
@@ -7,6 +7,14 @@ from soup_parser import soupify
 from misc import _log

 config = None
+
+
+def tor_proxy_url(torhost):
+    """Generate Tor SOCKS5 proxy URL with random credentials for circuit isolation."""
+    chars = string.ascii_lowercase + string.digits
+    user = ''.join(random.choice(chars) for _ in range(8))
+    passwd = ''.join(random.choice(chars) for _ in range(8))
+    return 'socks5://%s:%s@%s' % (user, passwd, torhost)
 _last_fail_log = 0
 _fail_log_interval = 60

@@ -58,7 +66,7 @@ def _fetch_contents(url, head = False, proxy=None):
    http = None
    try:
        while True:
-            proxies = [rocksock.RocksockProxyFromURL('socks4://%s' % random.choice( config.torhosts ))]
+            proxies = [rocksock.RocksockProxyFromURL(tor_proxy_url(random.choice(config.torhosts)))]
            if proxy: proxies.append( rocksock.RocksockProxyFromURL(proxy))

            http = RsHttp(host,ssl=ssl,port=port, keep_alive=True, timeout=config.ppf.timeout, max_tries=config.ppf.http_retries, follow_redirects=True, auto_set_cookies=True, proxies=proxies, user_agent='Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0', log_errors=False)
--- a/proxywatchd.py
+++ b/proxywatchd.py
@@ -667,6 +667,19 @@ def try_div(a, b):
    return 0


+def tor_proxy_url(torhost):
+    """Generate Tor SOCKS5 proxy URL with random credentials for circuit isolation.
+
+    Tor treats different username:password as separate streams, using different
+    circuits. This ensures each connection gets a fresh circuit.
+    """
+    # 8 random alphanumeric chars for user and pass
+    chars = string.ascii_lowercase + string.digits
+    user = ''.join(random.choice(chars) for _ in range(8))
+    passwd = ''.join(random.choice(chars) for _ in range(8))
+    return 'socks5://%s:%s@%s' % (user, passwd, torhost)
+
+
 class MITMCertStats(object):
    """Track MITM certificate statistics."""

@@ -834,7 +847,7 @@ def get_mitm_certificate(proxy_ip, proxy_port, proto, torhost, target_host, targ
    """
    try:
        proxies = [
-            rocksock.RocksockProxyFromURL('socks5://%s' % torhost),
+            rocksock.RocksockProxyFromURL(tor_proxy_url(torhost)),
            rocksock.RocksockProxyFromURL('%s://%s:%s' % (proto, proxy_ip, proxy_port)),
        ]

@@ -1375,7 +1388,7 @@ class TargetTestJob():

            duration = time.time()
            proxies = [
-                rocksock.RocksockProxyFromURL('socks5://%s' % torhost),
+                rocksock.RocksockProxyFromURL(tor_proxy_url(torhost)),
                rocksock.RocksockProxyFromURL('%s://%s:%s' % (proto, ps.ip, ps.port)),
            ]

@@ -1473,7 +1486,7 @@ class TargetTestJob():
                    try:
                        http_port = 80
                        http_proxies = [
-                            rocksock.RocksockProxyFromURL('socks5://%s' % torhost),
+                            rocksock.RocksockProxyFromURL(tor_proxy_url(torhost)),
                            rocksock.RocksockProxyFromURL('%s://%s:%s' % (proto, ps.ip, ps.port)),
                        ]
                        http_sock = rocksock.Rocksock(host=connect_host, port=http_port, ssl=0,