[tor-dev] Development of an HTTP PT

dardok dardok at riseup.net
Fri Oct 25 18:28:56 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi, I am quite new in here but I am interested to help and improve the
TOR system. I am interested in PTs and particularly in developing a
HTTP PT.

I've read some papers [0],[1],[2],[3] and the ticket #8676 and I
consider that it would be a good idea to make an effort and try to
implement the HTTP PT as is stated in the ticket, that is using real
browser and server services.

After talking with asn, we conclude that a good point to start this
development may be to focus on the HTTP transport part, that is to
know how to control the browser or the server and how to embed the TOR
traffic into the HTTP protocol (requests and responses). Things such
as the data obfuscation, the delays in the communications and the
packet chopping won't be considered, because it may be used another PT
such Scramblesuit to do that task.

The CLIENT side:

TBB <-> Scramblesuit PT <-> HTTP PT <-> CENSOR NET

and the SERVER side:

CENSOR NET <-> HTTP PT <-> Scramblesuit PT <-> TOR bridge

The important is to know how to embed the TOR traffic already
obfuscated into the requests and responses to avoid suspicion. Also as
I said before, to know how to control a browser binary to make the
HTTP traffic from the client side as much traditional as possible, for
instance using a firefox binary or something like that. The same must
be applied to the server side, implementing a real NGINX server or an
Apache server on port 80 and writting some CGI to classify the traffic
incoming from the TOR clients through the HTTP requests. The same
server may have another CGI to write and send the HTTP responses to
those TOR clients with the traffic into them.

I would like to find someone interested to work on this topic.

Thanks and I wait for your comments or suggestions!

[0] http://www.owlfolio.org/media/2010/05/stegotorus.pdf
[1] http://www.cs.kau.se/philwint/pdf/wpes2013.pdf
[2] https://www.ieee-security.org/TC/SP2013/papers/4977a065.pdf
[3] https://github.com/sjmurdoch/http-transport/blob/master/design.md
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSarhoAAoJEFz9RJtDk2+MsnwH/2MugLeUH+EOc6bzyKJ25W/N
5Kf9w1YdU276z5eba6+fY38H6l3hwErT6TaiWcULiVra1JshLLWaTGHS9AiP4Nf3
QTUVjUMQNiqGkLvNBIkxwqe8MQo1d5GgEhul4fYzMKS46clhmkb6lILIfZ4bRDyc
8bctM8qOk7mLVkp9Ip+ehv/J6S4wmSNtKUIj88mUyfRDDXn/+r7OQx+FDoC/3YiL
XzFpaeofPgdWb35cieQvR2wWqWN3N5BRK1R7o0g02BfOYEXOxQ2KaIWUqJBiyKqo
uzSAkic1a5qDpJImAQhjAVrqZi1NKZbQQM+33caWm8T9fWkNojClQZ2PzbJn0os=
=zI1W
-----END PGP SIGNATURE-----

More information about the tor-dev mailing list