[tor-dev] [GSoC] Status update - Stegotorus

vmon vmonmoonshine at gmail.com
Sun Jun 17 12:55:00 UTC 2012 

Hello Devers,

This is my first status update. I wanted to send one after my intro but
first, it wasn't clear for me where I should  setup my git and then I had few (ok
two but it's still too much) hard drive failures. So here is the long
combined version of first two update (Sorry :-S )

1 . So when first I got Stegotorus and I managed to compile it with few
modification required by gcc 4.7. [1]. It did not function practically on my
computer. Some data was being exchanged between client and server but I
was not able to browse any page.

I spent few days to figure out the problem. It wasn't easy for various
obvious reasons. I forced limiting the number of connections, and that
made it semi-functional able to browse simple pages. 

Eventually, it turned out, that it was known bug and I got the patch and
it started working without problem. 

2. My second task was to find a http proxy code, that I can use to
implement different http modifications that Stegotorus protocol should be
able to handle. I looked into the code of few proxies including Polipo,
shim, privoxy, ziproxy. Polipo and shim had a simpler code but each had
its own problem. Meanwhile, I tested Stegotorus upon Polipo and confirmed
that its traffic doesn't survive Polipo's proxying.

I decided to start with much simpler proxy. First started to implement
one using twisted, but I found a sample proxy as a part of libevent
code which finally, I decided to use for my tests.

Next step, I integrated the proxy code to Stegotorus code. I also added
a simple proxy test to the set of unitary tests of Stegotorus. I confirm
it failed.

3. I spent some time reading following papers on the effects of weekly configured
(security-wise) / evil http proxies on http(s) traffic, to get some insight
in http proxy role:

   * Talking o yourself for fun and profit.
   * Pretty-Bad-Proxy: An overlooked adversary in browsers' HTTPS
     deployments.
   * Divide and Conquer: HTTP response splitting, web cache poisoning
     attacks, and related topics.

It was while we were waiting for Stegotorus code to become public.

4. I spend last week, to debug the problem with Stegotorus and libevent
sample proxy. After, sharing my finding with Zack, it turned out that the proxy
cannot handle the situation when one side, shuts down the buffer for
writing but still reads from it. So, I modified the proxy code [3] and now
Stegotorus passes the proxy test.

During coming two weeks, I'm going through the steg protocol code and
tries to improve the code, following Zack's advice. Also, I'll try to
implement more sophisticated proxy test, like one that involves header
manipulation.

Sorry for the long update. It was like a 6 week report. Next one will be
much shorter.

Stay tuned and enjoy the June!
vmon

1. https://github.com/vmon/stegotorus/commit/2f3932c433f743fd8bee54fffb75e565a8d2a9f7
2. https://github.com/vmon/stegotorus/commit/9267db9d5d6d2c3ea959d30e1b84340123919892
3. https://github.com/vmon/stegotorus/commit/f86479782b27385d92679acaae8802ade5284a1c

More information about the tor-dev mailing list