Anonsec- XKEY source code[NSA]

1.  
2.  
3. // START_DEFINITION
4. /*
5. The fingerprint identifies sessions visiting the Tor Project website from
6. non-fvey countries.
7. */
8. fingerprint('anonymizer/tor/torpoject_visit')=http_host('www.torproject.org')
9. and not(xff_cc('US' OR 'GB' OR 'CA' OR 'AU' OR 'NZ'));
10. // END_DEFINITION
11.  
12.  
13. // START_DEFINITION
14. /*
15. These variables define terms and websites relating to the TAILs (The Amnesic
16. Incognito Live System) software program, a comsec mechanism advocated by
17. extremists on extremist forums.
18. */
19.  
20. $TAILS_terms=word('tails' or 'Amnesiac Incognito Live System') and word('linux'
21. or ' USB ' or ' CD ' or 'secure desktop' or ' IRC ' or 'truecrypt' or ' tor ');
22. $TAILS_websites=('tails.boum.org/') or ('linuxjournal.com/content/linux*');
23. // END_DEFINITION
24.  
25. // START_DEFINITION
26. /*
27. This fingerprint identifies users searching for the TAILs (The Amnesic
28. Incognito Live System) software program, viewing documents relating to TAILs,
29. or viewing websites that detail TAILs.
30. */
31. fingerprint('ct_mo/TAILS')=
32. fingerprint('documents/comsec/tails_doc') or web_search($TAILS_terms) or
33. url($TAILS_websites) or html_title($TAILS_websites);
34. // END_DEFINITION
35.  
36.  
37. // START_DEFINITION
38. requires grammar version 5
39. /**
40. * Aggregate Tor hidden service addresses seen in raw traffic.
41. */
42. mapreduce::plugin('anonymizer/tor/plugin/onion') =
43. immediate_keyword(/(?:([a-z]+):\/\/){0,1}([a-z2-7]{16})\.onion(?::(\d+)){0,1}/c : c++
44. includes: {{
45. #include <boost/lexical_cast.hpp>
46. }}
47. proto: {{
48. message onion_t {
49. required string address = 1;
50. optional string scheme = 2;
51. optional string port = 3;
52. }
53. }}
54. mapper<onion_t>: {{
55. static const std::string prefix = "anonymizer/tor/hiddenservice/address/";
56.  
57. onion_t onion;
58. size_t matches = cur_args()->matches.size();
59. for (size_t pos=0; pos < matches; ++pos) {
60. const std::string &value = match(pos);
61. if (value.size() == 16)
62. onion.set_address(value);
63. else if(!onion.has_scheme())
64. onion.set_scheme(value);
65. else
66. onion.set_port(value);
67. }
68.  
69. if (!onion.has_address())
70. return false;
71.  
72. MAPPER.map(onion.address(), onion);
73. xks::fire_fingerprint(prefix + onion.address());
74. return true;
75. }}
76. reducer<onion_t>: {{
77. for (values_t::const_iterator iter = VALUES.begin();
78. iter != VALUES.end();
79. ++iter) {
80. DB["tor_onion_survey"]["onion_address"] = iter->address() + ".onion";
81. if (iter->has_scheme())
82. DB["tor_onion_survey"]["onion_scheme"] = iter->scheme();
83. if (iter->has_port())
84. DB["tor_onion_survey"]["onion_port"] = iter->port();
85. DB["tor_onion_survey"]["onion_count"] = boost::lexical_cast<std::string>(TOTAL_VALUE_COUNT);
86. DB.apply();
87. DB.clear();
88. }
89. return true;
90. }});
91.  
92. /**
93. * Placeholder fingerprint for Tor hidden service addresses.
94. * Real fingerpritns will be fired by the plugins
95. * 'anonymizer/tor/plugin/onion/*'
96. */
97. fingerprint('anonymizer/tor/hiddenservice/address') = nil;
98. // END_DEFINITION
99.  
100.  
101. // START_DEFINITION
102. appid('anonymizer/mailer/mixminion', 3.0, viewer=$ascii_viewer) =
103. http_host('mixminion') or
104. ip('128.31.0.34');
105. // END_DEFINITION