Shapeshifter Dispatcher converts Pluggable Transports that implement the Go API from the Pluggable Transports 2.1 specification into proxies usable by applications. Several proxy modes are provided, including proxying of both TCP and UDP traffic.

Home Page: https://OperatorFoundation.org/

License: MIT License

Go 66.89% Shell 33.11%

censorship-circumvention anticensorship internet-freedom pluggable-transports golang

shapeshifter-dispatcher's Introduction

The Operator Foundation

Operator makes useable tools to help people around the world with censorship, security, and privacy.

Shapeshifter

The Shapeshifter project provides network protocol shapeshifting technology (also sometimes referred to as obfuscation). The purpose of this technology is to change the characteristics of network traffic so that it is not identified and subsequently blocked by network filtering devices.

There are two components to Shapeshifter: transports and the dispatcher. Each transport provide different approach to shapeshifting. These transports are provided as a Go library which can be integrated directly into applications. The dispatcher is a command line tool which provides a proxy that wraps the transport library. It has several different proxy modes and can proxy both TCP and UDP traffic.

If you are a tool developer working in the Go programming language, then you probably want to use the transports library directly in your application. https://github.com/OperatorFoundation/shapeshifter-transports

If you want an end user that is trying to circumvent filtering on your network, or you are a developer that wants to add pluggable transports to an existing tool that is not written in the Go programming language, then you probably want the dispatcher. Please note that familiarity with executing programs on the command line is necessary to use this tool. https://github.com/OperatorFoundation/shapeshifter-dispatcher

If you are looking for a complete, easy-to-use VPN that incorporates shapeshifting technology and has a graphical user interface, consider Moonbounce, an application for macOS which incorporates shapeshifting without the need to write code or use the command line.

Shapeshifter Dispatcher

This is the repository for the shapeshifter-dispatcher command line proxy tool. If you are looking for the transports is provides, they are here: https://github.com/OperatorFoundation/shapeshifter-transports

The purpose of the dispatcher is to provide different proxy interfaces to using transports. Through the use of these proxies, application traffic can be sent over the network in a shapeshifted form that bypasses network filtering, allowing the application to work on networks where it would otherwise be blocked or heavily throttled.

The dispatcher currently supports the following proxy modes:

SOCKS5 (with optional PT 2.0 authentication protocol)
Transparent TCP
Transparent UDP
STUN UDP

The transports used by shapeshifter-dispatcher follow the Go Transport API in the Pluggable Transports Specification v3.0.
The dispatcher currently supports the following transports:

Replicant
Optimizer
shadow (Shadowsocks)

Note: obs4 is no longer supported. We recommend using Shadow in it's place.

Installation

The dispatcher is written in the Go programming language. To compile it you need to install Go 1.17 or higher:

https://golang.org/doc/install

If you already have Go installed, make sure it is a compatible version:

go version

The version should be 1.17 or higher.

If you get the error "go: command not found", then trying exiting your terminal and starting a new one.

Get the git repository for shapeshifter-disptacher:

git clone https://github.com/OperatorFoundation/shapeshifter-dispatcher.git

Go into that directory and build the command line executable:

cd shapeshifter-dispatcher
go install

This will fetch the source code for shapeshifter-dispatcher, and all the dependencies, compile everything, and put the result in /bin/shapeshifter-dispatcher

You can find your GOPATH with:

go env GOPATH

Running

Use either -client or -server to place the proxy into client or server mode, respectively. Use -state to specify a directory to put transports state information. Use -transports to specify which transports to launch. Use -optionsFile to specify the directory where your config file is located

The default proxy mode is SOCKS5 (with optional PT 2.1 authentication protocol), which can only proxy SOCKS5-aware TCP connections. For some transports, the proxied connection will also need to know how to speak the PT 1.0 authentication protocol. This requirement varies by the transport used.

Another TCP proxy mode is available, Transparent TCP, by using the -transparent flag. In this mode, the proxy listens on a socket and any data from incoming connections is forwarded over the transport.

UDP proxying can be enabled with the -udp flag. The default UDP mode is STUN packet proxying. This requires that the application only send STUN packets, so works for protocols such as WebRTC, which are based on top of STUN.

Another UDP proxy mode is available, Transparent UDP, by using the -transparent flag with the -udp flag. In this mode, the proxy listens on a UDP socket and any incoming packets are forwarded over the transport.

Only one proxy mode can be used at a time.

Running with Replicant

Replicant is Operator's flagship transport which can be tuned for each adversary.

Here are example command lines to run the dispatcher with the Replicant transport:

Server

For this example to work, you need an application server running. You can use netcat to run a simple server on port 3333:

nc -l 3333

Now launch the transport server, telling it where to find the application server:

<GOPATH>/bin/shapeshifter-dispatcher -transparent -server -state state -target 127.0.0.1:3333 -transports Replicant -bindaddr Replicant-127.0.0.1:2222 -optionsFile ConfigFiles/ReplicantServerConfigV3.json -logLevel DEBUG -enableLogging

This runs the server in transparent TCP proxy mode. The directory "state" is used to hold transport state. The destination that the server will proxy to is 127.0.0.1, port 3333. The Replicant transport is enabled and bound to the address 127.0.0.1 and the port 2222. Logging is enabled and set to DEBUG level. To access the Log for debugging purposes, look at state/dispatcher.log

To use Replicant, a config file is needed. A sample config file, located in ConfigFiles/ReplicantServerConfigV3.json, is provided purely for educational purposes and should not be used in actual production.

Client

<GOPATH>/bin/shapeshifter-dispatcher -transparent -client -state state -transports Replicant -proxylistenaddr 127.0.0.1:1443 -optionsFile ConfigFiles/ReplicantClientConfigV3.json -logLevel DEBUG -enableLogging

This runs the client in transparent TCP proxy mode. The directory "state" is used to hold transport state. The address of the server is specified as 127.0.0.1, port 2222. This is the same address as was specified on the server command line above. For this demo to work, the dispatcher server needs to be running on this host and port. The Replicant transport is enabled and bound to the address 127.0.0.1 and the port 1443.

To use Replicant, a config file is needed. A sample config file, located in ConfigFiles/ReplicantClientConfigV3.json, is provided purely for educational purposes and should not be used in actual production.

Once the client is running, you can connect to the client address, which in this case is 127.0.0.1, port 1443. For instance, you can telnet to this address:

telnet 127.0.0.1 1443

Any bytes sent over this connection will be forwarded through the transport server to the application server, which in the case of this demo is a netcat server. You can also type bytes into the netcat server and they will appear on the telnet client, once again being routed over the transport.

Using Environment Variables

Using command line flags is convenient for testing. However, when launching the dispatcher automatically from inside of an application, another option is to use environment variables. Most of the functionality specified by command line flags can also be set using environment variables instead.

