configuring obsf4 proxy for tor
Well if you have heard or used tor, there is a high possibility of hearing the words, "bridges", "obsf4", "exit node" and so on...
Well today we are going to have a deeper dive on the obsf4 proxy that we have for tor.
According to the official documentation of tor,
Obfs4 is a pluggable transport that makes Tor traffic look random like obfs3, and also prevents censors from finding bridges by Internet scanning. Obfs4 bridges are less likely to be blocked than obfs3 bridges.
Coming to the implementation and how to properly configure the obsf4 proxy so that we can route the traffic via obsf4 bridges weather it be just to surf the deep web or used to host your own deep website over tor network or weather you are running a relay for others to use and contributing back to the community.
The first thing is to install the tor binary package in your system where you are going to run the tor service from.
Depending on the system you are running, you can install tor from the package manager they have,
Mac: brew install tor
Linux: yay -S tor (arch & arch based systems)
: apt install tor (debian & debian based systems)
I am assuming you have brew for mac and yay package manger for arch based systems.
Once you successfully install the tor binary, a torrc configuration file will be generated which will have contain the tor configurations, bridges details, cookie auth, domain control, etc. And we are going to update that config file to incorporate the obsf4 proxy.
To configure the obsf4 proxy, we firstly need to install the obsf4 binary package, or you can compile it, if you wish to. Anyways for the tutorial we are going to use the pre-built binaries to not have much of complications.
Again depending on your OS you are using, run the following commands,
Mac: brew install obfs4proxy
Linux: yay -S obfs4proxy (arch & arch based systems)
: apt install obfs4proxy (debian & debian based systems)
Once the installation is completed, we need to fetch the obsf4 bridges from the torproject which we can use.
There are 2 ways to fetch the proxies,
- Get the obsf4 bridges from https://bridges.torproject.org/options
- Send the email to [email protected] with the body as
get transport obfs4.
They have a rate limit of 1 request per hour, and mail via gmail account to not get Ghosted...
Once you receive the proxy bridges, all we have to do is to add those to our torrc file.
Again depending on your OS, mainly MacOS and Linux based systems the file location for the file changes, however the content and format stays the same.
File path for the torrc file:
Mac: /usr/local/etc/tor/torrc
Linux: /etc/tor/torrc
Now all we have to do is update the UseBridges config value to 1 from 0 and un-comment the line if commented and depending on your OS, update the path after,
obsf4 exec /usr/local/bin/obfs4proxy for mac and /usr/bin/obfs4proxy for Linux based OS, and followed by the Brides values.
Below is an example for the Linux OS based config.
# Using Bridges, obsf4
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed
# send email to [email protected] with body `get transport obfs4` you can get new bridges.
# Or use https://bridges.torproject.org/options
# Paste the obsf4 bridges here and put Bridge in front of each.
Bridge obfs4 78.194.206.56.. B80190D0C0771298F04AE56L..... cert=61xl3nF07Ssg... iat-mode=0
Bridge obfs4 185.220.101.17.. 59F4CBDE79D51FEC12AC1F4304D006C97D4.. cert=p9L6... iat-mode=0
Bridge obfs4 185.220.101.17.. 59F4CBDE79D51FEC12AC1F4304D006C97D4.. cert=p9L6... iat-mode=2
Once done, don't forget to restart the tor services to have route your tor traffic via those newly obtained obsf4 proxies.
That can be done via:
Mac: brew services restart tor
Linux: sudo systemctl restart tor
And voila, you have successfully configured the your tor network to use the obsf4 proxies.