[tor-bugs] #9601 [Obfsproxy]: Cyberoam firewall blocks obfs2/3 bridge addresses

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 5 21:21:59 UTC 2013 

#9601: Cyberoam firewall blocks obfs2/3 bridge addresses
---------------------------+-----------------
     Reporter:  Sherief    |      Owner:  asn
         Type:  task       |     Status:  new
     Priority:  normal     |  Milestone:
    Component:  Obfsproxy  |    Version:
   Resolution:             |   Keywords:
Actual Points:             |  Parent ID:
       Points:             |
---------------------------+-----------------

Comment (by asn):

 Replying to [comment:13 phw]:
 > Replying to [comment:9 asn]:
 >
 > > What's the actual fpr of the bridge at 212.112.[xx:443 xx:443]?
 >
 > This is actually 212.112.245.170:443 which is gabelmoo (it's a public
 relay address, hence no need to keep it secret). The user's Tor client
 expected `F2044413DAC2E02E3D6BCF4735A19BCA1DE97281` which is gabelmoo's
 fingerprint.
 >
 > > Also, what's up with the bridge at 109.91.xx? Why does it have the
 same fpr with the one that appeared in the first log? Did that guy mix up
 his torrc lines? Do you recognize the FA00CC092639AC.. fingerprint? Does
 it belong to one of the bridges you gave him?
 >
 > My theory is that `FA00CC092639AC62C03E148F4A10C2787C129668` is the
 fingerprint of the cyberoam certificate which is used to MitM the users
 behind the firewall. It might be an HTTPS proxy. gabelmoo's fingerprint is
 known from the consensus but the bridge's fingerprint was unknown.
 Therefore, the spoofed certificate was apparently accepted by the user's
 Tor client.
 >

 What confused me is that identity certificate of the bridge is presented:
 * In the v2 link handshake, during the SSL renegotiation.
 * In the v3 link handshake, using Tor cells (`AUTHENTICATE`, etc.)

 If Cyberoam was simply MITMing the SSL of HTTPS, why did Tor interpret
 `FA00CC0926...` as the identity fingerprint of the bridge? Or am I
 confused?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9601#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list