[tor-dev] Building better pluggable transports - GSoC 2013 project

David Fifield david at bamsoftware.com
Fri May 31 15:28:55 UTC 2013


On Wed, May 29, 2013 at 01:22:31PM +0800, Chang Lan wrote:
> I am a Tor GSoC student who will be working on the pluggable transports this
> summer. My mentor is Steven and my co-mentor is George Kadianakis. It is great
> to be part of the Tor community!
> 
> Steven already kicked off the discussion about how to build better transports.
> The original project proposal[1] discussed the possibility of sending data over
> UDP with extra efforts to guarantee reliable in-order delivery. However, as
> George mentioned recently[3], ScrambleSuite[2] may already solve the issue of
> scanning resistance.
> 
> Given that ScrambleSuite is being deployed, improving protocol obfuscation will
> be my main focus. HTTP impersonation is really useful, since there are numerous
> HTTP proxy outside the censored region, while the number of bridges is quite
> limited. What I'm gonna be doing during the summer is implementing a good
> enough HTTP impersonation based on pluggable transports specification. There
> are still many open questions indeed. Discussions are more than welcome!

Hi Chang! I want to make sure you know about a transport based on
WebSocket that we hope to have deployed in the near future. A WebSocket
bridge is already running; it's what browser-based flash proxies talk
to. (Flash proxy is a circumvention system for IP obfuscation, not
protocol obfuscation.)
	https://crypto.stanford.edu/flashproxy/
However, you can connect directly to a WebSocket bridge as a client,
without going through a flash proxy.
	https://gitweb.torproject.org/flashproxy.git/blob/e4f3ced2:/doc/websocket-transport.txt
	https://gitweb.torproject.org/flashproxy.git/tree/e4f3ced2:/websocket-transport
Our conjecture is that WebSocket looks enough like HTTP to evade
protocol filters, at least for a while. (WebSocket starts with an HTTP
header.)

David Fifield


More information about the tor-dev mailing list