Tor can be configured with pluggable transport modules - amongst which, the ability to use obfuscated bridges that have the capability of obfuscating tor traffic such that an upstream ISP will only see random traffic instead of Tor traffic. The current effort is to bypass the Great Firewall of China (GCF), although it can have its applications in other states practicing mass surveillance of its citizens.


You can always build all the necessary packages from source, but it is usually more convenient to rely on a managed distribution such as Red Hat or Debian to get pre-compiled packages. You will need to locate the packages:

  • tor
  • obfsproxy

via your distribution's package manager and install them.

Choosing an Obfuscated Bridge Type

Tor supports several types of obfuscated bridges - this tutorial will settle for obfs4. In order to use obfs4 with tor, you will need to get a client transport plugin for obfs4.

Install the packages:

  • git
  • golang (Google language)

create a directory for go:

mkdir -p /usr/src/go

and then set the GOPATH path in your shell:

export GOPATH=/usr/src/go

Change directory to the GOPATH directory and issue:

go get git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy

after a while, a binary will be generated at $GOPATH/bin/obfs4proxy.

Copy the binary to /usr/bin/ next to the standard obfsproxy:

cp $GOPATH/bin/obfs4proxy /usr/bin/

and you are done.

Getting Obfuscated Bridges

It is of course best to find out some private and non-public bridges to use with tor. However, if you are just testing, you can use the bridges provided by the tor project bridge retrieval system.

Compose an E-Mail from either a Google or Yahoo account (otherwise, you will not get a reply) and address it to bridges@bridges.torproject.org. The subject can be left blank but the body must contain just the phrase:

get transport obfs4

Within some time you should receive some obfs4 bridges.

 Oh no, not this shit again! So, let me get this straight... You are sending an E-Mail from a Google account because the Tor project claims that Google accounts are less accessible to spammers all the while being aware that Google stores all your private information and thereby is able to link your “real, most likely not a spammer's” identity to the highly private bridges you are going to use?

Alternatively, you can use the tor project website to get bridges.

Configuring Tor

To configure Tor to use your bridges, edit /etc/tor/torrc and add the lines:

UseBridges 1
bridge obfs4 8C193FFE274CEFA347E45BB1136831359A39AAFE cert=nGDCCQWqeUlQMMyvB8hLxnzAHV6XBffo9vJ0ZuAA+HyJZlLjxgT4Am3psKVCYBcvta/799 iat-mode=0
bridge obfs4 4E47E8DA7BAA63E3236A8CE92C92C9E560C79C04 cert=Ju0NexLVeYvXCRAjLfPoY0SQhCWaaCENIdRVMSqO+BcvtYIRUn0CmClGxOPDW1ATn1xnzp iat-mode=0
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy


  • UseBridges instructs tor to use the supplied bridges.
  • each line starting with bridge represents a bridge, you should replace everything after obfs4 with your own bridges.
  • ClientTransportPlugin starts the obfuscation proxy fetched earlier.

Restarting and Checking

Restart tor as usual, and verify that the bootstrap process completed. You should now be able to browse using obfuscated bridges. :-)

networking/tor/obfuscated_bridges.txt · Last modified: 2017/02/22 18:30 (external edit)

Access website using Tor

For the copyright, license, warranty and privacy terms for the usage of this website please see the license and privacy pages.