Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship


The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight.

Tor bridges are relays not listed in the public Tor directory that keep the users’ connections to the network hidden from oppressive regimes. While some countries, like China and Iran, have found ways to detect and block such connections, Tor also provides obfsproxy bridges, which add an extra layer of obfuscation to fight censorship efforts.

WebTunnel, the censorship-resistant pluggable transport inspired by the HTTPT probe-resistant proxy, takes a different approach. It makes it harder to block Tor connections by ensuring that the traffic blends in with HTTPS-encrypted web traffic.

Since blocking HTTPS would also block the vast majority of connections to web servers, the WebTunnel connections will also be permitted, effectively circumventing censorship in network environments with protocol allow lists and deny-by-default policies.

“It works by wrapping the payload connection into a WebSocket-like HTTPS connection, appearing to network observers as an ordinary HTTPS (WebSocket) connection,” said the Tor Project.

“So, for an onlooker without the knowledge of the hidden path, it just looks like a regular HTTP connection to a webpage server giving the impression that the user is simply browsing the web.”

To be able to use a WebTunnel bridge, you’ll first have to get bridge addresses from here and add them manually to Tor Browser for desktop through the following procedure:

  1. Open Tor Browser and go to the Connection preferences window (or click “Configure Connection”).
  2. Click on “Add a Bridge Manually” and add the bridge addresses.
  3. Close the bridge dialog and click on “Connect.”
  4. Note any issues or unexpected behavior while using WebTunnel.

You can also use WebTunnel with Tor Browser for Android by configuring a new bridge and entering the bridge addresses after clicking “Provide a Bridge I know.”

The WebTunnel pluggable transport was first introduced in December 2022 as an integration that could be tested using a Tor Browser test build.

It has also been available for deployment by bridge operators as part of a trial soft launch since June 2023, with the Tor Projects asking for more testers in October in “regions or using Internet providers where the Tor network is blocked or partially blocked.”

“Right now, there are 60 WebTunnel bridges hosted all over the world, and more than 700 daily active users using WebTunnel on different platforms. However, while WebTunnel works in regions like China and Russia, it does not currently work in some regions in Iran,” the Tor Project said.

“Our goal is to ensure that Tor works for everyone. Amid geopolitical conflicts that put millions of people at risk, the internet has become crucial for us to communicate, to witness and share what is happening around the world, to organize, to defend human rights, and to build solidarity.”



Source link