negative zero

Using Tor with bridges

2022 June 8

[circumvention] [privacy] [tech] [tor] [tutorial]

Tor can be used with pluggable transports to obfuscate the fact that the user is using Tor, enabling them to circumvent an ISP block.

Bridges in Tor Browser

It's easy to configure bridges in the Tor Browser.

  1. When you first launch Tor Browser, rather than connect, click Tor Network Settings.
  2. Tor Browser with the cursor selecting &quote;Tor Network Settings&quote;

    This will bring you to about:preferences#tor.

    Tor Browser connection settings

  3. Under Bridges, check the box beside Use a bridge.
  4. The user has selected &quote;Use a bridge&quote;

  5. You can Select a built-in bridge such as obfs4, Request a bridge from, or Provide a bridge if you know one or more already.
  6. The user has opted to use a built-in bridge and selected "obfs4" as the transport.

    If you request a bridge, you'll need to complete a visual CAPTCHA.

    The user has selected "Request a bridge from" and is about to click "Request a New Bridge..."

    A visual CAPTCHA which must be completed

    Tor Browser will then fill in some bridges you can use.

    3 obfs4 bridges have been provided.

After that, just connect.

Bridges with tor service

It's less obvious how to do this with the tor service.

  1. Install the necessary packages.
  2. On Debian, sudo apt install tor obfs4proxy

    On Fedora, sudo dnf install tor obfs4

    obfs4proxy does not seem to be available from the main Arch repos, but it is in the AUR.

  3. Get some bridges.
  4. You can use the Tor Browser to request a bridge (as described above). Alternatively, you can...

    See the Tor Project page on bridges for more info.

    You should get a result that looks something like this:

    obfs4 A1E2CAADC06D6C21908FB505D99F29D36C64B7D8 cert=BoddvgH90+ynSjJzOldIuDM/1WK1Fv/BsNGdtu9Lh8IHNeTcYWn4/FzxhHYc6/y5mguIYw iat-mode=0
    obfs4 4BAADDFFF1545B6C5E6BCCF8B9946F6F724B4DA8 cert=p9L6+25s8bnfkye1ZxFeAE4mAGY7DH4Gaj7dxngIIzP9BtqrHHwZXdjMK0RVIQ34C7aqZw iat-mode=2
    obfs4 150530E71DF116D514AF6E04C2EC18F16803FF72 cert=zJVQ+C2X5SndHqKgsYqT4vOexUqg4zFpyBwdtmKLM7CU6ceDFQk6uijsC1FCIFrCblFBAw iat-mode=0
  5. Add these bridges to your torrc.
  6. Modify /etc/tor/torrc. Add these lines:

    UseBridges 1
    ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
    Bridge obfs4 A1E2CAADC06D6C21908FB505D99F29D36C64B7D8 cert=BoddvgH90+ynSjJzOldIuDM/1WK1Fv/BsNGdtu9Lh8IHNeTcYWn4/FzxhHYc6/y5mguIYw iat-mode=0
    Bridge obfs4 4BAADDFFF1545B6C5E6BCCF8B9946F6F724B4DA8 cert=p9L6+25s8bnfkye1ZxFeAE4mAGY7DH4Gaj7dxngIIzP9BtqrHHwZXdjMK0RVIQ34C7aqZw iat-mode=2
    Bridge obfs4 150530E71DF116D514AF6E04C2EC18F16803FF72 cert=zJVQ+C2X5SndHqKgsYqT4vOexUqg4zFpyBwdtmKLM7CU6ceDFQk6uijsC1FCIFrCblFBAw iat-mode=0

    ...replacing these bridges with the ones you got. Each Bridge line should be "Bridge" followed by one of the lines of bridge data you got in step 2.

  7. Restart the tor service.