> have there been any attempts to produce a pluggable transport which would emulate http?
(Ah, I suppose there've been quite a bit of discussion indeed. ( https://trac.torproject.org/projects/tor/ticket/8676, etc.)) On Sun, May 5, 2013 at 9:58 PM, Kostas Jakeliunas <kos...@jakeliunas.com>wrote: > > If we had a PT that encapsulated obfs3 inside > the body of http then this may work. > > I'm probably missing some previous discussions which might have covered > it, but: have there been any attempts to produce a pluggable transport > which would emulate http? Basically, have the transport use http headers, > and put all encrypted data in the body (possibly prepending it with some > html tags even)? This sounds like a nice idea. > > > On Sun, May 5, 2013 at 9:41 PM, Matthew Finkel > <matthew.fin...@gmail.com>wrote: > >> On Sun, May 05, 2013 at 04:18:56PM +0300, George Kadianakis wrote: >> > tor-admin <tor-ad...@torland.me> writes: >> > >> > > On Sunday 05 May 2013 14:50:51 George Kadianakis wrote: >> > >> It would be interesting to learn which ports they currently >> whitelist, >> > >> except from the usual HTTP/HTTPS. >> > >> >> > >> I also wonder if they just block based on TCP port, or whether they >> > >> also have DPI heuristics. >> > >> >> > >> On the Tor side, it seems like we should start looking into #7875: >> > >> https://trac.torproject.org/projects/tor/ticket/7875 >> > >> _______________________________________________ >> > > I am wondering if here is there a way for a user to ask bridgedb for >> a bridge >> > > with a specific port? >> > > _______________________________________________ >> > > tor-dev mailing list >> > > tor-dev@lists.torproject.org >> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >> > >> > If I remember correctly BridgeDB tries (in a best-effort manner) to >> > give users bridges that are listening on port 443. Obfuscated bridges >> > that bind on 443 are not very common (because of #7875) so I guess >> > that not many obfuscated bridges on 443 are given out. >> > >> > In any case, I don't think that a user can explicitly ask BridgeDB for >> > a bridge on a specific port, but this might be a useful feature >> > request (especially if this "filtering based on TCP port" tactic >> > continues). >> >> This may be a good feature to have, in general, but it does not sound like >> this will solve the current problem in Iran. The last report says >> they're whitelisting ports *and* protocols[1]. So even if a user attempts >> to use obfs3 on port 443 it'll likely be blocked because obfs3 is not a >> look-like-https protocol. If we had a PT that encapsulated obfs3 inside >> the body of http then this may work. CDA also says SSL/TLS connections >> are throttled to 5% of the normal speed [2], so that's no fun either. >> >> [1] https://twitter.com/CDA/status/331006059923795968 >> [2] https://twitter.com/CDA/status/331040305648369664 >> _______________________________________________ >> tor-dev mailing list >> tor-dev@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev >> > >
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev