LEAP GSOC progress report, no5

Posted on
obfsproxy bitmask client

Here goes another report from my ‘obfsproxy in LEAP’ project.

I mainly spent time in this ticket #5841.

In branch you can find the relevant commits. This branch is rebased so as to contain commits from features 5785 and 5788.

In short, we assume features 5785 and 5788 are in place, meaning bitmask is downloading the eip-service.json file that contains connection details for obfsproxy.

After that, bitmask should make various checks before attempting to launch obfsproxy in localhost.

Since in platform deploying a vpn service will deploy an obfsproxy server too, we assume that as long as a provider provides EIP service, obfsproxy is also available. That said, user should still have the option obfuscate EIP traffic or not. Checks include whether obfsproxy binary is available for use, whether user wants to obfuscate the traffic, whether obfsproxies list is not empty in eip-service.json. These checks can and should be improved/get more detailed.

I tried to implement this staying as close as possible to the way EIP functionality is implemented.

Apart from the above i’ve been wondering what is the best way to ship the obfsproxy executable and its dependencies in bitmask. In case obfsproxy is already available in the client’s system then things are fine. We can just import obfsproxy from system. (I guess obfsproxy could be added as dependency in the bitmask deb packages too?) But, this won’t be always the case. So obfsproxy should be included in standalone mode in some way.

Mind that i work with a modified version of bootstrap_develop.sh that makes obfsproxy binary available in the virtualenv. So ‘import obfsproxy’ does work even if it’s not installed system wide.

If someone could give a direction on how to make obfsproxy also available in the standalone bitmask bundle would be great! I checked how obfsproxy and pluggable transports are built (gitian) and shipped in Tor Browser bundle but, as chiiph commented, that’s not exactly what we need here.

Next step is to actually launch the obfsproxy listener with the appropriate parameters.