Installing Obfsproxy
Install the required dependencies to build Obfsproxy, as listed on the installation instructions (https://www.torproject.org/projects/obfsproxyinstructions.html.en). Get a copy of the Obfsproxy sourcecode:
1 de 4 30/04/13 04:00
If everything goes well, it will create a binary called obfsproxy in the current directory: Obfsproxy is compiled and ready to use. You can optionally install the binary system-wide by issuing, as root:
make install
Running Obfsproxy
As an example, let us assume that your Tor bridge is already listening on IP 123.45.67.89, port 1234. Indeed, replace those values by the IP and port of your own network interface on which your Tor bridge is already listening. We want Obfsproxy to listen on port 45678 and forward connections to our Tor bridge. Thanks to this, clients will be able to obfuscate their Tor traffic through the Obfsproxy client which connects to the Obfsproxy server you are going to setup. Simply run the following command to have obfsproxy listening on the right port and forwarding connections to your Tor bridge:
obfsproxy obfs2 --dest=123.45.67.89:1234 server 123.45.67.89:45 678
This commands starts Obfsproxy and gives it the following instructions: the first parameter, obfs2, is the name of the obfuscation protocol that we want to use on the server and that the clients connecting to us must use as well - obfs2 is the only included with Obfsproxy at the moment, and running Obfsproxy without argument will give you a list of available protocols; --dest=123.45.67.89:1234 is an option for the obfs2 protocol which specifies that each new connection (and subsequent communication) should be forwared to this IP and port once it has been de-obfuscated; server 123.45.67.89:45678 tells Obfsproxy to listen for incoming connections on IP 123.45.67.89, port 45678. In short, Obfsproxy will accept connections on IP 123.45.67.89, port 45678, and will expect a stream from the client that respects the obfs2 obfuscation protocol. If it is the case, it will trigger a connection on 123.45.67.89 port 1234, where the Tor bridge is listening. Traffic from the client will be de-obfuscated and forwarded to the Tor bridge. Symetrically, traffic from the Tor bridge will be obfuscated before being sent to the client. To open more than one port with Obfsproxy, you don't need to run it several times, just activate obfs2 as many times as needed, with one new port each
2 de 4 30/04/13 04:00
time:
obfsproxy obfs2 --dest=123.45.67.89:1234 server 123.45.67.89:45 678 \ obfs2 --dest=123.45.67.89:1234 server 123.45.67.89:44000 \ obfs2 --dest=123.45.67.89:1234 server 123.45.67.89:44001
This command additionally tells obfsproxy to accept connections on ports 44000 and 44001 and forward them to the Tor bridge. Here is a simple script if you want to open many ports and avoid typing the full command:
#!/bin/sh # Public IP address we listen on (both Tor and Obfsproxy) host=123.45.67.89 # Ports that Obfsproxy should open ports="7007 10001 43657 54675 2378 9990 8881" # What port our Tor bridge listens on tor_port=1234 command="$(which obfsproxy) " for port in $ports; do command="$command obfs2 --dest=$host:$tor_port server $host :$port" done echo Running command: $command $command
/tags/obfsproxy/) syria (../../tags/syria/) tor (../../tags/tor/) Last edited 2013-03-09 20:09 +0100
4 de 4
30/04/13 04:00