How to bypass Tor blocking

Carding 4 Carders

Professional
Messages
2,728
Reaction score
1,536
Points
113
In today's article, I will talk about ways to bypass Tor blockages. But before we get to the Tor blocking methods, let's talk a little bit about how Tor is blocked.

How do they block Tor?
According to Roger Dingledine, there are four basic ways to block Tor.
  1. The first one looks obvious: there are a total of nine public directories of tor network entry nodes, and if you close access to these directories, users will not be able to establish a connection.
  2. The second method is to upload a list of about 7000 relay nodes of the Tor network responsible for redirecting traffic, and block them all by IP addresses.
  3. The third, not very reliable, but effective method is to track the characteristic fingerprints of packages, that is, use fingerprinting. You can set up traffic filtering based on these indirect features that are characteristic of data transmitted in Tor networks. This is roughly how the Iranian government acted during the protests in 2009. For deep traffic inspection, the Iranian authorities used DPI. Tor packets were similar to SSL packets in a number of ways, and the Iranians, using specially purchased equipment for this purpose, simply reduced the bandwidth for encrypted SSL traffic in their networks, temporarily making it impossible to use Tor on the territory of the country.
  4. Finally, the fourth method is to block access to resources from which end users can download the necessary software for connecting. The combination of these four techniques can produce excellent results — from the point of view of intelligence agencies and governments. But how did the tor developers respond to this?

Bypassing Tor blockages using bridges
The first frontier in the fight against network censorship was the so-called plug-in transport, the first type of which was the obfs3 and obfs4 bridges. The idea is as follows: since the "bad guys" can get a complete list of open relay nodes and block access to these nodes themselves or their public directories, thousands of bridges have been created in the Tor network, the list of addresses of which is not publicly available.

To connect to Tor via a bridge, go to the site https://bridges.Torproject.org, select the transport type and specify whether your network supports IPv6, enter a captcha, get the bridge address, and then specify it in the Tor Browser settings. You can go a simpler way - in the same connection settings, request the address of the bridge from the Torproject site (you will have to enter the captcha again).

If the site Torproject.org blocked, you can send an email with an empty subject to the address bridges@Torproject.orgby writing a string in the message body get transport obfs4. Important point: the email must be sent exclusively from Gmail or Riseup, otherwise it will be ignored. In response, a specially trained bot will send you the addresses of bridges that you can specify in the Tor Browser settings.

3WwrXV23mY8.jpg

Configuring the bridge in Tor Browser.

By and large, Tor bridges use the SOCKS Proxy interface and are similar in architecture to the Chinese project Shadowsocks, aimed at combating censorship. Tor bridges work as obfuscators that mask traffic on the Tor network, making it look like a regular HTTP or random byte stream, which makes it difficult to filter. The obfs3 transport turned out to be unstable to Active probing, a method of searching for bridge addresses in the network in order to block them, so it was replaced by a more advanced obfs4.

Governments have learned to block such connections. For greater efficiency, active sensing can be used in conjunction with deep traffic analysis. For example, using DPI, the government monitors all Tor-like connections.

After detecting a "suspicious" node, the government host itself tries to establish communication with it via the Tor Protocol. If a node supports this Protocol and responds that it is a bridge, it is immediately blocked and its IP address is blacklisted. In China, such filtering is done at the trunk level, which is why blockages work quite effectively.

Roger Dingledine himself called bridges a "shitty arms race" because government censors have learned to filter traffic using the method described above. Tor developers responded by rolling out patches that modify the data in the packets and eliminate the features that were used for filtering, or changing the behavior of bridges.

In turn, governments edited the filter settings, and everything started all over again. This was the case in Iran during the mass protests, in Egypt during the Arab spring, and in Tunisia during the 2010-2011 revolution. Something similar happened in Belarus.

In other words, with proper persistence, the government can block available bridges in a certain region, and then the user may see something like this when trying to connect again.

