├── README.md
├── alexa_top.txt
├── assets
    ├── ClientConf
    └── roots
├── bloom
    ├── LICENSE
    └── bloom.go
├── defense.pptx
├── meek_adapter.go
├── metis.pdf
├── notes.md
├── proxy.go
├── rappor_implementation.go
├── server
    ├── LICENSE_trie
    ├── alexa_random_100.txt
    ├── rappor_analysis.py
    ├── server.go
    └── server.py
└── testAccuracy.go


/README.md:
--------------------------------------------------------------------------------
 1 | # Metis
 2 | 
 3 | Thesis statement: If we build a system that can defeat censorship by choosing intelligently between existing 
 4 | circumvention tools to route traffic, it will reduce the bandwidth required to avoid censorship, improve the latency 
 5 | experienced by users of these tools, and provide a means of collecting data on censorship across the globe. 
 6 | 
 7 | ##To install:
 8 | 
 9 | ```
10 | go build -o client proxy.go  
11 | go build -o svr server/server.go
12 | ```
13 | 
14 | Start the server before starting the client, or the client will throw an error.  
15 | ```
16 | ./svr  
17 | ./client 
18 | ``` 
19 | 
20 | ##Set up your browser to use Metis as a proxy:  
21 | **Chrome:** *Settings -> Advanced -> Open proxy settings (under System).*  
22 | On Windows, click the box labeled "LAN settings."
23 | Check the "Use a proxy..." box, and set your proxy address to 127.0.0.1 and the port to 8080.
24 | 
25 | **Firefox:** *Preferences -> Advanced.* Click "Settings" across from Connection. Select "Manual proxy configuration"
26 | and set the HTTP Proxy box to 127.0.0.1 and the port to 8080.
27 | 


--------------------------------------------------------------------------------
/alexa_top.txt:
--------------------------------------------------------------------------------
   1 | google.com
   2 | youtube.com
   3 | facebook.com
   4 | baidu.com
   5 | wikipedia.org
   6 | yahoo.com
   7 | reddit.com
   8 | google.co.in
   9 | qq.com
  10 | taobao.com
  11 | tmall.com
  12 | amazon.com
  13 | twitter.com
  14 | live.com
  15 | google.co.jp
  16 | instagram.com
  17 | vk.com
  18 | sohu.com
  19 | jd.com
  20 | sina.com.cn
  21 | weibo.com
  22 | gmw.cn
  23 | 360.cn
  24 | google.de
  25 | google.co.uk
  26 | google.com.br
  27 | linkedin.com
  28 | google.fr
  29 | login.tmall.com
  30 | google.ru
  31 | yandex.ru
  32 | netflix.com
  33 | google.it
  34 | google.com.hk
  35 | google.es
  36 | t.co
  37 | yahoo.co.jp
  38 | office.com
  39 | twitch.tv
  40 | google.ca
  41 | pornhub.com
  42 | google.com.mx
  43 | microsoft.com
  44 | xvideos.com
  45 | alipay.com
  46 | ebay.com
  47 | microsoftonline.com
  48 | bing.com
  49 | ok.ru
  50 | naver.com
  51 | pages.tmall.com
  52 | aliexpress.com
  53 | wordpress.com
  54 | imgur.com
  55 | msn.com
  56 | mail.ru
  57 | imdb.com
  58 | csdn.net
  59 | hao123.com
  60 | wikia.com
  61 | tumblr.com
  62 | github.com
  63 | stackoverflow.com
  64 | whatsapp.com
  65 | google.com.tr
  66 | google.com.au
  67 | bongacams.com
  68 | blogspot.com
  69 | paypal.com
  70 | amazon.co.jp
  71 | google.com.tw
  72 | google.pl
  73 | apple.com
  74 | google.co.id
  75 | livejasmin.com
  76 | xhamster.com
  77 | deloton.com
  78 | diply.com
  79 | pinterest.com
  80 | googleusercontent.com
  81 | dropbox.com