Running in SOCKS5 Mode

SOCKS5 mode is an older mode inherited from the PT1.0 specification and updated in PT2.0. Despite the name, SOCKS5 mode does not provide a SOCKS proxy for use with SOCKS clients such as Firefox. Rather it uses the SOCKS5 protocol as a way to communicate between a host application and Shapeshifter Dispatcher. The host application must be aware of the special semantics used by this mode. While it is possible to configure Shapeshifter Dispatcher to provide a traditional SOCKS proxy for use with SOCKS clients such as Firefox, that is not covered here.

SOCKS5 mode is not recommended for most users, use Transparent TCP mode instead.

Here are example command lines to run the dispatcher in SOCKS5 mode with the Replicant transport:

Server

For this example to work, you need an application server running. You can use netcat to run a simple server on port 3333:

nc -l 3333

Now launch the transport server, telling it where to find the application server:

<GOPATH>/bin/shapeshifter-dispatcher -server -state state -target 127.0.0.1:3333 -bindaddr shadow-127.0.0.1:2222 -transports shadow -optionsFile ConfigFiles/shadowServer.json -logLevel DEBUG -enableLogging

This runs the server in the default mode, which is SOCKS5 mode. The directory "state" is used to hold transport state. The destination that the server will proxy to is 127.0.0.1, port 3333. The Replicant transport is enabled and bound to the address 127.0.0.1 and the port 2222. Logging is enabled and set to DEBUG level. To access the Log for debugging purposes, look at state/dispatcher.log

To use Replicant, a config file is needed. A sample config file, ReplicantServerConfigV3.json, is provided purely for educational purposes and should not be used in actual production.

Client

<GOPATH>/bin/shapeshifter-dispatcher -client -state state -transports shadow -proxylistenaddr 127.0.0.1:1443 -optionsFile ConfigFiles/shadowClient.json -logLevel DEBUG -enableLogging

This runs the client in the default mode, which is SOCKS5 mode. The directory "state" is used to hold transport state. The Replicant transport is enabled and bound to the address 127.0.0.1 and the port 1443. Please note that you do not specify the server address with -target in SOCKS5 mode. This happens below, in the tsocks step.

To use Replicant, a config file is needed. A sample config file, ReplicantClientConfigV3.json, is provided purely for educational purposes and should not be used in actual production.

Once the client is running, you can connect to the client address, which in this case is 127.0.0.1, port 1443. You will need to use a SOCKS5 client. Normally, this would be a host application that you would write. For basic testing, you can install a tool such as tsocks.

For instance, on macOS, install tsocks:

brew tap Anakros/homebrew-tsocks
brew install --HEAD tsocks
nano /usr/local/etc/tsocks.conf

In your tsocks configuration file, add the following lines to tell it where to find the dispatcher client:

server = 127.0.0.1
server_port = 1443
server_type = 5

It is important to check to make sure that your tsocks configuration is correct. If you have the wrong server address or port, tsocks will connect you directly to the transport server and this will give confusing results.

Now you can use telnet to connect to the server and tsocks to route the traffic through SOCKS:

tsocks telnet 127.0.0.1 2222

It is important to note that the address and port you telnet to is the address of the transport server. This information is passed through the SOCKS5 protocol to the client by tsocks and it is how the client learns where the server is located.

At this point, you should have a normal connection through the transport to the application server. Any bytes sent over this connection will be forwarded through the transport server to the application server, which in the case of this demo is a netcat server. You can also type bytes into the netcat server and they will appear on the telnet client, once again being routed over the transport.

Please note that this is not an open SOCKS proxy that allows you to connect to any address on the Internet. You can only connect to the application server associated with the transport server. The SOCKS protocol is only used as a method of communication between a host application and the transport client. While we use tsocks as the host application for this explanation, normally the host application would be a custom application provided by you.

SOCKS5 mode is not recommended for most users, use Transparent TCP mode instead.

Config generator

To generate a new pair of configs for any of the supported transports, run the following command:

<GOPATH>/bin/shapeshifter-dispatcher -generateConfig -transport <transport name> -serverIP <serverIP:Port>

For Replicant, you can also add the flags -toneburst and/or -polish if you would like to enable the Starburst toneburst and the Darkstar polish respectively

Credits

shapeshifter-dispatcher is descended from the Tor project's "obfs4proxy" tool.

David Fifield for goptlib
Adam Langley for the Go Elligator implementation.
Philipp Winter for the ScrambleSuit protocol.
Shadowsocks was developed by the Shadowsocks team.

shapeshifter-dispatcher's People

Contributors

Stargazers

Watchers

shapeshifter-dispatcher's Issues

Inconsistent iat documentation and handling

The README.MD refers to the timing iat-mode=0 and as well iatMode When using iat-mode=0 at theclient you'll get: (obfs4 transport missing iatMode argument) The bridgeline that is produced by launching the server the first time will say iat-mode=0.

When looking at the v.2 spec you'll find 'iat-mode' in the appendix B, same for 2.1 draft. The GO Transports API and in the Dispatcher IPC Interface 2.1 draft you'll find both as well.

Received an error while attempting to accept a connection:clientConfirmationCode and server copy not equal

I recently updated from an old version of this program which was working fine using obfs4, but now so many things have changed and there is so little documentation I am completely lost. I didn't even know obfs4 is no longer supported and could not find any info on this except for a closed github issue.

Also, there seems to be no documentation on how to generate a config anymore. The only reference to using -generateConfig anywhere on the internet is in that same closed github issue on this repo. I'm probably just doing something wrong so please correct my commands as necessary.

Anyways, I tried to generate a config with:

shapeshifter-dispatcher -transport shadow -serverIP my.public.ip.here:443 -generateConfig

Which produces the two client/server json files. Also "my.public.ip.here" is indeed the external IP of my server, however it is NOT a local IP that's actually attached to an interface on the machine because this is a cloud VM, if that matters. The only local address is in a private range.

The server config:

{
  "serverAddress": "my.public.ip.here:443",
  "serverPrivateKey": "<redacted>",
  "cipherName": "darkstar",
  "transport": "Shadow",
  "logDir": null
}

I had to change "my.public.ip.here" in the server config to 0.0.0.0 in order to get the server to start. No idea if this is confusing anything. Also why is serverAddress and bindaddr needed? This doesn't make sense to me.

