# TOR CLIENT SIDE ADDITION OF OBFS4PROXY



## rhsbsd (Aug 30, 2017)

*TOR CLIENT SIDE ADDITION OF OBFS4PROXY*​  Searching the web with Tor can be anonymous, but, by adding OBFS4PROXY you can be invisible and faster. What is it? Also known as Plug-gable Transport. Taken from OBFS4PROXY text: 'OBFS4PROXY is a tool that attempts to circumvent censorship by transforming Tor traffic between the client and the bridge. This way censors, who usually monitor traffic between the client and the bridge, will see innocent-looking transformed traffic instead of the actual Tor traffic.' Full specification here. This means you can now query, and then sift through clear-net, and onion responses, at bandwidth of slowest Tor node. Improvement of connectivity/response speed using OBFS4PROXY is more than noticeable. Using bridges inherently reduces exposure for running bridges and/or nodes. Once installed and your up and running check `$ netstat -an -p tcp` [4], `# systat -netstat 1` [3], `# dnstop -l 5 your_nic_if` [1] and have a look. You should see connections from tor to local-host and then local-host forwarding those to OBFS4PROXY which in turn is using tcp to connect to a bridge. obfs4 protocol can be used in conjunction with other software which talks obfs4 and allows direct connection to other clients using tcp. See this. OBFS4PROXY encapsulation is encrypted, so it is very unlikely to be detected.
  If your thinking about adding OBFS4PROXY to your tor client and you are using FreeBSD+Tor what follows below is a condensed HOW-TO. You must already be using both tor and ports version of security/openssl, and, it helps also to have security/arm installed. I'm building from ports using ports-mgmt/synth, `$ su` to csh and login from bourne shell. I do not use a tor daemon but prefer instead to run both tor and arm in two separate unprivileged consoles invoked from desktop with no arguments. It works, its simple, and its relatively safe.
  I was/still am using the /usr/local/etc/tor/torrc: {OPTIONS[TransProxyType=default],...[*=*]} which should not be 'commented' out. This invisible proxy is included in torrc when /usr/ports/security/tor `make.config` is left to defaults, i.e., (*Transparent proxy support=on*). Additionally you need to use socks 5 protocol for initial proxy setup with your hardened browser profile. If that is what you are using then the following should work. There are many configuration variants depending on what you have/need. What Tor needs are more bridges and users.

```
freebsd-version -ku
11.1-RELEASE-p1
11.1-RELEASE-p1
```
  Following instructions are for generic kernel using above configuration:
Please also note that my understanding of lang/go is limited. Go is short for GOOGLE. What, if any, implications arise from installing/creating an instance of OBFS4PROXY from security/tor I can't answer. GO is pure cloud object code utilizing a C form. If anyone has a comment or two about that I would surely be interested. I have noticed *nothing* leaking on my box.

```
pkg install go-1.7.4,1
synth install security/go.crypto
synth install net/go.net
```
  Follow this link for instructions as needed to setup required paths for project, and also check on most recent URL for [cmd=$]go get.[repo/path][/cmd].

```
# synth install devel/git
```
 This is needed for invocation of [cmd=$]go get.repo/path[/cmd] a few lines down.
Create environment variable '*GOPATH*' by editing ~.profile, and adding,

```
GOPATH=~/projects/go_work; export GOPATH
```
<<<DO THIS NOW!!!>>>​Required to store project and also re-store project at a latter date if you need to update OBFS4PROXY.

`# reboot`​`$ go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy`​This gets dependencies/everything. Works really well. I did not initialize a git repo at this point but you may want to. See GIT INFO.

To install: Copy newly created 'OBFS4PROXY' executable now located at $GOPATH/bin/OBFS4PROXY to a permanent location ,e.g., /usr/local/bin.​
Extra credit append ~/projects/go_work/bin to *$PATH* in ~/.profile to include this in system wide variable $PATH for future GO project compilations. See also GO INFO.

  The above 'go git', gets everything needed for the OBFS4PROXY and puts it in the right places. Configuring /usr/local/etc/torrc is next. You must decide to either be a client or be a bridge. Your bridge info may get published (read your torrc) and you will be getting traffic, if that is what you want. Below are both.
​Bridge setup:​I'm mobile so I did not do this. If your on a desktop you should do this. See instructions at previous GitHub link.​Client setup:​Scroll to the very bottom of your /usr/local/etc/torrc and paste this:​

```
HiddenServiceStatistics 0       # for relays only
DirCache 0                      # 1 if you are a bridge
ClientOnly 1                    # you can be a directory server or relay
UseBridges 1                    # absolutely
UpdateBridgesFromAuthority 1    # things change in tor-land
ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy -enableLogging=true -logLevel INFO managed
```
  Now you need to get obfs4 bridges and paste below above line. The lines included here give the initial keyword and the general form of bridges.

```
bridge obfs4 ipv4_address:port hash cert=hash iat-mode=0
bridge obfs4 ipv6_address:port hash cert=hash iat-mode=0
```
  As previously mentioned you need to be using tor. The following directory /usr/local/var/lib/tor/pt_state/obfs4_bridgeline.txt will not be auto-created by OBFS4PROXY install because, torrc.conf spec. states that when using default transparent proxy option this file option is disabled. That's how tor is, i.e., not going to parse variables from any file for a default function. This also is a good indication that all applications are executing by the rules. Once again append bridges HERE.
  Starting Tor will execute OBFS4PROXY and you will have significant improvement with connection speeds. If you manage to get this working for other applications please share. There is plenty of help in the onion domain for Tor related issues and that is really where you should look to. I personally choose not to post links to bridges or worse yet, publish bridge information any where, EVER. Thanks to Yawning & company@github for a truly excellent piece of open source software.
Thank-you to all others who have contributed, you know who you are.





Links to tab images.[1] [2] [3] [4]​P.S This is my preferred method for doing searches on the surface web for at least the last six months.


----------

