[tor-dev] Using ScrambleSuit with something other than Tor

Philipp Winter phw at nymity.ch
Fri Jul 11 15:14:16 UTC 2014

Hi Yuhao,

On Fri, Jul 11, 2014 at 08:20:25PM +0800, Yuhao Dong wrote:
> I'm Yuhao Dong (undergrad student at University of Waterloo) and I'm
> currently doing research on, surprise, my own traffic obfuscation
> system.

Cool!  I'm in Toronto until the middle of August -- in case you are back
until then and want to meet up in person.

> I'd like to compare it to ScrambleSuit; however I am
> currently on break in China. It is going to be really hard to set up
> Tor in a way that works; besides, I am using a test suite that
> transmits specially-shaped traffic over HTTP. I would like to be
> able to see what happens if I apply ScrambleSuit to that traffic
> instead of Tor.

That sounds good.  Given Tor's high variance in latency and throughput,
it's more effective to compare the performance of pluggable transports
without Tor, in a LAN setting.

> Is there a way to build a generic ScrambleSuit SOCKS5 proxy? In
> other words, it would be awesome if I could set up two servers on my
> LAN:
> web browsing client <-SOCKS-> first LAN server <-ScrambleSuit->
> second LAN server <-> Internet
> so that arbitrary traffic can be tunneled through ScrambleSuit, and
> I can do packet analysis on the ScrambleSuit link.
> I understand that Tor's "pluggable transport" system uses SOCKS5
> underneath; however the spec seems very vague on how to precisely
> get that local SOCKS5 address. How can I use ScrambleSuit in the way
> I described, to encapsulate something other than Tor?

It sounds like you basically want to have obfsproxy with ScrambleSuit on
both your LAN servers.

The first LAN server could be started like this:
  python /path/to/obfsproxy \
          --log-min-severity=debug \
          --data-dir=/tmp/scramblesuit-client \
          scramblesuit \
          --dest SECOND_LAN_SERVER:50000 \

The second LAN server could be started like this:
  python /path/to/obfsproxy \
          --log-min-severity=debug \
          --data-dir=/tmp/scramblesuit-server \
          scramblesuit \
          --dest SOCKS_PROXY:1234 \

SOCKS_PROXY can be Tor or an arbitrary SOCKS proxy which allows direct
connections to your Internet link.

You can then configure arbitrary applications to use the SOCKS5 proxy
running on your first LAN server.

Hope that helps,

More information about the tor-dev mailing list