[tor-bugs] #24432 [Obfuscation/BridgeDB]: The meek<->moat tunneling isn't set up correctly

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 25 22:19:15 UTC 2018

#24432: The meek<->moat tunneling isn't set up correctly
 Reporter:  isis                  |          Owner:  isis
     Type:  defect                |         Status:  reopened
 Priority:  High                  |      Milestone:
Component:  Obfuscation/BridgeDB  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:  moat bridgedb-dist    |  Actual Points:
Parent ID:  #24689                |         Points:  2
 Reviewer:                        |        Sponsor:  SponsorM
Changes (by mcs):

 * status:  closed => reopened
 * resolution:  fixed =>


 I am reopening now because I have steps to reproduce the Problem 1 that I
 mentioned in comment:10 (and I could still use a response for Problem 2 as
 well). I do not know if Problem 1 is caused by a problem in the meek
 implementation, a problem with the domain fronting setup, or a problem in
 BridgeDB... but we are stuck by it. We have reproduced the problem on
 macOS and Linux. Here are the steps:
 1. Build meek-client from the dcf's bug24642 branch.
 2. Start a standalone copy of the meek-client you built in step 1 and make
 note of which TCP port it is listening on: ./meek-client -url https://tor-
 bridges-hyphae-channel.appspot.com -front www.google.com
 3. Start Tor Browser 8.0a1 and let it connect directly to Tor.
 4. Open about:addons and disable all add-ons.
 5. Restart Tor Browser.
 6. Open about:config again and set network.proxy.socks.port to the port
 that the meek-client is listening on.
 7. Enter https://bridges.torproject.org/moat/fetch in the URL bar.

 Expected result: a 405 Method Now Allowed error page from BridgeDB
 (because GET is not supported for /moat/fetch)

 Actual result: "Unable to connect" error.

 Bonus step: set network.proxy.socks.port to 10000 in Tor Browser and
 reload the page after starting a copy of socat:
   socat -v -v TCP-LISTEN:10000,fork,reuseaddr TCP-CONNECT:127.0.0:<meek-
 (replace <meek-port> with the port that your meek-client is listening on).
 In my experience, this will work: the 405 error page is correctly returned
 to Tor Browser.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24432#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list