[guardian-dev] Obfsproxy question

Matej Kovacic matej.kovacic at owca.info
Sun Sep 24 17:38:43 EDT 2017


I have a question about Obfsproxy. As I understand, it starts a server
at TCP/80 port and listens to a traffic, which is masked as HTTP.

My question is - is it possible to run a legitimate HTTP server on port
80, so that if someone will connect to the website with web browser, it
will get a legitimate website. But if someone will connect with
Obfsproxy, his or her traffic will be redirected to Obfsproxy (and then
relayed forward).

OpenVPN has a similar feature, called port sharing. It can be configured
to use TCP/443 port, which is normally used for HTTPS. But if OpenVPN
detects non-vpn traffic, it will relay traffic to a local port through
port sharing mechanism.

The result is that when someone connects to OpenVPN with OpenVPN client,
he will get access to VPN, but if the same person connects to the same
port and same IP with web browser - it will get legitimate HTTPS traffic.

PGP Fingerprint: 1918 8C72 E5D6 B523 86E1  AC24 C82A C043 3D92 568D
PGP Key:
Personal blog: https://pravokator.si

More information about the guardian-dev mailing list