'\" t
.\"     Title: obfsproxy
.\"    Author: [see the "AUTHORS" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\"      Date: 11/23/2017
.\"    Manual: \ \&
.\"    Source: \ \&
.\"  Language: English
.\"
.TH "OBFSPROXY" "1" "11/23/2017" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
obfsproxy \- a pluggable transports proxy
.SH "SYNOPSIS"
.sp
obfsproxy [\-\-log\-file \fIlog_file\fR] [\-\-log\-min\-severity \fIseverity\fR] [\-\-no\-log] [\-\-no\-safe\-logging] managed obfsproxy [\-\-log\-file \fIlog_file\fR] [\-\-log\-min\-severity \fIseverity\fR] [\-\-no\-log] [\-\-no\-safe\-logging] \fItransport\fR [\-h] [\-\-dest \fIdest\fR] [\-\-ext\-cookie\-file \fIext_cookie_file\fR] \&... \fImode\fR \fIlisten_addr\fR obfsproxy \-\-help
.SH "DESCRIPTION"
.sp
\fBobfsproxy\fR is a tool that attempts to circumvent censorship, by transforming the Tor traffic between the client and the bridge\&. This way, censors, who usually monitor traffic between the client and the bridge, will see innocent\-looking transformed traffic instead of the actual Tor traffic\&.
.SH "OPTIONS"
.PP
\fB\-\-log\-file\fR \fIlog_file\fR
.RS 4
Set logfile location\&.
.RE
.PP
\fB\-\-log\-min\-severity\fR \fIseverity\fR
.RS 4
Set minimum logging severity (default: no logging)\&.
\fIseverity\fR
must be one of
\fBerror\fR,
\fBwarning\fR,
\fBinfo\fR,
\fBdebug\fR\&.
.RE
.PP
\fB\-\-no\-log\fR
.RS 4
Disable logging\&.
.RE
.PP
\fB\-\-no\-safe\-logging\fR
.RS 4
Disable safe (scrubbed address) logging\&.
.RE
.PP
\fB\-h, \-\-help\fR
.RS 4
Show help message and exit\&.
.RE
.SH "MANAGED TRANSPORT"
.sp
Using \fBmanaged\fR as \fITRANSPORT\fR allows Tor to start and control obfsproxy by itself\&. Add a line like the following to torrc to use it when acting as a bridge:
.sp
.if n \{\
.RS 4
.\}
.nf
ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
.fi
.if n \{\
.RE
.\}
.sp
When connecting to an obfuscated bridge, adapt the following:
.sp
.if n \{\
.RS 4
.\}
.nf
ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed
.fi
.if n \{\
.RE
.\}
.SH "DUMMY TRANSPORT"
.sp
Use a protocol that simply proxies data without obfuscating them\&. For tests only\&.
.sp
No extra options\&.
.SH "B64 TRANSPORT"
.sp
Use a protocol that encodes data with \fBbase64\fR before pushing them to the network\&.
.sp
No extra options\&.
.SH "OBFS2 TRANSPORT"
.sp
Use the \fBobfs2\fR protocol\&. \fBobfs2 is known to be fingerprintable and is deprecated\&.\fR See https://gitweb\&.torproject\&.org/obfsproxy\&.git/blob/HEAD:/doc/obfs2/protocol\-spec\&.txt for the specification\&.
.sp
No extra options\&.
.SH "OBFS3 TRANSPORT"
.sp
Use the \fBobfs3\fR protocol\&. See https://gitweb\&.torproject\&.org/pluggable\-transports/obfsproxy\&.git/blob/HEAD:/doc/obfs3/obfs3\-protocol\-spec\&.txt for the specification\&.
.sp
No extra options\&.
.SH "SCRAMBLESUIT TRANSPORT"
.sp
Use the \fBscramblesuit\fR protocol\&. See https://gitweb\&.torproject\&.org/pluggable\-transports/obfsproxy\&.git/blob/HEAD:/doc/scramblesuit/scramblesuit\-spec\&.txt for the specification\&.
.PP
\fB\-\-password\fR \fIpassword\fR
.RS 4
Shared secret for UniformDH\&. In server mode, a secret will be automatically generated if unspecified\&.
.RE
.sp
In order to configure a password with Tor on the server side, the following can be added to torrc:
.sp
.if n \{\
.RS 4
.\}
.nf
ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
.fi
.if n \{\
.RE
.\}
.sp
Tor clients (using a version later than 0\&.2\&.5\&.1\-alpha) can then use:
.sp
.if n \{\
.RS 4
.\}
.nf
Bridge scramblesuit 192\&.0\&.2\&.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT
.fi
.if n \{\
.RE
.\}
.SH "COMMON TRANSPORT OPTIONS"
.sp
Here\(cqs the common synopsis:
.sp
Options common for all transports:
.PP
\fBtransport\fR
.RS 4
One of
\fBmanaged\fR,
\fBdummy\fR,
\fBb64\fR,
\fBobfs2\fR,
\fBobfs3\fR
or
\fBscramblesuit\fR\&. See above for details\&.
.RE
.PP
\fB\-h\fR
.RS 4
Show help message and exit\&.
.RE
.PP
\fB\-\-dest\fR \fIdest\fR
.RS 4
Set destination address\&. Mandatory in all modes except
\fBsocks\fR\&.
.RE
.PP
\fB\-\-ext\-cookie\-file\fR \fIext_cookie_file\fR
.RS 4
Configure the filesystem path where the Extended ORPort authentication cookie is stored\&.
.RE
.PP
\fBmode\fR
.RS 4
Mode must be one of
\fBserver\fR
(old\-style ServerTransportPlugin),
\fBext_server\fR
(support for Extended ORPort),
\fBclient\fR
(bridge client) or
\fBsocks\fR
(client using SOCKS to connect to bridges)\&.
.RE
.PP
\fBlisten_addr\fR
.RS 4
Address on which the proxy will listen\&.
.RE
.SH "BUGS"
.sp
Plenty, probably\&. \fBobfsproxy\fR is still in development\&. Please report them\&.
.SH "AUTHORS"
.sp
George Kadianakis <asn@torproject\&.org>
.sp
Philipp Winter <phw@torproject\&.org>
.sp
Brandon Wiley <brandon@blanu\&.net>