torproject/webwml
1
0
Fork 0
mirror of https://github.com/torproject/webwml.git synced 2025-03-04 00:07:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
webwml/docs/en/pluggable-transports.wml
Sebastian Hahn d624c28a56 Capitalize some stuff
2016-07-05 02:26:53 +02:00

174 lines
7.5 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## translation metadata
# Revision: $Revision$
# Translation-Priority: 3-low
#include "head.wmi" TITLE="Tor Project: Pluggable Transports" CHARSET="UTF-8"
<div id="content" class="clearfix">
<div id="breadcrumbs">
<a href="<page index>">Home &raquo; </a>
<a href="<page docs/documentation>">Documentation &raquo; </a>
<a href="<page docs/pluggable-transports>">Pluggable Transports</a>
</div>
<div id="maincol">
<h2>Tor: Pluggable Transports</h2>
<hr>
<p>
An increasing number of censoring countries are using Deep Packet
Inspection (DPI) to classify Internet traffic flows by protocol.
While Tor uses <a href="<page docs/bridges>">bridge relays</a> to
get around a censor that blocks by IP address, the censor can use
DPI to recognize and filter Tor traffic flows even when they connect
to unexpected IP addresses.
</p>
<p>
Pluggable Transports (PT) transform the Tor traffic flow between the client
and the bridge. This way, censors who monitor traffic between the
client and the bridge will see innocent-looking transformed traffic
instead of the actual Tor traffic.
External programs can talk to Tor clients and Tor bridges using the <a
href="https://gitweb.torproject.org/torspec.git/tree/pt-spec.txt">pluggable
transport API</a>, to make it easier to build interoperable programs.
</p>
<hr>
<h3>Currently deployed PTs</h3>
<p>
These Pluggable Transports are currently deployed in Tor Browser, and you can start using them by <a href="<page download/download-easy>">downloading and using Tor Browser</a>.
</p>
<!-- TODO: make a link to how to config TB to use PTs -->
<ul>
<li><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt"><b>obfs4</b></a>
is a transport with the same features as <a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a>
but utilizing Dan Bernstein's <a href="http://elligator.cr.yp.to/elligator-20130828.pdf">elligator2</b></a>
technique for public key obfuscation, and the
<a href="https://gitweb.torproject.org/torspec.git/tree/proposals/216-ntor-handshake.txt">ntor protocol</a>
for one-way authentication. This results in a faster protocol. Written in Go.
Maintained by Yawning Angel.
</li>
<!-- TODO: update the link with repo hosted on git.tpo. and make a note that this client supports obfs3 -->
<li><a href="https://trac.torproject.org/projects/tor/wiki/doc/meek"><b>meek</b></a>
is a transport that uses HTTP for carrying bytes and TLS for
obfuscation. Traffic is relayed through a third-party server
(Google App Engine). It uses a trick to talk to the third party so
that it looks like it is talking to an unblocked server.
Maintained by David Fifield.
</li>
<!-- TODO: add more info about meek. include amazon and azure and maybe remove google for now -->
<li><a href="https://fteproxy.org/"><b>Format-Transforming
Encryption</b></a> (FTE) transforms Tor traffic to arbitrary
formats using their language descriptions. See the <a
href="https://kpdyer.com/publications/ccs2013-fte.pdf">research
paper</a>.</li>
<li><a href="http://www.cs.kau.se/philwint/scramblesuit/"><b>ScrambleSuit</b></a>
is a pluggable transport that protects
against follow-up probing attacks and is also capable of changing
its network fingerprint (packet length distribution,
inter-arrival times, etc.). It's part of the Obfsproxy framework.
Maintained by Philipp Winter.
</li>
<!-- TODO: it's unclear whether orbot still uses obfsclient or not;
commenting out untill furthure notice -->
<!-- <li><a href="https://github.com/yawning/obfsclient"><b>obfsclient</b></a>
is a multi-transport pluggable transport proxy (like obfsproxy),
written in C++ that implements the client-side of <em>obfs2</em>,
<em>obfs3</em> and <em>scramblesuit</em>. It's used by
<a href="https://guardianproject.info/apps/orbot/">Orbot</a> on
Android because of the difficulties of using Python applications.
Maintained by Yawning Angel. <br>
</li> -->
</ul>
<hr>
<h3>Deprecated PTs; Removed from Tor Browser</h3>
<ul>
<!-- TODO: add deprecation note for each PT -->
<li><a href="<page projects/obfsproxy>"><b>Obfsproxy</b></a> is a Python framework for implementing new
pluggable transports. It uses Twisted for its networking needs, and
<a href="https://gitweb.torproject.org/pluggable-transports/pyptlib.git/tree/README.rst">pyptlib</a>
for some pluggable transport-related features. It supports the
<a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs2/obfs2-protocol-spec.txt">obfs2</a>
and
<a href="https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt">obfs3</a>
pluggable transports. Maintained by asn.
</li>
<li><a href="https://crypto.stanford.edu/flashproxy/"><b>Flashproxy</b></a> turns ordinary web browsers into bridges using
websockets, and has a little python stub to hook Tor clients to the
websocket connection. See its
<a href="https://gitweb.torproject.org/flashproxy.git">git repository</a>,
and
<a href="https://crypto.stanford.edu/flashproxy/flashproxy.pdf">design paper</a>.
Maintained by David Fifield.
<!-- # <iframe src="//crypto.stanford.edu/flashproxy/embed.html" width="80" height="15" frameborder="0" scrolling="no"></iframe> -->
</li>
</ul>
<hr>
<h3>Undeployed PTs</h3>
<!-- TODO: move this section to wiki -->
<!-- TODO: add snowflake -->
<ul>
<li><b>StegoTorus</b> is an Obfsproxy fork that extends it to a)
split Tor streams across multiple connections to avoid packet size
signatures, and b) embed the traffic flows in traces that look like
HTML, JavasCript, or PDF. See its
<a href="https://gitweb.torproject.org/stegotorus.git">git repository</a>.
Maintained by Zack Weinberg. <br>
</li>
<li><b>SkypeMorph</b> transforms Tor traffic flows so they look like
Skype Video. See its
<a href="http://crysp.uwaterloo.ca/software/SkypeMorph-0.5.1.tar.gz">source code</a>
and
<a href="http://cacr.uwaterloo.ca/techreports/2012/cacr2012-08.pdf">design paper</a>.
Maintained by Ian Goldberg. <br>
</li>
<li><b>Dust</b> aims to provide a packet-based (rather than
connection-based) DPI-resistant protocol. See its
<a href="https://github.com/blanu/Dust">git repository</a>.
Maintained by Brandon Wiley. <br>
</li>
</ul>
<p> Also see the <emph>unofficial</emph> pluggable transports <a
href="https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports">wiki
page</a> for more pluggable transport information.</p>
<hr>
<p>
Our goal is to have a wide variety of Pluggable Transport designs.
Many are at the research phase now, so it's a perfect time to play
with them or suggest new designs. Please let us know if you find or
start other projects that could be useful for making Tor's traffic
flows more DPI-resistant!
</p>
</div>
<!-- END MAINCOL -->
<div id = "sidecol">
#include "side.wmi"
#include "info.wmi"
</div>
<!-- END SIDECOL -->
</div>
<!-- END CONTENT -->
#include <foot.wmi>
Reference in New Issue View Git Blame Copy Permalink