mirror of
https://github.com/RoboSats/robosats.git
synced 2025-01-18 04:01:34 +00:00
Desktop app folder added
This commit is contained in:
parent
0cf88efb6c
commit
e77edbf100
142
desktopApp/app.js
Normal file
142
desktopApp/app.js
Normal file
@ -0,0 +1,142 @@
|
||||
// Modules to control application life and create native browser window
|
||||
const { app, BrowserWindow, session, protocol, net } = require("electron");
|
||||
const { spawn } = require("child_process");
|
||||
const path = require('path');
|
||||
const os = require('os');
|
||||
|
||||
|
||||
|
||||
function getTorExecutablePath(){
|
||||
const platform = os.platform();
|
||||
|
||||
switch (platform) {
|
||||
case "win32": // Windows
|
||||
return "./tor/tor-win/tor/tor.exe";
|
||||
case "darwin": // macOS
|
||||
return "./tor/tor-macos/tor/tor";
|
||||
case "linux": // Linux
|
||||
return "./tor/tor-linux/tor/tor";
|
||||
default:
|
||||
throw new Error(`Unsupported platform: ${platform}`);
|
||||
}
|
||||
}
|
||||
|
||||
function startTor(){
|
||||
const torPath = getTorExecutablePath();
|
||||
return spawn(torPath);
|
||||
}
|
||||
|
||||
const tor = startTor();
|
||||
|
||||
// Listen for Tor process stdout data
|
||||
tor.stdout.on("data", (data) => {
|
||||
console.log(`data received \n${data}`);
|
||||
|
||||
// Check if Tor is ready
|
||||
if (data.includes("Bootstrapped 100%")) {
|
||||
createWindow();
|
||||
}
|
||||
console.log(`Data received \n${data}`);
|
||||
});
|
||||
|
||||
// Listen for Tor process stderr data
|
||||
tor.stderr.on("data", (data) => {
|
||||
console.log(`Error received \n${data}`);
|
||||
app.exit(1);
|
||||
});
|
||||
|
||||
function createWindow() {
|
||||
|
||||
// Create the browser window.
|
||||
const mainWindow = new BrowserWindow({
|
||||
width: 1200,
|
||||
height: 800,
|
||||
webPreferences:{
|
||||
contextIsolation: true,
|
||||
}
|
||||
});
|
||||
|
||||
// and load the index.html of the app.
|
||||
|
||||
mainWindow.loadURL(`file://`+ path.resolve(__dirname,`index.html#/robot`),{ extraHeaders: "pragma: no-cache\n" });
|
||||
|
||||
mainWindow.webContents.on("did-fail-load", function () {
|
||||
console.log("did-fail-load");
|
||||
mainWindow.loadURL(`file://${__dirname}/index.html#/robot`,);
|
||||
});
|
||||
|
||||
// Open the DevTools.
|
||||
//mainWindow.webContents.openDevTools();
|
||||
}
|
||||
|
||||
// This method will be called when Electron has finished
|
||||
// initialization and is ready to create browser windows.
|
||||
// Some APIs can only be used after this event occurs.
|
||||
app.whenReady().then(() => {
|
||||
|
||||
createWindow();
|
||||
|
||||
app.on("activate", function () {
|
||||
// On macOS it's common to re-create a window in the app when the
|
||||
// dock icon is clicked and there are no other windows open.
|
||||
if (BrowserWindow.getAllWindows().length === 0) createWindow();
|
||||
});
|
||||
});
|
||||
|
||||
app.on("ready", () => {
|
||||
|
||||
session.defaultSession.webRequest.onBeforeRequest({ urls: ['file:///static/*'] }, (details, callback) => {
|
||||
const url = details.url;
|
||||
//console.log(url);
|
||||
const modifiedUrl = url.substr(7);
|
||||
const staticFilePath = path.join(__dirname, modifiedUrl);
|
||||
callback({ redirectURL: 'file://' + staticFilePath });
|
||||
});
|
||||
|
||||
session.defaultSession.setProxy({
|
||||
proxyRules: "socks://localhost:9050",
|
||||
proxyBypassRules: "<local>",
|
||||
});
|
||||
});
|
||||
|
||||
// Quit when all windows are closed, except on macOS. There, it's common
|
||||
// for applications and their menu bar to stay active until the user quits
|
||||
// explicitly with Cmd + Q.
|
||||
app.on("window-all-closed", function () {
|
||||
tor?.kill();
|
||||
if (process.platform !== "darwin") app.quit();
|
||||
});
|
||||
|
||||
// In this file you can include the rest of your app's specific main process
|
||||
// code. You can also put them in separate files and require them here.
|
||||
|
||||
// Listen for exit event on the main process
|
||||
app.on("exit", () => {
|
||||
// Terminate the Tor daemon process
|
||||
tor?.kill();
|
||||
});
|
||||
|
||||
// Optionally, listen for the uncaughtException event to handle any uncaught exceptions
|
||||
app.on("uncaughtException", (err) => {
|
||||
console.error("Uncaught Exception:", err);
|
||||
// Terminate the Tor daemon process
|
||||
tor?.kill();
|
||||
// Exit the main process with a non-zero exit code
|
||||
app.exit(1);
|
||||
});
|
||||
|
||||
// Optionally, listen for the SIGINT signal (Ctrl+C) to handle the termination of the main process
|
||||
app.on("SIGINT", () => {
|
||||
// Terminate the Tor daemon process
|
||||
tor?.kill();
|
||||
// Exit the main process
|
||||
app.exit();
|
||||
});
|
||||
|
||||
// Optionally, listen for the SIGTERM signal to handle the termination of the main process
|
||||
app.on("SIGTERM", () => {
|
||||
// Terminate the Tor daemon process
|
||||
tor?.kill();
|
||||
// Exit the main process
|
||||
app.exit();
|
||||
});
|
63
desktopApp/index.html
Normal file
63
desktopApp/index.html
Normal file
@ -0,0 +1,63 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<link rel="shortcut icon" type="image/png" href="./static/assets/images/favicon-96x96.png" />
|
||||
<link rel="icon" type="image/png" href="./static/assets/images/favicon-32x32.png" sizes="32x32">
|
||||
<link rel="icon" type="image/png" href="./static/assets/images/favicon-96x96.png" sizes="96x96">
|
||||
<link rel="icon" type="image/png" href="./static/assets/images/favicon-192x192.png" sizes="192x192">
|
||||
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||
<meta name="description" content="A simple and private way to exchange bitcoin for national currencies. Robosats simplifies the peer-to-peer user experience and uses lightning hold invoices to minimize custody and trust requirements. No user registration required.">
|
||||
|
||||
<title>RoboSats - Simple and Private Bitcoin Exchange</title>
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="./static/css/fonts.css"/>
|
||||
<link rel="stylesheet" type="text/css" href="./static/css/loader.css"/>
|
||||
<link rel="stylesheet" type="text/css" href="./static/css/index.css"/>
|
||||
<link rel="stylesheet" type="text/css" href="./static/css/leaflet.css"/>
|
||||
</head>
|
||||
<body>
|
||||
<noscript>
|
||||
<div>
|
||||
This site requires JavaScript. This message is only visible if you have it disabled. <br/><br/>
|
||||
If you are using TOR browser set the "Security Level" to "Standard". If you keep seeing this message clear cache and storage of TOR browser app and retry.<br/><br/>
|
||||
If the problem persists, ask for support in the RoboSats telegram group<a href="https://t.me/robosats"> (t.me/robosats)</a>
|
||||
</div>
|
||||
</noscript>
|
||||
<div id="main">
|
||||
<div id="app">
|
||||
<div class="loaderCenter">
|
||||
<div class="loaderSpinner"></div>
|
||||
<div class="content-slider">
|
||||
<div class="slider">
|
||||
<div class="mask">
|
||||
<ul>
|
||||
<li class="anim1">
|
||||
<div class="quote">Looking for robot parts ...</div>
|
||||
</li>
|
||||
<li class="anim2">
|
||||
<div class="quote">Adding layers to the onion ...</div>
|
||||
</li>
|
||||
<li class="anim3">
|
||||
<div class="quote">Winning at game theory ...</div>
|
||||
</li>
|
||||
<li class="anim4">
|
||||
<div class="quote">Moving Sats at light speed ...</div>
|
||||
</li>
|
||||
<li class="anim5">
|
||||
<div class="quote">Hiding in 2^256 bits of entropy...</div>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
window.RobosatsSettings = 'web-basic'
|
||||
window.DesktopRobosats = 'Desktop-App'
|
||||
</script>
|
||||
<script src="./static/frontend/main.js"></script>
|
||||
</body>
|
||||
</html>
|
94
desktopApp/index.js
Normal file
94
desktopApp/index.js
Normal file
@ -0,0 +1,94 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
// Modules to control application life and create native browser window
|
||||
var electron_1 = require("electron");
|
||||
var child_process_1 = require("child_process");
|
||||
var path = require("path");
|
||||
var os = require("os");
|
||||
var tor = null;
|
||||
// Function to determine the current OS and find the appropriate Tor binary
|
||||
function checkPlatformAndRunTor() {
|
||||
var platform = os.platform();
|
||||
switch (platform) {
|
||||
case 'win32':
|
||||
tor = (0, child_process_1.spawn)(path.join(__dirname, '/tor/tor-win/tor/tor.exe'));
|
||||
break;
|
||||
case 'darwin':
|
||||
tor = (0, child_process_1.spawn)(path.join(__dirname, '/tor/tor-mac/tor/tor'));
|
||||
break;
|
||||
case 'linux':
|
||||
tor = (0, child_process_1.spawn)(path.join(__dirname, '/tor/tor-linux/tor/tor'));
