Opened 9 years ago

Closed 8 years ago

#2759 closed task (implemented)

Proof of concept transport plugin: http headers

Reported by: arma Owned by: sjmurdoch
Priority: Medium Milestone: Deliverable-May2011
Component: Circumvention/Pluggable transport Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Steven has been working on a socks proxy that will stick the Tor transport in http headers. It isn't designed to fool a human looking at the traffic, but it seems to fool wireshark.

Its main goal is to act as a proof of concept for our modular transport proposal (#2758) so we don't have to generalize from zero data points.

Child Tickets

Attachments (1)

pluggable-transport.png (197.1 KB) - added by arma 9 years ago.
screenshot

Download all attachments as: .zip

Change History (5)

Changed 9 years ago by arma

Attachment: pluggable-transport.png added

screenshot

comment:1 Changed 9 years ago by arma

https://gitweb.torproject.org/sjm217/pluggable-transport.git is the current progress.

I had originally thought that it just stuck http headers at the front of the flow, but now I think it actually puts the content in a cookie or the like, so the whole flow is correctly formed http. We could imagine lots of similar tricks.

Steven told me he has some plans to make it better, but also that he was holding off on switching to C. I told him to check out obfsproxy (#2760), since he might be able to reuse its framework to solve his problems and then we wouldn't be working on two proxy frameworks in parallel.

comment:2 Changed 9 years ago by arma

Component: Tor ClientPluggable transport

comment:3 in reply to:  1 Changed 9 years ago by sjmurdoch

Replying to arma:

I had originally thought that it just stuck http headers at the front of the flow, but now I think it actually puts the content in a cookie or the like, so the whole flow is correctly formed http. We could imagine lots of similar tricks.

It is somewhere in between. Each chunk of data Tor sends (in most cases, a TLS Application Record) is encoded as a HTTP POST to / or a HTTP response of a PNG image, depending on direction. There's also a obfuscation key sent in a cookie with the first request, which is xored onto the traffic before it goes through the HTTPification. It's not valid HTTP (there is a mismatch between requests and responses), and it can't handle being proxied, but it is a bit more than just sticking headers in front.

comment:4 Changed 8 years ago by arma

Resolution: implemented
Status: newclosed

I'm going to close this trac entry as implemented. We have a proof of concept, it comes with a screenshot, and it's even been used in-country (which is arguably a flaw, not a feature, but it did happen). Next work here should be to look at #2758, #2760, Brandon Wiley's gsoc project, and other components, and think if there's any design from here to reuse there.

Note: See TracTickets for help on using tickets.