Hacker 10 – Security Hacker

Tag: disguise tor proxy traffic

  • StegoTorus a camouflage tool to hide Tor traffic

    StegoTorus a camouflage tool to hide Tor traffic

    StegoTorus is an open source tool that disguises Tor traffic simulating it is an innocuous protocol, this foils packet analysis making Tor harder to monitor and block. A client and server are both available for download, the software is available for Linux, Mac and Windows but is is command line operated and it has to be compiled from source, you will have to be knowledgeable in computers to benefit from it. StegoTorus website has clear instructions on how to do this, it is not exceptionally challenging.

    Any Tor operator can run StegoTorus in their own bridge. Tor bridge relays not listed in the main directory, they are intended for people living in countries where public Tor nodes are blocked. Bridges can be acquired sending an email to bridges@torproject.org from Yahoo or Gmail accounts only.

    Tor network bridge configuration
    Tor network bridge configuration

    When you run StegoTorus with Tor an intermediate connection is created to an StegoTorus server acting as the first node to the network, the software running on that server will camouflage all traffic as PDF, JPEG or HTTP, a payload is introduced in the downstream data before passing it on to you with the real requested file or website visited hidden using steganography techniques. A StegoTorus proxy will make believe anybody watching network traffic that no Tor connection is taking place, your Internet browsing should not slow down noticeably, the payload injection is done within miliseconds.

    If you are worried about Deep Packet Inspection by your ISP, used by China and Iran in between others, your only choice to avoid blockage is what the Tor project calls Pluggable Transports, these are used together with secret Tor relays, aka bridges, and they transform traffic to hide that you are using Tor. A few supported transport type Tor bridges are Obfsproxy, ScrambleSuit and the Format-Transforming Encryption, other schemes like SkypeMorph and StegoTorus can be deployed but they are not officially assisted, although both projects are listed in the Bridges Tor project website, bridges of this type can not be requested by email.

    If you know of a bridge that is running StegoTorus, you can connect to that node going to the Tor browser network settings and entering the custom bridge address that leads to it.

    Visit StegoTorus homepage

  • Code Talker Tunnel disguises tor traffic as Skype video calls

    Code Talker Tunnel disguises tor traffic as Skype video calls

    Countries like Iran and China routinely block public tor IP addresses, to get around this problem relays called tor bridges are not made public and only facilitated to users living in repressive countries after request. According  to recent research from Internet security firm Team Cymru, China’s Great Firewall can distinguish in between normal traffic and tor traffic using SSL deep packet inspection, one factor used by the Great Firewall of China to detect tor traffic is the tor proxy SSL cipher list, in between others. Communications can not be read because they are encrypted but a bot attempts to connect to the suspected tor server IP passing itself of as a user, when it confirms it is a tor bridge via a successful connection the tor server IP is added to the list of blocked IPs in the firewall.

    Iran has also been reported in the past for having an Internet censorship system able to identify the beginning of a tor proxy SSL handshake and interrupting the handshake.

    SkypeMorph disguises tor proxy traffic
    Code Talker Tunnel disguises tor proxy traffic

    SkypeMorh renamed Code Talker Tunnel uses traffic shaping to convert tor packets into UDP (User Datagram  Protocol) traffic preventing deep packet inspection of tor data from being recognized as such. Code Talker Tunnel traffic shaping mimics the sizes and packet timings of a normal Skype video call, the developers of this tool at the University of Waterloo in Canada chose a VoIP client to hide tor traffic because the flow of data packets, sending a request and waiting for a response with a long pause during transmission resembles how a tor proxy server works.

    SkypeMorph Code Talker Tunnel is a pluggable transport that will work with the own tor project developed obfsproxy a program for Mac, Windows and Linux users masking tor traffic as a different protocol specified using pluggable transports.

    Visit Code Talker Tunnel homepage