Total Pageviews

Wednesday, 20 May 2020

obfs-detection

"Seeing through Network Protocol Obfuscation".

Dependencies

Install Tor Stem and Selenium driver
sudo pip install stem selenium 
Install scikit-learn
sudo apt-get install build-essential python-dev python-setuptools \
                     python-numpy python-scipy \
                     libatlas-dev libatlas3gf-base
sudo pip install -U numpy scipy scikit-learn

Use the framework to collect Tor traces

  1. Download the source code of the newest Tor Browser Bundle from https://www.torproject.org/projects/torbrowser.html.en, and unzip it. The resulting directory should be "path/tor-browser_en-US".
  2. Download the Alexa Top 1M domain list from http://s3.amazonaws.com/alexa-static/top-1m.csv.zip, or create your own file that contains target domains. The format of the file must be "unique_ID, domain_name". The unique IDs should be numeric values.
  3. Follow the instructions in https://github.com/Yawning/obfs4 to build obfsproxy4, change the output to obfs4proxy.bin (or obfs4proxy4.exe) and put it in the "path/tor-browser_en-US/Browser/TorBrowser/Tor/PluggableTransports/"
  4. Put tor_trace_collection.py and conf.py in the "path/tor-browser_en-US/Browser/", and configure the conf.py.
  5. Disable the TorLauncher extension in the TBB.
  6. Run "python tor_trace_collection.py -h" to see how to use it.
  7. The pcaps for a given type of PT will be stored at "PCAP_ROOT_DIRECTORY/ROUND_NUMBER/PT_NAME/"

from https://github.com/liangw89/obfs-detection
-----

Tests if a Tor bridge's obfs4 port is publicly reachable.

obfs4PortScan

This service lets bridge operators test if their bridge's obfs4 port is publicly reachable.

Command line arguments arguments

The tool takes as input two command line arguments: a path to a certificate file (specified by the argument -cert-file) and a path to its key file (specified by the argument -key-file), both in PEM format. We use these files to run the HTTPS server. An optional third argument (-addr) can be used to specify the address and port to listen on.

Scanning method

We try to establish a TCP connection with the given IP address and port using golang's net.DialTimeout function. If we don't get a response within three seconds, we deem the port unreachable. We also deem the port unreachable if we get a RST segment before the timeout. In both cases, we display the error message that we got from net.DialTimeout.
We implement a simple rate limiter that limits incoming requests to an average of one per second with bursts of as many as five requests per second.

Deployment

First, compile the binary:
go build
Then, shut down the obfs4PortScan service on BridgeDB which runs under the bridgescan user:
systemctl --user stop obfs4portscan.service
Then, copy the binary onto BridgeDB's host. It belongs into the directory /home/bridgescan/bin/. Once it's there, restart the service:
systemctl --user start obfs4portscan.service
from https://github.com/NullHypothesis/obfs4PortScan

No comments:

Post a Comment