Archives

by Jean Luc Picard

Tor obfsproxy

 

https://www.torproject.org/images/tor-logo.jpg

 

 

is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet.

 

Obfsproxy Icon

obfsproxy is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.

 

obfsproxy diagram

obfsproxy supports multiple protocols, called pluggable transports, which specify how the traffic is transformed. For example, there might be a HTTP transport which transforms Tor traffic to look like regular HTTP traffic.

Even though obfsproxy is a separate application, completely independent from tor, it speaks to tor using an internal protocol to minimize necessary end-user configuration.

Please open a ticket on our bug tracker for any bugs you find or features you would like to see added in future releases.

Looking for obfsproxy bridges?

You can use BridgeDB to get obfsproxy bridges.

Example:

Here are your bridge relays:

  bridge obfs2 96.47.67.233:12984  
  bridge obfs2 54.247.0.43:52176

Bridge relays (or “bridges” for short) are Tor relays that aren’t listed in the main directory. Since there is no complete public list of them, even if your ISP is filtering connections to all the known Tor relays, they probably won’t be able to block all the bridges.

To use the above lines, go to Vidalia’s Network settings page, and click “My ISP blocks connections to the Tor network”. Then add each bridge address one at a time.

Configuring more than one bridge address will make your Tor connection more stable, in case some of the bridges become unreachable.

Another way to find public bridge addresses is to send mail to bridges@torproject.org with the line “get bridges” by itself in the body of the mail. However, so we can make it harder for an attacker to learn lots of bridge addresses, you must send this request from an email address at one of the following domains:

  • gmail.com
  • yahoo.com

Looking for IPv6 bridges?

Looking for obfsproxy bridges?

Specify transport by name:

Note for experts: if you can use IPv6, try upgrading to Tor 0.2.3.12 or newer and use these bridge lines:

  bridge [2001:948:7:2::163]:6001
  bridge [2600:3c01::f03c:91ff:fe93:d525]:9001
  bridge [2600:3c01::f03c:91ff:fe93:b8ee]:443

Let us know how it goes!

Download Obfsproxy Tor Browser Bundle

We’ve made an experimental package that currently works in all censored countries with no config changes.

Windows Obfsproxy Tor Browser Bundle (signature).

OSX (10.6 & 10.7) Obfsproxy Tor Browser Bundle (signature).

Linux 32-bit Obfsproxy Tor Browser Bundle (signature).

Linux 64-bit Obfsproxy Tor Browser Bundle (signature).

Installation Instructions

To set up an obfsproxy bridge, or to build it from source, see the separate Obfsproxy Installation Instructions page.

Obfsproxy Instructions

client torrc

Hey! Are you looking for the guide on how to set up an obfuscated bridge on a Debian system? Check this out.

Step 1: Install dependencies, obfsproxy, and Tor

You will need a C compiler (gcc), the autoconf and autotools build system, the git revision control system, pkg-config and libtool, libevent-2 and its headers, and the development headers of OpenSSL.

On Debian testing or Ubuntu oneiric, you could do:
# apt-get install autoconf autotools-dev gcc git pkg-config libtool libevent-2.0-5 libevent-dev libevent-openssl-2.0-5 libssl-dev

If you’re on a more stable Linux, you can either try our experimental backport libevent2 debs or build libevent2 from source.

Clone obfsproxy from its git repository:
$ git clone https://git.torproject.org/obfsproxy.git
The above command should create and populate a directory named ‘obfsproxy’ in your current directory.

Compile obfsproxy:
$ cd obfsproxy
$ ./autogen.sh && ./configure && make

Optionally, as root install obfsproxy in your system:
# make install

If you prefer not to install obfsproxy as root, you can instead just modify the Transport lines in your torrc file (explained below) to point to your obfsproxy binary.

You will need Tor 0.2.3.11-alpha or later.

Step 2a: If you’re the client…

First, you need to learn the address of a bridge that supports obfsproxy. If you don’t know any, try asking a friend to set one up for you. Then the appropriate lines to your tor configuration file:

UseBridges 1
Bridge obfs2 128.31.0.34:1051
ClientTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed

Don’t forget to replace 128.31.0.34:1051 with the IP address and port that the bridge’s obfsproxy is listening on.

Congratulations! Your traffic should now be obfuscated by obfsproxy. You are done! You can now start using Tor.

Step 2b: If you’re the bridge…

Configure your Tor to be a bridge (e.g. by setting “ORPort 9001” and “BridgeRelay 1”). Then add this new line to your tor configuration file:

ServerTransportPlugin obfs2 exec /usr/local/bin/obfsproxy --managed

Launch Tor using this configuration file. You can do this by using your favorite init script, or by pointing the Tor binary to the torrc file:

spawn tor

Next, find the TCP port opened by obfsproxy. Look in your log file for a line similar to this one:
bridge torrc
The last number, in this case 34545, is the TCP port number that your clients should point their obfsproxy to.

Congratulations! Tell your clients to point their obfsproxy to your IP address and to port 34545.

from here