[tor-dev] [flashproxy] Not running using gnash

David Fifield david at bamsoftware.com
Fri Dec 23 03:31:59 UTC 2011 

On Thu, Dec 22, 2011 at 03:38:29PM +0100, Okhin wrote:
> Hello,
> 
> I was trying to run flashproxy using gnash following the RTMFP part of
> the tutorial located here:
> https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
> 
> I do not use the gnash-plugin embedded in a browser, but the CLI tool
> gnash packaged with debian (and invoking it like this, as a standard
> user: gnash swfcat.swf -p client=1 -p debug=1

Thank you for testing this and for the thorough report. Unfortunately
I'm not surprised that it doesn't work with Gnash. I don't think Gnash
has some of the features we use, and probably doesn't have RTMFP, which
has only been partially reverse-engineered in another project. Some log
messages suggest this:

> 3338:1] 15:33:34: UNIMPLEMENTED: SWF10 is not fully supported, trying anyway but don't expect it to work
> 3338:2] 15:33:35: DEBUG: This SWF uses AVM2
> 3338:2] 15:33:35: ERROR: This SWF file requires AVM2, which was not enabled at compile time.

RTMFP is only useful for NAT traversal, so if you can enable port
forwarding or something else, don't use it. Personally, I don't
recommend using the RTMFP transport at all, for these reasons:
1. It requires a static third party to assist in NAT traversal. By
   default this is some Adobe server, which is clearly unacceptable. We
   found a way to use our own server, so you at least don't have to
   trust any additional parties, but that server still sits at a static
   address and is trivially blockable, defeating the whole purpose.
2. It requires running Flash on the client, which is not normally
   required when using flash proxies.
3. The fact that normally Flash is run in the browser may encourage
   people to run Flash in their Tor browser, which is a bad idea.

I think you had the right idea in trying to run it with Gnash from the
command line. But if you can avoid using RTMFP, that's what I recommend.

This is how I use flash proxies with port forwarding at home:
	Set up my router to forward port 7000 to my PC.
	sudo iptables -A INPUT --proto tcp --dport 7000 -j ACCEPT
	./connector.py -f tor-facilitator.bamsoftware.com :9001 :7000

David Fifield

More information about the tor-dev mailing list