I start the server with:

shapeshifter-dispatcher -transparent -server -state state -target 127.0.0.1:22 -transport shadow -bindaddr shadow-0.0.0.0:443 -optionsFile ShadowServerConfig.json -logLevel DEBUG -enableLogging

The client config is:

{
  "serverAddress": "my.public.ip.here:443",
  "serverPublicKey": "<redacted>",
  "cipherName": "darkstar",
  "transport": "Shadow",
  "logDir": null
}

And I start the client with:

shapeshifter-dispatcher -transparent -client -state state -transports shadow -proxylistenaddr 127.0.0.1:8888 -optionsFile ShadowClientConfig.json -logLevel DEBUG -enableLogging

But then upon trying to telnet 127.0.0.1 8888 on the client, I look at the server and it has printed out:

shadow listening on 0.0.0.0:443
accepted
Received an error while attempting to accept a connection:clientConfirmationCode and server copy not equal

With nothing relevant in dispatcher.log on either side. The client side printed out this:

Dialing
--> Unable to dial transport server:  EOF
-> Name:  shadow
-> Options:  {
  "serverAddress": "my.public.ip.here:443",
  "serverPublicKey": "<redacted>",
  "cipherName": "darkstar",
  "transport": "Shadow",
  "logDir": null
}

Any idea what is going on? I've not been able to get any other similar program to work at all or even remotely gotten this close, so this is my last hope. Thanks

Problem with UDP transparent mode

Hello,
Thank you for providing shapeshifter.
It seems that with the current build UDP mode is not transparent at all:
Running the server:
./shapeshifter-dispatcher -transparent -udp -server -state state-server -orport 127.0.0.1:11940 -transports obfs2 -bindaddr obfs2-0.0.0.0:441
and the client (same machine):
./shapeshifter-dispatcher -transparent -udp -client -state state -transports obfs2 -target 10.1.1.130:441 -proxylistenaddr 127.0.0.1:11941
# nc -u 127.0.0.1 11941
1234
56789
(nc still open)
results in
root@pi4a:/home/pi/go/bin # nc -u -l -p 11940
56789
root@pi4a:/home/pi/go/bin #
(connection broken)
shapeshifter-dispatcher client output:

@@@ Listening obfs2 127.0.0.1:11941
@@@ handling...
Transport is obfs2
Received 1234
from 127.0.0.1:38638
map[]
Opening connection to 10.1.1.130:441
Making dialer...
recv: Open
Dialing....
Dialing 10.1.1.130:441
Success
Received 56789
from 127.0.0.1:38638
map[127.0.0.1:38638:{0x1916200 false}]
recv: write
writing...
6
[6 0]

shapeshifter-dispatcher server output:

ServerSetup
bindaddr {obfs2 0.0.0.0:441 map[]}
accepted
### handling obfs2
pumping
reading...
2
reading data
reading...
2
reading data
reading...
2
reading data
reading...
2

(and so on until connection breaks)
Same happens with obfs4.

go version 1.11.6 @ raspbian buster

Kind regards,
Chris

Cannot build shapeshifter-dispatcher

Hello, i`m trying build shapeshifter-dispatcher and it gives me error:

package github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/polish: cannot find package "github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/polish" in any of:
	/usr/local/go/src/github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/polish (from $GOROOT)
	/root/go/src/github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/polish (from $GOPATH)
package github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/toneburst: cannot find package "github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/toneburst" in any of:
	/usr/local/go/src/github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/toneburst (from $GOROOT)
	/root/go/src/github.com/OperatorFoundation/shapeshifter-transports/transports/replicant/toneburst (from $GOPATH)

Everything was fine for a week ago, and yours last commits give an error, please check this.

Unable to build on any platform, Ubuntu 15/18 Centos 6

Tried with different versions of go, including the latest.

go get -u github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher
# github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5/pt_socks5.go:116:10: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5/pt_socks5.go:123:13: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5/pt_socks5.go:201:11: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5/pt_socks5.go:208:14: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
# github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:102:10: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:109:13: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:126:12: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:194:11: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:197:11: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:215:11: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
# github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_udp
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_udp/transparent_udp.go:188:10: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_udp/transparent_udp.go:195:13: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_udp/transparent_udp.go:249:11: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_udp/transparent_udp.go:256:14: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
# github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp/stun_udp.go:177:5: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp/stun_udp.go:184:8: cannot use transport.Dial (type func(string) base.TransportConn) as type func(string) net.Conn in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp/stun_udp.go:237:10: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment
go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp/stun_udp.go:244:13: cannot use transport.Listen (type func(string) base.TransportListener) as type func(string) net.Listener in assignment

go install failing due to go.mod version mismatch?

Is there any other way to install this via go install? (I'm on macOS 13.2.1 + go1.20.2 darwin/arm64)

I found golang/go#35732 which seems to be related, but I'm not clear what needs to be changed to "fix" it.

$ go install github.com/OperatorFoundation/[email protected]
go: github.com/OperatorFoundation/[email protected]: github.com/OperatorFoundation/[email protected]: invalid version: module contains a go.mod file, so module path must match major version ("github.com/OperatorFoundation/shapeshifter-dispatcher/v3")

$ go install github.com/OperatorFoundation/shapeshifter-dispatcher@latest
go: downloading github.com/OperatorFoundation/shapeshifter-dispatcher v2.1.5+incompatible
go: github.com/OperatorFoundation/shapeshifter-dispatcher@latest: module github.com/OperatorFoundation/shapeshifter-dispatcher@latest found (v2.1.5+incompatible), but does not contain package github.com/OperatorFoundation/shapeshifter-dispatcher

[ERROR]: obfs4 transport missing cert argument: map[]

I posted the same question on stack exchange, but maybe here is a better place as it seems to me as a bug.
If I launch the dispatcher with the following command:
shapeshifter-dispatcher -server -transparent -ptversion 2 -transports obfs4 --udp -state state -bindaddr obfs4-192.168.1.74:500 -orport 127.0.0.1:1194 --enableLogging -logLevel DEBUG
I get the following output:

launching
obfs4-192.168.1.74:500
Error resolving Extended OR address  missing port in address
ServerSetup obfs4-192.168.1.74:500 {[{obfs4 192.168.1.74:500 map[]}] 127.0.0.1:1194 <nil> }
bindaddr {obfs4 192.168.1.74:500 map[]}
launched false []

And the following log:

2017/04/15 13:03:57 [NOTICE]: dispatcher-0.0.7-dev - launched
2017/04/15 13:03:57 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2017/04/15 13:03:57 [INFO]: shapeshifter-dispatcher - initializing UDP transparent proxy
2017/04/15 13:03:57 [INFO]: shapeshifter-dispatcher - initializing server transport listeners
2017/04/15 13:03:57 [ERROR]: obfs4 transport missing cert argument: map[]

Strangely, using obfs2 protocol it works fine instead.
Let me know if/how I can help.

shapeshifter-dispatcher fails to compile: addInstance.Bytes undefined

It seems that the master of the repo is failing to compile:

shapeshifter-dispatcher/shapeshifter-dispatcher❯ go build
# github.com/OperatorFoundation/shapeshifter-transports/transports/Replicant/toneburst
../../shapeshifter-transports/transports/Replicant/toneburst/monotone.go:34:26: addInstance.Bytes undefined (type monolith.Instance has no field or method Bytes)
../../shapeshifter-transports/transports/Replicant/toneburst/monotone.go:71:43: addInstance.Bytes undefined (type monolith.Instance has no field or method Bytes)

Is it possible that this Bytes function was not commited?

Obfs4 Connection to OpenVPN Failed

I've been testing Shapeshifter-dispatcher with OpenVPN using obfs2 on a Ubuntu 16.04 server for a couple of months now. It works really good but obfs2 can be passively blocked easily. So I try to set it up with obfs4 following the latest instruction. Unfortunately the connection fails, probably on the client side. Also it's unable to generate any log file so I'm unable to check what went wrong.

Followings are the command lines I use that launch the client and server successfully.

