Hello,
I was trying to run flashproxy using gnash following the RTMFP part of the tutorial located here: https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
I do not use the gnash-plugin embedded in a browser, but the CLI tool gnash packaged with debian (and invoking it like this, as a standard user: gnash swfcat.swf -p client=1 -p debug=1
I've got the following output with the connector.py script:
$ ./connector.py 127.0.0.1:9001 127.0.0.1:9002 2011-12-22 15:34:07 Local connection from 127.0.0.1:54335. 2011-12-22 15:34:07 SOCKS request from 127.0.0.1:54335. 2011-12-22 15:34:07 handle_socks_request 2011-12-22 15:34:07 Got SOCKS request for 127.0.0.1:9001. 2011-12-22 15:34:07 handle_local_connection 2011-12-22 15:34:07 locals (1): [u'127.0.0.1:54335'] 2011-12-22 15:34:07 remotes (0): [] 2011-12-22 15:34:07 Data from unconnected local 127.0.0.1:54335 (141 bytes). 2011-12-22 15:34:07 locals (1): [u'127.0.0.1:54335'] 2011-12-22 15:34:07 remotes (0): [] 2011-12-22 15:34:33 Local connection from 127.0.0.1:54336. 2011-12-22 15:34:33 SOCKS request from 127.0.0.1:54336. 2011-12-22 15:34:33 handle_socks_request 2011-12-22 15:34:33 Couldn't unpack SOCKS4 header. 2011-12-22 15:34:33 locals (1): [u'127.0.0.1:54335'] 2011-12-22 15:34:33 remotes (0): [] 2011-12-22 15:34:56 EOF from unconnected local 127.0.0.1:54335 with 141 bytes buffered. 2011-12-22 15:34:56 locals (0): [] 2011-12-22 15:34:56 remotes (0): []
And I enlcosed a gnash debug logfile to this mail.
I'm running a squeeze with this kernel: $ uname -ar Linux desktop 2.6.32-5-amd64 #1 SMP Fri Sep 9 20:23:16 UTC 2011 x86_64 GNU/Linux
Regards, Okhin
On Thu, Dec 22, 2011 at 03:38:29PM +0100, Okhin wrote:
Hello,
I was trying to run flashproxy using gnash following the RTMFP part of the tutorial located here: https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
I do not use the gnash-plugin embedded in a browser, but the CLI tool gnash packaged with debian (and invoking it like this, as a standard user: gnash swfcat.swf -p client=1 -p debug=1
Thank you for testing this and for the thorough report. Unfortunately I'm not surprised that it doesn't work with Gnash. I don't think Gnash has some of the features we use, and probably doesn't have RTMFP, which has only been partially reverse-engineered in another project. Some log messages suggest this:
3338:1] 15:33:34: UNIMPLEMENTED: SWF10 is not fully supported, trying anyway but don't expect it to work 3338:2] 15:33:35: DEBUG: This SWF uses AVM2 3338:2] 15:33:35: ERROR: This SWF file requires AVM2, which was not enabled at compile time.
RTMFP is only useful for NAT traversal, so if you can enable port forwarding or something else, don't use it. Personally, I don't recommend using the RTMFP transport at all, for these reasons: 1. It requires a static third party to assist in NAT traversal. By default this is some Adobe server, which is clearly unacceptable. We found a way to use our own server, so you at least don't have to trust any additional parties, but that server still sits at a static address and is trivially blockable, defeating the whole purpose. 2. It requires running Flash on the client, which is not normally required when using flash proxies. 3. The fact that normally Flash is run in the browser may encourage people to run Flash in their Tor browser, which is a bad idea.
I think you had the right idea in trying to run it with Gnash from the command line. But if you can avoid using RTMFP, that's what I recommend.
This is how I use flash proxies with port forwarding at home: Set up my router to forward port 7000 to my PC. sudo iptables -A INPUT --proto tcp --dport 7000 -j ACCEPT ./connector.py -f tor-facilitator.bamsoftware.com :9001 :7000
David Fifield
On Thu, Dec 22, 2011 at 07:31:59PM -0800, David Fifield wrote:
On Thu, Dec 22, 2011 at 03:38:29PM +0100, Okhin wrote:
Hello,
I was trying to run flashproxy using gnash following the RTMFP part of the tutorial located here: https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
I do not use the gnash-plugin embedded in a browser, but the CLI tool gnash packaged with debian (and invoking it like this, as a standard user: gnash swfcat.swf -p client=1 -p debug=1
Thank you for testing this and for the thorough report. Unfortunately I'm not surprised that it doesn't work with Gnash. I don't think Gnash has some of the features we use, and probably doesn't have RTMFP, which has only been partially reverse-engineered in another project. Some log messages suggest this:
If the only reason to use flash is RTMFP, maybe it can be replaced with this technique: http://samy.pl/pwnat/ (if I didn't misunderstood the architecture of flashproxy)
Anyway, if there is some javascript code to check, I'd like to help with that development.
--
On Fri, Dec 23, 2011 at 01:00:01PM -0300, Mauricio Pasquier Juan wrote:
On Thu, Dec 22, 2011 at 07:31:59PM -0800, David Fifield wrote:
On Thu, Dec 22, 2011 at 03:38:29PM +0100, Okhin wrote:
Hello,
I was trying to run flashproxy using gnash following the RTMFP part of the tutorial located here: https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
I do not use the gnash-plugin embedded in a browser, but the CLI tool gnash packaged with debian (and invoking it like this, as a standard user: gnash swfcat.swf -p client=1 -p debug=1
Thank you for testing this and for the thorough report. Unfortunately I'm not surprised that it doesn't work with Gnash. I don't think Gnash has some of the features we use, and probably doesn't have RTMFP, which has only been partially reverse-engineered in another project. Some log messages suggest this:
If the only reason to use flash is RTMFP, maybe it can be replaced with this technique: http://samy.pl/pwnat/ (if I didn't misunderstood the architecture of flashproxy)
Yes, the only reason to use Flash on the client is for RTMFP, and the only reason to use RTMFP is to get across a NAT. I looked a pwnat and didn't think it would work in this case, because a flash proxy doesn't have raw socket access to send a Time Exceeded message. I could be working under incorrect assumptions, though.
Long ago I wrote a very crude NAT puncher that doesn't require an intermediary. It uses birthday collisions between randomly generated UDP port numbers. https://gitweb.torproject.org/flashproxy.git/blob/9c471b4b99d07c8db197d15fe6... We gave up on it because (1) it requires both client and server to know each other's address in advance, (2) it takes a few hundred packets, and (3) we don't have access to UDP sockets anyway, except through abstractions like RTMFP.
Anyway, if there is some javascript code to check, I'd like to help with that development.
There's no JavaScript yet, but we want to port the ActionScript (which is similar). These are the primary source files: https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/swfcat.as https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/ProxyPair.as I don't have any experience with JavaScript network programming yet, but porting doesn't look too hard, as long as you get reasonable event callbacks for things like reads.
David Fifield
-
David Fifield -
Mauricio Pasquier Juan -
Okhin