Opened 9 months ago

Closed 9 months ago

Last modified 9 months ago

#26083 closed defect (invalid)

Bridge detector. Fake?

Reported by: cypherpunks Owned by: cypherpunks
Priority: Medium Milestone:
Component: Obfuscation/Censorship analysis Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some code for detection found. Is it real?

Child Tickets

Attachments (2)

moar.txt (5 bytes) - added by cypherpunks 9 months ago.
link.txt (5 bytes) - added by cypherpunks 9 months ago.
link to code

Download all attachments as: .zip

Change History (27)

comment:1 Changed 9 months ago by cypherpunks

You set the owner as asn, he's not the right person for something like this. Maybe yawning can take a look?

comment:2 Changed 9 months ago by cypherpunks

Here's the code in case Pastebin or someone else deletes it with a DMCA,

import os
import socks
import socket
import sys
import time

obfs4_detected = 0

host =  sys.argv[1]
port = int(sys.argv[2])
print "Wait for 100 sec. Verify target: " +host, port
s = socks.socksocket()
s.set_proxy(socks.SOCKS5, "127.0.0.1", 9150)
s.connect((host, port))
rand_string = os.urandom(4096)
s.send(rand_string)
s.settimeout(5)
try:
 data = s.recv(4096)
 if data == "":
  obfs4_detected = 1

except socket.timeout:
 obfs4_detected = 0

s.close()

if obfs4_detected == 1:
 obfs4_detected = 0
 s = socks.socksocket()
 s.set_proxy(socks.SOCKS5, "127.0.0.1", 9150)
 s.connect((host, port))

 rand_string = os.urandom(4096)
 s.send(rand_string)
 start = time.time()
 s.settimeout(5)
 try:
  data = s.recv(4096)
  if data == "":
   end = time.time()
   delta = end - start
   if delta >= 1: 
    obfs4_detected = 1

 except socket.timeout:
  obfs4_detected = 0

 s.close()

if obfs4_detected:
 print "DETECTED!!!!!111"
else:
 print "NOT OBFS4?"

edit: by patch from comment:5

Last edited 9 months ago by cypherpunks (previous) (diff)

comment:3 Changed 9 months ago by cypherpunks

You set the owner

Automatically assigned by selecting Obfuscation/Obfsproxy Component

comment:4 Changed 9 months ago by cypherpunks

Owner: changed from asn to cypherpunks
Status: newassigned

comment:5 Changed 9 months ago by cypherpunks

If someone plans to test it, patch code bug by:

 if obfs4_detected == 1:
+ obfs4_detected = 0
  s = socks.socksocket()

comment:6 in reply to:  3 Changed 9 months ago by cypherpunks

Replying to cypherpunks:

You set the owner

Automatically assigned by selecting Obfuscation/Obfsproxy Component

That's still applies for "you".

comment:7 Changed 9 months ago by cypherpunks

comment:8 Changed 9 months ago by cypherpunks

Real-time identification of three Tor pluggable transports using machine learning techniques

We report an empirical study on detection of three widely used Tor pluggable transports, namely Obfs3, Obfs4, and ScrambleSuit using four learning algorithms. We investigate the performance of Adaboost and Random Forests as two ensemble methods. In addition, we study the effectiveness of SVM and C4.5 as well-known parametric and nonparametric classifiers. These algorithms use general statistics of first few packets of the inspected flows. Experimental results conducted on real traffics show that all the adopted algorithms can perfectly detect the desired traffics by only inspecting first 10–50 packets. The trained classifiers can readily be employed in modern network switches and intelligent traffic monitoring systems.
Computer Engineering Department Bu-Ali Sina University Hamedan Iran

comment:9 Changed 9 months ago by cypherpunks

Status: assignedneeds_information

comment:10 Changed 9 months ago by cypherpunks

Component: Obfuscation/ObfsproxyObfuscation/Censorship analysis

comment:11 Changed 9 months ago by cypherpunks

Summary: Bridge detector. Fake?Bridge detector. Fake.

Doesn't work for me.

comment:12 Changed 9 months ago by cypherpunks

Resolution: invalid
Status: needs_informationclosed

comment:13 Changed 9 months ago by cypherpunks

Summary: Bridge detector. Fake.DELETE THIS CRAZY STUFF ASAP

comment:14 Changed 9 months ago by cypherpunks

Resolution: invalid
Status: closedreopened
Summary: DELETE THIS CRAZY STUFF ASAPBridge detector. Fake.

Are you having a bad day, cypherpunks?

comment:15 Changed 9 months ago by cypherpunks

cypherpunks broken mailing list archive powered by mailman version 2.1.23
Archive lost description post after they replace existing attachment

comment:16 Changed 9 months ago by cypherpunks

moar

Changed 9 months ago by cypherpunks

Attachment: moar.txt added

comment:17 Changed 9 months ago by cypherpunks

twice

comment:18 Changed 9 months ago by cypherpunks

Are you having a bad day, cypherpunks?

Why? cypherpunks said

Doesn't work for me.

What good resolution to close this ticket?

comment:19 in reply to:  description ; Changed 9 months ago by rl1987

Resolution: invalid
Status: reopenedclosed

Replying to cypherpunks:

Some code for detection found. Is it real?

No.

comment:20 Changed 9 months ago by cypherpunks

Good. It's good idea not to use tor for censorship circumvention if you need your life and/or safety.

comment:21 Changed 9 months ago by cypherpunks

Summary: Bridge detector. Fake.DELETE THIS CRAZY STUFF ASAP

Changed 9 months ago by cypherpunks

Attachment: link.txt added

link to code

comment:22 Changed 9 months ago by cypherpunks

If anybody want to discuss or get ideas/code how to detect pt (include real-time solution for snowflake), welcome to email ptdetector at secmail.pro

Last edited 9 months ago by cypherpunks (previous) (diff)

comment:23 Changed 9 months ago by ptdetector

If anybody want to discuss or get ideas/code how to detect pt (include real-time solution for snowflake), welcome to email ptdetector at secmail.pro

comment:24 in reply to:  19 Changed 9 months ago by cypherpunks

Replying to rl1987:

Replying to cypherpunks:

Some code for detection found. Is it real?

No.

There are no false negatives results for obfs4proxy server (case of obfs4 transport), and I didn't found any false positives results in wild. What did you find, can you publish?

edit: typo

Last edited 9 months ago by cypherpunks (previous) (diff)

comment:25 Changed 9 months ago by cypherpunks

Summary: DELETE THIS CRAZY STUFF ASAPBridge detector. Fake?
Note: See TracTickets for help on using tickets.