Server :
bin/shapeshifter-dispatcher --server --transparent --ptversion 2 --state state --orport 127.0.0.1:1194 --transports obfs4 --bindaddr obfs4-MyServerIP:2222 --logLevel DEBUG --enableLogging

Client:
-client -transparent -ptversion 2 -state state -target MyServerIP:2222 -transports obfs4 -bindaddr obfs4-127.0.0.1:1194 -options '{"cert": "CMYgNUg4IUb9tZmF9D3RbKH6cT1w07lAqocuhIN7tzxWiAdgvdqMq4d6BftKf5eRtM8OBg", "iatMode": "0"}' -logLevel DEBUG -enableLogging

Connection initiated by OpenVPN:
remote 127.0.0.1
port 1234

This is the log of OpenVPN client:

Mon Aug 07 16:43:45 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Mon Aug 07 16:43:45 2017 Windows version 6.1 (Windows 7) 64bit
Mon Aug 07 16:43:45 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Enter Management Password:
Mon Aug 07 16:43:45 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Aug 07 16:43:45 2017 Need hold release from management interface, waiting...
Mon Aug 07 16:43:45 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Aug 07 16:43:45 2017 MANAGEMENT: CMD 'state on'
Mon Aug 07 16:43:45 2017 MANAGEMENT: CMD 'log all on'
Mon Aug 07 16:43:45 2017 MANAGEMENT: CMD 'hold off'
Mon Aug 07 16:43:45 2017 MANAGEMENT: CMD 'hold release'
Mon Aug 07 16:43:45 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 07 16:43:45 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Aug 07 16:43:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1234
Mon Aug 07 16:43:45 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Aug 07 16:43:45 2017 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1234 [nonblock]
Mon Aug 07 16:43:45 2017 MANAGEMENT: >STATE:1502120625,TCP_CONNECT,,,,,,
Mon Aug 07 16:43:45 2017 TCP connection established with [AF_INET]127.0.0.1:1234
Mon Aug 07 16:43:45 2017 TCP_CLIENT link local: (not bound)
Mon Aug 07 16:43:45 2017 TCP_CLIENT link remote: [AF_INET]127.0.0.1:1234
Mon Aug 07 16:43:45 2017 MANAGEMENT: >STATE:1502120625,WAIT,,,,,,
Mon Aug 07 16:43:45 2017 Connection reset, restarting [-1]
Mon Aug 07 16:43:45 2017 SIGUSR1[soft,connection-reset] received, process restarting
Mon Aug 07 16:43:45 2017 MANAGEMENT: >STATE:1502120625,RECONNECTING,connection-reset,,,,,
Mon Aug 07 16:43:45 2017 Restart pause, 5 second(s)
Mon Aug 07 16:43:50 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]127.0.0.1:1234
Mon Aug 07 16:43:50 2017 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Aug 07 16:43:50 2017 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1234 [nonblock]
Mon Aug 07 16:43:50 2017 MANAGEMENT: >STATE:1502120630,TCP_CONNECT,,,,,,
Mon Aug 07 16:43:54 2017 SIGTERM[hard,init_instance] received, process exiting
Mon Aug 07 16:43:54 2017 MANAGEMENT: >STATE:1502120634,EXITING,init_instance,,,,,

What have I done wrong or anything I've missed? Thank you for any help.

port definition in parameter -bindaddr not working

Action:
bin/shapeshifter-dispatcher -client -transparent -ptversion 2 -transports obfs2 -state state -target 192.168.178.46:2222 -bindaddr obfs2-127.0.0.1:56789 -logLevel DEBUG -enableLogging &

Expected result:
shapeshifter listens on port 56789

Observed behavior: listener port 1234 is always used, no matter what is given with -bindaddr -:
$ netstat -tlnp
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN -

does DEBUG logging work for anyone?

Hi,

I set up the shapeshifter-dispatcher with obfs4 which causes me a lot of headaches, since the order of arguments is extremely important and needs to be completely different then in the example given.
However, after having it up and running with the -enableLogging and -logLevel DEBUG, the only log I get is located in the file dispatcher.log. But with very limited information. e.g. the only info I get, is that the proxy is listening and in case there is a connection, it says "new connection".
Is there any chance to get a more detailed debug-like output from shapeshifter?

Best

shapeshifter-dispatcher does not open any port on debian 11 server

i have a openvpn tcp 1194 with open port.
i did run below command on my server and nothig happend!
./go/bin/shapeshifter-dispatcher -transparent -server -state state -target 127.0.0.1:1194 -transport obfs4 -bindaddr obfs4-127.0.0.1:21194 -optionsFile ~/obfs4.json -logLevel DEBUG -enableLogging

my client command :
shapeshifter-dispatcher64.exe -transparent -client -state state -target my_server_ip:21194 -transports obfs4 -proxylistenaddr 127.0.0.1:999 -optionsFile obfs4.json -logLevel DEBUG -enableLogging

dispatcher.log:
[INFO] 2023/01/04 10:17 initializing transparent proxy
[INFO] 2023/01/04 10:17 initializing TCP transparent proxy
[INFO] 2023/01/04 10:17 dispatcher-0.0.7-dev - launched
[INFO] 2023/01/04 10:17 initializing server transport listeners
[INFO] 2023/01/04 10:17 shapeshifter-dispatcher - initializing transparentTCP server transport listeners

i did check the process and port with this command but:
netstat -lntp | grep 21194 -> show nothing
ps aux | grep shapshifter-dispatcher -> show nothing

my obfs4.json which is my config file:
{"cert": "PS9KSAXHMukTqFOrWcYHlil6z/gf6IZI4KtObc3TRKN3MltOIan5RZbkjCoqsA3lyB9XOQ", "iat-mode": "0"}

can you please tell me how can i open a openvpn connection with shapshifter?

Consider tagging releases

The more activity, the higher the probability that something breaks. I'd like to be able to fetch the latest stable version and use that. When there are security updates or bug fixes, I'd like to be upgrade, without breaking changes like iat-mode vs iatmode, or if using a method that gets removed, it's great to know about that.

Thanks for considering!

