On Sun, Jan 06, 2019 at 07:15:25AM -0800, twisteroid ambassador wrote:
> The console script uses the "console_script" entry point, so after pip
> install-ing, you can often run "ptadapter" directly from the command line. It
> uses config files in INI (configparser) syntax, and supports multiple client
> tunnels per transport per process, and multiple server transports per process.
This is a cool project. I haven't tried the Python library adapter, but
the console script adapter allows you to transform a program that only
supports the managed-transport IPC interface into one that just exposes
a socket at both ends, making it usable by other programs that don't
know about pluggable transports or even SOCKS.
Here's an example of setting up an obfs4 tunnel for a netcat channel
(connecting a local stdin with a remote stdout).
On the server, create a configuration file server.cfg:
[server]
exec = /usr/bin/obfs4proxy
forward =
127.0.0.1:10000 # this is where the server is running
tunnels = my_obfs4_server
[my_obfs4_server]
transport = obfs4
listen =
0.0.0.0:9000 # this is the external obfs4 port
Then on the server, run
ncat -l -k -v 10000
ptadapter server.cfg
On the client, create a configuration file client.cfg:
[client]
exec = /usr/bin/obfs4proxy
tunnels = my_obfs4_client
[my_obfs4_client]
transport = obfs4
listen =
127.0.0.1:8000 # this is the local listening port
upstream = server.example:9000 # matches "listen" in server.cfg
# Copy from state/obfs4_bridgeline.txt
options-cert = Eutc5OY9bk14y+HscnhsoFZTtf8py3R21PFHQQbyWiY1RYrpLQ6TQfAOIA9kIXu5eXj0Yw
options-iat-mode = 0
Then on the client, run
ptadapter -C client.cfg
ncat -v 127.0.0.1 8000 # matches "listen" in client.cfg
Now you can type into the client-side netcat and see the text appear on
the server-side netcat, with an obfs4 tunnel between them.
For comparison, here is how an equivalent configuration would look in
torrc. Server side:
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ORPort
127.0.0.1:10000
ServerTransportListenAddr obfs4
0.0.0.0:9000
Client side:
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
SOCKSPort
127.0.0.1:8000 # not equivalent; ptadapter doesn't use SOCKS
Bridge obfs4 server.example:9000 cert=Eutc5OY9bk14y+HscnhsoFZTtf8py3R21PFHQQbyWiY1RYrpLQ6TQfAOIA9kIXu5eXj0Yw iat-mode=0
ptadapter's configuration syntax is better. For example, in ptadapter
you can run multiple instances of obfs4 on separate ports (you would
just add an additional section like [my_obfs4_server_2]). You can't do
that with Tor, even though the PT protocol allows it, because the
configuration file syntax can't express it. One reason for that is that
ServerTransportListenAddr is keyed by transport name--it assumes you
will never run more than one instance with the same transport name.