Skip to content
Snippets Groups Projects
  1. Sep 04, 2022
  2. Feb 04, 2022
  3. Feb 03, 2022
    • Yawning Angel's avatar
      transports/meek_lite: Remove utls support · 83f01d5a
      Yawning Angel authored
      While this was a good idea back when I did it:
      
       * People don't like the fact that it requires a fork of utls to fix
         compatibility issues, and would rather spend 3 years complaining
         about it instead of spending a weekend to fix the issues in
         upstream.
      
       * Tor over meek is trivially identifiable regardless of utls or not.
      
       * Malware asshats ruined domain fronting for everybody.
      83f01d5a
  4. Jan 02, 2022
  5. Dec 31, 2021
    • Yawning Angel's avatar
    • Yawning Angel's avatar
      internal/x25519ell2: Initial import · 393aca86
      Yawning Angel authored
      Replace agl's Elligator2 implementation with a different one, that fixes
      the various distinguishers stemming from bugs in the original
      implementation and "The Elligator paper is extremely hard to read".
      
      All releases prior to this commit are trivially distinguishable with
      simple math, so upgrading is strongly recommended.  The upgrade is fully
      backward-compatible with existing implementations, however the
      non-upgraded side will emit traffic that is trivially distinguishable
      from random.
      
      Special thanks to Loup Vaillant for his body of work on this primitive,
      and for motivating me to fix it.
      393aca86
  6. May 11, 2021
  7. Dec 17, 2020
  8. Dec 07, 2020
  9. Apr 10, 2020
  10. Jun 21, 2019
  11. May 20, 2019
  12. Apr 12, 2019
  13. Feb 05, 2019
  14. Feb 04, 2019
    • Yawning Angel's avatar
      transports/meeklite: Add a lightweight HPKP implementation · c65aaf64
      Yawning Angel authored
      HPKP is effectively dead as far as a standard goes, but the idea has
      merit in certain use cases, this being one of them.
      
      As a TLS MITM essentially will strip whatever obfuscation that the
      transport may provide, the digests of the SubjectPublicKeyInfo fields
      of the Tor Browser Azure meek host are now hardcoded.
      
      The behavior can be disabled by passing `disableHPKP=true` on the bridge
      line, for cases where comaptibility is prefered over security.
      c65aaf64
  15. Feb 01, 2019
  16. Jan 21, 2019
    • Yawning Angel's avatar
      transports/meeklite: uTLS for ClientHello camouflage · 4d453dab
      Yawning Angel authored
      There's still some interesting oddities depending on remote server and
      what fingerprint is chosen, but I can watch videos online with the
      chosen settings and the TBB Azure bridge.
      
      Note: Despite what people are claiming in the Tor Browser bug tracker
      it isn't all that hard to use the built in http client with utls.  And
      yes, the `transport.go` code does negotiate correctly in a standalone
      test case (apart from compatibility related oddities).
      4d453dab
  17. Jan 20, 2019
  18. Jan 16, 2019
  19. Nov 03, 2018
    • Daniel Martí's avatar
      port to a Go module · 08f4d470
      Daniel Martí authored
      The biggest win is that we now declare what versions of each dependency
      we require to build. This way, building a certain version of obfs4 will
      always use the same source code, independent of the master branch of
      each dependency.
      
      This is necessary for reproducible builds. On top of that, go.sum
      contains checksums of all the transitive dependencies and their modules,
      so the build system will also recognise when the source code has been
      changed.
      
      Updated the build instructions accordingly. We don't drop support for
      earlier Go versions, but those won't get the benefit of reproducible
      builds unless we start vendoring the dependencies too.
      08f4d470
  20. Apr 21, 2018
  21. Nov 15, 2016
  22. Oct 20, 2016
  23. Jul 11, 2016
  24. Apr 13, 2016
    • Yawning Angel's avatar
      The obfs4 `iat-mode` parameter is now properly configurable. · a7a2575c
      Yawning Angel authored
      It used to be that all of the bridge side parameters needed to be
      manually specified together.  This was somewhat nonsensical, and the IAT
      mode can now be set as the only obfs4 option in a `ServerTransportOptions`
      torrc directive.
      
      Thanks to dcf for reporting the issue.
      a7a2575c
  25. Jan 25, 2016
  26. Oct 29, 2015
    • Yawning Angel's avatar
      Add the "meek_lite" transport, which does what one would expect. · 611205be
      Yawning Angel authored
      This is a meek client only implementation, with the following
      differences with dcf's `meek-client`:
      
       - It is named `meek_lite` to differentiate it from the real thing.
       - It does not support using an external helper to normalize TLS
         signatures, so adversaries can look for someone using the Go
         TLS library to do HTTP.
       - It does the right thing with TOR_PT_PROXY, even when a helper is
         not present.
      
      Most of the credit goes to dcf, who's code I librerally cribbed and
      stole.  It is intended primarily as a "better than nothina" option
      for enviornments that do not or can not presently use an external
      Firefox helper.
      611205be
  27. Jun 01, 2015
  28. Apr 23, 2015
Loading