|
||||
break;
|
||||
default:
|
||||
throw new Error("Unsupported platform: ".concat(platform));
|
||||
}
|
||||
}
|
||||
// Function to start Tor process
|
||||
checkPlatformAndRunTor();
|
||||
// Listen for Tor process stdout data
|
||||
tor.stdout.on("data", function (data) {
|
||||
var message = data.toString();
|
||||
console.log("Data received: ".concat(message));
|
||||
});
|
||||
// Listen for Tor process stderr data
|
||||
tor.stderr.on("data", function (data) {
|
||||
console.error("Error received: ".concat(data.toString()));
|
||||
electron_1.app.exit(1); // Exit the app if there's an error in the Tor process
|
||||
});
|
||||
// Function to create the main application window
|
||||
function createWindow() {
|
||||
// Create the browser window with specific dimensions
|
||||
var mainWindow = new electron_1.BrowserWindow({
|
||||
width: 1200,
|
||||
height: 800,
|
||||
icon: path.join(__dirname, 'static/assets/images/favicon-32x32.png'),
|
||||
webPreferences: {
|
||||
nodeIntegration: false, // Disable Node.js integration in the renderer
|
||||
contextIsolation: true, // Enable context isolation for security
|
||||
},
|
||||
});
|
||||
// Load the index.html file from the app directory
|
||||
mainWindow.loadURL("file://".concat(path.resolve(__dirname, 'index.html#/robot')), {
|
||||
extraHeaders: "pragma: no-cache\n" // Prevent caching of the loaded file
|
||||
});
|
||||
// Handle failed load attempts by reloading the file
|
||||
mainWindow.webContents.on("did-fail-load", function () {
|
||||
console.log("Failed to load the page, retrying...");
|
||||
mainWindow.loadURL("file://".concat(__dirname, "/index.html#/robot"));
|
||||
});
|
||||
// Uncomment the following line to open the DevTools
|
||||
// mainWindow.webContents.openDevTools();
|
||||
}
|
||||
// This method is called when Electron has finished initialization
|
||||
electron_1.app.whenReady().then(function () {
|
||||
// Create the window after the app is ready
|
||||
createWindow();
|
||||
// Re-create a window if the app is activated and there are no other windows open (MacOS specific behavior)
|
||||
electron_1.app.on("activate", function () {
|
||||
if (electron_1.BrowserWindow.getAllWindows().length === 0)
|
||||
createWindow();
|
||||
});
|
||||
});
|
||||
// Setup the app session when Electron is ready
|
||||
electron_1.app.on("ready", function () {
|
||||
// Redirect requests to static files
|
||||
electron_1.session.defaultSession.webRequest.onBeforeRequest({ urls: ['file:///static/*'] }, function (details, callback) {
|
||||
var url = details.url;
|
||||
var modifiedUrl = url.slice(7);
|
||||
var staticFilePath = path.join(__dirname, modifiedUrl);
|
||||
callback({ redirectURL: "file://".concat(staticFilePath) });
|
||||
});
|
||||
// Set the proxy for the session to route through Tor
|
||||
electron_1.session.defaultSession.setProxy({
|
||||
proxyRules: "socks://localhost:9050",
|
||||
proxyBypassRules: "<local>",
|
||||
});
|
||||
});
|
||||
// Handle all windows closed event except on macOS
|
||||
electron_1.app.on("window-all-closed", function () {
|
||||
// Terminate the Tor process if it exists
|
||||
tor === null || tor === void 0 ? void 0 : tor.kill();
|
||||
if (process.platform !== "darwin")
|
||||
electron_1.app.quit();
|
||||
});
|
||||
//# sourceMappingURL=index.js.map
|
1
desktopApp/index.js.map
Normal file
1
desktopApp/index.js.map
Normal file
@ -0,0 +1 @@
|
||||
{"version":3,"file":"index.js","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":";;AAAA,uEAAuE;AACvE,qCAAsE;AACtE,+CAAsE;AACtE,2BAA6B;AAC7B,uBAAyB;AAEzB,IAAI,GAAG,GAA0C,IAAI,CAAC;AAEtD,2EAA2E;AAE3E,SAAS,sBAAsB;IAC7B,IAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IAE/B,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,OAAO;YACV,GAAG,GAAG,IAAA,qBAAK,EAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,0BAA0B,CAAC,CAAC,CAAC;YAC9D,MAAM;QACR,KAAK,QAAQ;YACX,GAAG,GAAG,IAAA,qBAAK,EAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,sBAAsB,CAAC,CAAC,CAAC;YAC1D,MAAM;QACR,KAAK,OAAO;YACV,GAAG,GAAG,IAAA,qBAAK,EAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,wBAAwB,CAAC,CAAC,CAAC;YAC5D,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,gCAAyB,QAAQ,CAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC;AAED,gCAAgC;AAChC,sBAAsB,EAAE,CAAA;AAGxB,qCAAqC;AACrC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,UAAC,IAAY;IACjC,IAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAChC,OAAO,CAAC,GAAG,CAAC,yBAAkB,OAAO,CAAE,CAAC,CAAC;AAC3C,CAAC,CAAC,CAAC;AAEH,qCAAqC;AACrC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,UAAC,IAAY;IACjC,OAAO,CAAC,KAAK,CAAC,0BAAmB,IAAI,CAAC,QAAQ,EAAE,CAAE,CAAC,CAAC;IACpD,cAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,sDAAsD;AACrE,CAAC,CAAC,CAAC;AAEH,iDAAiD;AACjD,SAAS,YAAY;IACnB,qDAAqD;IACrD,IAAM,UAAU,GAAG,IAAI,wBAAa,CAAC;QACnC,KAAK,EAAE,IAAI;QACX,MAAM,EAAE,GAAG;QACX,IAAI,EAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,wCAAwC,CAAC;QACnE,cAAc,EAAE;YACd,eAAe,EAAE,KAAK,EAAG,8CAA8C;YACvE,gBAAgB,EAAE,IAAI,EAAG,wCAAwC;SAClE;KACF,CAAC,CAAC;IAEH,kDAAkD;IAClD,UAAU,CAAC,OAAO,CAAC,iBAAU,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,mBAAmB,CAAC,CAAE,EAAE;QAC3E,YAAY,EAAE,oBAAoB,CAAE,qCAAqC;KAC1E,CAAC,CAAC;IAEH,oDAAoD;IACpD,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC,eAAe,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,sCAAsC,CAAC,CAAC;QACpD,UAAU,CAAC,OAAO,CAAC,iBAAU,SAAS,uBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,yCAAyC;AAC3C,CAAC;AAED,kEAAkE;AAClE,cAAG,CAAC,SAAS,EAAE,CAAC,IAAI,CAAC;IACnB,2CAA2C;IAC3C,YAAY,EAAE,CAAC;IAEf,2GAA2G;IAC3G,cAAG,CAAC,EAAE,CAAC,UAAU,EAAE;QACjB,IAAI,wBAAa,CAAC,aAAa,EAAE,CAAC,MAAM,KAAK,CAAC;YAAE,YAAY,EAAE,CAAC;IACjE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+CAA+C;AAC/C,cAAG,CAAC,EAAE,CAAC,OAAO,EAAE;IACd,oCAAoC;IACpC,kBAAO,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,kBAAkB,CAAC,EAAE,EAAE,UAAC,OAAO,EAAE,QAAQ;QAClG,IAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;QACxB,IAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,IAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACzD,QAAQ,CAAC,EAAE,WAAW,EAAE,iBAAU,cAAc,CAAE,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,kBAAO,CAAC,cAAc,CAAC,QAAQ,CAAC;QAC9B,UAAU,EAAE,wBAAwB;QACpC,gBAAgB,EAAE,SAAS;KAC5B,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,kDAAkD;AAClD,cAAG,CAAC,EAAE,CAAC,mBAAmB,EAAE;IAC1B,yCAAyC;IACzC,GAAG,aAAH,GAAG,uBAAH,GAAG,CAAE,IAAI,EAAE,CAAC;IACZ,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,cAAG,CAAC,IAAI,EAAE,CAAC;AAChD,CAAC,CAAC,CAAC"}
|
106
desktopApp/index.ts
Normal file
106
desktopApp/index.ts
Normal file
@ -0,0 +1,106 @@
|
||||
// Modules to control application life and create native browser window
|
||||
import { app, BrowserWindow, session, protocol, net } from 'electron';
|
||||
import { spawn, ChildProcessWithoutNullStreams } from 'child_process';
|
||||
import * as path from 'path';
|
||||
import * as os from "os";
|
||||
|
||||
let tor: ChildProcessWithoutNullStreams | null = null;
|
||||
|
||||
// Function to determine the current OS and find the appropriate Tor binary
|
||||
|
||||
function checkPlatformAndRunTor(): void {
|
||||
const platform = os.platform();
|
||||
|
||||
switch (platform) {
|
||||
case 'win32':
|
||||
tor = spawn(path.join(__dirname, '/tor/tor-win/tor/tor.exe'));
|
||||
break;
|
||||
case 'darwin':
|
||||
tor = spawn(path.join(__dirname, '/tor/tor-mac/tor/tor'));
|
||||
break;
|
||||
case 'linux':
|
||||
tor = spawn(path.join(__dirname, '/tor/tor-linux/tor/tor'));
|
||||
break;
|
||||
default:
|
||||
throw new Error(`Unsupported platform: ${platform}`);
|
||||
}
|
||||
}
|
||||
|
||||
// Function to start Tor process
|
||||
checkPlatformAndRunTor()
|
||||
|
||||
|
||||
// Listen for Tor process stdout data
|
||||
tor.stdout.on("data", (data: Buffer) => {
|
||||
const message = data.toString();
|
||||
console.log(`Data received: ${message}`);
|
||||
});
|
||||
|
||||
// Listen for Tor process stderr data
|
||||
tor.stderr.on("data", (data: Buffer) => {
|
||||
console.error(`Error received: ${data.toString()}`);
|
||||
app.exit(1); // Exit the app if there's an error in the Tor process
|
||||
});
|
||||
|
||||
// Function to create the main application window
|
||||
function createWindow(): void {
|
||||
// Create the browser window with specific dimensions
|
||||
const mainWindow = new BrowserWindow({
|
||||
width: 1200,
|
||||
height: 800,
|
||||
icon:path.join(__dirname, 'static/assets/images/favicon-32x32.png'),
|
||||
webPreferences: {
|
||||
nodeIntegration: false, // Disable Node.js integration in the renderer
|
||||
contextIsolation: true, // Enable context isolation for security
|
