Thursday, December 12, 2013

Obfuscating HTTP Proxy traffic to bypass DPI firewalls

Chinese and Iranian governments are well known for their hatred behavior against free internet. These two countries have implemented big Deep Packet Inspection units on their internet gateways to drop any known and recently unknown internet protocols normally being used to bypass internet censorship. It includes HTTP Proxy which could easily be implemented using well known tools like Squid, Microsoft TMG, etc.

In this article I'm trying to setup and run Obfsproxy on Ubuntu 12.04 LTS to obfuscate HTTP Proxy traffic in order to bypass firewalls and have access to free internet again.

Almost everybody knows Tor, a very well known project to help people stay anonymous on the web and bypass internet censorship in countries like China, Iran, Syria, etc. A few years a ago, they have started an add-on project to Tor named Obfsproxy to help people living in Iran and China, bypass DPI firewalls being newly used by these countries. This project is now reached to an stable condition and is ready to be implemented in small environments.

We are using Obfsproxy in server and client modes to provide an extra layer of obfuscation tunneling to achieve the above mentioned goal. Let's start by installing the latest edition of Obfsproxy on our Ubuntu server:
s1@p:~$ sudo -i

root@p:~# apt-get update

root@p:~# apt-get upgrade -y 
root@p:~# apt-get install gcc build-essential python-dev python-pip -y
root@p:~# pip install obfsproxy

I assume that a proxy server application like Squid is already installed and configured to listen on port 3128/TCP. So, let's run Obfsproxy for the first time:
root@p:~# obfsproxy obfs2 --dest 127.0.0.1:3128 server 0.0.0.0:8080

It will run Obfsproxy to listen on port 8080/TCP and redirects all the traffic to port 3128/TCP on localhost where Squid is waiting to serve proxy requests.

We can simply create an INIT script to run the following command on every system startup:
root@p:~# nano /etc/init.d/obfsproxy

Place the following line in the file and save it:
obfsproxy obfs2 --dest 127.0.0.1:3128 server 0.0.0.0:8080 > /var/log/obfsproxy.log 2>&1 &

Change the permission of the file and mark it as auto startup:
root@p:~# chmod 755 /etc/init.d/obfsproxy

root@p:~# update-rc.d obfsproxy defaults

That's all! From next reboot, it will automatically run Obfsproxy on system startup.

Let's go to client side. I'm just explaining the Windows configuration, because it's the most popular operating system at client side:

Download the following file and extract it on your computer:
https://www.dropbox.com/s/bfpo7l5hsgthmwq/obfsproxy.zip

Run CMD and change to Obfsproxy directory, then run obfsproxy in client mode:
obfsproxy.exe obfs2 --dest YOUR_Server_IP:8080 client 127.0.0.1:5050

It will listen on localhost port 5050/TCP and redirects all the traffic to your server on port 8080/TCP.

You can easily create a Windows service for Obfsproxy using third party tools like NSSM.
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)