debian/0000755000000000000000000000000012217062151007163 5ustar debian/obfsproxy.docs0000644000000000000000000000011212217062151012062 0ustar README doc/obfs3/obfs3-protocol-spec.txt doc/obfs3/obfs3-threat-model.txt debian/gbp.conf0000644000000000000000000000004612217062151010602 0ustar [git-import-orig] pristine-tar = True debian/obfsproxy.1.txt0000644000000000000000000000631712217062151012125 0ustar OBFSPROXY(1) ============ :doctype: manpage NAME ---- obfsproxy - a pluggable transports proxy SYNOPSIS -------- obfsproxy [--log-file 'log_file'] [--log-min-severity 'severity'] [--no-log] [--no-safe-logging] managed obfsproxy [--log-file 'log_file'] [--log-min-severity 'severity'] [--no-log] [--no-safe-logging] 'transport' [-h] [--dest 'dest'] [--ext-cookie-file 'ext_cookie_file'] ... 'mode' 'listen_addr' obfsproxy --help DESCRIPTION ----------- *obfsproxy* is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic. OPTIONS ------- **--log-file** 'log_file':: Set logfile location. **--log-min-severity** 'severity':: Set minimum logging severity (default: no logging). 'severity' must be one of *error*, *warning*, *info*, *debug*. **--no-log**:: Disable logging. **--no-safe-logging**:: Disable safe (scrubbed address) logging. **-h, --help**:: Show help message and exit. MANAGED TRANSPORT ----------------- Using *managed* as 'TRANSPORT' allows Tor to start and control obfsproxy by itself. Add a line like the following to torrc to use it when acting as a bridge: ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed When connecting to an obfuscated bridge, adapt the following: ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed DUMMY TRANSPORT --------------- Use a protocol that simply proxies data without obfuscating them. For tests only. No extra options. B64 TRANSPORT ------------- Use a protocol that encodes data with *base64* before pushing them to the network. No extra options. OBFS2 TRANSPORT --------------- Use the *obfs2* protocol. See for the specification. No extra options. OBFS3 TRANSPORT --------------- Use the *obfs3* protocol. See for the specification. No extra options. COMMON TRANSPORT OPTIONS ------------------------ Here's the common synopsis: Options common for all transports: **transport**:: One of *managed*, *dummy*, *b64*, *obfs2* or *obfs3*. See above for details. *-h*:: Show help message and exit. **--dest** 'dest':: Set destination address. Mandatory in all modes except *socks*. **--ext-cookie-file** 'ext_cookie_file':: Configure the filesystem path where the Extended ORPort authentication cookie is stored. **mode**:: Mode must be one of *server* (old-style ServerTransportPlugin), *ext_server* (support for Extended ORPort), *client* (bridge client) or *socks* (client using SOCKS to connect to bridges). **listen_addr**:: Address on which the proxy will listen. BUGS ---- Plenty, probably. *obfsproxy* is still in development. Please report them. AUTHOR ------ George Kadianakis Brandon Wiley debian/rules0000755000000000000000000000047712217062151010253 0ustar #!/usr/bin/make -f %: dh $@ --buildsystem=python_distutils --with=python2 override_dh_installman: a2x --no-xmllint --doctype manpage --format manpage debian/obfsproxy.1.txt dh_installman -O--buildsystem=python_distutils ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) override_dh_auto_test: trial obfsproxy endif debian/control0000644000000000000000000000240612217062151010570 0ustar Source: obfsproxy Maintainer: Jérémy Bobbio Section: net Priority: extra Build-Depends: asciidoc, debhelper (>= 8), docbook-xsl, python-all (>= 2.6.6-3~), python-crypto, python-pyptlib (>= 0.0.4), python-setuptools, python-twisted-core, xsltproc Standards-Version: 3.9.4 X-Python-Version: >= 2.7 Vcs-Git: git://anonscm.debian.org/git/collab-maint/obfsproxy.