||||
},
|
||||
});
|
||||
|
||||
// Load the index.html file from the app directory
|
||||
mainWindow.loadURL(`file://${path.resolve(__dirname, 'index.html#/robot')}`, {
|
||||
extraHeaders: "pragma: no-cache\n" // Prevent caching of the loaded file
|
||||
});
|
||||
|
||||
// Handle failed load attempts by reloading the file
|
||||
mainWindow.webContents.on("did-fail-load", () => {
|
||||
console.log("Failed to load the page, retrying...");
|
||||
mainWindow.loadURL(`file://${__dirname}/index.html#/robot`);
|
||||
});
|
||||
|
||||
// Uncomment the following line to open the DevTools
|
||||
// mainWindow.webContents.openDevTools();
|
||||
}
|
||||
|
||||
// This method is called when Electron has finished initialization
|
||||
app.whenReady().then(() => {
|
||||
// Create the window after the app is ready
|
||||
createWindow();
|
||||
|
||||
// Re-create a window if the app is activated and there are no other windows open (MacOS specific behavior)
|
||||
app.on("activate", () => {
|
||||
if (BrowserWindow.getAllWindows().length === 0) createWindow();
|
||||
});
|
||||
});
|
||||
|
||||
// Setup the app session when Electron is ready
|
||||
app.on("ready", () => {
|
||||
// Redirect requests to static files
|
||||
session.defaultSession.webRequest.onBeforeRequest({ urls: ['file:///static/*'] }, (details, callback) => {
|
||||
const url = details.url;
|
||||
const modifiedUrl = url.slice(7);
|
||||
const staticFilePath = path.join(__dirname, modifiedUrl);
|
||||
callback({ redirectURL: `file://${staticFilePath}` });
|
||||
});
|
||||
|
||||
// Set the proxy for the session to route through Tor
|
||||
session.defaultSession.setProxy({
|
||||
proxyRules: "socks://localhost:9050",
|
||||
proxyBypassRules: "<local>",
|
||||
});
|
||||
});
|
||||
|
||||
// Handle all windows closed event except on macOS
|
||||
app.on("window-all-closed", () => {
|
||||
// Terminate the Tor process if it exists
|
||||
tor?.kill();
|
||||
if (process.platform !== "darwin") app.quit();
|
||||
});
|
4526
desktopApp/package-lock.json
generated
Normal file
4526
desktopApp/package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load Diff
48
desktopApp/package.json
Normal file
48
desktopApp/package.json
Normal file
@ -0,0 +1,48 @@
|
||||
{
|
||||
"name": "desktop-app",
|
||||
"version": "1.0.0",
|
||||
"description": "",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"start": "electron .",
|
||||
"compile": "./node_modules/.bin/tsc",
|
||||
"test": "echo \"Error: no test specified\" && exit 1",
|
||||
"package:linux": "npx @electron/packager . Robosats --platform=linux --arch=x64 --overwrite to force --out=release-builds",
|
||||
"package-win": "npx @electron/packager . Robosats --platform=win32 --arch=ia32 --icon=./static/assets/images/favicon-96x96.png --overwrite --out=release-builds",
|
||||
"package-mac": "npx @electron/packager . Robosats --platform=darwin --arch=x64 --icon=./static/assets/images/favicon-96x96.png --overwrite --out=release-builds"
|
||||
},
|
||||
"author": "",
|
||||
"license": "ISC",
|
||||
"devDependencies": {
|
||||
"@electron/packager": "^18.3.2",
|
||||
"electron": "^30.0.3",
|
||||
"typescript": "^5.4.5"
|
||||
},
|
||||
"dependencies": {
|
||||
"cors": "^2.8.5",
|
||||
"express": "^4.19.2"
|
||||
},
|
||||
"build": {
|
||||
"appId": "com.electron.robosats",
|
||||
"productName": "RobosatsApp",
|
||||
"directories": {
|
||||
"output": "dist"
|
||||
},
|
||||
"win": {
|
||||
"target": [
|
||||
"NSIS"
|
||||
]
|
||||
},
|
||||
"mac": {
|
||||
"target": [
|
||||
"dmg"
|
||||
]
|
||||
},
|
||||
"linux": {
|
||||
"target": [
|
||||
"AppImage",
|
||||
"deb"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
1
desktopApp/static
Symbolic link
1
desktopApp/static
Symbolic link
@ -0,0 +1 @@
|
||||
../frontend/static
|
359517
desktopApp/tor/tor-linux/data/geoip
Normal file
359517
desktopApp/tor/tor-linux/data/geoip
Normal file
File diff suppressed because it is too large
Load Diff
155241
desktopApp/tor/tor-linux/data/geoip6
Normal file
155241
desktopApp/tor/tor-linux/data/geoip6
Normal file
File diff suppressed because it is too large
Load Diff
BIN
desktopApp/tor/tor-linux/tor/libcrypto.so.3
Executable file
BIN
desktopApp/tor/tor-linux/tor/libcrypto.so.3
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/libevent-2.1.so.7
Executable file
BIN
desktopApp/tor/tor-linux/tor/libevent-2.1.so.7
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/libssl.so.3
Executable file
BIN
desktopApp/tor/tor-linux/tor/libssl.so.3
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/libstdc++.so.6
Executable file
BIN
desktopApp/tor/tor-linux/tor/libstdc++.so.6
Executable file
Binary file not shown.
@ -0,0 +1,28 @@
|
||||
# Conjure
|
||||
|
||||
[Conjure](https://jhalderm.com/pub/papers/conjure-ccs19.pdf) is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying ISPs into a large pool of **phantom** proxies that users can connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides an effective solution to the problem of censors enumerating deployed bridges or proxies.
|
||||
|
||||
Conjure is currenty deployed on the University of Colorado network and a small to mid size ISP in Michigan.
|
||||
|
||||
# Conjure Pluggable Transport for Tor
|
||||
|
||||
This repository is an implementation of both the client and bridge side of a Tor pluggable transport that uses the deployed Conjure network to allow users to connect to the Tor network. The client side calls the [`gotapdance` library](https://github.com/refraction-networking/gotapdance) to communicate with deployed Conjure stations and route client traffic through the phantom proxies assigned by the station. The bridge side receives [haproxy](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) connections from the Conjure station that wrap the proxied client traffic.
|
||||
|
||||
# Deployment details
|
||||
|
||||
We currently have deployed a low capacity Conjure bridge named [Haunt](https://metrics.torproject.org/rs.html#details/A84C946BF4E14E63A3C92E140532A4594F2C24CD). To connect through this bridge, use the `torrc` file in the `client/` directory as follows:
|
||||
|
||||
```
|
||||
cd client/
|
||||
tor -f torrc
|
||||
```
|
||||
|
||||
# Warnings
|
||||
|
||||
This tool and the deployment is still under active development. We are still working on securing the connection between the deployed Conjure stations and the Conjure bridge. We are also working on improving the censorship resistance of the registration connection between the client and the station. Do not expect this to work out of the box in all areas.
|
||||
|
||||
The Conjure station sometimes suffers from a heavy load of users. When this happens, connections will fail. If you are testing this out, try waiting awhile and trying again later.
|
||||
|
||||
# Conjure development
|
||||
|
||||
Due to the complex nature of the Conjure deployment, it can be difficult to set up a local development environment. Check out [phantombox](https://gitlab.torproject.org/cohosh/phantombox) for an automated libvirt-based setup that works on Linux.
|
@ -0,0 +1,109 @@
|
||||
# Snowflake
|
||||
|
||||
[![Build Status](https://travis-ci.org/keroserene/snowflake.svg?branch=master)](https://travis-ci.org/keroserene/snowflake)
|
||||
|
||||
Pluggable Transport using WebRTC, inspired by Flashproxy.
|
||||
|
||||
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
||||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
||||
**Table of Contents**
|
||||
|
||||
- [Structure of this Repository](#structure-of-this-repository)
|
||||
- [Usage](#usage)
|
||||
- [Using Snowflake with Tor](#using-snowflake-with-tor)
|
||||
- [Running a Snowflake Proxy](#running-a-snowflake-proxy)
|
||||
- [Using the Snowflake Library with Other Applications](#using-the-snowflake-library-with-other-applications)
|
||||
- [Test Environment](#test-environment)
|
||||
- [FAQ](#faq)
|
||||
- [More info and links](#more-info-and-links)
|
||||
|
||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
||||
|
||||
### Structure of this Repository
|
||||
|
||||
- `broker/` contains code for the Snowflake broker
|
||||
- `doc/` contains Snowflake documentation and manpages
|
||||
- `client/` contains the Tor pluggable transport client and client library code
|
||||
- `common/` contains generic libraries used by multiple pieces of Snowflake
|
||||
- `proxy/` contains code for the Go standalone Snowflake proxy
|
||||
- `probetest/` contains code for a NAT probetesting service
|
||||
- `server/` contains the Tor pluggable transport server and server library code
|
||||
|
||||
### Usage
|
||||
|
||||
Snowflake is currently deployed as a pluggable transport for Tor.
