subject:"\[tor\-dev\] Obfsproxy Address Translation"

Re: [tor-dev] Obfsproxy Address Translation

2015-01-23 Thread Alfredo Palhares

Hello,

Sorry for the delay, I finnally set on the quest to understand obfsproxy.
So with the help of pdb and a few questions here and there I got to some
places, and with a lot of more questions to ask.

## Studying the client

The client launches a connection on obfsproxy/pyofsproxypy do_external_mode() 
the
launch_transport.launch_transport_listener method is where the socks listeners 
is set.
Right after that the Twisted library reactor module is initiated with 
reactor.run() on
line 107 of the file obfsproxy/pyobfsproxy.py

After that the Twisted event loop is started and it will listen to events that
are set on methods like listenTCP() the wiki page about servers[1]

I've set a pdb.set_trace() on the buildProtocol() method in the file 
obfsproxy/network/socks.py and the backtrace looks like.

(Pdb) bt
  /usr/lib/python2.7/runpy.py(162)_run_module_as_main()
- __main__, fname, loader, pkg_name)
  /usr/lib/python2.7/runpy.py(72)_run_code()
- exec code in run_globals
  /usr/lib/python2.7/pdb.py(1338)module()
- pdb.main()
  /usr/lib/python2.7/pdb.py(1314)main()
- pdb._runscript(mainpyfile)
  /usr/lib/python2.7/pdb.py(1233)_runscript()
- self.run(statement)
  /usr/lib/python2.7/bdb.py(400)run()
- exec cmd in globals, locals
  string(1)module()
  /home/masterkorp/Public/obfsproxy/bin/obfsproxy(16)module()
- run()
  /home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(207)run()
- pyobfsproxy()
  /home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(189)pyobfsproxy()
- do_external_mode(args)
  
/home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(108)do_external_mode()
- reactor.run()
  /usr/lib/python2.7/site-packages/twisted/internet/base.py(1192)run()
- self.mainLoop()
  /usr/lib/python2.7/site-packages/twisted/internet/base.py(1204)mainLoop()
- self.doIteration(t)
  /usr/lib/python2.7/site-packages/twisted/internet/epollreactor.py(396)doPoll()
- log.callWithLogger(selectable, _drdw, selectable, fd, event)
  /usr/lib/python2.7/site-packages/twisted/python/log.py(88)callWithLogger()
- return callWithContext({system: lp}, func, *args, **kw)
  /usr/lib/python2.7/site-packages/twisted/python/log.py(73)callWithContext()
- return context.call({ILogContext: newCtx}, func, *args, **kw)
  
/usr/lib/python2.7/site-packages/twisted/python/context.py(118)callWithContext()
- return self.currentContext().callWithContext(ctx, func, *args, **kw)
  
/usr/lib/python2.7/site-packages/twisted/python/context.py(81)callWithContext()
- return func(*args,**kw)
  
/usr/lib/python2.7/site-packages/twisted/internet/posixbase.py(614)_doReadOrWrite()
- why = selectable.doRead()
  /usr/lib/python2.7/site-packages/twisted/internet/tcp.py(1062)doRead()
- protocol = self.factory.buildProtocol(self._buildAddr(addr))
  
/home/masterkorp/Public/obfsproxy/obfsproxy/network/socks.py(183)buildProtocol()
- circuit = network.Circuit(self.transport_class())

It goes directly to this method from Twistedm, which  confirms that all the 
SOCKS
is set. This creates a new Circuit. And the like the documentation says a 
Circuit
is a pair of connections between and the obfsproxy client and openvpn client (in
this case) or obfsproxy server and OpenVPN server.

Then I set a pdb.set_trace() dataReceived() on obfsproxy/network/network.py well
because of the name. And a backtrace looks like:

(Pdb) bt
  /usr/lib/python2.7/runpy.py(162)_run_module_as_main()
- __main__, fname, loader, pkg_name)
  /usr/lib/python2.7/runpy.py(72)_run_code()
- exec code in run_globals
  /usr/lib/python2.7/pdb.py(1338)module()
- pdb.main()
  /usr/lib/python2.7/pdb.py(1314)main()
- pdb._runscript(mainpyfile)
  /usr/lib/python2.7/pdb.py(1233)_runscript()
- self.run(statement)
  /usr/lib/python2.7/bdb.py(400)run()
- exec cmd in globals, locals
  string(1)module()
  /home/masterkorp/Public/obfsproxy/bin/obfsproxy(3)module()
- import sys, os
  /home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(205)run()
- pyobfsproxy()
  /home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(187)pyobfsproxy()
- do_external_mode(args)
  
/home/masterkorp/Public/obfsproxy/obfsproxy/pyobfsproxy.py(106)do_external_mode()
- reactor.run()
  /usr/lib/python2.7/site-packages/twisted/internet/base.py(1192)run()
- self.mainLoop()
  /usr/lib/python2.7/site-packages/twisted/internet/base.py(1204)mainLoop()
- self.doIteration(t)
  /usr/lib/python2.7/site-packages/twisted/internet/epollreactor.py(396)doPoll()
- log.callWithLogger(selectable, _drdw, selectable,fd, event)
  /usr/lib/python2.7/site-packages/twisted/python/log.py(88)callWithLogger()
- return callWithContext({system: lp}, func,*args, **kw)
/usr/lib/python2.7/site-packages/twisted/python/log.py(73)callWithContext()
- return context.call({ILogContext: newCtx},func, *args, **kw)
  
/usr/lib/python2.7/site-packages/twisted/python/context.py(118)callWithContext()
- return self.currentContext().callWithContext(ctx,func, *args, **kw)
  
/usr/lib/python2.7/site-packages/twisted/python/context.py(81)callWithContext()
- return

Re: [tor-dev] Obfsproxy Address Translation

2015-01-16 Thread Yawning Angel

On Fri, 16 Jan 2015 12:05:41 +0100
Alfredo Palhares masterk...@masterkorp.net wrote:

 Between the OpenVPN I an obfsproxy server outside the country and a
 client inside the country. But what I've found out is that Obfsproxy
 server needs to be running as the OpenVPN server and Obfsproxy client
 needs to be on the same machine as the OpenVPN client.

So what you're saying is, you want to do something like:

 * There is an obfsproxy client instance running on c.example.com.

 * There is an obfsproxy server instance running on s.example.com,
   that feeds into an OpenVPN server instance running on
   v.example.com.

 * Multiple clients use c.example.com as the SOCKS proxy for the
   OpenVPN client, connect to s.example.com to get to the OpenVPN
   server running on v.example.com.

My thoughts on the matter are:

 1. This should work.  If it can be shown to be broken via a trivial
application/test case (Eg: netcat), then it should be fixed
(The trival test case requirement is because I don't want to debug
OpenVPN again).

 2. Oh god, c.example.com is going to be running a public SOCKS proxy.
Granted people trying to use it to get to most destinations will
have a connection that fails, but bad people can use it as a DDoS
amplification host (The SOCKS dialog is much much shorter than any
of the client requests that would be sent).

 3. I don't know enough about the OpenVPN protocol/implementation to
know if there are application specific quirks unique to OpenVPN that
would prevent this configuration from working.  That would be an
OpenVPN problem, unless obfsproxy is altering the data it's relaying
(Extremely unlikely).

I'll hold off on closing the ticket for now, but unless the code is
broken in the 1. sense, I'm inclined to do so.

Regards,

-- 
Yawning Angel


pgp040JdSEWuS.pgp
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Re: [tor-dev] Obfsproxy Address Translation

Re: [tor-dev] Obfsproxy Address Translation

2 matches

Site Navigation

Mail list logo

Footer information