Scroll to navigation

OBFSPROXY(1)   OBFSPROXY(1)

NAME

obfsproxy - a pluggable transports proxy

SYNOPSIS

obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] managed obfsproxy [--log-file log_file] [--log-min-severity severity] [--no-log] [--no-safe-logging] transport [-h] [--dest dest] [--ext-cookie-file ext_cookie_file] ... mode listen_addr obfsproxy --help

DESCRIPTION

obfsproxy is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.

OPTIONS

--log-file log_file

Set logfile location.

--log-min-severity severity

Set minimum logging severity (default: no logging). severity must be one of error, warning, info, debug.

--no-log

Disable logging.

--no-safe-logging

Disable safe (scrubbed address) logging.

-h, --help

Show help message and exit.

MANAGED TRANSPORT

Using managed as TRANSPORT allows Tor to start and control obfsproxy by itself. Add a line like the following to torrc to use it when acting as a bridge:

ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed

When connecting to an obfuscated bridge, adapt the following:

ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed

DUMMY TRANSPORT

Use a protocol that simply proxies data without obfuscating them. For tests only.

No extra options.

B64 TRANSPORT

Use a protocol that encodes data with base64 before pushing them to the network.

No extra options.

OBFS2 TRANSPORT

Use the obfs2 protocol. obfs2 is known to be fingerprintable and is deprecated. See https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt for the specification.

No extra options.

OBFS3 TRANSPORT

Use the obfs3 protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/obfs3/obfs3-protocol-spec.txt for the specification.

No extra options.

SCRAMBLESUIT TRANSPORT

Use the scramblesuit protocol. See https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/scramblesuit/scramblesuit-spec.txt for the specification.

--password password

Shared secret for UniformDH. In server mode, a secret will be automatically generated if unspecified.

In order to configure a password with Tor on the server side, the following can be added to torrc:

ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT

Tor clients (using a version later than 0.2.5.1-alpha) can then use:

Bridge scramblesuit 192.0.2.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT

COMMON TRANSPORT OPTIONS

Here’s the common synopsis:

Options common for all transports:

transport

One of managed, dummy, b64, obfs2, obfs3 or scramblesuit. See above for details.

-h

Show help message and exit.

--dest dest

Set destination address. Mandatory in all modes except socks.

--ext-cookie-file ext_cookie_file

Configure the filesystem path where the Extended ORPort authentication cookie is stored.

mode

Mode must be one of server (old-style ServerTransportPlugin), ext_server (support for Extended ORPort), client (bridge client) or socks (client using SOCKS to connect to bridges).

listen_addr

Address on which the proxy will listen.

BUGS

Plenty, probably. obfsproxy is still in development. Please report them.

AUTHORS

George Kadianakis <asn@torproject.org>

Philipp Winter <phw@torproject.org>

Brandon Wiley <brandon@blanu.net>

11/23/2017