|
||||
|
||||
#### Using Snowflake with Tor
|
||||
|
||||
To use the Snowflake client with Tor, you will need to add the appropriate `Bridge` and `ClientTransportPlugin` lines to your [torrc](https://2019.www.torproject.org/docs/tor-manual.html.en) file. See the [client README](client) for more information on building and running the Snowflake client.
|
||||
|
||||
#### Running a Snowflake Proxy
|
||||
|
||||
You can contribute to Snowflake by running a Snowflake proxy. We have the option to run a proxy in your browser or as a standalone Go program. See our [community documentation](https://community.torproject.org/relay/setup/snowflake/) for more details.
|
||||
|
||||
#### Using the Snowflake Library with Other Applications
|
||||
|
||||
Snowflake can be used as a Go API, and adheres to the [v2.1 pluggable transports specification](). For more information on using the Snowflake Go library, see the [Snowflake library documentation](doc/using-the-snowflake-library.md).
|
||||
|
||||
### Test Environment
|
||||
|
||||
There is a Docker-based test environment at https://github.com/cohosh/snowbox.
|
||||
|
||||
### FAQ
|
||||
|
||||
**Q: How does it work?**
|
||||
|
||||
In the Tor use-case:
|
||||
|
||||
1. Volunteers visit websites which host the "snowflake" proxy. (just
|
||||
like flashproxy)
|
||||
2. Tor clients automatically find available browser proxies via the Broker
|
||||
(the domain fronted signaling channel).
|
||||
3. Tor client and browser proxy establish a WebRTC peer connection.
|
||||
4. Proxy connects to some relay.
|
||||
5. Tor occurs.
|
||||
|
||||
More detailed information about how clients, snowflake proxies, and the Broker
|
||||
fit together on the way...
|
||||
|
||||
**Q: What are the benefits of this PT compared with other PTs?**
|
||||
|
||||
Snowflake combines the advantages of flashproxy and meek. Primarily:
|
||||
|
||||
- It has the convenience of Meek, but can support magnitudes more
|
||||
users with negligible CDN costs. (Domain fronting is only used for brief
|
||||
signalling / NAT-piercing to setup the P2P WebRTC DataChannels which handle
|
||||
the actual traffic.)
|
||||
|
||||
- Arbitrarily high numbers of volunteer proxies are possible like in
|
||||
flashproxy, but NATs are no longer a usability barrier - no need for
|
||||
manual port forwarding!
|
||||
|
||||
**Q: Why is this called Snowflake?**
|
||||
|
||||
It utilizes the "ICE" negotiation via WebRTC, and also involves a great
|
||||
abundance of ephemeral and short-lived (and special!) volunteer proxies...
|
||||
|
||||
### More info and links
|
||||
|
||||
We have more documentation in the [Snowflake wiki](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) and at https://snowflake.torproject.org/.
|
||||
|
||||
|
||||
##### -- Android AAR Reproducible Build Setup --
|
||||
|
||||
Using `gomobile` it is possible to build snowflake as shared libraries for all
|
||||
the architectures supported by Android. This is in the _.gitlab-ci.yml_, which
|
||||
runs in GitLab CI. It is also possible to run this setup in a Virtual Machine
|
||||
using [vagrant](https://www.vagrantup.com/). Just run `vagrant up` and it will
|
||||
create and provision the VM. `vagrant ssh` to get into the VM to use it as a
|
||||
development environment.
|
||||
|
||||
##### uTLS Settings
|
||||
|
||||
Snowflake communicate with broker that serves as signaling server with TLS based domain fronting connection, which may be identified by its usage of Go language TLS stack.
|
||||
|
||||
uTLS is a software library designed to initiate the TLS Client Hello fingerprint of browsers or other popular software's TLS stack to evade censorship based on TLS client hello fingerprint with `-utls-imitate` . You can use `-version` to see a list of supported values.
|
||||
|
||||
Depending on client and server configuration, it may not always work as expected as not all extensions are correctly implemented.
|
||||
|
||||
You can also remove SNI (Server Name Indication) from client hello to evade censorship with `-utls-nosni`, not all servers supports this.
|
@ -0,0 +1,263 @@
|
||||
# WebTunnel
|
||||
|
||||
Pluggable Transport based on HTTP Upgrade(HTTPT)
|
||||
|
||||
WebTunnel is pluggable transport that attempt to imitate web browsing activities based on [HTTPT](https://censorbib.nymity.ch/#Frolov2020b).
|
||||
|
||||
## Client Usage
|
||||
Connect to a WebTunnel server with a Tor configuration file like:
|
||||
```
|
||||
UseBridges 1
|
||||
DataDirectory datadir
|
||||
|
||||
ClientTransportPlugin webtunnel exec ./client
|
||||
|
||||
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
|
||||
|
||||
SocksPort auto
|
||||
|
||||
Log info
|
||||
```
|
||||
## Server Setup
|
||||
|
||||
#### Install Tor
|
||||
On a Debian system, first install tor normally with
|
||||
```
|
||||
apt install apt-transport-https
|
||||
lsb_release -c
|
||||
nano /etc/apt/sources.list.d/tor.list
|
||||
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
|
||||
apt update
|
||||
apt install tor deb.torproject.org-keyring
|
||||
```
|
||||
|
||||
### Disable default instance
|
||||
The default Tor configuration is not useful for this setup, so the next step will be disabling them.
|
||||
```
|
||||
systemctl stop tor@default.service
|
||||
systemctl mask tor@default.service
|
||||
```
|
||||
|
||||
### Get Environment Ready
|
||||
```
|
||||
#copy server file to server
|
||||
scp server root@$SERVER_ADDRESS:/var/lib/torwebtunnel/webtunnel
|
||||
```
|
||||
|
||||
then create server torrc at `/var/lib/torwebtunnel/torrc`
|
||||
```
|
||||
BridgeRelay 1
|
||||
|
||||
ORPort 10000
|
||||
|
||||
ServerTransportPlugin webtunnel exec /var/lib/torwebtunnel/webtunnel
|
||||
|
||||
ServerTransportListenAddr webtunnel 127.0.0.1:11000
|
||||
|
||||
ExtORPort auto
|
||||
|
||||
ContactInfo WebTunnel email: tor.relay.email@torproject.net ciissversion:2
|
||||
|
||||
Nickname WebTunnelTest
|
||||
|
||||
PublishServerDescriptor 1
|
||||
BridgeDistribution none
|
||||
|
||||
DataDirectory /var/lib/torwebtunnel/tor-data
|
||||
CacheDirectory /tmp/tor-tmp-torwebtunnel
|
||||
|
||||
SocksPort 0
|
||||
```
|
||||
|
||||
#### Configure service unit file
|
||||
Create a service unit file as follow
|
||||
```
|
||||
[Unit]
|
||||
Description=Tor Web Tunnel
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
DynamicUser=yes
|
||||
PrivateUsers=true
|
||||
PrivateMounts=true
|
||||
ProtectSystem=strict
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectClock=true
|
||||
NoNewPrivileges=true
|
||||
ProtectHome=tmpfs
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
|
||||
StateDirectory=torwebtunnel
|
||||
|
||||
ExecStart=/usr/bin/tor -f /var/lib/torwebtunnel/torrc --RunAsDaemon 0
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
```
|
||||
|
||||
#### Obtain Certificate
|
||||
WebTunnel Requires a valid TLS certificate, to obtain that
|
||||
```
|
||||
curl https://get.acme.sh | sh -s email=my@example.com
|
||||
~/.acme.sh/acme.sh --issue --standalone --domain $SERVER_ADDRESS
|
||||
```
|
||||
|
||||
#### Install & Configure Nginx
|
||||
To coexist with other content at a single port, it is necessary to install a reverse proxy like nginx:
|
||||
```
|
||||
apt install nginx
|
||||
```
|
||||
|
||||
And then configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf.