-transparent -udp option not working? binding to TCP port instead

Question: Is -transparent -udp working as of 1/2020? I've tried everything and no matter what, the server always binds to a tcp port instead of udp.

some version info:
macOS 10.15.2
go 1.13.5
shapeshifter-dispatcher 0.0.7

this is in reference to #6 (comment) (which is a closed issue)

Segmentation Fault on Kubuntu

sudo ~/go/bin/shapeshifter-dispatcher -transparent -client -state state -target (removed):2222 -transports obfs4 -proxylistenaddr 127.0.0.1:1443 -options '{"cert": "(removed)", "iat-mode": "0"}' 
-logLevel DEBUG -enableLogging

[sudo] password for (removed): 
checking for optionsFile

Dialing  (removed):2222
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x48fe91]

goroutine 5 [running]:
io.copyBuffer(0x826020, 0xc000022020, 0x0, 0x0, 0xc00014c000, 0x8000, 0x8000, 0xc000038678, 0x40a1b6, 0xaa44f8)
        /usr/lib/go-1.12/src/io/io.go:402 +0x101
io.Copy(...)
        /usr/lib/go-1.12/src/io/io.go:364
net.genericReadFrom(...)
        /usr/lib/go-1.12/src/net/net.go:614
net.(*TCPConn).readFrom(0xc000092050, 0x0, 0x0, 0xc0000386a8, 0x40b21a, 0x756f60)
        /usr/lib/go-1.12/src/net/tcpsock_posix.go:54 +0x13d
net.(*TCPConn).ReadFrom(0xc000092050, 0x0, 0x0, 0x7f4a00531008, 0xc000092050, 0x1)
        /usr/lib/go-1.12/src/net/tcpsock.go:103 +0x4e
io.copyBuffer(0x8256a0, 0xc000092050, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /usr/lib/go-1.12/src/io/io.go:388 +0x2fc
io.Copy(...)
        /usr/lib/go-1.12/src/io/io.go:364
github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp.copyLoop.func2(0xc0000180b0, 0x82e6c0, 0xc000092050, 0x0, 0x0, 0xc000060060)
        /home/(removed)/go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:328 +0xf9
created by github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp.copyLoop
        /home/(removed)/go/src/github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:326 +0x124

Support hostnames when specifying hosts

I would like to leverage hostname resolution to not have to write IP by hand in the command invocation.

At the moment doing this,

any service on port 3333:

docker run --rm -p 3333:8000 jwilder/whoami
Listening on :8000

server:

shapeshifter-dispatcher --server --state state_srv -transparent --transports obfs4 --orport 127.0.0.1:3333 --bindaddr obfs4-127.0.0.1:2222 -logLevel DEBUG -enableLogging

client:

shapeshifter-dispatcher --client --state state_cli -transparent -target 127.0.0.1:2222 -transports obfs4 -proxylistenaddr localhost:9443 -logLevel DEBUG -enableLogging -optionsFile obfs4.json

Testing tunnel:

curl localhost:9443
I'm da23b149f740

So it works, but replacing 127.0.0.1 with localhost breaks tunnelling in many parts.

Is there a single point where this could be added? I could provide a PR

UDP mode can not work

When i execute this command：
shapeshifter-dispatcher -server -transparent -transports obfs4 -udp -state /root/data/shapeshifter-dispatcher -enableLogging -logLevel DEBUG -bindaddr obfs4-0.0.0.0:1194 -orport 127.0.0.1:11940

An error occurred：
[ERROR]: obfs4 transport missing cert argument: map[]

The server did not run successfully, then I can not get the certificate.

[bug] meekserver and meeklite transport error

Description

The meeklite (also meekserver) transport cannot be used due to errors in either parsing command or the JSON file. Other transports (e.g. obfs4) are fine.

Sorry for my poor knowledge in Go in advance.

Platform

Debian 11 for amd64 CPUs.

Error reproduction

When the meek.json file is structured like this: {"meek":{"url":"https://entry.example.org/","front":"192.168.0.101"}}, running command ends up outputting errors like these:

user@term $ ./shapeshifter-dispatcher \
-mode transparent-TCP -server -state state \
-orport 127.0.0.1:80 -transport meekserver \
-optionsFile meek.json -bindaddr meekserver-127.0.0.1:4443 \
-enableLogging -logLevel debug -ipcLogLevel DEBUG

checking for optionsFile
LOG INFO initializing server transport listeners
LOG INFO shapeshifter-dispatcher - initializing server transport listeners
LOG ERROR Error resolving Extended OR address "missing port in address"

user@term $ ./shapeshifter-dispatcher \
-mode transparent-TCP -client -state state \
-target 127.0.0.1:80 -transport meeklite \
-optionsFile meek.json -proxylistenaddr 127.0.0.1:4443 \
-enableLogging -logLevel debug -ipcLogLevel DEBUG

checking for optionsFile
LOG INFO shapeshifter-dispatcher - initializing client transport listeners
LOG INFO meeklite - registered listener: 127.0.0.1:4443
LOG INFO shapeshifter-dispatcher - accepting connections
Dialing  127.0.0.1:80
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x54a76a]

goroutine 5 [running]:
net/url.(*URL).String(0x0, 0x0, 0x16)
	/usr/lib/go-1.15/src/net/url/url.go:813 +0x4a
github.com/OperatorFoundation/shapeshifter-transports/transports/meeklite/v2.Transport.Dial(0x0, 0x0, 0x0, 0x7ffd5903105a, 0xc, 0x927120, 0xbbacf0, 0xc000182410, 0xc0000282c0, 0x16, ...)
	~/go/pkg/mod/github.com/!operator!foundation/shapeshifter-transports/transports/meeklite/[email protected]/meeklite.go:140 +0x2f
github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp.clientHandler(0x7ffe1855e05a, 0xc, 0x7ffe1855e072, 0x8, 0xc000130000, 0x46, 0x9326a0, 0xc000010010, 0x0)
	../shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:85 +0x1ac
created by github.com/OperatorFoundation/shapeshifter-dispatcher/modes.clientAcceptLoop
	../shapeshifter-dispatcher/modes/tcp_common.go:73 +0x2d4

When the meek.json file is structured like this: {"url":"https://entry.example.org/","front":"192.168.0.101"}, running command ends up outputting errors like these:

user@term $ ./shapeshifter-dispatcher \
-mode transparent-TCP -server -state state \
-orport 127.0.0.1:80 -transport meekserver \
-optionsFile meek.json -bindaddr meekserver-127.0.0.1:4443 \
-enableLogging -logLevel debug -ipcLogLevel DEBUG

checking for optionsFile
LOG INFO initializing server transport listeners
LOG INFO shapeshifter-dispatcher - initializing server transport listeners
LOG ERROR Error parsing options map "{\"url\":\"https://entry.example.org/\",\"front\":\"192.168.0.101\"}" "json: cannot unmarshal string into Go value of type map[string]interface {}"
LOG ERROR TOR_PT_SERVER_TRANSPORT_OPTIONS: "{\"url\":\"https://entry.example.org/\",\"front\":\"192.168.0.101\"}": json: cannot unmarshal string into Go value of type map[string]interface {}
LOG ERROR Error parsing bindaddrs "meekserver-127.0.0.1:4443" "{\"url\":\"https://entry.example.org/\",\"front\":\"192.168.0.101\"}" "meekserver"

user@term $ ./shapeshifter-dispatcher \
-mode transparent-TCP -client -state state \
-target 127.0.0.1:80 -transport meeklite \
-proxylistenaddr 127.0.0.1:4443 -optionsFile meek.json \
-enableLogging -logLevel debug -ipcLogLevel DEBUG

checking for optionsFile
LOG INFO shapeshifter-dispatcher - initializing client transport listeners
LOG INFO meeklite - registered listener: 127.0.0.1:4443
LOG INFO shapeshifter-dispatcher - accepting connections
LOG ERROR Could not parse options meeklite options json decoding error
-> Error creating a transport with the provided options:  {"url":"https://entry.example.org/","front":"192.168.0.101"}
-> Error:  meeklite options json decoding error
LOG ERROR Could not parse options meeklite options json decoding error
-> Error creating a transport with the provided options:  {"url":"https://entry.example.org/","front":"192.168.0.101"}
-> Error:  meeklite options json decoding error

