summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* Change zope usage to deal with really old zope.bug11558Yawning Angel2014-04-22
| | | | | | | Debian squeeze packages zope.interface-3.5.3, which is utterly prehistoric and was puking on the `@implementer` decorator. Fixing this makes the code work, though txsocksx also has a dependency on "zope.interface that isn't from 2009".
* Add compatibility code for old versions of Twisted.Yawning Angel2014-04-19
| | | | | | | | | | | | | | | | | | | | | | | | | Recent changes has broken obfsproxy on systems running Twisted < 13.2.0. We now monkeypatch Twisted from __init__.py if the new features we are expected are missing. Things added: * twisted.internet.error.UnsupportedAddressFamily - Just a `Exception`, 100% compatible with Twisted. * twisted.internet.endpoints.HostnameEndpoint - The older the copy of Twisted is, the bigger the difference between the real implementation. * IPv4 will always work. * IPv6 will work for Twisted >= 12.2.0. * Hostname (DNS resolution) will never work. The limitations here are ok, since the endpoint in question is used when tunneling obfsproxy traffic through another proxy, and tor will configure that via IP address. This fixes bug #11558.
* Merge branch 'bug8956_tweak'George Kadianakis2014-04-16
|\ | | | | | | | | Conflicts: ChangeLog
| * Tweak the proxy logging a bit.George Kadianakis2014-04-16
| | | | | | | | | | | | Clean some long lines, and some instances of pylint's logging-not-lazy (although the rest of the codebase has many more instances of this).
| * Clean up error handling when the http proxy doesn't return status.Yawning Angel2014-04-16
| | | | | | | | | | | | | | | | | | | | Some HTTP proxys opt to close the connection instead of returning a HTTP status code on certain failures (Eg: polipo auth faliure, privoxy ACL denial). This change logs a better error message to the obfsproxy log when that happens. As an added bonus the SOCKS5 server now knows about EHOSTUNREACH, so a more informative response is sent on that failure type.
| * Don't feed None to parseProxyURI() in external mode.George Kadianakis2014-04-15
| |
| * Add support for connecting via a HTTPS CONNECT proxy.Yawning Angel2014-04-15
| | | | | | | | | | | | This adds a HTTPS CONNECT client. It's been lightly tested with both privoxy and apache2 and appears to work, both without authentication and with Basic.
| * Fix connecting via a SOCKS proxy.Yawning Angel2014-04-15
| |
| * Use transport_config.py instead of making a new settings.py.George Kadianakis2014-04-06
| | | | | | | | | | | | TransportConfig already carries global obfsproxy information (like the state location, etc.). The only difference with the settings.py idea that settings.py:Config was a singleton.
| * Per asn, create_proxy_client() should just take an instanceYawning Angel2014-03-20
| |
| * Till HTTP CONNECT is actually supported, properly reject useYawning Angel2014-03-19
| |
| * Add suport for connecting via SOCKS4(a)/SOCKS5 using txsocksxYawning Angel2014-03-19
| | | | | | | | | | | | | | | | | | Patch originally by Arturo Filasto, with changes by Yawning Angel. This patch depends on pyptlib modifications as it also supports using the managed TOR_PT_PROXY enviornment variable. WARNING: Attempting to use a http proxy will break mysteriously as the connect routines are just stubbed out.
* | Add ChangeLog entry for #11190.George Kadianakis2014-04-13
| |
* | Changed the obfsproxy shebang to point to `python2`Yawning Angel2014-04-13
| | | | | | | | | | | | | | | | | | On all the systems I've checked so far running a U*IX variant, `python2` is a valid symlink to the Python 2.x.x interpreter. Since certain systems are also shipping Python 3 and some make it the default system python, the shebang should be explicit. This fixes bug #11190.
* | Do the release ritual for obfsproxy-0.2.8.obfsproxy-0.2.8George Kadianakis2014-03-28
| |
* | Obfsproxy can now resolve DNS hostnames in bridge addresses.George Kadianakis2014-03-28
| | | | | | | | | | Conflicts: ChangeLog
* | Trivial tweaks to #11329 fix.George Kadianakis2014-03-27
| |
* | Cast bytearray to str before calling struct.unpack() in socks5.py.Yawning Angel2014-03-27
| | | | | | | | | | | | This works around <http://bugs.python.org/issue10212> which prevented the SOCKS5 server from working for clients running Python < 2.7.4, fixing <https://bugs.torproject.org/11329>.
* | Fix bug in unused socks5.py function.George Kadianakis2014-03-26
|/ | | | Found by Yawning Angel.
* Do the release ritual for obfsproxy-0.2.7.obfsproxy-0.2.7George Kadianakis2014-03-15
|
* Add ChangeLog entry for #11100.George Kadianakis2014-03-15
|
* Update correct attribute to fix key rotation.Philipp Winter2014-03-15
| | | | | | The attribute "creationTime" does not exist. Instead, update the correct attribute "keyCreation". This bug broke the server's key rotation. The patch, written by Yawning Angel, fixes <https://bugs.torproject.org/11100>.
* Add editor swap files to .gitignore.George Kadianakis2014-03-12
|
* Massage the ChangeLog a bit.George Kadianakis2014-03-11
|
* Fix the last issues asn foundYawning Angel2014-03-11
| | | | | | * ACCEPTABLE_CMDS now only contains CONNECT, since that is the only command used and actually implemented. * Removed trailing whitespace from the socks5 tests.
* Fix the test_socks.py unit testsYawning Angel2014-03-10
| | | | | | Not going to touch #10240 for now since the SOCKS args handler will eventually be totally rewritten (changed to return a dict containing the separated [k=v] pairs).