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
Finally, add http forwarding setting to a new file at /etc/nginx/site-enabled .
|
||||
```
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
server_name $SERVER_ADDRESS;
|
||||
#ssl on;
|
||||
|
||||
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
|
||||
ssl_certificate /etc/nginx/ssl/fullchain.cer;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.key;
|
||||
|
||||
|
||||
ssl_session_timeout 15m;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_cache shared:MozSSL:50m;
|
||||
#ssl_ecdh_curve secp521r1,prime256v1,secp384r1;
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Docker Setup
|
||||
|
||||
Webtunnel is a new pluggable transport available for bridge operators.
|
||||
|
||||
### Prerequisites
|
||||
An existing website using nginx balancer to handle traffic. (other load banlancer is currently untested)
|
||||
|
||||
Handle traffic directly, without CDN. (CDN passthrough is currently untested)
|
||||
|
||||
A container runtime like Docker.
|
||||
|
||||
### Configure nginx Forwarding
|
||||
If you haven't already, configure websocket forwarding support in nginx by configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf:
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
```
|
||||
And add a forwarded path under one the served domain, typically defined in files within `/etc/nginx/sites-enabled/`, replace $PATH with a random string(which you could generate with `echo $(cat /dev/urandom | tr -cd "qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321"|head -c 24)`):
|
||||
```
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
```
|
||||
|
||||
### Install Docker Runtime(if necessary)
|
||||
```
|
||||
apt install curl sudo
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sudo sh ./get-docker.sh
|
||||
```
|
||||
|
||||
### Run Dockerlized Webtunnel Server
|
||||
Replace `URL` with your domain and path, and `OPERATOR_EMAIL` with your email address, then run:
|
||||
```
|
||||
truncate --size 0 .env
|
||||
echo "URL=https://yourdomain/and/path" >> .env
|
||||
echo "OPERATOR_EMAIL=your@email.org" >> .env
|
||||
echo "BRIDGE_NICKNAME=WTBr$(cat /dev/urandom | tr -cd 'qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321'|head -c 10)" >> .env
|
||||
echo "GENEDORPORT=4$(cat /dev/urandom | tr -cd '0987654321'|head -c 4)" >> .env
|
||||
```
|
||||
This will create an environment file for the configuration of webtunnel bridge.
|
||||
|
||||
After creating the configure file, download the webtunnel docker compose file, and instancize it.
|
||||
````shell
|
||||
curl https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/raw/main/release/container/docker-compose.yml?inline=false > docker-compose.yml
|
||||
docker compose up -d
|
||||
````
|
||||
It includes auto update by default, and will update webtunnel bridge server without any further action. Remove `watchtower` to disable this behavior.
|
||||
|
||||
### Get Bridgeline and Check it is Running
|
||||
You can obtain bridgeline and verify if it is working by running
|
||||
```shell
|
||||
docker compose exec webtunnel-bridge get-bridge-line.sh
|
||||
```
|
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/conjure-client
Executable file
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/conjure-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/lyrebird
Executable file
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/lyrebird
Executable file
Binary file not shown.
@ -0,0 +1,32 @@
|
||||
{
|
||||
"recommendedDefault" : "obfs4",
|
||||
"pluggableTransports" : {
|
||||
"lyrebird" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}lyrebird",
|
||||
"snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client",
|
||||
"webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client",
|
||||
"conjure" : "ClientTransportPlugin conjure exec ${pt_path}conjure-client -registerURL https://registration.refraction.network/api"
|
||||
},
|
||||
"bridges" : {
|
||||
"meek-azure" : [
|
||||
"meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"
|
||||
],
|
||||
"obfs4" : [
|
||||
"obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1",
|
||||
"obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0",
|
||||
"obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0",
|
||||
"obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0",
|
||||
"obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0",
|
||||
"obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0",
|
||||
"obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0",
|
||||
"obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0",
|
||||
"obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0"
|
||||
],
|
||||
"snowflake" : [
|
||||
"snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
|
||||
"snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/snowflake-client
Executable file
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/snowflake-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/webtunnel-client
Executable file
BIN
desktopApp/tor/tor-linux/tor/pluggable_transports/webtunnel-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-linux/tor/tor
Executable file
BIN
desktopApp/tor/tor-linux/tor/tor
Executable file
Binary file not shown.
359517
desktopApp/tor/tor-mac/data/geoip
Normal file
359517
desktopApp/tor/tor-mac/data/geoip
Normal file
File diff suppressed because it is too large
Load Diff
155241
desktopApp/tor/tor-mac/data/geoip6
Normal file
155241
desktopApp/tor/tor-mac/data/geoip6
Normal file
File diff suppressed because it is too large
Load Diff
BIN
desktopApp/tor/tor-mac/tor/libevent-2.1.7.dylib
Executable file
BIN
desktopApp/tor/tor-mac/tor/libevent-2.1.7.dylib
Executable file
Binary file not shown.
@ -0,0 +1,28 @@
|
||||
# Conjure
|
||||
|
||||
[Conjure](https://jhalderm.com/pub/papers/conjure-ccs19.pdf) is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying ISPs into a large pool of **phantom** proxies that users can connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides an effective solution to the problem of censors enumerating deployed bridges or proxies.
|
||||
|
||||
Conjure is currenty deployed on the University of Colorado network and a small to mid size ISP in Michigan.
|
||||
|
||||
# Conjure Pluggable Transport for Tor
|
||||
|
||||
This repository is an implementation of both the client and bridge side of a Tor pluggable transport that uses the deployed Conjure network to allow users to connect to the Tor network. The client side calls the [`gotapdance` library](https://github.com/refraction-networking/gotapdance) to communicate with deployed Conjure stations and route client traffic through the phantom proxies assigned by the station. The bridge side receives [haproxy](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) connections from the Conjure station that wrap the proxied client traffic.
|
||||
|
||||
# Deployment details
|
||||
|
||||
We currently have deployed a low capacity Conjure bridge named [Haunt](https://metrics.torproject.org/rs.html#details/A84C946BF4E14E63A3C92E140532A4594F2C24CD). To connect through this bridge, use the `torrc` file in the `client/` directory as follows:
|
||||
|
||||
```
|
||||
cd client/
|
||||
tor -f torrc
|
||||
```
|
||||
|
||||
# Warnings
|
||||
|
||||
This tool and the deployment is still under active development. We are still working on securing the connection between the deployed Conjure stations and the Conjure bridge. We are also working on improving the censorship resistance of the registration connection between the client and the station. Do not expect this to work out of the box in all areas.
|
||||
|
||||
The Conjure station sometimes suffers from a heavy load of users. When this happens, connections will fail. If you are testing this out, try waiting awhile and trying again later.
|
||||
|
||||
# Conjure development
|
||||
|
||||
Due to the complex nature of the Conjure deployment, it can be difficult to set up a local development environment. Check out [phantombox](https://gitlab.torproject.org/cohosh/phantombox) for an automated libvirt-based setup that works on Linux.
|
@ -0,0 +1,109 @@
|
||||
# Snowflake
|
||||
|
||||
[![Build Status](https://travis-ci.org/keroserene/snowflake.svg?branch=master)](https://travis-ci.org/keroserene/snowflake)
|
||||
|
||||
Pluggable Transport using WebRTC, inspired by Flashproxy.
|
||||
|
||||
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
||||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
||||
**Table of Contents**
|
||||
|
||||
- [Structure of this Repository](#structure-of-this-repository)
|
||||
- [Usage](#usage)
|
||||
- [Using Snowflake with Tor](#using-snowflake-with-tor)
|
||||
- [Running a Snowflake Proxy](#running-a-snowflake-proxy)
|
||||
- [Using the Snowflake Library with Other Applications](#using-the-snowflake-library-with-other-applications)
|
||||
- [Test Environment](#test-environment)
|
||||
- [FAQ](#faq)
|
||||
- [More info and links](#more-info-and-links)
|
||||
|
||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
||||
|
||||
### Structure of this Repository
|
||||
|
||||
- `broker/` contains code for the Snowflake broker
|
||||
- `doc/` contains Snowflake documentation and manpages
|
||||
- `client/` contains the Tor pluggable transport client and client library code
|
||||
- `common/` contains generic libraries used by multiple pieces of Snowflake
|
||||
- `proxy/` contains code for the Go standalone Snowflake proxy
|
||||
- `probetest/` contains code for a NAT probetesting service
|
||||
- `server/` contains the Tor pluggable transport server and server library code
|
||||
|
||||
### Usage
|
||||
|
||||
Snowflake is currently deployed as a pluggable transport for Tor.
|
||||
|
||||
#### Using Snowflake with Tor
|
||||
|
||||
To use the Snowflake client with Tor, you will need to add the appropriate `Bridge` and `ClientTransportPlugin` lines to your [torrc](https://2019.www.torproject.org/docs/tor-manual.html.en) file. See the [client README](client) for more information on building and running the Snowflake client.
|
||||
|
||||
#### Running a Snowflake Proxy
|
||||
|
||||
You can contribute to Snowflake by running a Snowflake proxy. We have the option to run a proxy in your browser or as a standalone Go program. See our [community documentation](https://community.torproject.org/relay/setup/snowflake/) for more details.
|
||||
|
||||
#### Using the Snowflake Library with Other Applications
|
||||
|
||||
Snowflake can be used as a Go API, and adheres to the [v2.1 pluggable transports specification](). For more information on using the Snowflake Go library, see the [Snowflake library documentation](doc/using-the-snowflake-library.md).
|
||||
|
||||
### Test Environment
|
||||
|
||||
There is a Docker-based test environment at https://github.com/cohosh/snowbox.
|
||||
|
||||
### FAQ
|
||||
|
||||
**Q: How does it work?**
|
||||
|
||||
In the Tor use-case:
|
||||
|
||||
1. Volunteers visit websites which host the "snowflake" proxy. (just
|
||||
like flashproxy)
|
||||
2. Tor clients automatically find available browser proxies via the Broker
|
||||
(the domain fronted signaling channel).
|
||||
3. Tor client and browser proxy establish a WebRTC peer connection.
|
||||
4. Proxy connects to some relay.
|
||||
5. Tor occurs.
|
||||
|
||||
More detailed information about how clients, snowflake proxies, and the Broker
|
||||
fit together on the way...
|
||||
|
||||
**Q: What are the benefits of this PT compared with other PTs?**
|
||||
|
||||
Snowflake combines the advantages of flashproxy and meek. Primarily:
|
||||
|
||||
- It has the convenience of Meek, but can support magnitudes more
|
||||
users with negligible CDN costs. (Domain fronting is only used for brief
|
||||
signalling / NAT-piercing to setup the P2P WebRTC DataChannels which handle
|
||||
the actual traffic.)
|
||||
|
||||
- Arbitrarily high numbers of volunteer proxies are possible like in
|
||||
flashproxy, but NATs are no longer a usability barrier - no need for
|
||||
manual port forwarding!