CopyServerToClient received an error: read: i/o timeout

hi i have a problem .
i run the server on ubuntu 20.04 and client on windows
i put the default config files but the connection can not hold for longer than couple of minutes

logs on windows client

shapeshifter-dispatcher.exe -transparent -client -state state -transports Replicant -proxylistenaddr 127.0.0.1:1443 -optionsFile ConfigFiles\ReplicantClientConfigV3.json -logLevel DEBUG -enableLogging
Dialing
!! CopyClientToServer received an error from io.Copy:
(0x80fa20,0xc00004fae0)
%s(%s) - closed connection Replicant
Dialing

!! CopyServerToClient received an error: read: i/o timeout

logs on ubuntu server :

./shapeshifter-dispatcher -transparent -server -state state -target 127.0.0.1:3333 -transports Replicant -bindaddr Replicant-SERVER_IP:2222 -optionsFile ~/shapeshifter-dispatcher/ConfigFiles/ReplicantServerConfigV3.json -logLevel DEBUG -enableLogging
Replicant listening on SERVER_IP:2222
accepted
failed to connect to ORPort: dial: connect: connection refused
accepted

!! CopyServerToClient received an error: read: i/o timeout

i had other errors too : failed to connect to ORPort: dial: connect: connection timed out
any one know why this happening ?

Who?

WHO WOULD WRITE A SOFTWARE THAT IS SUPPOSED TO HELP WITH BYPASSING CENSORSHIP IN A LANGUAGE THAT IS ALSO BLOCKED IN THOSE COUNTRIES THAT HAVE CENSORSHIP? WHO?

obfs4 transport not working

While trying the obfs4 examples given in the readme it seems it is not working at all. Using obfs2 works nevertheless with the exact same setup. I'm giving as much details as possible. Any help is appreciated.

Server
docker container (golang:1.9.0-alpine3.6) called with --net=host parameter
shapeshifter-dispatcher installed via
go get -u github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher

starting shapeshifter-dispatcher

/go # bin/shapeshifter-dispatcher -server -transparent -ptversion 2  -transports obfs4 -state state -bindaddr 
obfs4-192.168.178.46:2222 -orport 127.0.0.1:56789 -logLevel DEBUG -enableLogging &

check if server is up and running

/go # ps -a
PID   USER     TIME   COMMAND
    1 root       0:00 /bin/sh
    8 root       0:00 bin/shapeshifter-dispatcher -server -transparent -ptversion 2 -transports obfs4 -state 
   17 root       0:00 ps -a

get obfs4 fingerprint

/go # cat state/obfs4_bridgeline.txt
# obfs4 torrc client bridge line
#
# This file is an automatically generated bridge line based on
# the current obfs4proxy configuration.  EDITING IT WILL HAVE
# NO EFFECT.
#
# Before distributing this Bridge, edit the placeholder fields
# to contain the actual values:
#  <IP ADDRESS>  - The public IP address of your obfs4 bridge.
#  <PORT>        - The TCP/IP port of your obfs4 bridge.
#  <FINGERPRINT> - The bridge's fingerprint.

Bridge obfs4 <IP ADDRESS>:<PORT> <FINGERPRINT> cert=XWTHaCmZY+oRTCF2M9NH1DaV0jDCH7VExBcMCDiHklibZy1uI7udv1BxRNaDjpseAlauYg iat-mode=0

see logfile

/go # tail -f state/dispatcher.log 
2017/09/10 18:07:11 [NOTICE]: dispatcher-0.0.7-dev - launched
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing TCP transparent proxy
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - initializing server transport listeners
2017/09/10 18:07:11 [INFO]: obfs4 - registered listener: [scrubbed]:2222
2017/09/10 18:07:11 [INFO]: shapeshifter-dispatcher - accepting connections

starting service

~$ nc -l 56789

server seems ok so far

client
same docker image, also --net=host
starting client

/go # bin/shapeshifter-dispatcher -client -transparent -ptversion 2 -transports obfs4 -state state -targ
et 192.168.178.46:2222 -bindaddr obfs4-127.0.0.1:56789 -options '{"cert": "XWTHaCmZY+oRTCF2M9NH1DaV0jDCH
7VExBcMCDiHklibZy1uI7udv1BxRNaDjpseAlauYg", "iatMode": "0"}' -logLevel DEBUG -enableLogging &

check if client is up and running (line pid 7 is not shown completely)

/go # ps 
PID   USER     TIME   COMMAND
    1 root       0:00 /bin/sh
    7 root       0:00 bin/shapeshifter-dispatcher -client -transparent -ptversion 2 -transports obfs4 -
   16 root       0:00 ps

check log

/go # tail -f state/dispatcher.log 
2017/09/10 20:12:32 [NOTICE]: dispatcher-0.0.7-dev - launched
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing TCP transparent proxy
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - initializing client transport listeners
2017/09/10 20:12:32 [INFO]: obfs4 - registered listener: 127.0.0.1:1234
2017/09/10 20:12:32 [INFO]: shapeshifter-dispatcher - accepting connections

starting telnet session

~$ sudo telnet -d 127.0.0.1 1234
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
hello
Connection closed by foreign host.

nothing transmitted, client disconnect after 60s
wiresharks says:

No.     Time           Source                Destination           Protocol Length Info
     11 8.449304507    192.168.178.52        192.168.178.46        TCP      74     59760 → 2222 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=3282414542 TSecr=0 WS=128
     12 8.452015296    192.168.178.46        192.168.178.52        TCP      74     2222 → 59760 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=840082 TSecr=3282414542 WS=128
     13 8.452069965    192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=3282414543 TSecr=840082
     14 8.452561822    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=1 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     15 8.452573867    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=1449 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     16 8.452575386    192.168.178.52        192.168.178.46        TCP      1514   59760 → 2222 [ACK] Seq=2897 Ack=1 Win=29312 Len=1448 TSval=3282414543 TSecr=840082
     17 8.452576979    192.168.178.52        192.168.178.46        TCP      851    59760 → 2222 [PSH, ACK] Seq=4345 Ack=1 Win=29312 Len=785 TSval=3282414543 TSecr=840082
     18 8.501375531    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=1449 Win=31872 Len=0 TSval=840086 TSecr=3282414543
     19 8.501928051    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=2897 Win=34816 Len=0 TSval=840090 TSecr=3282414543
     20 8.501971439    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=4345 Win=37760 Len=0 TSval=840093 TSecr=3282414543
     21 8.501982973    192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [ACK] Seq=1 Ack=5130 Win=40576 Len=0 TSval=840095 TSecr=3282414543
     55 68.452672073   192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [FIN, ACK] Seq=5130 Ack=1 Win=29312 Len=0 TSval=3282429543 TSecr=840095
     56 68.455940424   192.168.178.46        192.168.178.52        TCP      66     2222 → 59760 [FIN, ACK] Seq=1 Ack=5131 Win=40576 Len=0 TSval=855083 TSecr=3282429543
     57 68.455972308   192.168.178.52        192.168.178.46        TCP      66     59760 → 2222 [ACK] Seq=5131 Ack=2 Win=29312 Len=0 TSval=3282429544 TSecr=855083

-bindaddr not respected for client / README Issue

When using -bindaddr for the client as shown in the README, it does not get respected and the proxy gets bound to a random port.

