Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#26083 closed defect (invalid)

Bridge detector. Fake?

Reported by: cypherpunks Owned by: cypherpunks
Priority: Medium Milestone:
Component: Circumvention/Censorship analysis Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some code for detection found. Is it real?

Child Tickets

Attachments (2)

moar.txt (5 bytes) - added by cypherpunks 12 months ago.
link.txt (5 bytes) - added by cypherpunks 12 months ago.
link to code

Download all attachments as: .zip

Change History (27)

comment:1 Changed 12 months ago by cypherpunks

You set the owner as asn, he's not the right person for something like this. Maybe yawning can take a look?

comment:2 Changed 12 months ago by cypherpunks

Here's the code in case Pastebin or someone else deletes it with a DMCA,

import os
import socks
import socket
import sys
import time

obfs4_detected = 0

host =  sys.argv[1]
port = int(sys.argv[2])
print "Wait for 100 sec. Verify target: " +host, port
s = socks.socksocket()
s.set_proxy(socks.SOCKS5, "127.0.0.1", 9150)
s.connect((host, port))
rand_string = os.urandom(4096)
s.send(rand_string)
s.settimeout(5)
try:
 data = s.recv(4096)
 if data == "":
  obfs4_detected = 1

except socket.timeout:
 obfs4_detected = 0

s.close()

if obfs4_detected == 1:
 obfs4_detected = 0
 s = socks.socksocket()
 s.set_proxy(socks.SOCKS5, "127.0.0.1", 9150)
 s.connect((host, port))

 rand_string = os.urandom(4096)
 s.send(rand_string)
 start = time.time()
 s.settimeout(5)
 try:
  data = s.recv(4096)
  if data == "":
   end = time.time()
   delta = end - start
   if delta >= 1: 
    obfs4_detected = 1

 except socket.timeout:
  obfs4_detected = 0

 s.close()

if obfs4_detected:
 print "DETECTED!!!!!111"
else:
 print "NOT OBFS4?"

edit: by patch from comment:5

Last edited 12 months ago by cypherpunks (previous) (diff)

comment:3 Changed 12 months ago by cypherpunks

You set the owner

Automatically assigned by selecting Obfuscation/Obfsproxy Component

comment:4 Changed 12 months ago by cypherpunks

Owner: changed from asn to cypherpunks
Status: newassigned

comment:5 Changed 12 months ago by cypherpunks

If someone plans to test it, patch code bug by:

 if obfs4_detected == 1:
+ obfs4_detected = 0
  s = socks.socksocket()

comment:6 in reply to:  3 Changed 12 months ago by cypherpunks

Replying to cypherpunks:

You set the owner

Automatically assigned by selecting Obfuscation/Obfsproxy Component

That's still applies for "you".

comment:7 Changed 12 months ago by cypherpunks

comment:8 Changed 12 months ago by cypherpunks

Real-time identification of three Tor pluggable transports using machine learning techniques

We report an empirical study on detection of three widely used Tor pluggable transports, namely Obfs3, Obfs4, and ScrambleSuit using four learning algorithms. We investigate the performance of Adaboost and Random Forests as two ensemble methods. In addition, we study the effectiveness of SVM and C4.5 as well-known parametric and nonparametric classifiers. These algorithms use general statistics of first few packets of the inspected flows. Experimental results conducted on real traffics show that all the adopted algorithms can perfectly detect the desired traffics by only inspecting first 10–50 packets. The trained classifiers can readily be employed in modern network switches and intelligent traffic monitoring systems.
Computer Engineering Department Bu-Ali Sina University Hamedan Iran

comment:9 Changed 12 months ago by cypherpunks

Status: assignedneeds_information

comment:10 Changed 12 months ago by cypherpunks

Component: Obfuscation/ObfsproxyObfuscation/Censorship analysis

comment:11 Changed 12 months ago by cypherpunks

Summary: Bridge detector. Fake?Bridge detector. Fake.

Doesn't work for me.

comment:12 Changed 12 months ago by cypherpunks

Resolution: invalid
Status: needs_informationclosed

comment:13 Changed 12 months ago by cypherpunks

Summary: Bridge detector. Fake.DELETE THIS CRAZY STUFF ASAP

comment:14 Changed 12 months ago by cypherpunks

Resolution: invalid
Status: closedreopened
Summary: DELETE THIS CRAZY STUFF ASAPBridge detector. Fake.

Are you having a bad day, cypherpunks?

comment:15 Changed 12 months ago by cypherpunks

cypherpunks broken mailing list archive powered by mailman version 2.1.23
Archive lost description post after they replace existing attachment

comment:16 Changed 12 months ago by cypherpunks

moar

Changed 12 months ago by cypherpunks

Attachment: moar.txt added

comment:17 Changed 12 months ago by cypherpunks

twice

comment:18 Changed 12 months ago by cypherpunks

Are you having a bad day, cypherpunks?

Why? cypherpunks said

Doesn't work for me.

What good resolution to close this ticket?

comment:19 in reply to:  description ; Changed 12 months ago by rl1987

Resolution: invalid
Status: reopenedclosed

Replying to cypherpunks:

Some code for detection found. Is it real?

No.

comment:20 Changed 12 months ago by cypherpunks

Good. It's good idea not to use tor for censorship circumvention if you need your life and/or safety.

comment:21 Changed 12 months ago by cypherpunks

Summary: Bridge detector. Fake.DELETE THIS CRAZY STUFF ASAP

Changed 12 months ago by cypherpunks

Attachment: link.txt added

link to code

comment:22 Changed 12 months ago by cypherpunks

If anybody want to discuss or get ideas/code how to detect pt (include real-time solution for snowflake), welcome to email ptdetector at secmail.pro

Last edited 12 months ago by cypherpunks (previous) (diff)

comment:23 Changed 12 months ago by ptdetector

If anybody want to discuss or get ideas/code how to detect pt (include real-time solution for snowflake), welcome to email ptdetector at secmail.pro

comment:24 in reply to:  19 Changed 12 months ago by cypherpunks

Replying to rl1987:

Replying to cypherpunks:

Some code for detection found. Is it real?

No.

There are no false negatives results for obfs4proxy server (case of obfs4 transport), and I didn't found any false positives results in wild. What did you find, can you publish?

edit: typo

Last edited 12 months ago by cypherpunks (previous) (diff)

comment:25 Changed 12 months ago by cypherpunks

Summary: DELETE THIS CRAZY STUFF ASAPBridge detector. Fake?
Note: See TracTickets for help on using tickets.