Hey Tor-devers,

I hope you are enjoying the summer as it's officially started and nobody can deny that (unless you are on the wrong hemisphere). And sorry for the delay, I was Internet deprived for a while.

So I'm here to tell you what I did in last two weeks.

Following the advice of Zack, I read the code in steg directory, where the modules which embed the requested data in http payloads live. It also deals with http details. I also looked into the randomness algorithms in stegotorus. I suggested some ideas on improving the code and I'm waiting for Zack to tell me what he thinks about them. It was a good investment as now I have a good idea that what is happening where in the code and it makes the task of applying after-forking obfproxy patches to stegotorus more feasible.

I had a discussion in irc with the Roger and following the discussion and sharing my idea with Zack, I started developing a payload serving system that instead of using a static trace file assumes that apache is installed on the system and query apache for the payload. So far I have written the prototype of the class and have shared my design with Zack.

I also looked into the problem that Polipo (as a typical http proxy) had with Stegotorus that it does not allow any Stegotorus traffic through. It turned out that Polipo thinks all Stegotorus GET request are stored in the local hard drive (as they don't have server name and they starts with /). Hence, it tries to serve them directly from the disk and fails. So I shared that with Zack as well, and we'll discuss the possible solutions. Although, the new apache payload system won't have that problem.

Hopefully in two weeks we will have the apache payload in semi-functional condition.

Cheers, vmon