Total Pageviews

Thursday, 21 April 2016


The ScrambleSuit traffic obfuscation protocol 


ScrambleSuit is a pluggable transport protocol for obfsproxy. It is written in pure Python and solves two problems:
  • Protection against active probing attacks by requiring a shared secret between the client and the server. This secret is communicated out-of-band via Tor's BridgeDB.
  • Rudimentary defence against traffic analysis attacks by altering flow features. In particular, ScrambleSuit alters its inter-arrival times and packet length distribution.
Besides, ScrambleSuit's payload is computationally indistinguishable from randomness. Clients can authenticate themselves towards a ScrambleSuit bridge by conducting a modified UniformDH handshake or by redeeming a session ticket.
For a more detailed overview of ScrambleSuit, please have a look at the project page available at The research paper is available at Finally, the directory "doc/" in this repository contains ScrambleSuit's protocol specification.

Installation and Testing

The following instructions were tested on Debian wheezy but they should work just fine on other GNU/Linux distributions as well.
  1. On a Debian wheezy system, the following packages are needed:
  2. Clone and compile the current Tor-git (or use a version of your choice as long as it is >= v0.2.5.0-alpha-dev):
    git clone
  3. Clone the current version of pyptlib (or use a version of your choice as long as it is >= 0.0.5):
    git clone
  4. Clone a modified version of obfsproxy which contains the scramblesuit branch:
    git clone -b scramblesuit_integration
The directory "test/" in this repository contains two configuration files for tor which provide a local (i.e., using the loopback interface) ScrambleSuit setup. Furthermore, the script can be used to generate shared secrets for Tor's configuration file.


Check out obfs4 which is an enhancement of ScrambleSuit.


Contact: Philipp Winter