commit e1a825f7b27fd315d897dab5c0010388fc7ba4c2 Author: George Kadianakis desnacked@gmail.com Date: Fri Jul 22 20:53:06 2011 +0200
Make tor-obfs-howto.txt a bit more user-friendly. --- doc/tor-obfs-howto.txt | 134 +++++++++++++++++++++++++----------------------- 1 files changed, 69 insertions(+), 65 deletions(-)
diff --git a/doc/tor-obfs-howto.txt b/doc/tor-obfs-howto.txt index ed8ba72..324a98c 100644 --- a/doc/tor-obfs-howto.txt +++ b/doc/tor-obfs-howto.txt @@ -1,101 +1,105 @@ -How to set up Tor with Obfsproxy +How to set up Tor with obfsproxy ================================
- Preliminaries: + Instructions:
-This isn't the final interface--we should make it much easier. + "I AM A CENSORED FELLOW"
-This is experimental code--if it breaks, you get to keep both smouldering -pieces. - - - - Ingredients: - -Client side needs: +[1] You will need:
* a copy of obfsproxy: git clone git://git.torproject.org/obfsproxy.git Building it should be easy, just do "./configure && make".
* a copy of Tor that supports the Socks5Proxy option. - The git version should do the trick. + Tor 0.2.2.30 - for example - will work.
-Bridge side needs: +[2] Set up obfsproxy:
-* a copy of obfsproxy: - git clone git://git.torproject.org/obfsproxy.git - Building it should be easy, just do "./configure && make". +This command will setup an obfsproxy client speaking the obfs2 +protocol on localhost:1050:
-* a copy of Tor with BridgeRelay capabilities. - Quite easy to find nowadays. +./obfsproxy obfs2 socks 127.0.0.1:1050
- Port setup: +[3] Set up tor:
-Our port setup will be like this: +You should put in your torrc file: +--- +SocksPort 5000 +UseBridges 1 +Bridge <bridge address>:1051 # This is provided by the bridge operator. +Socks5Proxy 127.0.0.1:1050 # This points to the obfsproxy client. +---
- 1050 1051 - +-----------+ +------------+ - ----| Proxy |-------------| Server |---- - | +-----------+ +------------+ | - | | -+------------+ +--------------+ -| Tor Client | | Tor Bridge | -+------------+ +--------------+ - 5000 5001 +Of course you should substitute the value of the Bridge line above, +with the information provided to you by a bridge operator.
+[4] Done!
+Alright, you are done! +Make sure you have followed the above steps on the correct order: +First launch obfsproxy and then launch tor.
- Setting up obfsproxies: +Now to test it, launch Firefox and set it up to use a Socks server on +127.0.0.1:5000. Now browse the web.
-This command will setup an obfsproxy socks client listening to the -obfs2 protocol on localhost:1050: -./obfsproxy obfs2 socks 127.0.0.1:1050
-This command will setup an obfsproxy server listening to the -obfs2 protocol on localhost:1051: -./obfsproxy obfs2 --dest 127.0.0.1:5001 server 127.0.0.1:1051 + "I AM A BRIDGE OPERATOR THAT WANTS TO HELP CENSORED PEOPLE"
- Setting up Tor: +[1] You will need:
-Let's create .torrc_client and .torrc_bridge. -Warning: I'm only posting the relevant torrc options. +* a copy of obfsproxy: + git clone git://git.torproject.org/obfsproxy.git + Building it should be easy, just do "./configure && make".
-torrc_client: ---- -SocksPort 5000 -UseBridges 1 -Bridge <bridge host>:1051 # This points to the bridge's obfsproxy server. - # You can change <bridge host> to 127.0.0.1 - # for local testing setup. -Socks5Proxy 127.0.0.1:1050 # This points to our obfsproxy client. ---- +* a copy of Tor which can function as a Tor bridge. + +[2] Set up obfsproxy: + +This command will setup an obfsproxy server speaking the obfs2 +protocol on localhost:1051:
-torrc_bridge: +./obfsproxy obfs2 --dest 127.0.0.1:5001 server 127.0.0.1:1051 + +Be sure to pass the value of ORPort of your bridge relay to the --dest +argument (see next section). + +[3] Set up tor: + +You should put in your torrc file: --- -ORPort 5001 # Port where bridge will be listening on. +ORPort 5001 # Port on which bridge will be listening on. BridgeRelay 1 ExitPolicy reject *:* ---
- Bootstrap sequence: +[4] Done! + +Make sure you have followed the above steps on the correct order. +First launch obfsproxy and then launch tor. +You can use any port numbers you want, just be sure to adjust the +torrc and obfsproxy commands accordingly. + +Don't forget that You might need to set up port forwarding.
-Since we are still in PoC state you have to bootstrap the Tors and the -obfsproxies with the correct sequence: +Now you should tell censored people to connect to your IP on port 1051. +So, for example, if your bridge's address is 85.22.13.1, bridge users +should connect to 85.22.13.1:1051. +Pay attention that '1051' is the port where obfsproxy is listening on, +and *not* your bridge's ORPort.
-1. Fire up server obfsproxy. -2. Fire up tor with torrc_bridge. -3. Fire up client obfsproxy. -4. Fire up tor with torrc_client. + Network diagram of the above setup:
- The End +(If you don't understand this drawing, just ignore this section.)
-Now open Firefox on the client side and set it up to use a Socks -server on 127.0.0.1:5000. -Stuff should work now. + 1050 1051 + +-----------+ +------------+ + ----| Proxy |------[internet]------| Server |---- + | +-----------+ +------------+ | + | | ++------------+ +--------------+ +| Tor Client | | Tor Bridge | ++------------+ +--------------+ + 5000 5001
-If you were smart enough to open wireshark and sniff the traffic -before doing all the above, you would notice that the TLS handshake -was not carried out plaintext, effectively obfuscating your Tor -experience. Yes.