6l0FdYqb8V0.jpg

All bridges are separated, go swimming.

To bypass such locks, Tor developers came up with meek.

Bypassing the Tor lock using Meek
In Tor, there is another plug-in transport called meek, which can work if the bridges are blocked. Its operating principle is also somewhat similar to a proxy, but Amazon, Content delivery network, Google, CloudFront, or Microsoft Azure cloud servers are used as an intermediate link for transmitting traffic.

The calculation is made that the censored government, if it is in its right mind, will never completely block CDN, AWS, Azure and similar services, since these clouds use a huge number of different Internet resources, which in this case will simply stop working.

However, it is rather naive to count on the sanity of some state structures. Sometimes they are able to bring down half of the national segment of the network in pursuit of a single naughty messenger, which in the end still could not be blocked.

Connecting meek is very simple: when starting Tor Browser, click on the Configure button, select the Tor is censored in my country checkbox, and then, setting the radio button to Select a built-in bridge, select the meek transport from the drop-down list

nkTEZfFKzp4.jpg

Meek transport - works even in China.

Meek uses a technique called domain fronting. To connect to a target node on the Internet, the meek client generates special HTTPS requests and sends them to an unblocked "external" service, such as CDN or AWS. This "external" name is displayed in the DNS query and data used by the Server Name Indication (SNI) Protocol.

But the real name of the host that the client needs to connect to is hidden in the HTTP Host header. The intermediate cloud service determines this name and forwards the request to the meek server running on one of the Tor network bridges. In turn, the meek server decrypts the request body and forwards it to the Tor network, and from there it gets to the free Internet.

_zlpFyUvsKA.jpg

How meek works

In addition to the default configuration using Azure, you can set your own meek transport parameters. here are the detailed instructions. It would seem that everything is simple. But not for everyone.

Bypassing the Tor lock using Snowflake
It is good if you are able to download and configure Tor Browser under Windows. It's good if you can install Linux and type apt-get install obfs4proxyor in the consoleapt-get install Tor. But many millions of Internet users do not know how to do this either.

To solve this problem, the guys from the Tor Project developed a JavaScript browser extension called Snowflake. Just install this plugin (or go to the site with a special JS script), and without downloading additional software, a Tor bridge is raised on your machine, which is launched directly in the browser. It uses webrtc and works correctly behind NAT.

6pYIcI0nnM8.jpg

How Snowflake works-illustration from the site Torproject.org

With Snowflake, carpet locks lose their meaning, because no government in the world is able to block all browsers on the Internet. Deep traffic inspection using DPI also loses its meaning, because webrtc technology is used by legitimate software like Google Hangouts and many programs for organizing video conferences. Blocking webrtc streaming data will break this entire infrastructure.

Using Snowflake, the fight against censorship has gained an army of volunteers who provide their hardware resources to bypass the blockages. At the same time, it is not necessary to install a browser plugin — it is enough to open a web page with a Snowflake script in one of the browser tabs or place this script somewhere on your site so that it is executed when viewing a web page in the background.

For their part, Tor developers try to get feedback from network users. There are also independent censorship monitoring projects like Open ObservaTory for Network Interference — which is an application that allows you to scan the user's network environment in search of blocked resources, protocols, and services.

Be that as it may, anti-censorship technologies still have a long way to go before they reach their maximum effectiveness. So, at DEF CON, it was reported that the Tor Project is actively working on the use of Format-Transforming Encryption technology in traffic encryption. It will allow you to make the transmitted traffic as similar as possible to normal unencrypted HTTP and thereby confuse the mechanisms of deep analysis.

Another approach is called "false routing". in this case, when establishing an SSL connection, one of the intermediate nodes looks for a special tag inside the SSL - handshake packet and, if it is detected, redirects traffic to the Tor network. While the local Internet service provider continues to assume that the client is communicating with a fake remote server from the white list, and does not know about the route change.

