| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
Debian squeeze packages zope.interface-3.5.3, which is utterly
prehistoric and was puking on the `@implementer` decorator. Fixing
this makes the code work, though txsocksx also has a dependency on
"zope.interface that isn't from 2009".
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent changes has broken obfsproxy on systems running Twisted < 13.2.0.
We now monkeypatch Twisted from __init__.py if the new features we are
expected are missing.
Things added:
* twisted.internet.error.UnsupportedAddressFamily - Just a
`Exception`, 100% compatible with Twisted.
* twisted.internet.endpoints.HostnameEndpoint - The older the copy of
Twisted is, the bigger the difference between the real
implementation.
* IPv4 will always work.
* IPv6 will work for Twisted >= 12.2.0.
* Hostname (DNS resolution) will never work.
The limitations here are ok, since the endpoint in question is used
when tunneling obfsproxy traffic through another proxy, and tor will
configure that via IP address.
This fixes bug #11558.
|
| |\
| |
| |
| |
| | |
Conflicts:
ChangeLog
|
| | |
| |
| |
| |
| |
| | |
Clean some long lines, and some instances of pylint's
logging-not-lazy (although the rest of the codebase has many more
instances of this).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Some HTTP proxys opt to close the connection instead of returning a
HTTP status code on certain failures (Eg: polipo auth faliure, privoxy
ACL denial). This change logs a better error message to the obfsproxy
log when that happens.
As an added bonus the SOCKS5 server now knows about EHOSTUNREACH, so
a more informative response is sent on that failure type.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This adds a HTTPS CONNECT client. It's been lightly tested with both
privoxy and apache2 and appears to work, both without authentication
and with Basic.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
TransportConfig already carries global obfsproxy information (like the
state location, etc.). The only difference with the settings.py idea
that settings.py:Config was a singleton.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch originally by Arturo Filasto, with changes by Yawning Angel. This
patch depends on pyptlib modifications as it also supports using the
managed TOR_PT_PROXY enviornment variable.
WARNING: Attempting to use a http proxy will break mysteriously as the
connect routines are just stubbed out.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
On all the systems I've checked so far running a U*IX variant,
`python2` is a valid symlink to the Python 2.x.x interpreter. Since
certain systems are also shipping Python 3 and some make it the default
system python, the shebang should be explicit.
This fixes bug #11190.
|
| | | |
|
| | |
| |
| |
| |
| | |
Conflicts:
ChangeLog
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This works around <http://bugs.python.org/issue10212> which prevented
the SOCKS5 server from working for clients running Python < 2.7.4,
fixing <https://bugs.torproject.org/11329>.
|
| |/
|
|
| |
Found by Yawning Angel.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The attribute "creationTime" does not exist. Instead, update the correct
attribute "keyCreation". This bug broke the server's key rotation. The patch,
written by Yawning Angel, fixes <https://bugs.torproject.org/11100>.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* ACCEPTABLE_CMDS now only contains CONNECT, since that is the only command
used and actually implemented.
* Removed trailing whitespace from the socks5 tests.
|
| |
|
|
|
|
| |
Not going to touch #10240 for now since the SOCKS args handler will eventually
be totally rewritten (changed to return a dict containing the separated [k=v]
pairs).
|
| | |
|
| |
|
|
|
|
| |
* Since the compat inet_ntop is used, no longer need to try/catch
* Make _ByteBuffer.get(self, length) return a string and remove a ton of
str() calls
|
| |
|
|
| |
Apparently, these routines are missing on Windows.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed based on feedback from hellias:
* handleCmdConnectFailure now traps errors
* sendReply no longer deals with parsing out the outgoing local address
* logging uses the obfsproxy logger again
* Fixed a bug where send_reply was used instead of sendReply
* The obfsproxy specific SOCKSv5 classes were renamed to OBFSSOCKSv5Outgoing
and OBFSSOCKSv5Protocol
Bugs I found:
* SOCKSv5Protocol.dataReceived() should actually work now (never called by
obfsproxy since it's overridden)
* _ByteBuffer.get_uint32() was always doing byte order conversion (method never
used)
|
| |
|
|
|
|
|
|
| |
* Instead of using methodcaller, just store lambdas in the auth vtable
* Add doc strings to _ByteBuffer
* Do not use "len" as a variable name
* Fix a bug in processEstablishedData() that pylint caught (obfsproxy
would never have triggered it since the routine is overriden)
|
| |
|
|
|
|
| |
* Use a wrapper class to isolate the scary struct.pack/unpack calls
* Refactor the code to look like twisted.protocols.socks
* Support DOMAINNAME, though it's untested
|
| |
|
|
|
|
|
|
| |
* SOCKSv5Reply changed to a newstyle class
* Move the pluggable transport specific auth code into it's own routine, with
lots of comments.
Thanks to isis for the help.
|
| |
|
|
| |
* It works over the loopback address at least, still haven't gotten a tunnel.
|
| | |
|
| |
|
|
|
|
| |
* Log a more useful error message when user sends payload data in _SOCKS_ST_CONNECTING
* Explicitly log a specific error when rejecting ATYP DOMAINNAME
* Connect can also fail with TimedOutError
|
| | |
|
| | |
|
| |
|
|
|
|
| |
* Fixed redundant import
* Added some more comments
* Deal with the possibility that socket.inet_ntop may be missing
|
| |
|
|
|
|
|
|
|
| |
A straight forward SOCKS5 server implementation with the following caveats:
* It is tightly coupled with the obfsproxy channel/GenericNetworkProtocol code
* It's idea of RFC1929 is the ugly hack in pt-spec.txt
* Only supports CONNECT
* Only supports IPv4/IPv6 addresses, because DNS leaks make me sad
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Test against test vectors
* Do 1000 generate/exchanges and validate the keys. Also acts as a quick and
dirty benchmark (run with the Twisted trial to actually log).
This required changing the UniformDH ctor to allow the user to specify the
private key at run time. If a key that is not 192 bits is specified, it will
raise a ValueError, but no one should use that feature apart from the test code.
The key generation was also modified to no longer leak which public key is
chosen via timing information.
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
ChangeLog
|
| | |
| |
| |
| | |
There is no performance difference between gmpy1 and gmpy2 for obfsproxy, but according to the gmpy authors "gmpy2 is now the recommended version, especially if you use the pre-compiled versions for Windows.".
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This cuts the amount of time that is spent doing UniformDH related work in the
context of the main event loop in half. It is impossible to eliminate it
entirely as the client and server both send the public keys immediately on
connection when doing an obfs3 handshake.
Notable changes:
* self.dh.get_secret() is processed in a Twisted worker thread.
* Another state is added as part of the handshake process for when the thread
is running.
* At each step of the handshake process, if there is data remaining unprocessed
the next stage is direcly invoked at the tail of each routine.
* After the handshake is done, if data is pending, self._scan_for_magic()
is called.
* After the magic is found, if data is pending, we relay the remaining data
immediately.
|
| | |
|
| | |
|
| | |
|
