提取Tor并搭建Tor Bridge

Tor’s Bridge, if widely disseminated, may get blocked within a few days, so frequently changing it can be a hassle (this reminds me of the days when I modified the hosts file to access Google). Today, I tinkered a bit and built a Tor Bridge on my VPS for personal use. Additionally, I extracted tor from the Tor Browser so that it doesn’t rely on the Tor Browser and can be used with other browsers.
Warning: Deploying a Bridge may increase the probability of the server being blocked.

Setting Up a Tor Bridge

First, install tor on the VPS:

$ apt-get install tor

Then install obfs4proxy:

$ apt-get install obfs4proxy

Since tor needs to use obfs to obfuscate the traffic, if you cannot find the package in your software repository, you can also compile from source: Yawning/obfs4.

# Compile obfs4proxy from source
$ git clone git@github.com:Yawning/obfs4.git
$ cd obfs4
# Install dependencies; if this step fails, we will discuss solutions later
$ go get -d ...
# Build the binary obfs4
# After building, you can place it in /usr/bin/, which will be used in the torrc configuration later
$ go build -o obfs4proxy ./obfs4proxy

Note: If you encounter errors like can't download while downloading the dependency packages go get -d ..., you can clone the indicated package from the suggested repository and place it in the path given in the error message.
The Tor-related libraries can be found at gitweb.torproject.org.

If both tor and obfs4 have been installed successfully, edit the Tor configuration file /etc/tor/torrc:

$ sudo nano /etc/tor/torrc

Fill in the following configuration:

Log notice file /var/log/tor/notices.log
RunAsDaemon 1
ORPort auto
Exitpolicy reject *:*
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ExtORPort auto
PublishServerDescriptor 0

Note: Change the path of ServerTransportPlugin to where you compiled the obfs4proxy.

Then execute the command to restart tor:

$ systemctl restart tor

After executing, check the tor log file /var/log/tor/notices.log:

$ cat /var/log/tor/notices.log

You will see output similar to the following:

Indicating that the Tor Bridge has been successfully set up. Record the parts in the red box:

ORPort 45.XXX.XXX.95:4XXX9
server's identity key FE3XXXXXXXXXXXXXXXXXXXXXXC16DCF

These two are the bridge data required when connecting from the client:

45.XXX.XXX.95:4XXX9 FE3XXXXXXXXXXXXXXXXXXXXXXC16DCF

Next, when using the Tor Browser, you can input your own bridge.

Extracting tor from Tor Browser

First, download the Tor Browser installation package and install it (in any directory).
Then open the installation path of the Tor Browser and copy out Tor Browser\Browser\TorBrowser\Tor to a new directory, such as tor_portable.

At this point, the directory structure of tor_portable is as follows:

C:\USERS\VISIONSMILE\DESKTOP\TOR_PORTABLE
|   libeay32.dll
|   libevent-2-1-6.dll
|   libevent_core-2-1-6.dll
|   libevent_extra-2-1-6.dll
|   libgcc_s_seh-1.dll
|   libssp-0.dll
|   libwinpthread-1.dll
|   ssleay32.dll
|   tor.exe
|   zlib1.dll
|
\---PluggableTransports
        meek-client-torbrowser.exe
        meek-client.exe
        obfs4proxy.exe
        terminateprocess-buffer.exe

Then create a new Data folder under tor_portable for later use.

Next, open the installation directory of Tor Browser, find the path Tor Browser\Browser\TorBrowser\Data\Tor, and copy the geoip and geoip6 files from that directory to the tor_portable\Data directory created in the previous step.
At the same time, also copy the torrc file from Tor Browser\Browser\TorBrowser\Data\Tor to the tor_portable directory.

