[tor-relays] Port for obfsproxy

dardok dardok at riseup.net
Wed Oct 16 16:22:05 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

George Kadianakis:
> "GDR!" <gdr at gdr.name> writes:
> 
>> On 07.10.2013 21:11, dardok wrote:
>>> I guess that you misunderstood the concept of obfsproxy. It is 
>>> useful to obfuscate the communication between a client  within 
>>> a censorship zone and a tor bridge. The obfsproxy doesn't 
>>> emulate a HTTP protocol communication, instead it is designed 
>>> to look random (and the packets are encypted). So if you try
>>> to run this service over the HTTP port 80 and the packets are 
>>> random and not looking like a HTTP communication, it will be 
>>> more suspicious than running this service over any other port.
>> 
>> Thank you. I understood the concept but not the implementation.
>> 
>> "For example, there MIGHT be a HTTP transport which transforms 
>> Tor traffic to look like regular HTTP traffic."
>> 
>> I missed the "MIGHT" part. Too bad this doesn't exist.
> 
> Ha, you caught us! That website sentence is indeed an advertisement
> trick!  Obfsproxy does *not* have an HTTP module yet, 
> unfortunately.
> 
> The funny thing about HTTP transports is that it's easy to write a
>  simple but trivially detectable HTTP transport, and quite hard to
>  write an actually good HTTP transport. We have open tickets for 
> both ideas and would appreciate coding help: 
> https://trac.torproject.org/projects/tor/ticket/5625 
> https://trac.torproject.org/projects/tor/ticket/8676
> 
> Also see 
> https://github.com/sjmurdoch/http-transport/blob/master/design.md 
> for things to consider when writing your HTTP transport.
> 
> (I CC'ed dardok who recently appeared in tor-talk and wanted to 
> contribute to pluggable transports development.)
> 

George Kadianakis, thanks for the links. I've been reading some papers
and the conclusion that I drew is that it would be good to try to run
a real service or program in both parts of communication, i.e. a
browser binary in the client side and a server binary in the bridge
side, to perfectly mimick the HTTP communication protocol and be able
to hide inside these packets the TOR traffic. Is there some private
list or chat about PTs? Is there some advanced work on this field,
that's related to running real HTTP services and wrapping the TOR
traffic into them?


-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSXr0tAAoJEFz9RJtDk2+MDLsH/2TVvOjbAjij18WGEkOvzE+8
FDbTtCOH/N4mUyCr30Fvock0H/ztugj7FnRj4viizYZmwt7uSGex664W1+b5iIWV
NEKIlKmYzlqesMUAaOPUeN0yzeEEVcrMY5Ob/p52/xFY6zJuoUpNW1c/xE6KSsjs
ek9TCEubrTormpOyyypRtBTsQBrrp77bpRse04WBVZ6741nyip956vXs49UYW+Ul
08ufj8UfZaSjsw7jcHFvgB/DzmRfn79aGg9SYQ9PyBoweUet8AWiTzEYo/sv18JF
Kc5QnGpvgaGPusVDEQSAW/c75FMjEyHuSNTR2wJF/tRVqHy46TgRRgFado3L47E=
=s355
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list