1. 11 May, 2021 1 commit
  2. 30 Mar, 2019 1 commit
  3. 18 Mar, 2019 1 commit
  4. 05 Feb, 2019 1 commit
  5. 04 Feb, 2019 1 commit
    • Yawning Angel's avatar
      transports/meeklite: Add a lightweight HPKP implementation · c65aaf64
      Yawning Angel authored
      HPKP is effectively dead as far as a standard goes, but the idea has
      merit in certain use cases, this being one of them.
      As a TLS MITM essentially will strip whatever obfuscation that the
      transport may provide, the digests of the SubjectPublicKeyInfo fields
      of the Tor Browser Azure meek host are now hardcoded.
      The behavior can be disabled by passing `disableHPKP=true` on the bridge
      line, for cases where comaptibility is prefered over security.
  6. 03 Feb, 2019 1 commit
    • Yawning Angel's avatar
      transports/meeklite: Use a modified version of utls · bde8b7ff
      Yawning Angel authored
       * Use a fork of utls with some compatibility improvements.
       * Switch the default ClientHello profile to `HelloFirefox_Auto`.
       * Add the `HelloChrome_71` profile.
      The existing `HelloFirefox_Auto` profile that points to
      `HelloFirefox_63` also matches the (common) behavior of Firefox 65,
      assuming that 3DES ciphersuites are not disabled.
  7. 01 Feb, 2019 1 commit
  8. 26 Jan, 2019 1 commit
  9. 21 Jan, 2019 2 commits
    • Yawning Angel's avatar
      transports/meeklite: Add `utls` argument to configure behavior · e4020b18
      Yawning Angel authored
      Per dcf:
      > As for the TODO, my plan was was to expose a "utls" SOCKS arg
      > to make it configurable per bridge, and just reuse the utls
      > Client Hello ID names:
      >	utls=HelloChrome_Auto
      This adds support for all currently supported utls ClientHello IDs
      with the following caveats/differences:
       * `none` - Disables using utls entirely, forces `crypto/tls`.
       * `HelloGolang` - Alias of `none`, since using utls is pointless.
       * `HelloCustom` - Omitted as pointless.
    • Yawning Angel's avatar
      transports/meeklite: uTLS for ClientHello camouflage · 4d453dab
      Yawning Angel authored
      There's still some interesting oddities depending on remote server and
      what fingerprint is chosen, but I can watch videos online with the
      chosen settings and the TBB Azure bridge.
      Note: Despite what people are claiming in the Tor Browser bug tracker
      it isn't all that hard to use the built in http client with utls.  And
      yes, the `transport.go` code does negotiate correctly in a standalone
      test case (apart from compatibility related oddities).