Hi Yuhao, On Fri, Jul 11, 2014 at 08:20:25PM +0800, Yuhao Dong wrote:

I'm Yuhao Dong (undergrad student at University of Waterloo) and I'm currently doing research on, surprise, my own traffic obfuscation system.

Cool! I'm in Toronto until the middle of August -- in case you are back until then and want to meet up in person.

I'd like to compare it to ScrambleSuit; however I am currently on break in China. It is going to be really hard to set up Tor in a way that works; besides, I am using a test suite that transmits specially-shaped traffic over HTTP. I would like to be able to see what happens if I apply ScrambleSuit to that traffic instead of Tor.

That sounds good. Given Tor's high variance in latency and throughput, it's more effective to compare the performance of pluggable transports without Tor, in a LAN setting.

Is there a way to build a generic ScrambleSuit SOCKS5 proxy? In other words, it would be awesome if I could set up two servers on my LAN:

web browsing client <-SOCKS-> first LAN server <-ScrambleSuit-> second LAN server <-> Internet

so that arbitrary traffic can be tunneled through ScrambleSuit, and I can do packet analysis on the ScrambleSuit link.

I understand that Tor's "pluggable transport" system uses SOCKS5 underneath; however the spec seems very vague on how to precisely get that local SOCKS5 address. How can I use ScrambleSuit in the way I described, to encapsulate something other than Tor?

It sounds like you basically want to have obfsproxy with ScrambleSuit on both your LAN servers. The first LAN server could be started like this: python /path/to/obfsproxy \ --log-min-severity=debug \ --data-dir=/tmp/scramblesuit-client \ scramblesuit \ --password=BANANASAPPLESCOCONUTSPEACHESEGGS \ --dest SECOND_LAN_SERVER:50000 \ client 0.0.0.0:1080 The second LAN server could be started like this: python /path/to/obfsproxy \ --log-min-severity=debug \ --data-dir=/tmp/scramblesuit-server \ scramblesuit \ --password=BANANASAPPLESCOCONUTSPEACHESEGGS \ --dest SOCKS_PROXY:1234 \ server 0.0.0.0:50000 SOCKS_PROXY can be Tor or an arbitrary SOCKS proxy which allows direct connections to your Internet link. You can then configure arbitrary applications to use the SOCKS5 proxy running on your first LAN server. Hope that helps, Philipp