|
||||
|
||||
**Q: Why is this called Snowflake?**
|
||||
|
||||
It utilizes the "ICE" negotiation via WebRTC, and also involves a great
|
||||
abundance of ephemeral and short-lived (and special!) volunteer proxies...
|
||||
|
||||
### More info and links
|
||||
|
||||
We have more documentation in the [Snowflake wiki](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) and at https://snowflake.torproject.org/.
|
||||
|
||||
|
||||
##### -- Android AAR Reproducible Build Setup --
|
||||
|
||||
Using `gomobile` it is possible to build snowflake as shared libraries for all
|
||||
the architectures supported by Android. This is in the _.gitlab-ci.yml_, which
|
||||
runs in GitLab CI. It is also possible to run this setup in a Virtual Machine
|
||||
using [vagrant](https://www.vagrantup.com/). Just run `vagrant up` and it will
|
||||
create and provision the VM. `vagrant ssh` to get into the VM to use it as a
|
||||
development environment.
|
||||
|
||||
##### uTLS Settings
|
||||
|
||||
Snowflake communicate with broker that serves as signaling server with TLS based domain fronting connection, which may be identified by its usage of Go language TLS stack.
|
||||
|
||||
uTLS is a software library designed to initiate the TLS Client Hello fingerprint of browsers or other popular software's TLS stack to evade censorship based on TLS client hello fingerprint with `-utls-imitate` . You can use `-version` to see a list of supported values.
|
||||
|
||||
Depending on client and server configuration, it may not always work as expected as not all extensions are correctly implemented.
|
||||
|
||||
You can also remove SNI (Server Name Indication) from client hello to evade censorship with `-utls-nosni`, not all servers supports this.
|
@ -0,0 +1,263 @@
|
||||
# WebTunnel
|
||||
|
||||
Pluggable Transport based on HTTP Upgrade(HTTPT)
|
||||
|
||||
WebTunnel is pluggable transport that attempt to imitate web browsing activities based on [HTTPT](https://censorbib.nymity.ch/#Frolov2020b).
|
||||
|
||||
## Client Usage
|
||||
Connect to a WebTunnel server with a Tor configuration file like:
|
||||
```
|
||||
UseBridges 1
|
||||
DataDirectory datadir
|
||||
|
||||
ClientTransportPlugin webtunnel exec ./client
|
||||
|
||||
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
|
||||
|
||||
SocksPort auto
|
||||
|
||||
Log info
|
||||
```
|
||||
## Server Setup
|
||||
|
||||
#### Install Tor
|
||||
On a Debian system, first install tor normally with
|
||||
```
|
||||
apt install apt-transport-https
|
||||
lsb_release -c
|
||||
nano /etc/apt/sources.list.d/tor.list
|
||||
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
|
||||
apt update
|
||||
apt install tor deb.torproject.org-keyring
|
||||
```
|
||||
|
||||
### Disable default instance
|
||||
The default Tor configuration is not useful for this setup, so the next step will be disabling them.
|
||||
```
|
||||
systemctl stop tor@default.service
|
||||
systemctl mask tor@default.service
|
||||
```
|
||||
|
||||
### Get Environment Ready
|
||||
```
|
||||
#copy server file to server
|
||||
scp server root@$SERVER_ADDRESS:/var/lib/torwebtunnel/webtunnel
|
||||
```
|
||||
|
||||
then create server torrc at `/var/lib/torwebtunnel/torrc`
|
||||
```
|
||||
BridgeRelay 1
|
||||
|
||||
ORPort 10000
|
||||
|
||||
ServerTransportPlugin webtunnel exec /var/lib/torwebtunnel/webtunnel
|
||||
|
||||
ServerTransportListenAddr webtunnel 127.0.0.1:11000
|
||||
|
||||
ExtORPort auto
|
||||
|
||||
ContactInfo WebTunnel email: tor.relay.email@torproject.net ciissversion:2
|
||||
|
||||
Nickname WebTunnelTest
|
||||
|
||||
PublishServerDescriptor 1
|
||||
BridgeDistribution none
|
||||
|
||||
DataDirectory /var/lib/torwebtunnel/tor-data
|
||||
CacheDirectory /tmp/tor-tmp-torwebtunnel
|
||||
|
||||
SocksPort 0
|
||||
```
|
||||
|
||||
#### Configure service unit file
|
||||
Create a service unit file as follow
|
||||
```
|
||||
[Unit]
|
||||
Description=Tor Web Tunnel
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
DynamicUser=yes
|
||||
PrivateUsers=true
|
||||
PrivateMounts=true
|
||||
ProtectSystem=strict
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectClock=true
|
||||
NoNewPrivileges=true
|
||||
ProtectHome=tmpfs
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
|
||||
StateDirectory=torwebtunnel
|
||||
|
||||
ExecStart=/usr/bin/tor -f /var/lib/torwebtunnel/torrc --RunAsDaemon 0
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
```
|
||||
|
||||
#### Obtain Certificate
|
||||
WebTunnel Requires a valid TLS certificate, to obtain that
|
||||
```
|
||||
curl https://get.acme.sh | sh -s email=my@example.com
|
||||
~/.acme.sh/acme.sh --issue --standalone --domain $SERVER_ADDRESS
|
||||
```
|
||||
|
||||
#### Install & Configure Nginx
|
||||
To coexist with other content at a single port, it is necessary to install a reverse proxy like nginx:
|
||||
```
|
||||
apt install nginx
|
||||
```
|
||||
|
||||
And then configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf.
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
Finally, add http forwarding setting to a new file at /etc/nginx/site-enabled .
|
||||
```
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
server_name $SERVER_ADDRESS;
|
||||
#ssl on;
|
||||
|
||||
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
|
||||
ssl_certificate /etc/nginx/ssl/fullchain.cer;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.key;
|
||||
|
||||
|
||||
ssl_session_timeout 15m;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_cache shared:MozSSL:50m;
|
||||
#ssl_ecdh_curve secp521r1,prime256v1,secp384r1;
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Docker Setup
|
||||
|
||||
Webtunnel is a new pluggable transport available for bridge operators.
|
||||
|
||||
### Prerequisites
|
||||
An existing website using nginx balancer to handle traffic. (other load banlancer is currently untested)
|
||||
|
||||
Handle traffic directly, without CDN. (CDN passthrough is currently untested)
|
||||
|
||||
A container runtime like Docker.
|
||||
|
||||
### Configure nginx Forwarding
|
||||
If you haven't already, configure websocket forwarding support in nginx by configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf:
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
```
|
||||
And add a forwarded path under one the served domain, typically defined in files within `/etc/nginx/sites-enabled/`, replace $PATH with a random string(which you could generate with `echo $(cat /dev/urandom | tr -cd "qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321"|head -c 24)`):
|
||||
```
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
```
|
||||
|
||||
### Install Docker Runtime(if necessary)
|
||||
```
|
||||
apt install curl sudo
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sudo sh ./get-docker.sh
|
||||
```
|
||||
|
||||
### Run Dockerlized Webtunnel Server
|
||||
Replace `URL` with your domain and path, and `OPERATOR_EMAIL` with your email address, then run:
|
||||
```
|
||||
truncate --size 0 .env
|
||||
echo "URL=https://yourdomain/and/path" >> .env
|
||||
echo "OPERATOR_EMAIL=your@email.org" >> .env
|
||||
echo "BRIDGE_NICKNAME=WTBr$(cat /dev/urandom | tr -cd 'qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321'|head -c 10)" >> .env
|
||||
echo "GENEDORPORT=4$(cat /dev/urandom | tr -cd '0987654321'|head -c 4)" >> .env
|
||||
```
|
||||
This will create an environment file for the configuration of webtunnel bridge.
|
||||
|
||||
After creating the configure file, download the webtunnel docker compose file, and instancize it.
|
||||
````shell
|
||||
curl https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/raw/main/release/container/docker-compose.yml?inline=false > docker-compose.yml
|
||||
docker compose up -d
|
||||
````
|
||||
It includes auto update by default, and will update webtunnel bridge server without any further action. Remove `watchtower` to disable this behavior.
|
||||
|
||||
### Get Bridgeline and Check it is Running
|
||||
You can obtain bridgeline and verify if it is working by running
|
||||
```shell
|
||||
docker compose exec webtunnel-bridge get-bridge-line.sh
|
||||
```
|
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/conjure-client
Executable file
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/conjure-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/lyrebird
Executable file
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/lyrebird
Executable file
Binary file not shown.
@ -0,0 +1,32 @@
|
||||
{
|
||||
"recommendedDefault" : "obfs4",
|
||||
"pluggableTransports" : {
|
||||
"lyrebird" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}lyrebird",
|
||||
"snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client",
|
||||
"webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client",
|
||||
"conjure" : "ClientTransportPlugin conjure exec ${pt_path}conjure-client -registerURL https://registration.refraction.network/api"
|
||||
},
|
||||
"bridges" : {
|
||||
"meek-azure" : [
|
||||
"meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"
|
||||
],
|
||||
"obfs4" : [
|
||||
"obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1",
|
||||
"obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0",
|
||||
"obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0",
|
||||
"obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0",
|
||||
"obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0",
|
||||
"obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0",
|
||||
"obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0",
|
||||
"obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0",
|
||||
"obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0"
|
||||
],
|
||||
"snowflake" : [
|
||||
"snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
|
||||
"snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/snowflake-client
Executable file
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/snowflake-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/webtunnel-client
Executable file
BIN
desktopApp/tor/tor-mac/tor/pluggable_transports/webtunnel-client
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-mac/tor/tor
Executable file
BIN
desktopApp/tor/tor-mac/tor/tor
Executable file
Binary file not shown.
