Awesome

Oregano

MITM proxy for Tor, with GnuTLS's length hiding capability.

Capabilities

Designed as a research software, Oregano has more uses than research:

• Make your Tor research pleasant

  Inject, drop or tamper with any cells between a client and its guard. Currently this is poorly documented, but it is always easier to hack 2000 lines of Python code than the whole Tor daemon.

• Turn anything with an open ORPort into a bridge

  Whether it is a relay, a bridge or another MITM box, use Oregano to proxy its ORPort and use it as a bridge.

• Tease the vanilla Tor daemon

  Combining the two points above, Oregano can create impossible conditions. Make malformed cells and try to find bugs in the original Tor software. Or wrap the only middle node in a chutney network as a bridge and watch Tor's path selection code go crazy.

• Fight against flow analysis

  With GnuTLS's length hiding APIs, you can hide your flow characteristics in extra padding.

• Go through your corporate firewall, or even GFW

  Even if your working place has a sophisticated Israeli firewall specially tuned for detecting Tor traffic, GnuTLS's length hiding capability and Oregano's ability to inject anything into a link help you sneak through it. See PIPIResistanceHandler for an example.

Installation

Make sure Python 2.7 is installed. Download a Windows release or manually install dependencies. That's all.

Usage

Edit configuration.py under directory oregano for configuration and run module oregano.proxy.

python -m oregano.proxy

Then set UseBridges or use a Tor controller to instruct a Tor client to connect to the listening interface. Or play around with ARP spoofing and redirect someone's bridge connection. Or whatever.

UseBridges 1
Bridge 127.0.0.1:40056

Dependencies

• Python 2.7
• GnuTLS
• python-gnutls
• cryptography
• PySocks (only needed when proxy is set)

Security

This normally compromises anonymity by creating a bunch of side channels. However, given its TLS link manipulation nature, sometimes this might also help you.