[tor-dev] Development of an HTTP PT

George Kadianakis desnacked at riseup.net
Wed Oct 30 17:11:00 UTC 2013 

dardok <dardok at riseup.net> writes:

> Hi, I am quite new in here but I am interested to help and improve the
> TOR system. I am interested in PTs and particularly in developing a
> HTTP PT.
>
> I've read some papers [0],[1],[2],[3] and the ticket #8676 and I
> consider that it would be a good idea to make an effort and try to
> implement the HTTP PT as is stated in the ticket, that is using real
> browser and server services.
>
> After talking with asn, we conclude that a good point to start this
> development may be to focus on the HTTP transport part, that is to
> know how to control the browser or the server and how to embed the TOR
> traffic into the HTTP protocol (requests and responses). Things such
> as the data obfuscation, the delays in the communications and the
> packet chopping won't be considered, because it may be used another PT
> such Scramblesuit to do that task.
>
> The CLIENT side:
>
> TBB <-> Scramblesuit PT <-> HTTP PT <-> CENSOR NET
>
> and the SERVER side:
>
> CENSOR NET <-> HTTP PT <-> Scramblesuit PT <-> TOR bridge
>
> The important is to know how to embed the TOR traffic already
> obfuscated into the requests and responses to avoid suspicion. Also as
> I said before, to know how to control a browser binary to make the
> HTTP traffic from the client side as much traditional as possible, for
> instance using a firefox binary or something like that. The same must
> be applied to the server side, implementing a real NGINX server or an
> Apache server on port 80 and writting some CGI to classify the traffic
> incoming from the TOR clients through the HTTP requests. The same
> server may have another CGI to write and send the HTTP responses to
> those TOR clients with the traffic into them.
>
> I would like to find someone interested to work on this topic.
>

Hey there,

we discussed this project on IRC and looking at your post it seems
that you understood things :)

Like I told you, I'm interested in this topic, but my free time is
miniscule these days. Still, I'd like to help you out. Do you know
what you need help with?

If you want, we can organize a meetup in IRC to discuss and plan
future work on this.

It would be great if you prepared a bit of research on the basic
components of this project [0] so that we can discuss the various
options during the meeting. I'll send you an email to find the right
date and time for the meeting :)

Cheers!

[0]: ways to control a browser from within a PT (selenium?),
     HTTP covert channels,
     designs of how a server-side CGI script would work, etc.

More information about the tor-dev mailing list