OBFSPROXY(1)
============
:doctype: manpage


NAME
----
obfsproxy - a pluggable transports proxy


SYNOPSIS
--------
obfsproxy [--log-file 'log_file']
            [--log-min-severity 'severity'] [--no-log]
            [--no-safe-logging]
            managed
obfsproxy [--log-file 'log_file']
            [--log-min-severity 'severity'] [--no-log]
            [--no-safe-logging]
            'transport'
            [-h] [--dest 'dest']
            [--ext-cookie-file 'ext_cookie_file'] ...
            'mode' 'listen_addr'
obfsproxy --help



DESCRIPTION
-----------
*obfsproxy* is a tool that attempts to circumvent censorship, by transforming
the Tor traffic between the client and the bridge. This way, censors, who
usually monitor traffic between the client and the bridge, will see
innocent-looking transformed traffic instead of the actual Tor traffic.


OPTIONS
-------
**--log-file** 'log_file'::
     Set logfile location.
**--log-min-severity** 'severity'::
     Set minimum logging severity (default: no logging). 'severity' must be
     one of *error*, *warning*, *info*, *debug*.
**--no-log**::
     Disable logging.
**--no-safe-logging**::
     Disable safe (scrubbed address) logging.
**-h, --help**::
     Show help message and exit.


MANAGED TRANSPORT
-----------------

Using *managed* as 'TRANSPORT' allows Tor to start and control obfsproxy by
itself. Add a line like the following to torrc to use it when acting as a
bridge:

     ServerTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed

When connecting to an obfuscated bridge, adapt the following:

     ClientTransportPlugin obfs3,scramblesuit exec /usr/bin/obfsproxy managed

DUMMY TRANSPORT
---------------
Use a protocol that simply proxies data without obfuscating them. For tests only.

No extra options.


B64 TRANSPORT
-------------
Use a protocol that encodes data with *base64* before pushing them to the
network.

No extra options.


OBFS2 TRANSPORT
---------------
Use the *obfs2* protocol. **obfs2 is known to be fingerprintable and is deprecated.**
See <https://gitweb.torproject.org/obfsproxy.git/blob/HEAD:/doc/obfs2/protocol-spec.txt>
for the specification.

No extra options.


OBFS3 TRANSPORT
---------------
Use the *obfs3* protocol. See
<https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/obfs3/obfs3-protocol-spec.txt>
for the specification.

No extra options.


SCRAMBLESUIT TRANSPORT
----------------------
Use the *scramblesuit* protocol. See
<https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/blob/HEAD:/doc/scramblesuit/scramblesuit-spec.txt>
for the specification.

**--password** 'password'::
     Shared secret for UniformDH. In server mode, a secret will be
     automatically generated if unspecified.

In order to configure a password with Tor on the server side, the following can
be added to torrc:

    ServerTransportOptions scramblesuit password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT

Tor clients (using a version later than 0.2.5.1-alpha) can then use:

    Bridge scramblesuit 192.0.2.42:2032 password=WFVTIHBLAHNBXWSUD6WYTEST42LPIPRT


COMMON TRANSPORT OPTIONS
------------------------

Here's the common synopsis:


Options common for all transports:

**transport**::
     One of *managed*, *dummy*, *b64*, *obfs2*, *obfs3* or *scramblesuit*. See
     above for details.

*-h*::
     Show help message and exit.

**--dest** 'dest'::
     Set destination address. Mandatory in all modes except *socks*.

**--ext-cookie-file** 'ext_cookie_file'::
     Configure the filesystem path where the Extended ORPort authentication
     cookie is stored.

**mode**::
     Mode must be one of *server* (old-style ServerTransportPlugin),
     *ext_server* (support for Extended ORPort), *client* (bridge client) or
     *socks* (client using SOCKS to connect to bridges).

**listen_addr**::
     Address on which the proxy will listen.


BUGS
----
Plenty, probably. *obfsproxy* is still in development. Please report them.


AUTHORS
-------
George Kadianakis <asn@torproject.org>

Philipp Winter <phw@torproject.org>

Brandon Wiley <brandon@blanu.net>
