[tor-dev] [flashproxy] Not running using gnash

David Fifield david at bamsoftware.com
Fri Dec 23 23:39:53 UTC 2011 

On Fri, Dec 23, 2011 at 01:00:01PM -0300, Mauricio Pasquier Juan wrote:
> On Thu, Dec 22, 2011 at 07:31:59PM -0800, David Fifield wrote:
> > On Thu, Dec 22, 2011 at 03:38:29PM +0100, Okhin wrote:
> > > Hello,
> > > 
> > > I was trying to run flashproxy using gnash following the RTMFP part of
> > > the tutorial located here:
> > > https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
> > > 
> > > I do not use the gnash-plugin embedded in a browser, but the CLI tool
> > > gnash packaged with debian (and invoking it like this, as a standard
> > > user: gnash swfcat.swf -p client=1 -p debug=1
> > 
> > Thank you for testing this and for the thorough report. Unfortunately
> > I'm not surprised that it doesn't work with Gnash. I don't think Gnash
> > has some of the features we use, and probably doesn't have RTMFP, which
> > has only been partially reverse-engineered in another project. Some log
> > messages suggest this:
> 
> If the only reason to use flash is RTMFP, maybe it can be replaced with this
> technique: http://samy.pl/pwnat/ (if I didn't misunderstood the architecture of
> flashproxy)

Yes, the only reason to use Flash on the client is for RTMFP, and the
only reason to use RTMFP is to get across a NAT. I looked a pwnat and
didn't think it would work in this case, because a flash proxy doesn't
have raw socket access to send a Time Exceeded message. I could be
working under incorrect assumptions, though.

Long ago I wrote a very crude NAT puncher that doesn't require an
intermediary. It uses birthday collisions between randomly generated UDP
port numbers.
https://gitweb.torproject.org/flashproxy.git/blob/9c471b4b99d07c8db197d15fe6eb4d37d85b0ea6:/nat-birthday.py
We gave up on it because (1) it requires both client and server to know
each other's address in advance, (2) it takes a few hundred packets, and
(3) we don't have access to UDP sockets anyway, except through
abstractions like RTMFP.

> Anyway, if there is some javascript code to check, I'd like to help with that
> development.

There's no JavaScript yet, but we want to port the ActionScript (which
is similar). These are the primary source files:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/swfcat.as
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/ProxyPair.as
I don't have any experience with JavaScript network programming yet, but
porting doesn't look too hard, as long as you get reasonable event
callbacks for things like reads.

David Fifield

More information about the tor-dev mailing list