Steps to reproduce:

shapeshift/client » shapeshifter-dispatcher \                                
-transparent \
-client \
-state state \
-target 127.0.0.1:2222  \
-transports obfs4 \
-bindaddr obfs4-127.0.0.1:443 \
-options '{"cert": "REMOVED", "iatMode": "0"}' -logLevel DEBUG -enableLogging

which results in the following log entry:

client/state » more dispatcher.log
2018/10/24 13:36:57 [NOTICE]: dispatcher-0.0.7-dev - launched
2018/10/24 13:36:57 [INFO]: shapeshifter-dispatcher - initializing transparent proxy
2018/10/24 13:36:57 [INFO]: shapeshifter-dispatcher - initializing TCP transparent proxy
2018/10/24 13:36:57 [INFO]: shapeshifter-dispatcher - initializing client transport listeners
2018/10/24 13:36:57 [INFO]: obfs4 - registered listener: 127.0.0.1:43331
2018/10/24 13:36:57 [INFO]: shapeshifter-dispatcher - accepting connections

The log says it got bound to port 43331 instead, which correct:

client/state » telnet 127.0.0.1 443
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

client/state » telnet 127.0.0.1 43331                                               
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

For the server mode it works though.

According to #3 this behaviour seems to be expected, but if it is so, the README needs to be adapted.

It states

bin/shapeshifter-dispatcher -transparent -client -state state -target 127.0.0.1:2222 -transports obfs4 -bindaddr obfs4-127.0.0.1:443 -options '{"cert": "OfQAPDamjsRO90fDGlnZR5RNG659FZqUKUwxUHcaK7jIbERvNU8+EVF6rmdlvS69jVYrKw", "iatMode": "0"}' -logLevel DEBUG -enableLogging

which seems to use -bindaddr on the client.

Useful information:

$ uname -a
Linux hostname 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

$ go version                                                                                                                                                                             
go version go1.11 linux/amd64

$ shapeshifter-dispatcher -version
dispatcher-0.0.7-dev

$ cd ~/go/src/github.com/OperatorFoundation/shapeshifter-dispatcher
$ git show HEAD
commit f95b28c267640a039c8968e105bf62b203fa8978 (HEAD -> master, origin/master, origin/HEAD)
Author: Dr. Brandon Wiley <[email protected]>
Date:   Mon Oct 15 23:57:17 2018 -0500

    Updated version numbers and links

Should shapeshifter-dispatcher have a CI?

Now and then there are commits that leave shapeshifter-dispatcher in a status that doesn't compile. Maybe we can notice that faster if there was a CI that just compile the code.

A common CI used in github projects is travis, that will require to activate the repo in travis and to add a .travis.yml in the root of the repo with something like:

language: go

I'm happy to provide a pull-req with a .travis.yml, but someone with rights on the repo should activate it.

Error: module declares its path as: monolith, but was required as: monolith-go/monolith

~$ go get -v github.com/OperatorFoundation/shapeshifter-dispatcher/[email protected]
go: finding github.com 3.0.0
go: finding github.com/OperatorFoundation/shapeshifter-dispatcher 3.0.0
go: finding github.com/OperatorFoundation 3.0.0
go: finding github.com/OperatorFoundation/obfs4 latest
go: finding github.com/willscott/goturn latest
go: finding github.com/OperatorFoundation/shapeshifter-ipc latest
go: finding github.com/OperatorFoundation/shapeshifter-transports latest
go: finding golang.org/x/net latest
go: finding github.com/mufti1/interconv latest
go: finding github.com/blanu/Dust latest
go: finding github.com/shadowsocks/shadowsocks-go latest
go: finding github.com/OperatorFoundation/monolith-go latest
go: finding github.com/OperatorFoundation/monolith-go/monolith latest
go: finding github.com/agl/ed25519 latest
go: github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher imports
	github.com/OperatorFoundation/shapeshifter-dispatcher/modes/pt_socks5 imports
	github.com/OperatorFoundation/shapeshifter-transports/transports/Replicant imports
	github.com/OperatorFoundation/monolith-go/monolith: github.com/OperatorFoundation/monolith-go/[email protected]: parsing go.mod:
	module declares its path as: monolith
	        but was required as: github.com/OperatorFoundation/monolith-go/monolith

Client listening port can not be modified

How to specify the client listening port, the client listening port can not be modified, always 1234.

Decide if this project should be the one to help PT get off the island

This project implements Pluggable Transport Specification - Dispatcher IPC Interface

However, the majority of users that use circumvention today do not run a few specific circumvention applications like Tor browser to access New York Times. Instead, they run general purpose proxies or tunnels that work with their existing applications to access the content. One can argue that the end users appreciate the experience and journey of staying in the original apps. Regardless, supporting a new segment of audience – the end user – may not sound as ambitious as it appears, as the Dispatcher (specified by PT3.0) is already an application that can run on both client and server sides. For example, an end user can set up dispatcher transparent TCP mode, and let another application like SSH to run through it. The user can even run sshuttle through dispatcher transparent TCP mode to establish a simple VPN in a few commands.

However, what's missing are:

Support general SOCKS5. The dispatch currently supports a specific use case of SOCKS5 for PT aware applications. Once we support SOCKS5 for general purpose, we can reach much larger audience (and getting much more open source community contribution). This feature can also improve developer onboarding experience, as it can offer a faster way for the developer to get things started.
A shorter name. If we support end users, this tool probably will end up as a top 3 tool that the user needs in their daily life in the certain countries. Running shapeshifter-dispatcher command frequently isn't convenient. I'd recommend we drop it to 3 letters, for example ptd, standards for Pluggable Transport Dispatcher.

What we need in this issue is the decision for the direction? Below are possible options:

Keep what this project is, and keep it close to the specification. Other project can folk this project for inspiration.
Keep the small scope, but are open to refactoring, so this project can be a building block for other projects. Other project can import/extend this project.
Keep backward compatibility as top priority but open for new feature requests mentioned above.
Free to pivot. If we can show the value to end users, why not? backward compatibility is not a must, but a wish.

Command Error

When running the command given in the readme file it do nothing
go get -u github.com/OperatorFoundation/shapeshifter-dispatcher/shapeshifter-dispatcher
also when accessing the link
it return 404 page not found

How can I use on Android?

Can I use on Android?