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/obfsproxy.git Homepage: https://www.torproject.org/projects/obfsproxy.html XS-Testsuite: autopkgtest Package: obfsproxy Architecture: all Depends: ${misc:Depends}, ${python:Depends} Enhances: tor Description: pluggable transport proxy for Tor obfsproxy is a tool that attempts to circumvent censorship by transforming the Tor traffic between the client and the bridge. This way censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic. . It is written in Python and is compliant with the Tor pluggable transports specification, and its modular architecture allows it to support multiple pluggable transports. debian/NEWS0000644000000000000000000000133512217062151007664 0ustar obfsproxy (0.2.1-1) experimental; urgency=low obfsproxy now supports a new obfuscation protocol named “obfs3”. The command-line syntax also changed and `managed` should now be used instead of `--managed`. * Upgrading a bridge: Edit `/etc/tor/torrc` and replace: ServerTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed with: ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed * Upgrading a client: Edit `/etc/tor/torrc` and replace: ClientTransportPlugin obfs2 exec /usr/bin/obfsproxy --managed with: ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed -- Jérémy Bobbio Thu, 28 Mar 2013 10:30:43 +0000 debian/pydist-overrides0000644000000000000000000000004212217062151012416 0ustar pyptlib python-pyptlib (>= 0.0.4) debian/compat0000644000000000000000000000000212217062151010361 0ustar 8 debian/README.Debian0000644000000000000000000000544212217062151011231 0ustar obfsproxy for Debian ==================== Configuring an obfs2/obfs3 bridge --------------------------------- (Inspired by upstream HOWTO.txt) This is a short guide on how to setup a obfsproxy obfs2/obfs3 bridge: 1. Setup Tor Edit /etc/tor/torrc to add: SocksPort 0 ORPort 443 # or some other port if you already run a webserver/skype BridgeRelay 1 Exitpolicy reject *:* ## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like #Nickname CHANGEME_1 ## CHANGEME_2 -> provide some email address so we can contact you if there's a problem #ContactInfo CHANGEME_2 ServerTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed Don't forget to uncomment and edit the CHANGEME fields. 2. Launch Tor and verify that it bootstraps Restart Tor to use the new configuration file: # service tor restart Now check /var/log/tor/log and you should see something like this: Nov 05 16:40:45.000 [notice] We now have enough directory information to build circuits. Nov 05 16:40:45.000 [notice] Bootstrapped 80%: Connecting to the Tor network. Nov 05 16:40:46.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. Nov 05 16:40:46.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. Nov 05 16:40:48.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Nov 05 16:40:48.000 [notice] Bootstrapped 100%: Done. If Tor is earlier in the bootstrapping phase, wait until it gets to 100%. 3. Configure the firewall if needed If you're behind a NAT/firewall, you'll need to make your bridge reachable from the outside world — both on the ORPort and the obfsproxy port. The ORPort is whatever you defined in step two above. To find your obfsproxy port, check your Tor logs for two lines similar to these: Oct 05 20:00:41.000 [notice] Registered server transport 'obfs2' at '0.0.0.0:26821 Oct 05 20:00:42.000 [notice] Registered server transport 'obfs3' at '0.0.0.0:40172 The last number in each line, in this case 26821 and 40172, are the TCP port numbers that you need to forward through your firewall. (This port is randomly chosen the first time Tor starts, but Tor will cache and reuse the same number in future runs.) If you want to change the number, use Tor 0.2.4.7-alpha or later, and set "ServerTransportListenAddr obfs2 0.0.0.0:26821" in your torrc. Using an obfs3 bridge --------------------- To use an obfs3, please add the following lines to /etc/tor/torrc: ClientTransportPlugin obfs2,obfs3 exec /usr/bin/obfsproxy managed UseBridges 1 Bridge obfs3 192.0.2.42:443 C2A9DC82AA7E85DB6465EC8C4B1B4B1B77787BE0 Adjust address, port and the optional fingerprint accordingly. debian/tests/0000755000000000000000000000000012217062151010325 5ustar debian/tests/upstream-tests0000755000000000000000000000026412217062151013255 0ustar #!