[tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 5 18:55:56 UTC 2013
#9601: Cyberoam firewall blocks obfs2/3 bridge addresses
---------------------------+-----------------
Reporter: Sherief | Owner: asn
Type: task | Status: new
Priority: normal | Milestone:
Component: Obfsproxy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+-----------------
Comment (by phw):
Replying to [comment:9 asn]:
> What's the actual fpr of the bridge at 212.112.[xx:443 xx:443]?
This is actually 212.112.245.170:443 which is gabelmoo (it's a public
relay address, hence no need to keep it secret). The user's Tor client
expected `F2044413DAC2E02E3D6BCF4735A19BCA1DE97281` which is gabelmoo's
fingerprint.
> Also, what's up with the bridge at 109.91.xx? Why does it have the same
fpr with the one that appeared in the first log? Did that guy mix up his
torrc lines? Do you recognize the FA00CC092639AC.. fingerprint? Does it
belong to one of the bridges you gave him?
My theory is that `FA00CC092639AC62C03E148F4A10C2787C129668` is the
fingerprint of the cyberoam certificate which is used to MitM the users
behind the firewall. It might be an HTTPS proxy. gabelmoo's fingerprint is
known from the consensus but the bridge's fingerprint was unknown.
Therefore, the spoofed certificate was apparently accepted by the user's
Tor client.
Note that both relays run behind port 443. It would be interesting to see
how the cyberoam device behaves for relays/bridges behind other ports.
Also, the "freeport scanner" says that port 443 is closed which is
obviously not true. So I'm not sure if we should trust these results.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9601#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list