Read managed proxy server chain from a configuration file
The server in legacy/trac#7167 (moved) is called obfs-flash, but it is not inherently tied to obfsproxy not flash proxy. The only things obfs and flash about it are that it hardcodes commands to run obfsproxy and websocket-server. So let's generalize it with a configuration file. This is what I envision:
ServerTransportPlugin obfs3 exec obfsproxy managed
ServerTransportPlugin websocket exec websocket-server
Alias obfs3_websocket obfs3|websocket
What this configuration file means is, "Here is how you run the obfs3 transport, here is how you run the websocket transport, and if Tor asks you for the transport obfs3_websocket, this is the chain you should interpret it as."
The idea of using the keyword ServerTransportPlugin
is so that you can copy a transport configuration from a torrc
or from the transport's README--but it is not meant to be a general torrc
parser; in particular, ServerTransportPlugin ... proxy
won't be allowed. The Alias
is because tor doesn't allow the pipe character in transport names; it will become unnecessary if legacy/trac#9580 (moved) is implemented.
The above proxy configuration would go along with a torrc
like this. I'm using the name meta-proxy-server for what is now called obfs-flash-server.
ServerTransportPlugin obfs3_websocket exec meta-proxy-server
Having an external configuration file is nice, because it allows you to for example add --log
options to the commands, without recompiling the meta-proxy.
Imagine a bigger configuration:
ServerTransportPlugin rot13 exec myrot13server --managed
ServerTransportPlugin chaffer exec chaffer-server
ServerTransportPlugin obfs2,obfs3 exec obfsproxy managed
ServerTransportPlugin websocket exec websocket-server
Alias rot13_websocket rot13|websocket
Alias obfs2_websocket obfs2|websocket
Alias obfs3_websocket obfs3|websocket
Alias chaffedobfs3 chaffer|obfs3
With its accompanying torrc
:
ServerTransportPlugin obfs2_websocket,obfs3_websocket,chaffedobfs3 exec meta-proxy-server
You can imagine the chaffer transport, for example, as being something that changes packet sizes and timings. Then you could chain it into obfs3 to make obfs3 less fingerprintable. You could even do dumb things like obfs3-in-obfs3-in-websocket.