  82 | adobe.com
  83 | popads.net
  84 | google.com.ar
  85 | tribunnews.com
  86 | savefrom.net
  87 | amazon.de
  88 | soso.com
  89 | so.com
  90 | coccoc.com
  91 | google.co.th
  92 | amazon.co.uk
  93 | google.com.eg
  94 | espn.com
  95 | mozilla.org
  96 | cnn.com
  97 | google.com.sa
  98 | bbc.co.uk
  99 | xnxx.com
 100 | google.nl
 101 | youth.cn
 102 | tianya.cn
 103 | detail.tmall.com
 104 | amazonaws.com
 105 | amazon.in
 106 | booking.com
 107 | detik.com
 108 | google.com.ua
 109 | bbc.com
 110 | pixnet.net
 111 | craigslist.org
 112 | nytimes.com
 113 | onlinesbi.com
 114 | txxx.com
 115 | salesforce.com
 116 | coinmarketcap.com
 117 | thestartmagazine.com
 118 | google.com.pk
 119 | google.co.ve
 120 | soundcloud.com
 121 | google.co.za
 122 | chaturbate.com
 123 | xinhuanet.com
 124 | nicovideo.jp
 125 | thepiratebay.org
 126 | ebay.de
 127 | stackexchange.com
 128 | quora.com
 129 | nih.gov
 130 | vimeo.com
 131 | rakuten.co.jp
 132 | queuecosm.bid
 133 | aparat.com
 134 | ask.com
 135 | spotify.com
 136 | zhihu.com
 137 | google.com.ph
 138 | google.gr
 139 | softonic.com
 140 | theguardian.com
 141 | chase.com
 142 | openload.co
 143 | force.com
 144 | fbcdn.net
 145 | google.se
 146 | exdynsrv.com
 147 | daum.net
 148 | avito.ru
 149 | iwanttodeliver.com
 150 | fc2.com
 151 | dailymotion.com
 152 | ebay.co.uk
 153 | google.az
 154 | google.com.sg
 155 | indeed.com
 156 | google.be
 157 | discordapp.com
 158 | google.cn
 159 | hitcpm.com
 160 | google.com.vn
 161 | blogger.com
 162 | alibaba.com
 163 | mediafire.com
 164 | globo.com
 165 | doubleclick.net
 166 | google.com.co
 167 | tokopedia.com
 168 | slideshare.net
 169 | ettoday.net
 170 | intuit.com
 171 | roblox.com
 172 | washingtonpost.com
 173 | steamcommunity.com
 174 | douyu.com
 175 | dailymail.co.uk
 176 | cnet.com
 177 | w3schools.com
 178 | redd.it
 179 | k618.cn
 180 | mama.cn
 181 | mercadolivre.com.br
 182 | vice.com
 183 | google.at
 184 | deviantart.com
 185 | google.com.ng
 186 | rumble.com
 187 | cloudfront.net
 188 | exosrv.com
 189 | babytree.com
 190 | 4chan.org
 191 | china.com.cn
 192 | messenger.com
 193 | buzzfeed.com
 194 | google.co.kr
 195 | flipkart.com
 196 | etsy.com
 197 | slack.com
 198 | 1688.com
 199 | trello.com
 200 | wikihow.com
 201 | google.ro
 202 | blastingnews.com
 203 | uol.com.br
 204 | nbcsports.com
 205 | godaddy.com
 206 | google.no
 207 | gfycat.com
 208 | amazon.it
 209 | google.cz
 210 | google.com.pe
 211 | wetransfer.com
 212 | sogou.com
 213 | twimg.com
 214 | providr.com
 215 | google.ch
 216 | amazon.fr
 217 | kompas.com
 218 | breitbart.com
 219 | google.ae
 220 | google.pt
 221 | onlinevideoconverter.com
 222 | dailysnark.com
 223 | eastday.com
 224 | bankofamerica.com
 225 | sciencedirect.com
 226 | walmart.com
 227 | metropcs.mobi
 228 | bukalapak.com
 229 | scribd.com
 230 | redtube.com
 231 | google.cl
 232 | researchgate.net
 233 | nfl.com
 234 | china.com
 235 | caijing.com.cn
 236 | wellsfargo.com
 237 | hclips.com
 238 | mega.nz
 239 | yelp.com
 240 | newstrend.news
 241 | bp.blogspot.com
 242 | upornia.com
 243 | telegram.org
 244 | forbes.com
 245 | people.com.cn
 246 | nownews.com
 247 | blackboard.com
 248 | exoclick.com
 249 | bilibili.com
 250 | huanqiu.com
 251 | rambler.ru