Error building shapeshifter-dispatcher

In reference to issue #15 , I am also having this issue. Importing polish gives a 404 error. Looking through the directories locally, a listing shows:

/src/github.com/OperatorFoundation/shapeshifter-transports/transports/Replicant/polish#
total 16
-rw-rw-r-- 1 user user 84 Oct 2 23:30 config.go
-rw-rw-r-- 1 user user 1398 Oct 2 23:30 polish.go
-rw-rw-r-- 1 user user 6832 Oct 2 23:30 silver.go

I've tried building on Debian 10 and Ubuntu 18.04

slice bounds out of range [:16] with capacity 0

When I followed the documentation to start the dispatcher with shadow, there was no error on the server side, after

./shapeshifter-dispatcher -transparent -server -state state -target 127.0.0.1:3333 -transports shadow -bindaddr shadow-127.0.0.1:2222 -optionsFile ConfigFiles/shadowServer.json -logLevel DEBUG -enableLogging
shadow listening on 127.0.0.1:2222

But, when I got error on the client side

./shapeshifter-dispatcher -transparent -client -state state -transports shadow -proxylistenaddr 127.0.0.1:9999 -optionsFile ConfigFiles/shadowClient.json -logLevel DEBUG -enableLogging
Dialing 
panic: runtime error: slice bounds out of range [:16] with capacity 0

goroutine 5 [running]:
github.com/OperatorFoundation/go-shadowsocks2/darkstar.getServerIdentifier({0xc00001a210?, 0xc000020100?}, 0x8ae)
	/go/pkg/mod/github.com/!operator!foundation/[email protected]/darkstar/client.go:198 +0xca
github.com/OperatorFoundation/go-shadowsocks2/darkstar.NewDarkStarClient({0xc000020100?, 0x4?}, {0xc00001a210, 0xe}, 0x0?)
	/go/pkg/mod/github.com/!operator!foundation/[email protected]/darkstar/client.go:36 +0xc5
github.com/OperatorFoundation/Shadow-go/shadow/v3.(*Transport).Dial(0xc0001801b0)
	/go/pkg/mod/github.com/!operator!foundation/!shadow-go/shadow/[email protected]/shadow.go:150 +0x9f
github.com/OperatorFoundation/shapeshifter-dispatcher/modes/transparent_tcp.clientHandler({0x7fff735232ac, 0x6}, {0xc0000fa000, 0x95}, {0x67ded0, 0xc000010010}, 0x640e30?)
	/workspaces/shapeshifter-dispatcher/modes/transparent_tcp/transparent_tcp.go:82 +0x1c7
created by github.com/OperatorFoundation/shapeshifter-dispatcher/modes.clientAcceptLoop
	/workspaces/shapeshifter-dispatcher/modes/tcp_common.go:73 +0x212

The error message doesn't tell the end user what is wrong.

connections never closed

If client application shutdowns, server side not closing -orport connection.

Here is a show case:

https://asciinema.org/a/cVDlqFVnhzpoy5eSxy5uAMGNK

If server side is down completely, client side is still able to connect:

https://asciinema.org/a/BbpuuZ4C8BC6ptlw8uwkIu8XR

unknow field 'Dialer'

The current code in master doesn't compile:

/shapeshifter-dispatcher]$ go build
# github.com/OperatorFoundation/shapeshifter-dispatcher/transports
../transports/transports.go:144:3: unknown field 'Dialer' in struct literal of type obfs4.Transport

It looks like there was a Dialer introduced in 770bc14 to the obfs4.Transport struct, but it hasn't being added to shapeshifter-transports.

v3.0.1 is missing go.sum file

When you check out the latest stable (v3.0.1), and go install, you would get the error below

vscode ➜ /workspaces/shapeshifter-dispatcher (main ✗) $ go install
common/pt_extras/parsers.go:30:2: missing go.sum entry for module providing package github.com/OperatorFoundation/Optimizer-go/Optimizer/v3 (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/common/pt_extras); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/common/pt_extras
transports/transports.go:36:2: missing go.sum entry for module providing package github.com/OperatorFoundation/Replicant-go/Replicant/v3 (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/transports); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/transports
transports/transports.go:37:2: missing go.sum entry for module providing package github.com/OperatorFoundation/Shadow-go/shadow/v3 (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/transports); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/transports
transports/transports.go:38:2: missing go.sum entry for module providing package github.com/OperatorFoundation/Starbridge-go/Starbridge/v3 (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/transports); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/transports
common/pt_extras/pt_extras.go:37:2: missing go.sum entry for module providing package github.com/OperatorFoundation/shapeshifter-ipc/v3 (imported by github.com/OperatorFoundation/shapeshifter-dispatcher); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher
common/pt_extras/parsers.go:33:2: missing go.sum entry for module providing package github.com/kataras/golog (imported by github.com/OperatorFoundation/shapeshifter-dispatcher); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher
modes/stun_udp/stun_udp.go:41:2: missing go.sum entry for module providing package github.com/willscott/goturn (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp
modes/stun_udp/stun_udp.go:35:2: missing go.sum entry for module providing package github.com/willscott/goturn/common (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/modes/stun_udp
transports/transports.go:39:2: missing go.sum entry for module providing package golang.org/x/net/proxy (imported by github.com/OperatorFoundation/shapeshifter-dispatcher/common/pt_extras); to add:
        go get github.com/OperatorFoundation/shapeshifter-dispatcher/common/pt_extras

Unable to dial transport server: failed to decode cert: illegal base64 data at input byte 0

Release: 2.1.1

Not sure if it's related to shapeshifter-dispatcher or obfs4. Also tried with -optionsFile obfs4.json but same result:

~$ shapeshifter-dispatcher -transparent -client -state ssd-state-client/ -target 127.0.0.1:2222 -transports obfs4 -options '{"cert": "7GF8e/wJ9TgHWiW5+XlZiE3bZO2EYaLZKqBhy5sDDCx9zUaxInoIOwuHVmu/mDd5jLrufA", "iat-mode": "0"}' -logLevel DEBUG -enableLogging -proxylistenaddr 127.0.0.1:1111
Dialing  127.0.0.1:2222
--> Unable to dial transport server:  failed to decode cert: illegal base64 data at input byte 0
-> Name:  obfs4
-> Options:  {"cert": "7GF8e/wJ9TgHWiW5+XlZiE3bZO2EYaLZKqBhy5sDDCx9zUaxInoIOwuHVmu/mDd5jLrufA", "iat-mode": "0"}
^C

Server side works, tested with an older client built at f95b28c.

operatorfoundation / shapeshifter-dispatcher Goto Github PK

shapeshifter-dispatcher's Introduction

The Operator Foundation

Shapeshifter

Shapeshifter Dispatcher

Installation

Running

Running with Replicant

Server

Client

Using Environment Variables

Running in SOCKS5 Mode

Server

Client

Config generator

Credits

shapeshifter-dispatcher's People

Contributors

Stargazers

Watchers

Forkers

shapeshifter-dispatcher's Issues

Description

Platform

Error reproduction

logs on windows client

!! CopyServerToClient received an error: read: i/o timeout

logs on ubuntu server :

!! CopyServerToClient received an error: read: i/o timeout

Useful information:

Recommend Projects

Recommend Topics

Recommend Org