Pages

Thursday, 31 October 2019

ptadapter

Pluggable Transports Python interface & standalone tunnels.
ptadapter is a Python 3 package that interfaces with Pluggable Transports.
Pluggable Transports (PT) are originally created for Tor as a modular, interchangeable (pluggable) method of tunneling and obfuscating network traffic (transport). This design makes PTs useful not only for Tor, but many other use cases where traffic obfuscation is desired. Learn more about Pluggable Transports at the dedicated website, https://www.pluggabletransports.info/
This package implements Version 1 of the Pluggable Transport specifications (relevant specs can be found in the specifications directory). Version 2 of the specs is in development: refer to the website linked above for progress.
(This package also implements Tor's Extended ORPort protocol, which can be optionally used to receive server connections from PTs.)
This package REQUIRES Python 3.7 or higher. It has no 3rd-party dependencies.

What's Included

This package implements several Python classes that execute and communicate with a PT subprocess, allowing connections to be made through the PT as a client, or received as a server. The code is built on top of asyncio, and uses the familiar StreamReader and StreamWriter for connections.
Also included is a ready-made tool that can run PTs as a standalone tunnel. No coding is necessary to use this.

What's Required

  • Python 3.7 or above.
  • The Pluggable Transport to be used, as an executable program. This may be installed from the repository, built from source, extracted from the Tor Browser Bundle, etc.

How to get this package

This package is now uploaded to PyPI, so install it the usual way:
pip install ptadapter
If you don't want to install, you could also clone this repository or download a source package, and put the ptadapter directory in the working directory or somewhere in your PYTHONPATH.

How to use PTs in you own Python program

Start with the Documentation. Currently the docs are hosted on Github Pages and updated manually. When Read The Docs supports building docs with Python 3.7, the docs will be moved there.

How to create a standalone PT tunnel

If the package is installed via pip, an entry script called ptadapter is created, so run the command below to see usage:
ptadapter --help
Otherwise, run:
python -m ptadapter --help
A configuration file should be provided to the script. The Documentation contains a detailed guide page, which includes an example config file with detailed comments; the example config file can also be found in this repository.

from https://github.com/twisteroidambassador/ptadapter
https://github.com/twisteroidambassador/ptadapter/raw/master/example_config.ini
----

Pluggable transports like meek and obfs4 can be difficult to use outside of Tor. That’s because they communicate with a parent process using a specification that is not widely implemented. ptadapter wraps pluggable transports to provide a simple local TCP interface so that pluggable transports can easily be used by other programs.

Here is a tutorial on using ptadapter and obfs4 to obfuscate a simple HTTP proxy.

Server

Install the dependencies.
$ sudo apt install python3-pip obfs4proxy ncat
$ sudo pip3 install ptadapter
Run your HTTP proxy, listening on a localhost port. (You can replace this step with any kind of server you want.)
$ ncat -l -k --proxy-type http 127.0.0.1 3128
Create a file called ptadapter.ini. The format is documented here
[server]
exec = /usr/bin/obfs4proxy
state = pt_state
forward = 127.0.0.1:3128
tunnels = server_obfs4
[server_obfs4]
transport = obfs4
listen = 0.0.0.0:9999 # replace this with a port of your choice
Run ptadapter on the configuration file. Now you have an external obfs4 listener on 0.0.0.0:9999 that will deobfuscate traffic and forward it to 127.0.0.1:3128.
$ ptadapter -S ptadapter.ini
Get the bridge’s certificate for pt_state/obfs4_bridgeline.txt. The important part is cert=..., the obfs4 server’s public key information. You will need it when setting up the client.
$ cat pt_state/obfs4_bridgeline.txt
Bridge obfs4 :  cert=1/x+AlgQH0T9ZD23FUzs7SeYzDFhxIXjlbTwU7ExkAXVAmi601C4S4Auk+oRqniAIbqmXg iat-mode=0

Client

Install the dependencies.
$ sudo apt install python3-pip obfs4proxy
$ sudo pip3 install ptadapter
Create a file called ptadapter.ini. Copy the values for options-cert and options-iat-mode from pt_state/obfs4_bridgeline.txt on the server.
[client]
exec = /usr/bin/obfs4proxy
state = pt_state
tunnels = client_obfs4
[client_obfs4]
transport = obfs4
listen = 127.0.0.1:3128
upstream = :9999
options-cert = 1/x+AlgQH0T9ZD23FUzs7SeYzDFhxIXjlbTwU7ExkAXVAmi601C4S4Auk+oRqniAIbqmXg
options-iat-mode = 0
Run ptadapter on the configuration file. Now you have a local listener at 127.0.0.1:3128 that will obfuscate and forward to server:9999, which will then deobfuscate and forward to its own 127.0.0.1:3128. Basically, the client’s port 3128 is connected to the server’s port 3128 through a magic obfuscated tunnel.
$ ptadapter -C ptadapter.ini
Now you can test the tunnel, treating the client’s local 127.0.0.1:3128 as if it were an HTTP proxy.
$ curl -x http://127.0.0.1:3128/ https://wtfismyip.com/text

You can also configure 127.0.0.1:3128 in your web browser, etc.

Troubleshooting

Use the -v option to make ptadapter more verbose.
$ ptadapter -vv -S ptadapter.ini
$ ptadapter -vv -C ptadapter.ini
Enable obfs4proxy logging in ptadapter.ini. The logs will appear in pt_state/obfs4proxy.log.
[server]                 
exec = /usr/bin/obfs4proxy --enableLogging --unsafeLogging --logLevel=DEBUGfrom https://ntc.party/t/ptadapter/275

相关帖子:
https://briteming.blogspot.com/2019/10/pluggable-transports.html
https://briteming.blogspot.com/2019/10/shapeshifter-dispatcher.html