 252 | google.dz
 253 | abs-cbn.com
 254 | google.ie
 255 | thesaurus.com
 256 | indiatimes.com
 257 | steampowered.com
 258 | hulu.com
 259 | ladbible.com
 260 | weather.com
 261 | medium.com
 262 | foxnews.com
 263 | prostomers.com
 264 | businessinsider.com
 265 | ikea.com
 266 | google.dk
 267 | ebay-kleinanzeigen.de
 268 | zillow.com
 269 | files.wordpress.com
 270 | bet9ja.com
 271 | youporn.com
 272 | wikimedia.org
 273 | amazon.es
 274 | livedoor.jp
 275 | kakaku.com
 276 | pinimg.com
 277 | shutterstock.com
 278 | digikala.com
 279 | genius.com
 280 | binance.com
 281 | livejournal.com
 282 | theepochtimes.com
 283 | archive.org
 284 | google.hu
 285 | gamepedia.com
 286 | gearbest.com
 287 | instructure.com
 288 | google.fi
 289 | aliyun.com
 290 | sberbank.ru
 291 | speedtest.net
 292 | dkn.tv
 293 | leboncoin.fr
 294 | allegro.pl
 295 | wordreference.com
 296 | freepik.com
 297 | yts.am
 298 | patria.org.ve
 299 | 9gag.com
 300 | weebly.com
 301 | google.co.il
 302 | bitauto.com
 303 | usatoday.com
 304 | canva.com
 305 | tripadvisor.com
 306 | huffingtonpost.com
 307 | gmx.net
 308 | mailchimp.com
 309 | amazon.cn
 310 | youm7.com
 311 | doublepimpssl.com
 312 | ci123.com
 313 | theverge.com
 314 | setn.com
 315 | web.de
 316 | nextoptim.com
 317 | cmpkynhhmkni.com
 318 | youdao.com
 319 | ameblo.jp
 320 | google.sk
 321 | ltn.com.tw
 322 | aol.com
 323 | google.co.ao
 324 | amazon.ca
 325 | rednet.cn
 326 | goodreads.com
 327 | skype.com
 328 | kinopoisk.ru
 329 | reverso.net
 330 | irctc.co.in
 331 | office365.com
 332 | cnbc.com
 333 | momoshop.com.tw
 334 | outbrain.com
 335 | coinbase.com
 336 | cnblogs.com
 337 | hp.com
 338 | google.kz
 339 | orange.fr
 340 | airbnb.com
 341 | list.tmall.com
 342 | myway.com
 343 | digitaldsp.com
 344 | atlassian.net
 345 | spotscenered.info
 346 | kissanime.ru
 347 | zendesk.com
 348 | ntd.tv
 349 | lifedaily.com
 350 | xfinity.com
 351 | duckduckgo.com
 352 | cbssports.com
 353 | feedly.com
 354 | sourceforge.net
 355 | zippyshare.com
 356 | varzesh3.com
 357 | udemy.com
 358 | leagueoflegends.com
 359 | oracle.com
 360 | bestbuy.com
 361 | rutracker.org
 362 | rt.com
 363 | box.com
 364 | sabah.com.tr
 365 | liputan6.com
 366 | icloud.com
 367 | chinadaily.com.cn
 368 | accuweather.com
 369 | hdfcbank.com
 370 | codeonclick.com
 371 | haber7.com
 372 | chegg.com
 373 | ouo.io
 374 | streamable.com
 375 | olx.ua
 376 | asos.com
 377 | flickr.com
 378 | perfecttoolmedia.com
 379 | 1337x.to
 380 | gamefaqs.com
 381 | banvenez.com
 382 | ups.com
 383 | mmoframes.com
 384 | usps.com
 385 | hola.com
 386 | bloomberg.com
 387 | behance.net
 388 | glassdoor.com
 389 | mercadolibre.com.ar
 390 | livedoor.com
 391 | capitalone.com
 392 | ign.com
 393 | springer.com
 394 | okta.com
 395 | americanexpress.com
 396 | google.com.kw
 397 | higheurest.com
 398 | banggood.com
 399 | giphy.com
 400 | reuters.com
 401 | userapi.com
 402 | jsmentry.com
 403 | wiley.com
 404 | flash-player.stream
 405 | onet.pl
 406 | ibm.com
 407 | iqiyi.com
 408 | popcash.net
 409 | wp.pl
 410 | uidai.gov.in
 411 | line.me
 412 | gismeteo.ru
 413 | tradingview.com
 414 | uzone.id
 415 | onoticioso.com
 416 | 17ok.com
 417 | rottentomatoes.com
 418 | crunchyroll.com
 419 | hubspot.com