Conclusions
The fight against censorship is really like an arms race, in which governments with their vast resources and multibillion - dollar international corporations compete on the one hand, and on the other-public organizations and enthusiasts driven by a sense of justice, a desire for freedom and a need for a certain place. At the same time, it is not at all obvious which of them will win.

At DEF CON, Roger Dingledine said:
"Australia censors its Internet, and England has a thing called the Internet Watch Foundation, which is part of their government. Denmark censors the Internet, Sweden censors the Internet. So when we criticize the Chinese government for not allowing its citizens to watch the BBC, it is justifiably saying that it is doing exactly the same thing as everyone else... it is not just about censorship: it is important to draw users ' attention to the fact that they are being watched. And then they will be able to make their own choice."

And in this, the co-founder of the Tor Project is certainly right. As long as the Internet exists, everyone has a choice.
 
How to send traffic via Tor on a mobile device

Tog is one of the best anonymous networks to date. It is designed in such a way that it works on top of the regular Internet, and to access it, you do not need to study the OSI and TCP/IP models just install the official application.

Many people still think that Tog is only needed by hackers and drug addicts. But still, the majority of visitors are ordinary people who are simply tired of annoying ads after each search query and the General collection of information about all actions by ordinary sites and search engines.

Everyone who uses Tog on computers and laptops knows that to ensure stable anonymous work on the global network, it is enough to download, install the Tog browser from the official site of the Tog project and run it. You don't need to make any settings or perform any shamanism. And it doesn't matter if a person uses the Windows, GNU/Linux or MacOS operating system – the developers of Tog made sure that everyone was comfortable.

Another thing is that not everyone still knows about the existence of the same application for the Android and iOS operating systems, which dominate the market of mobile devices and tablets today. The guys from the torproject team did a really good job-they also made applications for mobile operating systems. And even posted them in the PlayMarket and AppStore, respectively.

To send traffic through the Tog on Android, you first need to install the Orbot app.

The app's interface is extremely simple: there is an onion icon that says start / stop, a drop-down menu for selecting the country of the exit node, VPN mode for applications, and the ability to use bridges.

Clicking on the "onion" starts or stops Orbot. When the color of the "onion" changes from gray to green, and under it the inscription " Tor has successfully opened a circuit...", it means that the launch was successful, the application has connected to the Tor network and is ready to provide tunnel access to other applications. To do this, enable VPN mode and select applications that should work over the Tog network. All other applications will work as usual – via a mobile operator or connected Wi-Fi.

You can change the list of applications that work through the Tog at any time. To do this, there is a small gear on the Orbot screen at the bottom, to the right of the icons of applications that work through Tog. Clicking it will open a list of applications that you can enable or disable proxying via Tog.

In iOS, it is somewhat more difficult to redirect all traffic through the Tog. However, to surf the Internet, no special tricks are required – we install the "TOR browser" application through the AppMarketand enjoy it. If the task is to forward the traffic of an application through the Tor network, for example, to launch all messengers through an anonymous network, then you will already need to do a JailBreak.

If the reader decides to make a JailBreak, then after successful completion, they will need to install two packages via Cydia from the built-in repository: Tor and ShadowSocks. The Tor package installs and configures the autorun service of the same name, which can be enabled directly from the phone settings. The Tor package does not have any built-in settings.

The second package requires initial configuration. It is quite flexible and can serve as a proxy for both individual applications and for all device traffic.

In order for traffic to pass through the anonymous Tog network, you need to set the following parameters in the ShadowSocks app:
- enable the “Enable proxy "option”
- enable the "Auto proxy" option”
- in the PAC File field, enter the string " /etc/tor/proxy.pac”

After that, the app is considered configured. In the "Per-app proxy" section, you can select individual applications whose traffic will be redirected to the Tog. Setting up ShadowSocks is done once. In the future, you can only change the set of proxied applications.

Knowing this, you can send traffic from any application through the Tor, no matter what smartphone you use.
 
Top