meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflected through a hard-to-block third-party web server in order to avoid talking directly to a Tor bridge. HTTPS encryption hides fingerprintable byte patterns in Tor traffic. https://trac.torproject.org/projects/tor/wiki/doc/meek The key trick that makes the system work is "domain fronting": communicating with a forbidden domain in a way that makes it look like you are communicating with an allowed domain. It works by putting the allowed domain on the "outside" of a request: in the DNS query and the SNI TLS extension; and the forbidden domain on the "inside": in the Host header of the HTTP request. The trick works with web services that ignore the SNI and handle requests based on the Host header. A client wanting to communicate with the domain forbidden.example while appearing to communicate with a different domain, allowed.example, can run the client plugin program like this: meek-client --url=https://forbidden.example/ --front=allowed.example This can only work when forbidden.example and allowed.example are run on the same web service. meek can use a number of web services as a transport backend. Some of these, like CDNs, are very easy to set up for domain fronting: you just point the CDN at an instance of meek-server. Others, like App Engine, require you to run a small "reflector" app on the service that forwards requests to meek-server. A description of how to set up various services is at https://trac.torproject.org/projects/tor/wiki/doc/meek#Webservices. Reflector apps are found in the appengine, nginx, php, and wsgi directories. The meek-client program by itself has a fingerprintable TLS handshake. To disguise the TLS part of HTTPS connections, meek-client should be run with the --helper option pointing at a browser extension that has been set up separately. How it works is meek-client tells the browser what URL to request, the browser requests it and returns the payload to meek-client. The TLS implementation is that of the browser, so it better blends in with allowed traffic. A browser extension for Firefox is in the webextension directory. Here is a summary of the programs that appear in subdirectories. appengine: Reflector web app that runs on Google App Engine. The reflector simply copies requests and responses to an instance of meek-server somewhere. meek-client: The client transport plugin, run by a censored client. meek-client-torbrowser: An auxiliary program for within Tor Browser that runs a second copy of Firefox with the browser extension and then configures meek-client to use it as a helper. meek-server: The server transport plugin, run on a Tor relay. nginx: A reflector configuration for Nginx. php: A PHP reflector. It can be run on any platform that supports PHP with the cURL library. A public instance is at https://meek-reflect.herokuapp.com/. terminateprocess-buffer: An auxiliary program used on Windows to assist with cleanup of subprocesses. webextension: Browser extension for TLS camouflage. wsgi: A WSGI Python reflector. To the extent possible under law, the authors have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. See COPYING.
meek is a blocking-resistant pluggable transport for Tor.
Owner
Clair de Lune
Similar Resources
A lightweight and simplistic Tor library for golang
gotor A lightweight and simplistic Tor library for golang go get github.com/ripmeep/gotor import "github.com/ripmeep/gotor" Usage t := tor.TorConnecti
IP2Proxy Go package allows users to query an IP address to determine if it was being used as open proxy, web proxy, VPN anonymizer and TOR exits.
IP2Proxy Go Package This package allows user to query an IP address if it was being used as VPN anonymizer, open proxies, web proxies, Tor exits, data
Vanitytorgen - Vanity Tor keys/onion addresses generator
Vanity Tor keys/onion addresses generator Assumptions You know what you are doing. You know where to copy the output files. You know how to set up a H
Proxtor - A simple tool to connect to the network using Tor
Proxtor A simple tool to connect to the network using Tor. Installing Go to rele
Remake of the original sqlifinder but in GOlang, and allows for listed targets, domain crawling, and tor connections
_______ _____ _____ _______ _____ __ _ ______ _______ ______ |______ | __| | | |______ | | \ | | \ |______ |_____/
A Tor package updater and runner as an I2P Plugin
i2p.plugins.tor-updater A Tor package updater and runner as an I2P Plugin. This plugin is still being changed rapidly but it should be usable on most
oniongrok forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa
oniongrok Onion addresses for anything. oniongrok forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa. Wh
A pluggable backend API that enforces the Event Sourcing Pattern for persisting & broadcasting application state changes
A pluggable "Application State Gateway" that enforces the Event Sourcing Pattern for securely persisting & broadcasting application state changes
Related tags
🚀 gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go./ gnet 是一个高性能、轻量级、非阻塞的事件驱动 Go 网络框架。
English | ???? 中文 ?? Introduction gnet is an event-driven networking framework that is fast and lightweight. It makes direct epoll and kqueue syscalls
Network-wide ads & trackers blocking DNS server
Privacy protection center for you and your devices Free and open source, powerful network-wide ads & trackers blocking DNS server. AdGuard.com | Wiki
Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance.
Netpoll is a high-performance non-blocking I/O networking framework, which focused on RPC scenarios, developed by ByteDance. RPC is usually heavy on processing logic and therefore cannot handle I/O serially. But Go's standard library net designed blocking I/O API, so that the RPC framework can only follow the One Conn One Goroutine design.
High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.
High-performance, non-blocking, event-driven, easy-to-use networking framework written in Go, support tls/http1.x/websocket.
Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks
firewall Middleware for Blocking IP ranges by inserting CIDR Blocks and searching IPs through those blocks. Features Easy to use Efficient and Fast Co
UDP Transport: compress, encrypt and send any data reliably over unreliable UDP connections
udpt UDP Transport Compresses, encrypts and transfers data between a sender and receiver using UDP protocol. Features and Design Aims: Avoid the overh
Transport to allow go-libp2p applications to natively use i2p for communication
I2P Transport for go-libp2p This library can be used to build go-libp2p applications using the i2p network. Look at transport_test.go for example usag
An experimental Tor-Proxy serivce written in Go using Go-proxy and Go-libtor.
tor-proxy An experimental standalone tor-proxy service built with Go, using go-proxy, go-libtor and bine. This is a simple replacement to Tor's origin
Golang Client for querying Tor network data using the Onionoo service.
gonion Lightweight Golang wrapper for querying Tor network data using the Onionoo service. package main import ( "github.com/R4yGM/gonion"
Tor ready router
DPI installing don't forget to replace the username with your username: mkdir build cd build wget https://openresty.org/download/openresty-1.19.9.1.ta