update tor 0.4.7.13

core/tools/tor/PluggableTransports/README.SNOWFLAKE.md

@@ -0,0 +1,99 @@
+# Snowflake
+
+[![Build Status](https://travis-ci.org/keroserene/snowflake.svg?branch=master)](https://travis-ci.org/keroserene/snowflake)
+
+Pluggable Transport using WebRTC, inspired by Flashproxy.
+
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+**Table of Contents**
+
+- [Structure of this Repository](#structure-of-this-repository)
+- [Usage](#usage)
+  - [Using Snowflake with Tor](#using-snowflake-with-tor)
+  - [Running a Snowflake Proxy](#running-a-snowflake-proxy)
+  - [Using the Snowflake Library with Other Applications](#using-the-snowflake-library-with-other-applications)
+- [Test Environment](#test-environment)
+- [FAQ](#faq)
+- [More info and links](#more-info-and-links)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+### Structure of this Repository
+
+- `broker/` contains code for the Snowflake broker
+- `doc/` contains Snowflake documentation and manpages
+- `client/` contains the Tor pluggable transport client and client library code
+- `common/` contains generic libraries used by multiple pieces of Snowflake
+- `proxy/` contains code for the Go standalone Snowflake proxy
+- `probetest/` contains code for a NAT probetesting service
+- `server/` contains the Tor pluggable transport server and server library code
+
+### Usage
+
+Snowflake is currently deployed as a pluggable transport for Tor.
+
+#### Using Snowflake with Tor
+
+To use the Snowflake client with Tor, you will need to add the appropriate `Bridge` and `ClientTransportPlugin` lines to your [torrc](https://2019.www.torproject.org/docs/tor-manual.html.en) file. See the [client README](client) for more information on building and running the Snowflake client.
+
+#### Running a Snowflake Proxy
+
+You can contribute to Snowflake by running a Snowflake proxy. We have the option to run a proxy in your browser or as a standalone Go program. See our [community documentation](https://community.torproject.org/relay/setup/snowflake/) for more details. 
+
+#### Using the Snowflake Library with Other Applications
+
+Snowflake can be used as a Go API, and adheres to the [v2.1 pluggable transports specification](). For more information on using the Snowflake Go library, see the [Snowflake library documentation](doc/using-the-snowflake-library.md).
+
+### Test Environment
+
+There is a Docker-based test environment at https://github.com/cohosh/snowbox.
+
+### FAQ
+
+**Q: How does it work?**
+
+In the Tor use-case:
+
+1. Volunteers visit websites which host the "snowflake" proxy. (just
+like flashproxy)
+2. Tor clients automatically find available browser proxies via the Broker
+(the domain fronted signaling channel).
+3. Tor client and browser proxy establish a WebRTC peer connection.
+4. Proxy connects to some relay.
+5. Tor occurs.
+
+More detailed information about how clients, snowflake proxies, and the Broker
+fit together on the way...
+
+**Q: What are the benefits of this PT compared with other PTs?**
+
+Snowflake combines the advantages of flashproxy and meek. Primarily:
+
+- It has the convenience of Meek, but can support magnitudes more
+users with negligible CDN costs. (Domain fronting is only used for brief
+signalling / NAT-piercing to setup the P2P WebRTC DataChannels which handle
+the actual traffic.)
+
+- Arbitrarily high numbers of volunteer proxies are possible like in
+flashproxy, but NATs are no longer a usability barrier - no need for
+manual port forwarding!
+
+**Q: Why is this called Snowflake?**
+
+It utilizes the "ICE" negotiation via WebRTC, and also involves a great
+abundance of ephemeral and short-lived (and special!) volunteer proxies...
+
+### More info and links
+
+We have more documentation in the [Snowflake wiki](https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake/-/wikis/home) and at https://snowflake.torproject.org/.
+
+
+##### -- Android AAR Reproducible Build Setup  --
+
+Using `gomobile` it is possible to build snowflake as shared libraries for all
+the architectures supported by Android.  This is in the _.gitlab-ci.yml_, which
+runs in GitLab CI.  It is also possible to run this setup in a Virtual Machine
+using [vagrant](https://www.vagrantup.com/).  Just run `vagrant up` and it will
+create and provision the VM.  `vagrant ssh` to get into the VM to use it as a
+development environment.