/bin/sh set -e if ! [ -d "$ADTTMP" ]; then echo "ADTTMP not set." >&2 exit 1 fi mkdir $ADTTMP/obfsproxy cp -r obfsproxy/test $ADTTMP/obfsproxy (cd $ADTTMP; trial obfsproxy) debian/tests/control0000644000000000000000000000002612217062151011726 0ustar Tests: upstream-tests debian/obfsproxy.manpages0000644000000000000000000000002312217062151012726 0ustar debian/obfsproxy.1 debian/copyright0000644000000000000000000000417312217062151011123 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: obfsproxy Upstream-Contact: George Kadianakis Source: https://git.torproject.org/pluggable-transports/obfsproxy.git Files: * Copyright: Copyright 2012 Brandon Wiley Copyright 2012-2013 George Kadianakis License: BSD-3-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . * Neither the names of the copyright owners nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Files: debian/* Copyright: Copyright 2013 Jérémy Bobbio License: permissive Copying and distribution of this package, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. debian/changelog0000644000000000000000000000342112217062151011035 0ustar obfsproxy (0.2.3-1) unstable; urgency=low * New upstream release. * Adjust Build-Depends to match new requirements. * Generate proper Depends for the new upstream version using pydist. * Drop obsolete patch. * Add watch file. -- Jérémy Bobbio Fri, 20 Sep 2013 17:05:42 +0200 obfsproxy (0.2.1-4) unstable; urgency=low * Fix Vcs-Git URL. * Adjust Section to match the archive override. * Migrate to dh_python2. * Run upstream test suite using autopkgtest. * Add Homepage field. -- Jérémy Bobbio Wed, 28 Aug 2013 21:14:23 +0200 obfsproxy (0.2.1-3) unstable; urgency=low * Upload to unstable. -- Jérémy Bobbio Sun, 05 May 2013 20:53:53 +0200 obfsproxy (0.2.1-2) experimental; urgency=low * Add a patch to fix the C-obfsproxy compatilibity hack. -- Jérémy Bobbio Thu, 11 Apr 2013 09:39:20 +0000 obfsproxy (0.2.1-1) experimental; urgency=low * New upstream release: - switch to the new Python implementation. (Closes: #699922) * Take over the package with weasel's approval for the new Python implementation. * Add NEWS file to tell users about the new 'obfs3' protocol. -- Jérémy Bobbio Mon, 08 Apr 2013 19:59:49 +0000 obfsproxy (0.1.4-2) unstable; urgency=low * Upload to unstable. -- Peter Palfrader Fri, 29 Jun 2012 20:47:59 +0200 obfsproxy (0.1.4-1) experimental; urgency=low * New upstream version. * debian/copyright: Mention http download location for upstream obfsproxy. -- Peter Palfrader Sat, 07 Apr 2012 23:28:18 +0200 obfsproxy (0.1.1-1) experimental; urgency=low * Initial release (closes: #660122). -- Peter Palfrader Sun, 11 Mar 2012 11:30:46 +0100 debian/source/0000755000000000000000000000000012217062151010463 5ustar debian/source/format0000644000000000000000000000001412217062151011671 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000020712217062151010213 0ustar version=3 https://pypi.python.org/pypi/obfsproxy \ https://pypi.python.org/packages/source/o/obfsproxy/obfsproxy-(.+)\.tar\.gz debian/README.source0000644000000000000000000000146012217062151011343 0ustar README.source for the obfsproxy package ======================================= obfsproxy is managed in a Git repository using git-buildpackage. Upstream tarballs are imported using git-import-orig with: * `--pristine-tar` to record upstream tarball, * `--upstream-vcs-tag` to link upstream source repository. Quilt patches are managed using gbp-pq. Packaging practices also follow most of the advices provided by Russ Allbery at: The branches are organized as follow: * upstream: tracks the "master" branch of upstream repository [1] * patch-queue/*: branches exported to quilt patches (handled by gbp-pq) * master: export of patch-queue/* branches and Debian specific changes [1]