A pluggable transports proxy
obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] managed obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] transport [-h] [--dest dest] [--ext-cookie-file ext_cookie_file] ... mode listen_addr obfsproxy --help
obfsproxy is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.
--log-file log_file
Set logfile location.
--log-min-severity severity
Set minimum logging severity (default: no logging). severity must be one of error, warning, info, debug.
--no-log
Disable logging.
--no-safe-logging
Disable safe (scrubbed address) logging.
-h, --help
Show help message and exit.
Using managed as TRANSPORT allows Tor to start and control obfsproxy by itself. Add a line like the following to torrc to use it when acting as a bridge:
ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
When connecting to an obfuscated bridge, adapt the following:
ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
Use a protocol that simply proxies data without obfuscating them. For tests only.
No extra options.
Use a protocol that encodes data with base64 before pushing them to the network.
No extra options.
Use the obfs2 protocol. obfs2 is known to be fingerprintable and is deprecated. See https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt for the specification.
No extra options.
Use the obfs3 protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/obfs3/obfs3-protocol-spec.txt for the specification.
No extra options.
Use the scramblesuit protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/scramblesuit/scramblesuit-spec.txt for the specification.
--password password
Shared secret for UniformDH. In server mode, a secret will be automatically generated if unspecified.
In order to configure a password with Tor on the server side, the following can be added to torrc:
ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
Tor clients (using a version later than 0.2.5.1-alpha) can then use:
Bridge scramblesuit 192.0.2.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
Here\(cqs the common synopsis:
Options common for all transports:
transport
One of managed, dummy, b64, obfs2, obfs3 or scramblesuit. See above for details.
-h
Show help message and exit.
--dest dest
Set destination address. Mandatory in all modes except socks.
--ext-cookie-file ext_cookie_file
Configure the filesystem path where the Extended ORPort authentication cookie is stored.
mode
Mode must be one of server (old-style ServerTransportPlugin), ext_server (support for Extended ORPort), client (bridge client) or socks (client using SOCKS to connect to bridges).
listen_addr
Address on which the proxy will listen.
Plenty, probably. obfsproxy is still in development. Please report them.
George Kadianakis <[email protected]>
Philipp Winter <[email protected]>
Brandon Wiley <[email protected]>