Skip to content
Snippets Groups Projects
  1. Jan 25, 2016
  2. Jan 17, 2016
  3. Oct 30, 2015
  4. Oct 29, 2015
    • Yawning Angel's avatar
      Add the "meek_lite" transport, which does what one would expect. · 611205be
      Yawning Angel authored
      This is a meek client only implementation, with the following
      differences with dcf's `meek-client`:
      
       - It is named `meek_lite` to differentiate it from the real thing.
       - It does not support using an external helper to normalize TLS
         signatures, so adversaries can look for someone using the Go
         TLS library to do HTTP.
       - It does the right thing with TOR_PT_PROXY, even when a helper is
         not present.
      
      Most of the credit goes to dcf, who's code I librerally cribbed and
      stole.  It is intended primarily as a "better than nothina" option
      for enviornments that do not or can not presently use an external
      Firefox helper.
      611205be
    • Yawning Angel's avatar
      Make establishing outgoing connections the transport's responsibility. · e52258ed
      Yawning Angel authored
      ClientFactories now have a Dial() method instead of a WrapConn()
      method, so that it is possible to write something like meek-client
      using the obfs4proxy framework.
      
      This breaks the external interface if anyone is using obfs4proxy as
      a library, but the new way of doing things is a trivial modification,
      to a single routine that shouldn't have been very large to begin with.
      e52258ed
  5. Jun 01, 2015
  6. May 26, 2015
  7. Apr 23, 2015
  8. Apr 15, 2015
    • Yawning Angel's avatar
    • Yawning Angel's avatar
      Use a built in SOCKS 5 server instead of goptlibs. · a8d7134f
      Yawning Angel authored
      Differences from my goptlib branch:
       * Instead of exposing a net.Listener, just expose a Handshake() routine
         that takes an existing net.Conn. (#14135 is irrelevant to this socks
         server.
       * There's an extra routine for sending back sensible errors on Dial
         failure instead of "General failure".
       * The code is slightly cleaner (IMO).
      
      Gotchas:
       * If the goptlib pt.Args datatype or external interface changes,
         args.go will need to be updated.
      
      Tested with obfs3 and obfs4, including IPv6.
      a8d7134f
  9. Apr 13, 2015
  10. Apr 03, 2015
  11. Mar 28, 2015
  12. Mar 26, 2015
  13. Mar 23, 2015
    • Yawning Angel's avatar
      Change the import path for go.net. · aed4b723
      Yawning Angel authored
      The Go developers decided to move the go.net repository to
      golang.org/x/net, and also to transition from hg to git.  This wasn't
      changed when the go.crypto imports were since the 'proxy' component
      doesn't have imports that break, so the old code still works.
      
      While the change here is simple (just update the import location), this
      affects packagers as it now expects the updated package.  Sorry for the
      inconveneince, I blame the Go people, and myself for not just doing
      this along with the go.crypto changes.
      aed4b723
  14. Mar 22, 2015
  15. Mar 21, 2015
  16. Mar 18, 2015
  17. Mar 16, 2015
  18. Feb 17, 2015
    • Yawning Angel's avatar
    • Yawning Angel's avatar
      Add support for acting as a ScrambleSuit client. · 0066cfc3
      Yawning Angel authored
      This allows obfs4proxy to be used as a ScrambleSuit client that is wire
      compatible with the obfs4proxy implementation, including session ticket
      support, and length obfuscation.
      
      The current implementation has the following limitations:
       * IAT obfuscation is not supported (and is disabled in all other
         ScrambleSuit implementations by default).
       * The length distribution and probabilites are different from those
         generated by obfsproxy and obfsclient due to a different DRBG.
       * Server support is missing and is unlikely to be implemented.
      0066cfc3
  19. Jan 14, 2015
    • Yawning Angel's avatar
      Document the obfs4 NaCl secretbox nonce generation. · 0f038ca4
      Yawning Angel authored
      Forgot to include this in the spec, though it was documented as a
      comment in the framing code.
      0f038ca4
    • Yawning Angel's avatar
      Change the import path for go.crypto. · cdeda572
      Yawning Angel authored
      The Go developers decided to move the go.crypto repository to
      golang.org/x/crypto, and also to transition from hg to git.  The tip of
      tree code.google.com copy of the code is broken due to the import paths
      pointing at the new repository.
      
      While the change here is simple (just update the import location), this
      affects packagers as it now expects the updated package.  Sorry for the
      inconveneince, I blame the Go people.
      cdeda572
  20. Oct 24, 2014
  21. Oct 03, 2014
    • Yawning Angel's avatar
      Improve the performance of the obfs4 handshake test. · 4932821b
      Yawning Angel authored
      Exhaustively testing padding combinations is really slow, and was
      causing timeouts during the Debian ARM package build process.  Attempt
      to improve the situation by:
      
       * Reusing the client and server keypair for all of the tests, to cut
         runtime down by  ~50%.
       * Splitting the client side and server side tests up, as it appears
         the timeout is per-test case.
      
      If this doesn't fix things, the next thing to try would be to reduce
      the actual number of padding lengths tested, but that is a last resort
      at the moment.
      4932821b
  22. Oct 01, 2014
  23. Sep 26, 2014
  24. Sep 24, 2014
  25. Sep 06, 2014
  26. Sep 03, 2014
Loading