* Add unit tests for socks5.pyYawning Angel2014-03-10
|
* Minor changesYawning Angel2014-03-10
| | | | | | * Since the compat inet_ntop is used, no longer need to try/catch * Make _ByteBuffer.get(self, length) return a string and remove a ton of str() calls
* Use inet_ntop/inet_pton from twisted.python.compat instead of the socketYawning Angel2014-03-10
| | | | Apparently, these routines are missing on Windows.
* Incorporate feedback from hellais, and minor bug fixesYawning Angel2014-03-10
| | | | | | | | | | | | | | | | Changed based on feedback from hellias: * handleCmdConnectFailure now traps errors * sendReply no longer deals with parsing out the outgoing local address * logging uses the obfsproxy logger again * Fixed a bug where send_reply was used instead of sendReply * The obfsproxy specific SOCKSv5 classes were renamed to OBFSSOCKSv5Outgoing and OBFSSOCKSv5Protocol Bugs I found: * SOCKSv5Protocol.dataReceived() should actually work now (never called by obfsproxy since it's overridden) * _ByteBuffer.get_uint32() was always doing byte order conversion (method never used)
* Fix more things pointed out by asnYawning Angel2014-03-10
| | | | | | | | * Instead of using methodcaller, just store lambdas in the auth vtable * Add doc strings to _ByteBuffer * Do not use "len" as a variable name * Fix a bug in processEstablishedData() that pylint caught (obfsproxy would never have triggered it since the routine is overriden)
* More changes based on feedbackYawning Angel2014-03-10
| | | | | | * Use a wrapper class to isolate the scary struct.pack/unpack calls * Refactor the code to look like twisted.protocols.socks * Support DOMAINNAME, though it's untested
* CleanupsYawning Angel2014-03-10
| | | | | | | | * SOCKSv5Reply changed to a newstyle class * Move the pluggable transport specific auth code into it's own routine, with lots of comments. Thanks to isis for the help.
* Derp. IPv6 addresses are 16 bytes, and not 12. Heh.Yawning Angel2014-03-10
| | | | * It works over the loopback address at least, still haven't gotten a tunnel.
* Add SOCKSv5Reply that can be passed to SOCKSv5Protocol.send_reply()Yawning Angel2014-03-10
|
* More minor cleanupsYawning Angel2014-03-10
| | | | | | * Log a more useful error message when user sends payload data in _SOCKS_ST_CONNECTING * Explicitly log a specific error when rejecting ATYP DOMAINNAME * Connect can also fail with TimedOutError
* Send more appropriate SOCKS error codes on connect failuresYawning Angel2014-03-10
|
* Fix a search and replace errorYawning Angel2014-03-10
|
* Cleanups to the SOCKS5 codeYawning Angel2014-03-10
| | | | | | * Fixed redundant import * Added some more comments * Deal with the possibility that socket.inet_ntop may be missing
* Use SOCKS5 instead of SOCKS4Yawning Angel2014-03-10
| | | | | | | | | A straight forward SOCKS5 server implementation with the following caveats: * It is tightly coupled with the obfsproxy channel/GenericNetworkProtocol code * It's idea of RFC1929 is the ugly hack in pt-spec.txt * Only supports CONNECT * Only supports IPv4/IPv6 addresses, because DNS leaks make me sad
* Add UniformDH unit testsYawning Angel2014-03-08
| | | | | | | | | | | | | * Test against test vectors * Do 1000 generate/exchanges and validate the keys. Also acts as a quick and dirty benchmark (run with the Twisted trial to actually log). This required changing the UniformDH ctor to allow the user to specify the private key at run time. If a key that is not 192 bits is specified, it will raise a ValueError, but no one should use that feature apart from the test code. The key generation was also modified to no longer leak which public key is chosen via timing information.
* Slightly edit scramblesuit unittests so that they run in obfsproxy.George Kadianakis2014-03-02
|
* Import Philipp's scramblesuit unittests.George Kadianakis2014-03-02
|
* Add a __init__.py in the transport-specific unittest directory.George Kadianakis2014-03-02
|
* Merge branch 'yawning_gmpy2'George Kadianakis2014-03-02
|\ | | | | | | | | Conflicts: ChangeLog
| * Also support gmpy2 for doing modular exponentiation.Yawning Angel2014-02-24
| | | | | | | | There is no performance difference between gmpy1 and gmpy2 for obfsproxy, but according to the gmpy authors "gmpy2 is now the recommended version, especially if you use the pre-compiled versions for Windows.".
* | Use twisted.internet.threads.deferToThread in the obfs3 handshake.Yawning Angel2014-02-28
|/ | | | | | | | | | | | | | | | | | This cuts the amount of time that is spent doing UniformDH related work in the context of the main event loop in half. It is impossible to eliminate it entirely as the client and server both send the public keys immediately on connection when doing an obfs3 handshake. Notable changes: * self.dh.get_secret() is processed in a Twisted worker thread. * Another state is added as part of the handshake process for when the thread is running. * At each step of the handshake process, if there is data remaining unprocessed the next stage is direcly invoked at the tail of each routine. * After the handshake is done, if data is pending, self._scan_for_magic() is called. * After the magic is found, if data is pending, we relay the remaining data immediately.
* Improve the error message if we can't set up a listener.George Kadianakis2014-02-13
|
* Do the release ritual for obfsproxy-0.2.6.obfsproxy-0.2.6George Kadianakis2014-02-03
|
* Remove gmpy from the requirements of setup.py.George Kadianakis2014-02-03
|