359517
desktopApp/tor/tor-win/data/geoip
Normal file
359517
desktopApp/tor/tor-win/data/geoip
Normal file
File diff suppressed because it is too large
Load Diff
155241
desktopApp/tor/tor-win/data/geoip6
Normal file
155241
desktopApp/tor/tor-win/data/geoip6
Normal file
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,28 @@
|
||||
# Conjure
|
||||
|
||||
[Conjure](https://jhalderm.com/pub/papers/conjure-ccs19.pdf) is an anti-censorship tool in the refraction networking (a.k.a. decoy routing) lineage of circumvention systems. The key innovation of Conjure is to turn the unused IP address space of deploying ISPs into a large pool of **phantom** proxies that users can connect to. Due to the size of unused IPv6 address space and the potential for collateral damage against real websites hosted by the deploying ISPs, Conjure provides an effective solution to the problem of censors enumerating deployed bridges or proxies.
|
||||
|
||||
Conjure is currenty deployed on the University of Colorado network and a small to mid size ISP in Michigan.
|
||||
|
||||
# Conjure Pluggable Transport for Tor
|
||||
|
||||
This repository is an implementation of both the client and bridge side of a Tor pluggable transport that uses the deployed Conjure network to allow users to connect to the Tor network. The client side calls the [`gotapdance` library](https://github.com/refraction-networking/gotapdance) to communicate with deployed Conjure stations and route client traffic through the phantom proxies assigned by the station. The bridge side receives [haproxy](https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt) connections from the Conjure station that wrap the proxied client traffic.
|
||||
|
||||
# Deployment details
|
||||
|
||||
We currently have deployed a low capacity Conjure bridge named [Haunt](https://metrics.torproject.org/rs.html#details/A84C946BF4E14E63A3C92E140532A4594F2C24CD). To connect through this bridge, use the `torrc` file in the `client/` directory as follows:
|
||||
|
||||
```
|
||||
cd client/
|
||||
tor -f torrc
|
||||
```
|
||||
|
||||
# Warnings
|
||||
|
||||
This tool and the deployment is still under active development. We are still working on securing the connection between the deployed Conjure stations and the Conjure bridge. We are also working on improving the censorship resistance of the registration connection between the client and the station. Do not expect this to work out of the box in all areas.
|
||||
|
||||
The Conjure station sometimes suffers from a heavy load of users. When this happens, connections will fail. If you are testing this out, try waiting awhile and trying again later.
|
||||
|
||||
# Conjure development
|
||||
|
||||
Due to the complex nature of the Conjure deployment, it can be difficult to set up a local development environment. Check out [phantombox](https://gitlab.torproject.org/cohosh/phantombox) for an automated libvirt-based setup that works on Linux.
|
@ -0,0 +1,109 @@
|
||||
# Snowflake
|
||||
|
||||
[![Build Status](https://travis-ci.org/keroserene/snowflake.svg?branch=master)](https://travis-ci.org/keroserene/snowflake)
|
||||
|
||||
Pluggable Transport using WebRTC, inspired by Flashproxy.
|
||||
|
||||
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
|
||||
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
|
||||
**Table of Contents**
|
||||
|
||||
- [Structure of this Repository](#structure-of-this-repository)
|
||||
- [Usage](#usage)
|
||||
- [Using Snowflake with Tor](#using-snowflake-with-tor)
|
||||
- [Running a Snowflake Proxy](#running-a-snowflake-proxy)
|
||||
- [Using the Snowflake Library with Other Applications](#using-the-snowflake-library-with-other-applications)
|
||||
- [Test Environment](#test-environment)
|
||||
- [FAQ](#faq)
|
||||
- [More info and links](#more-info-and-links)
|
||||
|
||||
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
|
||||
|
||||
### Structure of this Repository
|
||||
|
||||
- `broker/` contains code for the Snowflake broker
|
||||
- `doc/` contains Snowflake documentation and manpages
|
||||
- `client/` contains the Tor pluggable transport client and client library code
|
||||
- `common/` contains generic libraries used by multiple pieces of Snowflake
|
||||
- `proxy/` contains code for the Go standalone Snowflake proxy
|
||||
- `probetest/` contains code for a NAT probetesting service
|
||||
- `server/` contains the Tor pluggable transport server and server library code
|
||||
|
||||
### Usage
|
||||
|
||||
Snowflake is currently deployed as a pluggable transport for Tor.
|
||||
|
||||
#### Using Snowflake with Tor
|
||||
|
||||
To use the Snowflake client with Tor, you will need to add the appropriate `Bridge` and `ClientTransportPlugin` lines to your [torrc](https://2019.www.torproject.org/docs/tor-manual.html.en) file. See the [client README](client) for more information on building and running the Snowflake client.
|
||||
|
||||
#### Running a Snowflake Proxy
|
||||
|
||||
You can contribute to Snowflake by running a Snowflake proxy. We have the option to run a proxy in your browser or as a standalone Go program. See our [community documentation](https://community.torproject.org/relay/setup/snowflake/) for more details.
|
||||
|
||||
#### Using the Snowflake Library with Other Applications
|
||||
|
||||
Snowflake can be used as a Go API, and adheres to the [v2.1 pluggable transports specification](). For more information on using the Snowflake Go library, see the [Snowflake library documentation](doc/using-the-snowflake-library.md).
|
||||
|
||||
### Test Environment
|
||||
|
||||
There is a Docker-based test environment at https://github.com/cohosh/snowbox.
|
||||
|
||||
### FAQ
|
||||
|
||||
**Q: How does it work?**
|
||||
|
||||
In the Tor use-case:
|
||||
|
||||
1. Volunteers visit websites which host the "snowflake" proxy. (just
|
||||
like flashproxy)
|
||||
2. Tor clients automatically find available browser proxies via the Broker
|
||||
(the domain fronted signaling channel).
|
||||
3. Tor client and browser proxy establish a WebRTC peer connection.
|
||||
4. Proxy connects to some relay.
|
||||
5. Tor occurs.
|
||||
|
||||
More detailed information about how clients, snowflake proxies, and the Broker
|
||||
fit together on the way...
|
||||
|
||||
**Q: What are the benefits of this PT compared with other PTs?**
|
||||
|
||||
Snowflake combines the advantages of flashproxy and meek. Primarily:
|
||||
|
||||
- It has the convenience of Meek, but can support magnitudes more
|
||||
users with negligible CDN costs. (Domain fronting is only used for brief
|
||||
signalling / NAT-piercing to setup the P2P WebRTC DataChannels which handle
|
||||
the actual traffic.)
|
||||
|
||||
- Arbitrarily high numbers of volunteer proxies are possible like in
|
||||
flashproxy, but NATs are no longer a usability barrier - no need for
|
||||
manual port forwarding!
|
||||
|
||||
**Q: Why is this called Snowflake?**
|
||||
|
||||
It utilizes the "ICE" negotiation via WebRTC, and also involves a great
|
||||
abundance of ephemeral and short-lived (and special!) volunteer proxies...
|
||||
|
||||
### More info and links
|
||||
|
||||
We have more documentation in the [Snowflake wiki](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) and at https://snowflake.torproject.org/.
|
||||
|
||||
|
||||
##### -- Android AAR Reproducible Build Setup --
|
||||
|
||||
Using `gomobile` it is possible to build snowflake as shared libraries for all
|
||||
the architectures supported by Android. This is in the _.gitlab-ci.yml_, which
|
||||
runs in GitLab CI. It is also possible to run this setup in a Virtual Machine
|
||||
using [vagrant](https://www.vagrantup.com/). Just run `vagrant up` and it will
|
||||
create and provision the VM. `vagrant ssh` to get into the VM to use it as a
|
||||
development environment.
|
||||
|
||||
##### uTLS Settings
|
||||
|
||||
Snowflake communicate with broker that serves as signaling server with TLS based domain fronting connection, which may be identified by its usage of Go language TLS stack.
|
||||
|
||||
uTLS is a software library designed to initiate the TLS Client Hello fingerprint of browsers or other popular software's TLS stack to evade censorship based on TLS client hello fingerprint with `-utls-imitate` . You can use `-version` to see a list of supported values.
|
||||
|
||||
Depending on client and server configuration, it may not always work as expected as not all extensions are correctly implemented.
|
||||
|
||||
You can also remove SNI (Server Name Indication) from client hello to evade censorship with `-utls-nosni`, not all servers supports this.
|
@ -0,0 +1,263 @@
|
||||
# WebTunnel
|
||||
|
||||
Pluggable Transport based on HTTP Upgrade(HTTPT)
|
||||
|
||||
WebTunnel is pluggable transport that attempt to imitate web browsing activities based on [HTTPT](https://censorbib.nymity.ch/#Frolov2020b).
|
||||
|
||||
## Client Usage
|
||||
Connect to a WebTunnel server with a Tor configuration file like:
|
||||
```
|
||||
UseBridges 1
|
||||
DataDirectory datadir
|
||||
|
||||
ClientTransportPlugin webtunnel exec ./client
|
||||
|
||||
Bridge webtunnel 192.0.2.3:1 url=https://akbwadp9lc5fyyz0cj4d76z643pxgbfh6oyc-167-71-71-157.sslip.io/5m9yq0j4ghkz0fz7qmuw58cvbjon0ebnrsp0
|
||||
|
||||
SocksPort auto
|
||||
|
||||
Log info
|
||||
```
|
||||
## Server Setup
|
||||
|
||||
#### Install Tor
|
||||
On a Debian system, first install tor normally with
|
||||
```
|
||||
apt install apt-transport-https
|
||||
lsb_release -c
|
||||
nano /etc/apt/sources.list.d/tor.list
|
||||
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
|
||||
apt update
|
||||
apt install tor deb.torproject.org-keyring
|
||||
```
|
||||
|
||||
### Disable default instance
|
||||
The default Tor configuration is not useful for this setup, so the next step will be disabling them.
