The Operator Foundation
Operator makes useable tools to help people around the world with censorship, security, and privacy.
Adversary Lab is a service that analyzes captured network traffic to extract statistical properties. Using this analysis, filtering rules can be synthesized to block sampled traffic.
The purpose of Adversary Lab is to give researchers and developers studying network filtering a way to understand how easy it is to block different protocols. If you have an application that uses a custom protocol, Adversary Lab will demonstrate how a rule can be synthesized to systematically block all traffic using that protocol. Similarly, if you have a network filtering circumvention tool, then Adversary Lab can synthesize a rule to block your tool. This analysis can also be used to study tools that specifically attempt to defeat networking filtering, such as Pluggable Transports.
Adversary Lab analysis works by training a classifier on two observed data sets, the "allow" set and the "block" set. For instance, a simulated adversary could allow HTTP, but block HTTPS. By training the system with HTTP and HTTPS data, it will generate a rule that distinguishes these two classes of traffic based on properties observed in the traffic.
Swift 4.0, included in Xcode 9
Install and run Redis.
You can install it with Homebrew
brew install redis brew services start redis
Or refer to the Redis documentation to install it manually.
Check out the project from Github
git clone https://github.com/OperatorFoundation/AdversaryLab cd AdversaryLab
Install the Swift Package used by the graphical interface
cd AdversaryLabSwiftPackage swift package update swift package generate-xcodeproj cd ..
Open the graphical interface project in code
Open the Xcode project and click the Run button to run the Adversary Lab graphical interface. Make sure Redis is already running, as Adversary Lab will not start Redis for you.
To add network traffic to Adversary Lab for analysis, you need the AdversaryLabClient command line tool. For the installation instructions to install and use the command line tool.
- Auburn - An idiomatic Swift library for using Redis
- RedShot - Lightweight Redis client for Swift
- Datable - Swift convenience functions to convert between various different types and Data
- Redis - A fast database with support for data structures
Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests.
- Dr. Brandon Wiley - Concept and initial work - Operator Foundation
- Adelita Schule - Swift implementation - Operator Foundation
This project is licensed under the GPLv3 License - see the LICENSE.md file for details
AdversaryLab is based on Dr. Brandon Wiley's dissertation work, "Circumventing Network Filtering with Polymorphic Protocol Shapeshifting".
Help us keep the lights on
1.1.0 - Apr 27, 2018
1.0.0 - Mar 26, 2018
- Uses a Redis database instead of custom data storage
- Much higher performance
- Added a graphical user interface for processing packets and viewing results
New analysis features:
- More complex byte sequence analysis
- Packet lengths
- Packet timing
- TLS Common Name analysis