Re: [tor-dev] Using ScrambleSuit with something other than Tor - tor-dev

11 Jul 2014


      Hi Yuhao,
On Fri, Jul 11, 2014 at 08:20:25PM +0800, Yuhao Dong wrote:
...
I'm Yuhao Dong (undergrad student at University of Waterloo) and I'm
currently doing research on, surprise, my own traffic obfuscation
system.
Cool!  I'm in Toronto until the middle of August -- in case you are back
until then and want to meet up in person.
...
I'd like to compare it to ScrambleSuit; however I am
currently on break in China. It is going to be really hard to set up
Tor in a way that works; besides, I am using a test suite that
transmits specially-shaped traffic over HTTP. I would like to be
able to see what happens if I apply ScrambleSuit to that traffic
instead of Tor.
That sounds good.  Given Tor's high variance in latency and throughput,
it's more effective to compare the performance of pluggable transports
without Tor, in a LAN setting.
...
Is there a way to build a generic ScrambleSuit SOCKS5 proxy? In
other words, it would be awesome if I could set up two servers on my
LAN:
web browsing client <-SOCKS-> first LAN server <-ScrambleSuit->
second LAN server <-> Internet
so that arbitrary traffic can be tunneled through ScrambleSuit, and
I can do packet analysis on the ScrambleSuit link.
I understand that Tor's "pluggable transport" system uses SOCKS5
underneath; however the spec seems very vague on how to precisely
get that local SOCKS5 address. How can I use ScrambleSuit in the way
I described, to encapsulate something other than Tor?
It sounds like you basically want to have obfsproxy with ScrambleSuit on
both your LAN servers.
The first LAN server could be started like this:
  python /path/to/obfsproxy \
          --log-min-severity=debug \
          --data-dir=/tmp/scramblesuit-client \
          scramblesuit \
          --password=BANANASAPPLESCOCONUTSPEACHESEGGS  \
          --dest SECOND_LAN_SERVER:50000 \
          client 0.0.0.0:1080
The second LAN server could be started like this:
  python /path/to/obfsproxy \
          --log-min-severity=debug \
          --data-dir=/tmp/scramblesuit-server \
          scramblesuit \
          --password=BANANASAPPLESCOCONUTSPEACHESEGGS \
          --dest SOCKS_PROXY:1234 \
          server 0.0.0.0:50000
SOCKS_PROXY can be Tor or an arbitrary SOCKS proxy which allows direct
connections to your Internet link.
You can then configure arbitrary applications to use the SOCKS5 proxy
running on your first LAN server.
Hope that helps,
Philipp