Complete the tor snowflake tutorial

opsec/tor-snowflake/index.html

@@ -0,0 +1,228 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Using tor with snowflake</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist - 00 / 00 / 00</ba></p>
+<h1>Using tor with snowflake </h1>
+<p>In this setup we will assume you are in a censored country, we will first get tor browser through some alternative sources, and then use snowflake to punch through censorship</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Get tor browser</b></h2>
+<p>Before stating anything about snowflake, we need to first get the tor browser bundle.</p>
+<p>Tor browser official offers an email address called gettor@torproject.org, which you can send email to them, and they will offer you a download link</p>
+<p>First prepare an email, for me I am using protonmail, you can also use outlook or apple email if protonmail is blocked. Any service provider allows you to email tor project will work.</p>
+<img src="1.png" class="imgRz">
+<p>Next simply send an empty email to tor project</p>
+<img src="2.png" class="imgRz" style="width: 500px">
+<p>Soon you will receive a reply from tor project, simply reply them with your OS name(select one from the list)</p>
+<img src="3.png" class="imgRz" style="width: 500px">
+<p>For me during this demo is linux64</p>
+<img src="4.png" class="imgRz" style="width: 800px">
+<p>After the reply they will send you a download link, very ironically the download link is a google drive link, many countries that block tor also block google, they actually are supposed to send the brower bundle in attachment</p>
+<img src="5.png" class="imgRz" style="width: 500px">
+<p>If you find out google drive does not work for you, try to check whether if github is accessible. Tor browser also provides download on github officially, check the releases on <a href="https://github.com/TheTorProject/gettorbrowser">Tor browser github repository</a></p>
+<img src="6.png" class="imgRz" style="width: 900px">
+<img src="" class="imgRz">
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Theory</b></h2> </br> </br>
+<p>After you get tor browser bundle you should start to use snowflake for connecting to tor network</p>
+<p>For a normal tor connection, you will:</p>
+<p>1.Talk to central directory</p>
+<p>2.Get network information</p>
+<p>3.Connect to your gurad nodes, and form tor circuits</p>
+<img src="normal_tor_connection.png" class="imgRz" style="width: 700px">
+<p>If tor network is blocked, you cannot talk to central directory or any tor node ip, then you need a <b>bridge</b></p>
+<p>All of your communication goes through the bridge, including your initial talk to central directory, and your bridge automatically becomes your first tor node</p>
+<img src="bridge.png" class="imgRz" style="width: 600px">
+<p>Bridges are usually not publicly announced for censorship resistance, since once a bridge ip get known by censoring firewall it can simply drop all the packets to that ip</p>
+<p>This is the weakness for traditional tor bridges, not matter how hard you try to obfuscate your traffic, the <b>bridge ip </b>always have to be semi-public because you want people to use it, but this means people who work for censorship can also find bridge ip</p>
+<p>To end this cat and mouse game, snowflake is introduced</p>
+
+<img src="snowflake-schematic.png" class="imgRz" style="width: 700px">
+<p>This is a picture of how snowflake works from tor official</p>
+<p>First you have volunteers over the world who install snowflake plugin in their browsers, they act as bridges for you to connect to tor network. Because this is mostly run by amateurs, and people turn on and off their devices all the time, which makes many ephemeral bridges, and this is why it is called snowflake</p>
+<p>There is also a server called broker that knows all the information about snowflakes</p>
+<img src="snowflakes.png" class="imgRz" style="width: 600px">
+<p>Then you will use a technique called domain fronting, which makes you seems connecting to a legit service like azure cloud or google cloud, but your actual connection goes to the broker.</p>
+<img src="domain-fronting.png" class="imgRz" style="width: 600px">
+<p>Then the broker server introduce you to the snowflake proxy, then you establish a webrtc connection, which is a connection allows two app to have direct connection for video call or file transmission. Then your traffic goes to the snowflake proxy, and connects to the rest of tor network</p>
+<img src="WebRTC.png" class="imgRz" style="width: 600px">
+<p>Then you connect to tor network!</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon1">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>How to use in tor browser</b></h2> </br> </br>
+<p>End of theory part, now we will use snowflake in tor browser bundle, this is pretty simple</p>
+<p>First you unpack the tor browser bundle we downloaded previously and open it</p>
+<img src="TorBrowserImage/before_connection.png" class="imgRz" style="width: 800px">
+<p>Click configure connection</p>
+<p>Scroll down and select "select a built-in bridge"</p>
+<img src="TorBrowserImage/select_bridge.png" class="imgRz" style="width: 800px">
+<p>Choose snowflake and click "connect"</p>
+<img src="TorBrowserImage/snowflake.png" class="imgRz" style="width: 600px">
+<p>Then make a test connect to <a href="https://check.torproject.org">https://check.torproject.org</a> to make sure your tor connection works!</p>
+
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+  <!-- +++++ Second Post +++++ -->
+  <div id="anon1">
+	<div class="container">
+		<div class="row">
+			<div class="col-lg-8 col-lg-offset-2">
+	  <h2><b>Tor cli setup</b></h2> </br> </br>
+<p>At last we are about to setup the torrc file for making tor daemon using snowflake </p>
+<p>First install tor and snowflake client</p>
+<pre><code class="nim">
+$sudo apt-get install tor snowflake-client -y
+</code></pre>
+<p>Next edit the torrc file, replace the content of /etc/tor/torrc with the following config</p>
+<pre><code class="nim">
+UseBridges 1
+
+ClientTransportPlugin snowflake exec /usr/bin/snowflake-client -url https://snowflake-broker.azureedge.net/ -front ajax.aspnetcdn.com -ice stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn -log /var/log/tor/snowflake-client.log
+	
+Bridge snowflake 192.0.2.3:80 2B280B23E1107BB62ABFC40DDCC8824814F80A72
+</code></pre>
+<p>Then restart tor daemon and check the tor status</p>
+<pre><code class="nim">
+$sudo systemctl restart tor@default
+
+$sudo systemctl status tor@default
+</code></pre>
+<p>You should see the log says it connects to a snowflake relay</p>
+<img src="flake_log.png" class="imgRz" style="width: 600px">
+<p>Finally grab firefox, set proxy to socks5 127.0.0.1:9050, make a visit to <a href="https://check.torproject.org">https://check.torproject.org</a> to make sure the tor daemon is running correctly</p>
+<img src="tor_check.png" class="imgRz" style="width: 700px">
+
+
+			</div>
+		</div><!-- /row -->
+	</div> <!-- /container -->
+</div><!-- /white -->
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: No Rights Reserved</br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>