core/tools/tor/PluggableTransports/bridges_list.snowflake.txt

@@ -0,0 +1,2 @@
+snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn

core/tools/tor/PluggableTransports/pt_config.json

@@ -0,0 +1,30 @@
+{
+  "recommendedDefault" : "obfs4",
+  "pluggableTransports" : {
+    "obfs4proxy" : "ClientTransportPlugin meek_lite,obfs2,obfs3,obfs4,scramblesuit exec ${pt_path}obfs4proxy.exe",
+    "snowflake" : "ClientTransportPlugin snowflake exec ${pt_path}snowflake-client.exe"
+  },
+  "bridges" : {
+    "meek-azure" : [
+      "meek_lite 192.0.2.18:80 BE776A53492E1E044A26F17306E1BC46A55A1625 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"
+    ],
+    "obfs4" : [
+      "obfs4 192.95.36.142:443 CDF2E852BF539B82BD10E27E9115A31734E378C2 cert=qUVQ0srL1JI/vO6V6m/24anYXiJD3QP2HgzUKQtQ7GRqqUvs7P+tG43RtAqdhLOALP7DJQ iat-mode=1",
+      "obfs4 37.218.245.14:38224 D9A82D2F9C2F65A18407B1D2B764F130847F8B5D cert=bjRaMrr1BRiAW8IE9U5z27fQaYgOhX1UCmOpg2pFpoMvo6ZgQMzLsaTzzQNTlm7hNcb+Sg iat-mode=0",
+      "obfs4 85.31.186.98:443 011F2599C0E9B27EE74B353155E244813763C3E5 cert=ayq0XzCwhpdysn5o0EyDUbmSOx3X/oTEbzDMvczHOdBJKlvIdHHLJGkZARtT4dcBFArPPg iat-mode=0",
+      "obfs4 85.31.186.26:443 91A6354697E6B02A386312F68D82CF86824D3606 cert=PBwr+S8JTVZo6MPdHnkTwXJPILWADLqfMGoVvhZClMq/Urndyd42BwX9YFJHZnBB3H0XCw iat-mode=0",
+      "obfs4 193.11.166.194:27015 2D82C2E354D531A68469ADF7F878FA6060C6BACA cert=4TLQPJrTSaDffMK7Nbao6LC7G9OW/NHkUwIdjLSS3KYf0Nv4/nQiiI8dY2TcsQx01NniOg iat-mode=0",
+      "obfs4 193.11.166.194:27020 86AC7B8D430DAC4117E9F42C9EAED18133863AAF cert=0LDeJH4JzMDtkJJrFphJCiPqKx7loozKN7VNfuukMGfHO0Z8OGdzHVkhVAOfo1mUdv9cMg iat-mode=0",
+      "obfs4 193.11.166.194:27025 1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF cert=ItvYZzW5tn6v3G4UnQa6Qz04Npro6e81AP70YujmK/KXwDFPTs3aHXcHp4n8Vt6w/bv8cA iat-mode=0",
+      "obfs4 209.148.46.65:443 74FAD13168806246602538555B5521A0383A1875 cert=ssH+9rP8dG2NLDN2XuFw63hIO/9MNNinLmxQDpVa+7kTOa9/m+tGWT1SmSYpQ9uTBGa6Hw iat-mode=0",
+      "obfs4 146.57.248.225:22 10A6CD36A537FCE513A322361547444B393989F0 cert=K1gDtDAIcUfeLqbstggjIw2rtgIKqdIhUlHp82XRqNSq/mtAjp1BIC9vHKJ2FAEpGssTPw iat-mode=0",
+      "obfs4 45.145.95.6:27015 C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C cert=TD7PbUO0/0k6xYHMPW3vJxICfkMZNdkRrb63Zhl5j9dW3iRGiCx0A7mPhe5T2EDzQ35+Zw iat-mode=0",
+      "obfs4 51.222.13.177:80 5EDAC3B810E12B01F6FD8050D2FD3E277B289A08 cert=2uplIpLQ0q9+0qMFrK5pkaYRDOe460LL9WHBvatgkuRr/SL31wBOEupaMMJ6koRE6Ld0ew iat-mode=0"
+    ],
+    "snowflake" : [
+      "snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn",
+      "snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn"
+    ]
+  }
+}
+

core/tools/tor/torrc-defaults

@@ -14,8 +14,8 @@ CookieAuthentication 1
 
 # Bridges
 
-ClientTransportPlugin meek exec PluggableTransports/meek-client
-ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec PluggableTransports/obfs4proxy
+ClientTransportPlugin snowflake exec PluggableTransports/snowflake-client.exe
 
-Bridge meek 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com
+Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
+Bridge snowflake 192.0.2.4:80 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.altar.com.pl:3478,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.sonetel.net:3478,stun:stun.stunprotocol.org:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn