Call for Testers: WebTunnel, a new way to bypass censorship with Tor Browser

Feedback
,
1

We are excited to announce a new way to bypass censorship with Tor Browser!

WebTunnel, a new bridge type, is now available on both Tor Browser for Desktop and Android platforms. WebTunnel can help users to bypass censorship against the Tor network, particularly when Internet providers and governments impose restrictions against Tor.

We invite you to test WebTunnel, especially if you are located in regions or using Internet providers where the Tor network is blocked or partially blocked. Your feedback will help us identify issues with this new bridge type and ensure its reliability.

Note: WebTunnel is not yet available on other Tor-powered apps such as Onion Browser, OnionShare, Orbot, and Tails.

:bridge_at_night: What is WebTunnel?

WebTunnel is a censorship-resistant technology designed to imitate encrypted web traffic (HTTPS) and is a Tor implementation of HTTPT research. To an observer, WebTunnel traffic appears as a regular secure connection to a website. However, without the full website address and the WebTunnel secret path, it is very difficult for censors to determine whether a website is also a WebTunnel bridge by just probing the HTTPS port. If a censor tries to connect to the website, they are presented with the fronting website, keeping the bridge existence secret.

WebTunnel bridges are run by Tor volunteers! :purple_heart:

:test_tube: How to test WebTunnel

Important note on risk assessment: Be aware that testing a new bridge may draw the attention of censors, in this case, censors will think that you’re trying to visit a website with HTTPS.

To participate in the testing, please follow the steps below.

Step 1 - Getting a WebTunnel bridge

At the moment, WebTunnel bridges are only distributed via the Tor Project bridges website. We plan to include more distributors methods like Telegram and moat after this test.

  1. Using your regular web browsers, visit the website: https://bridges.torproject.org/options/

  2. In “Advanced Options”, select “webtunnel” from the dropdown menu, and click on “Get Bridges”.

  3. Solve the captcha.

  4. Copy the bridge line.

:computer: Step 2 - Download and install Tor Browser for Desktop

Note: WebTunnel bridges will not work on old version of Tor Browser (12.5.x).

  1. Download and install the latest version of Tor Browser for Desktop.

  2. Open Tor Browser and go to the Connection preferences window (or click on “Configure Connection”).

  3. Click on “Add a Bridge Manually” and add the bridge lines provided on Step 1.

  4. Close the bridge dialog and click on “Connect.”

  5. Note any issues or unexpected behavior while using WebTunnel.

:iphone: Or Download and install Tor Browser for Android

  1. Download and install the latest version of Tor Browser for Android.

  2. Run Tor Browser and choose the option to configure a bridge.

  3. Select “Provide a Bridge I know” and enter the provided bridge addresses.

  4. Tap “OK” and, if everything works well, it will connect.

:writing_hand: Step 3 - Share feedback with us

Your feedback is crucial in identifying any issues and ensuring the reliability of WebTunnel bridges. For users living in censored regions, we would love to hear how this new bridge’s performance compares to other circumvention methods such as obfs4 and snowflake.

If you couldn’t connect using Tor Browser, please report here on this topic and let us know:

  • Which region you’re connecting from.

  • Your Internet Provider name (ISP)

  • Your Tor logs

  • Operating system

Please do not post your WebTunnel bridge line publicly.

For technical reports, submit your ticket on the WebTunnel GitLab repository. For help or any questions please feel free to comment here on the Tor Forum.

You can also get in touch on our support channels.

For Tor bridge operators, you can deploy a WebTunnel bridge by following the official documentation.

13 Likes
2

Hi there! Moscow, Russia, AS8402 Beeline home, TB Alpha 13.0a6 on Ubuntu.
Vanilla Tor is blocked, as well as popular or widely distributed bridges.
WebTunnel works great, bootstrap was super fast around 1 second!
Thank you guys, you are doing great and important job :heart:

4 Likes
4

Perfect, I’ll try setup WebTunel Bridge, today. I’ll use method compile and run from the source. Love tests :heart:

4 Likes
5

A post was split to a new topic: Is it possible to exit from mainland China?

6

Finally i’m able to bootstrapp 100% my fork of the tor addon for home assistant (Support webtunnel, obfs and snowflake bridges by akrigator · Pull Request #170 · hassio-addons/addon-tor · GitHub) via webtunnel. Previously i’ve try on obfs and snowflake but without any success
Russia MTS PJSC

-----------------------------------------------------------
 Add-on: Tor
 Protect your privacy and access Home Assistant via Tor
-----------------------------------------------------------
 Add-on version: dev
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.0  (aarch64 / raspberrypi4-64)
 Home Assistant Core: 2023.10.5
 Home Assistant Supervisor: 2023.10.0
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums or the Discord chat.
-----------------------------------------------------------
...
Oct 24 23:32:12.369 [notice] Tor 0.4.8.7 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.1.4, Zlib 1.2.13, Liblzma 5.4.3, Libzstd 1.5.5 and Unknown N/A as libc.
...
Oct 25 00:02:03.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Oct 25 00:02:03.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Oct 25 00:02:03.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Oct 25 00:02:04.000 [warn] Only one bridge (transport: 'webtunnel') is configured. You should have at least two for conflux, for any transport that is not 'snowflake'.
Oct 25 00:02:04.000 [notice] Bootstrapped 100% (done): Done
7

Webtunnel doesn’t seem to use proxy. It’s unable to connect when the proxy is configured in Tor Browser. No requests are going into proxy port.
Tested with Socks5 proxy.

8

Just wanted to report back that Webtunnel works in Iran, at least on Zi-Tel ISP (I’ve seen mentions that webtunnel as a protocol doesn’t work in Iran).

Possible issues with webtunnels:

  • Many of them are hosted on Cloudflare. It could be that some of the hosters forget to disable bot detection for the proxy URL and webtunnel face http challenge page.
  • Webtunnel doesn’t seem to work with proxy
  • Webtunnel have single (and may be unique) TLS fingerprint
1 Like
9

I analyzed it through wireshark packet capture and found that webtunnel is indeed using the https protocol. This makes it difficult for censors to distinguish webtunnel traffic. However, it is still important to be aware of attacks that target the fingerprint of the https protocol.