search

OperatorFoundation / shapeshifter-dispatcher

Shapeshifter Dispatcher converts Pluggable Transports that implement the Go API from the Pluggable Transports 2.1 specification into proxies usable by applications. Several proxy modes are provided, including proxying of both TCP and UDP traffic.
https://OperatorFoundation.org/
MIT License
177 stars 28 forks source link

obfs4 transport not working #4

Closed henrythasler closed 6 years ago

henrythasler commented 7 years ago

While trying the obfs4 examples given in the readme it seems it is not working at all. Using obfs2 works nevertheless with the exact same setup. I'm giving as much details as possible. Any help is appreciated.

Server docker container (golang:1.9.0-alpine3.6) called with --net=host parameter shapeshifter-dispatcher installed via go get -u github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher

starting shapeshifter-dispatcher

/go # bin/shapeshifter-dispatcher -server -transparent -ptversion 2  -transports obfs4 -state state -bindaddr 
obfs4-192.168.178.46:2222 -orport 127.0.0.1:56789 -logLevel DEBUG -enableLogging &

check if server is up and running

/go # ps -a
PID   USER     TIME   COMMAND
    1 root       0:00 /bin/sh
    8 root       0:00 bin/shapeshifter-dispatcher -server -transparent -ptversion 2 -transports obfs4 -state 
   17 root       0:00 ps -a

get obfs4 fingerprint

/go # cat state/obfs4_bridgeline.txt
# obfs4 torrc client bridge line
#
# This file is an automatically generated bridge line based on
# the current obfs4proxy configuration.  EDITING IT WILL HAVE
# NO EFFECT.
#
# Before distributing this Bridge, edit the placeholder fields
# to contain the actual values:
#  <IP ADDRESS>  - The public IP address of your obfs4 bridge.
#  <PORT>        - The TCP/IP port of your obfs4 bridge.
#  <FINGERPRINT> - The bridge's fingerprint.

Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=XWTHaCmZY+oRTCF2M9NH1DaV0jDCH7VExBcMCDiHklibZy1uI7udv1BxRNaDjpseAlauYg iat-mode=0

see logfile

/go # tail -f state/dispatcher.log 
2017/09/10 18:07:11 [NOTICE]: dispatcher-0.0.7-dev - launched
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing TCP transparent proxy
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing server transport listeners
2017/09/10 18:07:11 [INFO]: obfs4 - registered listener: [scrubbed]:2222
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - accepting connections

starting service

~$ nc -l 56789

server seems ok so far

client same docker image, also --net=host starting client

/go # bin/shapeshifter-dispatcher -client -transparent -ptversion 2 -transports obfs4 -state state -targ
et 192.168.178.46:2222 -bindaddr obfs4-127.0.0.1:56789 -options '{"cert": "XWTHaCmZY+oRTCF2M9NH1DaV0jDCH
7VExBcMCDiHklibZy1uI7udv1BxRNaDjpseAlauYg", "iatMode": "0"}' -logLevel DEBUG -enableLogging &

check if client is up and running (line pid 7 is not shown completely)

/go # ps 
PID   USER     TIME   COMMAND
    1 root       0:00 /bin/sh
    7 root       0:00 bin/shapeshifter-dispatcher -client -transparent -ptversion 2 -transports obfs4 -
   16 root       0:00 ps

check log

/go # tail -f state/dispatcher.log 
2017/09/10 20:12:32 [NOTICE]: dispatcher-0.0.7-dev - launched
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing TCP transparent proxy
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing client transport listeners
2017/09/10 20:12:32 [INFO]: obfs4 - registered listener: 127.0.0.1:1234
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - accepting connections

starting telnet session

~$ sudo telnet -d 127.0.0.1 1234
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
hello
Connection closed by foreign host.

nothing transmitted, client disconnect after 60s wiresharks says:

No.     Time           Source                Destination           Protocol Length Info
     11 8.449304507    192.168.178.52        192.168.178.46        TCP      74     59760 → 2222 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=3282414542 TSecr=0 WS=128
     12 8.452015296    192.168.178.46        192.168.178.52        TCP      74     2222 → 59760 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=840082 TSecr=3282414542 WS=128
     13 8.452069965    192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=3282414543 TSecr=840082
     14 8.452561822    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=1 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     15 8.452573867    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=1449 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     16 8.452575386    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=2897 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     17 8.452576979    192.168.178.52        192.168.178.46        TCP      851    59760 → 2222 [PSH, ACK] Seq=4345 Ack=1 Win=29312 Len=785 TSval=3282414543 TSecr=840082
     18 8.501375531    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=1449 Win=31872 Len=0 TSval=840086 TSecr=3282414543
     19 8.501928051    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=2897 Win=34816 Len=0 TSval=840090 TSecr=3282414543
     20 8.501971439    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=4345 Win=37760 Len=0 TSval=840093 TSecr=3282414543
     21 8.501982973    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=5130 Win=40576 Len=0 TSval=840095 TSecr=3282414543
     55 68.452672073   192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [FIN, ACK] Seq=5130 Ack=1 Win=29312 Len=0 TSval=3282429543 TSecr=840095
     56 68.455940424   192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [FIN, ACK] Seq=1 Ack=5131 Win=40576 Len=0 TSval=855083 TSecr=3282429543
     57 68.455972308   192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [ACK] Seq=5131 Ack=2 Win=29312 Len=0 TSval=3282429544 TSecr=855083
jbfuzier commented 6 years ago

Hi,

same issue

blanu commented 6 years ago

Here is my working example, following the general pattern of your example:

shapeshifter-dispatcher installed via

go get -u github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher

starting service

nc -l 3333

starting shapeshifter-dispatcher

bin/shapeshifter-dispatcher -transparent -server -state state -orport 127.0.0.1:3333 -transports obfs4 -bindaddr obfs4-127.0.0.1:2222 -logLevel DEBUG -enableLogging -extorport 127.0.0.1:3334

get obfs4 fingerprint

CERT=`cat state/obfs4_bridgeline.txt | grep "^Bridge" | sed "s/=/ /g" | awk '{print $7}'`
echo "{---cert---: ---$CERT---, ---iatMode---: ---0---}" | sed 's/---/"/g' >state/obfs4.json

starting client

bin/shapeshifter-dispatcher -transparent -client -state state -target 127.0.0.1:2222 -transports obfs4 -options "`cat state/obfs4.json`" -logLevel DEBUG -enableLogging -proxylistenaddr 127.0.0.1:4443

connecting

nc localhost 4443

sending message "test" into nc client received message "test" on nc server

Test was successful.