1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
== Introduction
This is a set of tools that make it possible to connect Tor through an
Adobe Flash proxy running on another computer. The Flash proxy can be
run just by opening a web page in a computer that has Flash Player
installed.
There are five main parts. Our terminology for each part is in quotes.
1. The Tor "client," running on someone's localhost.
2. A "connector," which waits for connections from the Flash proxy and
the Tor client, and joins them together.
3. A Flash "proxy," running in someone's web browser. This piece is
called swfcat because it is like a netcat implemented in Flash.
4. A "facilitator," a pseudo-HTTP server that keeps a list of clients
that want a connection, and hands them out to proxies.
5. A Tor "relay," which is just a normal Tor relay except that its host
must also serve a Flash crossdomain policy.
== Quick start
=== Building
Download the (free software) Flex SDK.
http://opensource.adobe.com/wiki/display/flexsdk/Flex+SDK
Put its bin directory in your PATH. The important executable is mxmlc.
To build, run
$ make
Copy the resulting swfcat.swf file to a web server.
On the computer that will be the facilitator, run
sudo ./crossdomaind.py
./facilitator.py
crossdomaind.py needs to be run on any server that will accept
connections from a Flash proxy. It serves a chunk of data on port 843.
The facilitator runs on port 9002 by default.
On the client, run
./connector.py -f <FACILITATOR_IP>
Replace <FACILITATOR_IP> with the IP address of the facilitator. (If you
are running the facilitator locally, be sure to use an external IP
address, not 127.0.0.1.) The connector informs the facilitator that it
wants a connection, then listens on 0.0.0.0:9000 and 127.0.0.1:9001. The
Flash proxy will connect on port 9000 and the local Tor will connect on
9001.
In a browser somewhere, open swfcat.swf and pass a parameter telling it
the facilitator to use, for example
http://www.example.com/swfcat.swf?facilitator=<FACILITATOR_IP>:9002
The facilitator will return the client address that was registered by
connector.py, and the Flash proxy will open a connection to a hardcoded
Tor relay and the given client.
Back on the client, start Tor with the following configuration:
UseBridges 1
Bridge 127.0.0.1:9001
Socks4Proxy 127.0.0.1:9001
You will be able to see byte counts flowing in the browser displaying
swfcat.swf, and eventually be able to build a circuit.
== Rationale
The purpose of this project is to create many, generally ephemeral
bridge IP addresses, with the goal of outpacing a censor's ability to
block them. Rather than increasing the number of bridges at static
addresses, we aim to make existing bridges reachable by a larger and
changing pool of addresses.
== Design notes
The Tor relay address is hardcoded in swfcat.as. It could be any relay,
with the caveat that the server also has to serve a crossdomain policy.
The Tor client needs to be able to listen for an incoming connection,
which generally means not being behind NAT.
Clients register with the facilitator by sending an HTTP-like message:
POST / HTTP/1.0\r\n
\r\n
client=:9000
The Flash proxy also gets a client address using something like HTTP:
GET / HTTP/1.0\r\n
\r\n
The server sends back an address specification (no HTTP header):
192.168.0.102:8888
== ActionScript programming
A good tutorial on ActionScript programming with the Flex tools, with
sample code:
http://www.senocular.com/flash/tutorials/as3withmxmlc/
http://www.senocular.com/flash/tutorials/as3withmxmlc/AS3Flex2b3StarterFiles.zip
|
