This project has moved and is read-only. For the latest updates, please go here.

Change BarbaTunnel to Anti Censorship program

May 26, 2013 at 11:39 AM
Edited May 26, 2013 at 11:40 AM
Hi friends, specially BarbaCoder

as you know some countries try to filter internet and their people try to use some methods for accessing free internet.

there are some standard methods like SSH, Socks, VPN. but after while filtering software sense it and block it. After that we try to change the standard ports for accessing this services, but this days, filtering software try to find the finger print of protocol, so changing ports is not work anymore.

your software try to BARBA ;-) the packets like HTTP, so the filtering software thinks that is a normal http packets and allow to pass them through internet, but your software needs another protocols (SSH, Socks and VPN) to change it to be look like HTTP.

Psiphon use this technic to obfuscate SSH protocol and named it SSH+ :-)

I want to change this part, so client software try to capture all traffic from all ports and send them to server. I explain my idea by an example:

I have a socks in my server in port 88, If I set my server IP and PORT, so your software work perfectly to barba the packets, but all people does not have a server with socks server program.
I want the client capture port 80 not related to server IP, and pass them to server, so if I want to visit my server fetch from facebook server ;-) and pass it back to client.

I check your source code, it has a good design and I try to figure out how it works. You use C# and C++ as programming languages and Socket programing, Win Service and ...

I try to test some changes in your software.
May 26, 2013 at 12:02 PM
Edited May 26, 2013 at 12:03 PM
I try this change:

In file BarbaClientApp.cpp, Method BarbaClientApp::ShouldGrabPacket, line 40, you try to check if the destination IP address is equal to Server IP
I remark this part :-P to capture all packets not related to server IP address.

//if (packet->GetDesIp()!=config->ServerIp)
// return false;

in file BarbaFilterDriver, Methos BarbaFilterDriver::AddClientFilters, line 223, there is a loop for adding protocols that should be grabs, I add this line after loop, just for testing ;-)

AddFilter(filter, true, 0, 0, 0, 4294967295, 6, 0, 0, 80, 0);

parameters are ( I explain it for other friends not Barbacode ;-) )
AddFilter(filter, true, start source ip, end source ip, start destination ip ( 0 = = first ip), end destination ip (4294967295 = = last ip), protocol ( 6 = http ) , start source port, end source port, start destination port ( 80 = http ) , end destination port )

but I have a problem, I think I have got stuck in a loop, please help me
May 26, 2013 at 3:46 PM
Edited May 26, 2013 at 3:47 PM
First thank you for checking the source code and second your English not clear :)
but your software needs another protocols (SSH, Socks and VPN) to change it to be look like HTTP.
I really don't understand what you mean, I think BarbaTunnel already do.
but all people does not have a server with socks server program.
Please describe and think about it more, Tunneling is impossible without server. psiphon, freegate has many servers and a company host many servers. of-course someone who setup server need an expert and client just need to run barbatunnel and start VPN same as psiphon because some experts already install psiphon servers.

Currently BarbaTunnel does not work standalone but is it matter? The only difference is that the client to connect VPN after install BarbaTunnel. Would you tell me what exactly you going to do? not about code just tell me the idea and philosophy about your idea? Are you going to just remove the VPN dependency? if yes why?
May 26, 2013 at 8:03 PM

very easy, work barbatunnel standalone, Install server side and use client side to access the internet.

I don't want to use vpn over barbatunel, ssh over barbatunnel, I want to work just barbatunnel. installing vpn or ssh in server makes overload of packets and decrease the performance

see this example, your software work like this:
Access to -> VPN Client (or SSH Client) -> Barbatunnel Client ------------> Barbatunnel Server -> VPN Server ( or SSH Server ) -> Facebook server

But I want this:
Access to -> Barbatunnel Client ------------> Barbatunnel Server -> Facebook server

removing VPN (or SSH) increase performance a lot and decrease complexity, configuring VPN (or SSH) plus Barbar is more difficult than just configuring Barba ;-)

I don't know where are you and what kind of internet do you use, but in Iran we talk about 128K bandwidth, I want to use your program to help people to access free internet. on the other hand, installing and configuring VPN or SSH is very complex for end users, they have to configure VPN client plus Barba Client, but I want something like Psophon, zero installation ;-)
May 26, 2013 at 8:40 PM
It is good to make BarbaTunnel standalone but not for reason you say, because
1) removing VPN (or SSH) increase performance a lot
Why you think that, VPN capture packet at driver level, compress packets specially if you enable software compression and apply strong encryption while BarbaTunnel encryption is dummy just fast and designed to remove fingerprint, . VPN already developed so there is less bug and no complexity. Also system optimize the packets and exactly know which packet should be captured, set appreciate MTU, many network tools work on it such ICS. What about user management? VPN connection have many username management. What about Authentication? do you want anyone connect to your server? see much much more complexity.
2) I want something like Psophon, zero installation ;-)
When you talk about psiphon you sit in client point of view but when you talk about BarbaTunnel you sit on producer point of view?! Do you know how to install Psiphon or freegate server? I think as producer point of view installing BarbaTunnel with VPN server is much easier then psiphon server.
If someone configure barbatunnel and VPN server it is same for customer as psiphon.
  1. Run BarbaTunnel Same as Run psiphon > 2. connect with VPN (Additional step)
    So the complexity not belong to BarbaTunnel idea, maybe installation not optimized or has bug, you can simply create an installation for VPN with build-in username and password then as customer view it will be > 1. Install BarbaTunnel (one time only) then instead run just connect with VPN.
Also as you see public antifilter software does not need username and password but peer2peer software needed. it is additional step by nature and mandatory, because if you don't set username and password sooner or later your server overflowed or its ip address blocked by firewall.

I creating an article (under construction) about these, please check it here:
How to Bypass Internet Censorship

By the way thank you for sharing your idea.
Think more about it.