After completing the above operations, the directory structure of tor_portable is as follows:

C:\USERS\VISIONSMILE\DESKTOP\TOR_PORTABLE
|   libeay32.dll
|   libevent-2-1-6.dll
|   libevent_core-2-1-6.dll
|   libevent_extra-2-1-6.dll
|   libgcc_s_seh-1.dll
|   libssp-0.dll
|   libwinpthread-1.dll
|   ssleay32.dll
|   tor.exe
|   torrc
|   zlib1.dll
|
+---Data
|       geoip
|       geoip6
|
\---PluggableTransports
        meek-client-torbrowser.exe
        meek-client.exe
        obfs4proxy.exe
        terminateprocess-buffer.exe

Next, open tor_portable\torrc with a text editor and fill in the following configuration:

Bridge 45.XXX.XXX.95:4XXX9 FE3XXXXXXXXXXXXXXXXXXXXXXC16DCF
DataDirectory ./Data
GeoIPFile ./Data/geoip
GeoIPv6File ./Data/geoip6
Log notice file ./tor.log
ClientTransportPlugin obfs4 exec .\PluggableTransports\obfs4proxy managed
Socks5Proxy 127.0.0.1:10086
UseBridges 1

Bridge is the bridge; you can use the parameters deployed on the server above.

Note: Do not add obfs4 after Bridge. During testing, it was found that using this format:

Bridge obfs4 45.XXX.XXX.95:4XXX9 FE3XXXXXXXXXXXXXXXXXXXXXXC16DCF

will produce an error:

Nov 04 19:22:57.000 [warn] Proxy Client: unable to connect to 45.XXX.XXX.95:4XXX9 ("general SOCKS server failure")

Additionally, pay attention to Socks5Proxy, which should be determined based on your configuration and needs.

After executing the above operations, the extraction and configuration of Tor are complete.
You can now start Tor locally:

# Execute in the tor_portable directory
$ tor -f torrc

At this point, a tor.log file will be created in the tor_portable directory, which you can open to view the Tor log.
When the log shows output like the following, it means the connection is successful:

Nov 04 19:20:39.000 [notice] Bootstrapped 50%: Loading relay descriptors for internal paths
Nov 04 19:20:40.000 [notice] The current consensus contains exit nodes. Tor can build exit and internal paths.
Nov 04 19:20:42.000 [notice] Bootstrapped 57%: Loading relay descriptors
Nov 04 19:20:42.000 [notice] Bootstrapped 66%: Loading relay descriptors
Nov 04 19:20:42.000 [notice] Bootstrapped 72%: Loading relay descriptors
Nov 04 19:20:42.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Nov 04 19:20:43.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Nov 04 19:20:44.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Nov 04 19:20:45.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Nov 04 19:20:45.000 [notice] Bootstrapped 100%: Done

After starting Tor, a Socks5 proxy (127.0.0.1:9050) will be created, which you can use to set up the extension Proxy SwitchyOmega on Chrome. If you can’t access the Chrome Web Store, you can download it from GitHub: FelisCatus/SwitchyOmega.

After completing these settings, you can now access some “dark web” websites!

For example, DuckDuckGo’s dark web URL: https://3g2upl4pq6kufc4m.onion

Or the Imperial Library that shares books: http://xfmro77i3lixucja.onion

Quick Start/Stop Tor Batch File

The command used to start Tor is tor -f torrc, which can be written as a batch file:

rem tor-run.bat
tor -f torrc

Next is the batch file to stop Tor. Since Tor will start obfs4proxy to obfuscate the traffic, it will simultaneously start processes for both tor and obfs4proxy. When stopping, we need to kill these processes. In Windows, you can use the taskkill /IM command:

rem tor-stop.bat
taskkill /IM tor.exe /F
taskkill /IM obfs4proxy.exe /F

The article concludes here. At this point, the complete directory structure of tor_portable is as follows:

C:\USERS\VISIONSMILE\DESKTOP\TOR_PORTABLE
|   libeay32.dll
|   libevent-2-1-6.dll
|   libevent_core-2-1-6.dll
|   libevent_extra-2-1-6.dll
|   libgcc_s_seh-1.dll
|   libssp-0.dll
|   libwinpthread-1.dll
|   ssleay32.dll
|   tor-run.bat
|   tor-stop.bat
|   tor.exe
|   tor.log
|   torrc
|   zlib1.dll
|
+---Data
|       geoip
|       geoip6
|
\---PluggableTransports
        meek-client-torbrowser.exe
        meek-client.exe
        obfs4proxy.exe
        terminateprocess-buffer.exe

• 2018.11.05 10:29 update: Modified part of the wording and typos.