NSA XKeyScore Source Code [+]

SUBMITTED BY: Guest

DATE: July 9, 2014, 1:57 a.m.

FORMAT: Text only

SIZE: 4.1 kB

Raw Download

HITS: 785

Report
  1. #############################################################################
  3. // START_DEFINITION
  4. /*
  5. The fingerprint identifies sessions visiting the Tor Project website from
  6. non-fvey countries.
  7. */
  8. fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
  9. and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ'));
  10. // END_DEFINITION
  13. // START_DEFINITION
  14. /*
  15. These variables define terms and websites relating to the TAILs (The Amnesic
  16. Incognito Live System) software program, a comsec mechanism advocated by
  17. extremists on extremist forums.
  18. */
  20. $TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux'
  21. or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
  22. $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
  23. // END_DEFINITION
  25. // START_DEFINITION
  26. /*
  27. This fingerprint identifies users searching for the TAILs (The Amnesic
  28. Incognito Live System) software program, viewing documents relating to TAILs,
  29. or viewing websites that detail TAILs.
  30. */
  31. fingerprint('ct_mo/TAILS')=
  32. fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or
  33. url($TAILS_websites) or html_title($TAILS_websites);
  34. // END_DEFINITION
  37. // START_DEFINITION
  38. requires grammar version 5
  39. /**
  40. * Aggregate Tor hidden service addresses seen in raw traffic.
  41. */
  42. mapreduce::plugin('anonymizer/tor/plugin/onion') =
  43. immediate_keyword(/(?:([a-z]+):\/\/){0,1}([a-z2-7]{16})\.onion(?::(\d+)){0,1}/c : c++
  44. includes: {{
  45. #include <boost/lexical_cast.hpp>
  46. }}
  47. proto: {{
  48. message onion_t {
  49. required string address = 1;
  50. optional string scheme = 2;
  51. optional string port = 3;
  52. }
  53. }}
  54. mapper<onion_t>: {{
  55. static const std::string prefix = "anonymizer/tor/hiddenservice/address/";
  57. onion_t onion;
  58. size_t matches = cur_args()->matches.size();
  59. for (size_t pos=0; pos < matches; ++pos) {
  60. const std::string &value = match(pos);
  61. if (value.size() == 16)
  62. onion.set_address(value);
  63. else if(!onion.has_scheme())
  64. onion.set_scheme(value);
  65. else
  66. onion.set_port(value);
  67. }
  69. if (!onion.has_address())
  70. return false;
  72. MAPPER.map(onion.address(), onion);
  73. xks::fire_fingerprint(prefix + onion.address());
  74. return true;
  75. }}
  76. reducer<onion_t>: {{
  77. for (values_t::const_iterator iter = VALUES.begin();
  78. iter != VALUES.end();
  79. ++iter) {
  80. DB["tor_onion_survey"]["onion_address"] = iter->address() + ".onion";
  81. if (iter->has_scheme())
  82. DB["tor_onion_survey"]["onion_scheme"] = iter->scheme();
  83. if (iter->has_port())
  84. DB["tor_onion_survey"]["onion_port"] = iter->port();
  85. DB["tor_onion_survey"]["onion_count"] = boost::lexical_cast<std::string>(TOTAL_VALUE_COUNT);
  86. DB.apply();
  87. DB.clear();
  88. }
  89. return true;
  90. }});
  92. /**
  93. * Placeholder fingerprint for Tor hidden service addresses.
  94. * Real fingerpritns will be fired by the plugins
  95. * 'anonymizer/tor/plugin/onion/*'
  96. */
  97. fingerprint('anonymizer/tor/hiddenservice/address') = nil;
  98. // END_DEFINITION
  101. // START_DEFINITION
  102. appid('anonymizer/mailer/mixminion', 3.0, viewer=$ascii_viewer) =
  103. http_host('mixminion') or
  104. ip('128.31.0.34');
  105. // END_DEFINITION
comments powered by Disqus