|
||||
```
|
||||
systemctl stop tor@default.service
|
||||
systemctl mask tor@default.service
|
||||
```
|
||||
|
||||
### Get Environment Ready
|
||||
```
|
||||
#copy server file to server
|
||||
scp server root@$SERVER_ADDRESS:/var/lib/torwebtunnel/webtunnel
|
||||
```
|
||||
|
||||
then create server torrc at `/var/lib/torwebtunnel/torrc`
|
||||
```
|
||||
BridgeRelay 1
|
||||
|
||||
ORPort 10000
|
||||
|
||||
ServerTransportPlugin webtunnel exec /var/lib/torwebtunnel/webtunnel
|
||||
|
||||
ServerTransportListenAddr webtunnel 127.0.0.1:11000
|
||||
|
||||
ExtORPort auto
|
||||
|
||||
ContactInfo WebTunnel email: tor.relay.email@torproject.net ciissversion:2
|
||||
|
||||
Nickname WebTunnelTest
|
||||
|
||||
PublishServerDescriptor 1
|
||||
BridgeDistribution none
|
||||
|
||||
DataDirectory /var/lib/torwebtunnel/tor-data
|
||||
CacheDirectory /tmp/tor-tmp-torwebtunnel
|
||||
|
||||
SocksPort 0
|
||||
```
|
||||
|
||||
#### Configure service unit file
|
||||
Create a service unit file as follow
|
||||
```
|
||||
[Unit]
|
||||
Description=Tor Web Tunnel
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
DynamicUser=yes
|
||||
PrivateUsers=true
|
||||
PrivateMounts=true
|
||||
ProtectSystem=strict
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectClock=true
|
||||
NoNewPrivileges=true
|
||||
ProtectHome=tmpfs
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
|
||||
StateDirectory=torwebtunnel
|
||||
|
||||
ExecStart=/usr/bin/tor -f /var/lib/torwebtunnel/torrc --RunAsDaemon 0
|
||||
|
||||
[Install]
|
||||
WantedBy=default.target
|
||||
```
|
||||
|
||||
#### Obtain Certificate
|
||||
WebTunnel Requires a valid TLS certificate, to obtain that
|
||||
```
|
||||
curl https://get.acme.sh | sh -s email=my@example.com
|
||||
~/.acme.sh/acme.sh --issue --standalone --domain $SERVER_ADDRESS
|
||||
```
|
||||
|
||||
#### Install & Configure Nginx
|
||||
To coexist with other content at a single port, it is necessary to install a reverse proxy like nginx:
|
||||
```
|
||||
apt install nginx
|
||||
```
|
||||
|
||||
And then configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf.
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
Finally, add http forwarding setting to a new file at /etc/nginx/site-enabled .
|
||||
```
|
||||
server {
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
server_name $SERVER_ADDRESS;
|
||||
#ssl on;
|
||||
|
||||
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
|
||||
ssl_certificate /etc/nginx/ssl/fullchain.cer;
|
||||
ssl_certificate_key /etc/nginx/ssl/key.key;
|
||||
|
||||
|
||||
ssl_session_timeout 15m;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
ssl_session_cache shared:MozSSL:50m;
|
||||
#ssl_ecdh_curve secp521r1,prime256v1,secp384r1;
|
||||
ssl_session_tickets off;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
```
|
||||
|
||||
## Docker Setup
|
||||
|
||||
Webtunnel is a new pluggable transport available for bridge operators.
|
||||
|
||||
### Prerequisites
|
||||
An existing website using nginx balancer to handle traffic. (other load banlancer is currently untested)
|
||||
|
||||
Handle traffic directly, without CDN. (CDN passthrough is currently untested)
|
||||
|
||||
A container runtime like Docker.
|
||||
|
||||
### Configure nginx Forwarding
|
||||
If you haven't already, configure websocket forwarding support in nginx by configure HTTP Upgrade forwarding at /etc/nginx/nginx.conf:
|
||||
```
|
||||
--- a/before.conf
|
||||
+++ b/after.conf
|
||||
@@ -60,6 +60,13 @@ http {
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
+
|
||||
+ #WebSocket Support
|
||||
+ map $http_upgrade $connection_upgrade {
|
||||
+ default upgrade;
|
||||
+ '' close;
|
||||
+ }
|
||||
+
|
||||
}
|
||||
```
|
||||
And add a forwarded path under one the served domain, typically defined in files within `/etc/nginx/sites-enabled/`, replace $PATH with a random string(which you could generate with `echo $(cat /dev/urandom | tr -cd "qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321"|head -c 24)`):
|
||||
```
|
||||
location /$PATH {
|
||||
proxy_pass http://127.0.0.1:11000;
|
||||
proxy_http_version 1.1;
|
||||
|
||||
###Set WebSocket headers ####
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
### Set Proxy headers ####
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
add_header Front-End-Https on;
|
||||
|
||||
proxy_redirect off;
|
||||
}
|
||||
```
|
||||
|
||||
### Install Docker Runtime(if necessary)
|
||||
```
|
||||
apt install curl sudo
|
||||
curl -fsSL https://get.docker.com -o get-docker.sh
|
||||
sudo sh ./get-docker.sh
|
||||
```
|
||||
|
||||
### Run Dockerlized Webtunnel Server
|
||||
Replace `URL` with your domain and path, and `OPERATOR_EMAIL` with your email address, then run:
|
||||
```
|
||||
truncate --size 0 .env
|
||||
echo "URL=https://yourdomain/and/path" >> .env
|
||||
echo "OPERATOR_EMAIL=your@email.org" >> .env
|
||||
echo "BRIDGE_NICKNAME=WTBr$(cat /dev/urandom | tr -cd 'qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321'|head -c 10)" >> .env
|
||||
echo "GENEDORPORT=4$(cat /dev/urandom | tr -cd '0987654321'|head -c 4)" >> .env
|
||||
```
|
||||
This will create an environment file for the configuration of webtunnel bridge.
|
||||
|
||||
After creating the configure file, download the webtunnel docker compose file, and instancize it.
|
||||
````shell
|
||||
curl https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/raw/main/release/container/docker-compose.yml?inline=false > docker-compose.yml
|
||||
docker compose up -d
|
||||
````
|
||||
It includes auto update by default, and will update webtunnel bridge server without any further action. Remove `watchtower` to disable this behavior.
|
||||
|
||||
### Get Bridgeline and Check it is Running
|
||||
You can obtain bridgeline and verify if it is working by running
|
||||
```shell
|
||||
docker compose exec webtunnel-bridge get-bridge-line.sh
|
||||
```
|
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/conjure-client.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/conjure-client.exe
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/lyrebird.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/lyrebird.exe
Executable file
Binary file not shown.
@ -0,0 +1,32 @@
|
||||
{
|
||||
"recommendedDefault" : "obfs4",
|
||||
"pluggableTransports" : {
|
||||
"lyrebird" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}lyrebird.exe",
|
||||
"snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client.exe",
|
||||
"webtunnel" : "ClientTransportPlugin webtunnel exec ${pt_path}webtunnel-client.exe",
|
||||
"conjure" : "ClientTransportPlugin conjure exec ${pt_path}conjure-client.exe -registerURL https://registration.refraction.network/api"
|
||||
},
|
||||
"bridges" : {
|
||||
"meek-azure" : [
|
||||
"meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"
|
||||
],
|
||||
"obfs4" : [
|
||||
"obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1",
|
||||
"obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0",
|
||||
"obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0",
|
||||
"obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0",
|
||||
"obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0",
|
||||
"obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0",
|
||||
"obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0",
|
||||
"obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0",
|
||||
"obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0",
|
||||
"obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0"
|
||||
],
|
||||
"snowflake" : [
|
||||
"snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
|
||||
"snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://1098762253.rsc.cdn77.org/ fronts=www.cdn77.com,www.phpmyadmin.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
|
||||
]
|
||||
}
|
||||
}
|
||||
|
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/snowflake-client.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/snowflake-client.exe
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/webtunnel-client.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/pluggable_transports/webtunnel-client.exe
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-win/tor/tor-gencert.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/tor-gencert.exe
Executable file
Binary file not shown.
BIN
desktopApp/tor/tor-win/tor/tor.exe
Executable file
BIN
desktopApp/tor/tor-win/tor/tor.exe
Executable file
Binary file not shown.
14
desktopApp/tsconfig.json
Normal file
14
desktopApp/tsconfig.json
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
"compilerOptions": {
|
||||
"target": "es5",
|
||||
"module": "commonjs",
|
||||
"moduleResolution": "node",
|
||||
"sourceMap": true,
|
||||
"emitDecoratorMetadata": true,
|
||||
"experimentalDecorators": true,
|
||||
"removeComments": false,
|
||||
"noImplicitAny": false,
|
||||
"outDir": "."
|
||||
},
|
||||
"exclude": [ "node_modules" ]
|
||||
}
|
2641
desktopApp/yarn.lock
Normal file
2641
desktopApp/yarn.lock
Normal file
File diff suppressed because it is too large
Load Diff
@ -53,6 +53,7 @@ const Main: React.FC = () => {
|
||||
)}
|
||||
|
||||
<MainBox navbarHeight={navbarHeight}>
|
||||
|
||||
<Routes>
|
||||
{['/robot/:token?', '/', ''].map((path, index) => {
|
||||
return (
|
||||
|
Loading…
Reference in New Issue
Block a user