Proxy - Bypass censorship Tools using proxyTools

Anti-censorship tools (proxyTools) consists of a huge Perl application (localProxy) and a set of tools to analyze the user's network (proxies, firewall rules, name servers, etc.). LocalProxy abstracts external services in an uncensored, reliable, fast manner to the localhost, where they may be used by standard clients (Web browsers, Usenet news clients, SOCKS-capable clients, etc.).

Various combinations of strategies are tried to ensure the non-censored nature of the information, and multiple, parallel services (e.g. HTTP proxies) are used to ensure reliability and speed. The tools are capable of automating collection of the data required for localProxy. LocalProxy builds a configuration for the user and dynamically adjusts to using the fastest strategies and proxies available to it.

The tools are useful for network analysis (firewall rules, proxy capabilities, etc.) independently of localProxy (Freshmeat).

The project is of interest to the following groups of people:

  • those who live in Internet censoring countries (or corporations, schools, universities) such as the Middle East (United Arab Emirates, Kingdom of Saudi Arabia, Kuwait, Syria), China, Burma, etc.
  • those who would wish to assist those in the group above.
  • those who are interested in Perl code dealing with many aspects of networks at the socket level, and transactions using HTTP proxies. One tool in this project offers a 'failover' capability, and intelligent choice, between various censor-bypassing strategies and network paths, offering the user a robust, uncensored connection even in a low bandwidth, unreliable, packet filtered and proxy-poor environment.
  • those who administer the firewalls which do the censoring, and those who might be considering this.
  • those who are just curious about the current techniques used by the first group above.
Implemented strategies:
  • use of lists of available external proxies which are accessible on ports which are not blocked to the user (usually non-standard port HTTP proxies)
  • use of lists of available external TCP/IP bouncers (redirectors, relays, ...) accessible on ports not blocked to the user, usually on shell accounts
  • use of lists of local proxies which are insecurely configured to allow creation of tunnels via CONNECT to external proxies/services on ports which would be otherwise blocked (port 80, 3128, 8080, 119 etc.)
  • use of various URL encoding mechanisms to evade regexp based censoring (many of these are from Rain Forest Puppy's Whisker).
  • use of various CGI proxies (which need not rewrite links).
  • fragmentation of the URL request over TCP packets.