Hello all,
Due to a moment of surprising productivity, I have a release candidate of obfsclient available now. For those of you that missed the last thread regarding this, it is a C++11 client implementation of obfs2, obfs3, and ScrambleSuit that works as a drop in replacement for obfsproxy.
Notable changes since the last time I posted: * ScrambleSuit code is now up to spec. * Packet length and Inter-packet Arrival Times are randomized. * Session Ticket Handshake is supported. * obfsclient will give up on handshaking after 60 seconds. * Needed because obfsproxy servers do not close the connection for certain protocols. * SIGINT is hooked and handled per the pt spec. * Some dumb bugs were fixed.
Places where obfsclient behaves differently from obfsproxy: * Current production obfsproxy releases disable Scramblesuit IAT obfuscation. obfsclient also uses slightly different logic for sending with it enabled. (May change for final release) * WELL512 is used instead of MT for the ScrambleSuit packet length obfuscation. * obfsclient gives up when the handshaking stalls. * The SOCKS5 response is sent post obfuscation protocol handshake instead of before. * obfsclient uses SOCKS5 instead of SOCKS4. * The ScrambleSuit Session Ticket store is a plain text file.
Things that are not bugs: * ScrambleSuit requires the client side tor to be 0.2.5.x. * The code will not build if the compiler is from the stone age.
To what I assume will be a sigh of relief from Fabian, I tested on FreeBSD as well this time. The systems used for testing are in the release notes.
Where: https://github.com/Yawning/obfsclient/releases/tag/v0.0.1-rc1
Thanks in advance,
Yawning Angel yawning@schwanenlied.me wrote:
Due to a moment of surprising productivity, I have a release candidate of obfsclient available now. For those of you that missed the last thread regarding this, it is a C++11 client implementation of obfs2, obfs3, and ScrambleSuit that works as a drop in replacement for obfsproxy.
[...]
To what I assume will be a sigh of relief from Fabian, I tested on FreeBSD as well this time. The systems used for testing are in the release notes.
Where: https://github.com/Yawning/obfsclient/releases/tag/v0.0.1-rc1
Also building fine on the various FreeBSD releases supported by Redports: https://redports.org/buildarchive/20140227100527-33378/
As I'm not human enough to solve the BridgeDB captures I haven't actually tested it yet.
Fabian
On Thu, Feb 27, 2014 at 12:50:35PM +0100, Fabian Keil wrote:
Yawning Angel yawning@schwanenlied.me wrote:
Due to a moment of surprising productivity, I have a release candidate of obfsclient available now. For those of you that missed the last thread regarding this, it is a C++11 client implementation of obfs2, obfs3, and ScrambleSuit that works as a drop in replacement for obfsproxy.
[...]
To what I assume will be a sigh of relief from Fabian, I tested on FreeBSD as well this time. The systems used for testing are in the release notes.
Where: https://github.com/Yawning/obfsclient/releases/tag/v0.0.1-rc1
Also building fine on the various FreeBSD releases supported by Redports: https://redports.org/buildarchive/20140227100527-33378/
As I'm not human enough to solve the BridgeDB captures I haven't actually tested it yet.
You can use one of the bridges from https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#Howdo....
David Fifield
David Fifield david@bamsoftware.com wrote:
On Thu, Feb 27, 2014 at 12:50:35PM +0100, Fabian Keil wrote:
Yawning Angel yawning@schwanenlied.me wrote:
Where: https://github.com/Yawning/obfsclient/releases/tag/v0.0.1-rc1
Also building fine on the various FreeBSD releases supported by Redports: https://redports.org/buildarchive/20140227100527-33378/
As I'm not human enough to solve the BridgeDB captures I haven't actually tested it yet.
You can use one of the bridges from https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#Howdo....
Thanks for the tip. Using obfs2 and obfs3 bridges seems to work as expected.
Fabian
Hello all,
I have a new release candidate of obfsclient available now.
Notable changes since 0.0.1rc1: * Use OpenSSL's CSPRNG instead of arc4random rng from libevent * Use a CTR_DRBG instead of WELL512 * ScrambleSuit session tickets saved to disk also include a timestamp * ScrambleSuit is better about discarding handshake data for sessions that authenticate * ScrambleSuit IAT obfuscation is disabled by default (--enable-scramblesuit-iat) * The SOCKS5 TTL Expired code is sent when the handshake takes too long instead of abruptly closing the session * The Base32 decoder now accepts lower case input, and also will attempt to correct commonly mistyped characters (0,1,8) * Fixed a bug which would cause rare assertion when using obfs2
Known issues: * ScrambleSuit session ticket handshakes vs some of the bridges out there will fail (not a obfsclient bug). I believe the bridge that phw posted to tor-talk is running updated code with this issue fixed.
Assuming nothing is broken, this will most likely become v0.0.1, though I may end up disabling Session Ticket handshakes.
Where: https://github.com/Yawning/obfsclient/releases/tag/v0.0.1-rc2
Questions, comments, feedback appreciated!