|
Testing
Testing Obfuscated TCP
You'll need an x86-64 Linux box. At the moment, nothing else will do I'm afraid. I have a C version of part of the core library almost ready. If you want to run on something else, leave a comment and hurry me up ;) First, install the core library: libobstcp Now download the patched Firefox binary and install the Firefox extension: Firefox Note that the patched Firefox expands into it's own directory and won't override your normal Firefox 3.0. You can stop using it by just closing it and not running the binary from this directory. The extension works on any Firefox 3.0 and is harmless in non-patched versions. Now: go to the test server and read the nice welcome message. Hopefully your Firefox has just learned the server's public key so hit Shift-Ctrl-R to reload. With a bit of luck you've just used Obfuscated TCP! |
Sign in to add a comment
Any idea if your Firefox patches are suitable for inclusion in mainline? I'd love to see Firefox eventually come OTCP enabled (perhaps 4.0?).
Also, how does one set up Apache to server OTCP as you have done?
Thanks for the amazing work!
> Any idea if your Firefox patches are suitable for inclusion in mainline? I'd > love to see Firefox eventually come OTCP enabled (perhaps 4.0?).
Probably not yet, maybe one day. My major worry at the moment is that some people are on dismal networks which won't let them connect out to anything other than port 80 or 443. Thus, obstcp will just stop working. I need to have Firefox detect and backoff in these situations, however it's not clear how best to detect this with low false positive rates. So I'm punting on this for a while till libobstcp is in better shape.
> Also, how does one set up Apache to server OTCP as you have done?
At the moment I've not written the patch for Apache. You can run it using obstcp-redir from libobstcp, but your logs will show the wrong IP address for obfuscated connections and you'll need some other way to include the advert in the outbound headers.
However, I'm pretty sure that it can all be done as an Apache module (like mod_ssl used to be) - I just need to write it.
> Thanks for the amazing work!
Thanks for the support!