 420 | manoramaonline.com
 421 | billdesk.com
 422 | mi.com
 423 | nextlnk1.com
 424 | iqoption.com
 425 | uptodown.com
 426 | elpais.com
 427 | dictionary.com
 428 | zoho.com
 429 | h8vzwpv.com
 430 | wix.com
 431 | siteadvisor.com
 432 | fedex.com
 433 | t-online.de
 434 | target.com
 435 | taleo.net
 436 | pixabay.com
 437 | onedio.com
 438 | ndtv.com
 439 | rarbg.to
 440 | wordpress.org
 441 | battle.net
 442 | t.me
 443 | rediff.com
 444 | patreon.com
 445 | wish.com
 446 | free.fr
 447 | samsung.com
 448 | dell.com
 449 | go.com
 450 | yadi.sk
 451 | express.co.uk
 452 | jrj.com.cn
 453 | thebalance.com
 454 | cambridge.org
 455 | slickdeals.net
 456 | doublepimp.com
 457 | fomofriend.com
 458 | 51sole.com
 459 | investing.com
 460 | asana.com
 461 | wowhead.com
 462 | ptt.cc
 463 | google.bg
 464 | bleacherreport.com
 465 | zoom.us
 466 | bldaily.com
 467 | irs.gov
 468 | evernote.com
 469 | seasonvar.ru
 470 | seznam.cz
 471 | repubblica.it
 472 | bet365.com
 473 | taboola.com
 474 | subscene.com
 475 | fiverr.com
 476 | gizmodo.com
 477 | taringa.net
 478 | naukri.com
 479 | xx1.me
 480 | ebay.com.au
 481 | wsj.com
 482 | mercadolibre.com.mx
 483 | olx.pl
 484 | ouedkniss.com
 485 | informationvine.com
 486 | google.lk
 487 | ebay.it
 488 | mit.edu
 489 | shaparak.ir
 490 | webmd.com
 491 | pandora.com
 492 | upwork.com
 493 | sbnation.com
 494 | icicibank.com
 495 | velocecdn.com
 496 | namnak.com
 497 | eskimi.com
 498 | myanimelist.net
 499 | wiktionary.org
 500 | khanacademy.org
 501 | playstation.com
 502 | libero.it
 503 | sahibinden.com
 504 | okdiario.com
 505 | ria.ru
 506 | appledaily.com
 507 | givemesport.com
 508 | kaskus.co.id
 509 | suning.com
 510 | elsevier.com
 511 | yao.tmall.com
 512 | media.tumblr.com
 513 | goo.ne.jp
 514 | beeg.com
 515 | pikabu.ru
 516 | rarbg.is
 517 | fidelity.com
 518 | spiegel.de
 519 | homedepot.com
 520 | adp.com
 521 | telegraph.co.uk
 522 | ultimate-guitar.com
 523 | 123movieshub.to
 524 | wixsite.com
 525 | alicdn.com
 526 | marca.com
 527 | heavy.com
 528 | google.co.nz
 529 | albawabhnews.com
 530 | google.by
 531 | nypost.com
 532 | shopify.com
 533 | blog.jp
 534 | ytimg.com
 535 | nike.com
 536 | time.com
 537 | quizlet.com
 538 | kapanlagi.com
 539 | sarkariresult.com
 540 | npr.org
 541 | themeforest.net
 542 | prezi.com
 543 | yournewtab.com
 544 | kooora.com
 545 | sabq.org
 546 | webex.com
 547 | japanpost.jp
 548 | investopedia.com
 549 | squarespace.com
 550 | weblio.jp
 551 | naver.jp
 552 | citi.com
 553 | patch.com
 554 | debate.com.mx
 555 | moneycontrol.com
 556 | google.rs
 557 | discogs.com
 558 | caliente.mx
 559 | xe.com
 560 | deadspin.com
 561 | ensonhaber.com
 562 | surveymonkey.com
 563 | artstation.com
 564 | bles.com
 565 | nur.kz
 566 | voc.com.cn
 567 | oload.stream
 568 | ieee.org
 569 | espncricinfo.com
 570 | google.com.ly
 571 | google.com.do
 572 | inquirer.net
 573 | gosuslugi.ru
 574 | drom.ru
 575 | google.com.mm
 576 | beytoote.com
 577 | variety.com
 578 | list-manage.com
 579 | blogspot.mx
 580 | emol.com
 581 | xda-developers.com
 582 | sindonews.com
 583 | addthis.com
 584 | friv.com
 585 | stockstar.com
 586 | coursera.org
 587 | yourporn.sexy
 588 | pchome.com.tw
 589 | hurriyet.com.tr
 590 | chip.de
 591 | bandcamp.com
 592 | vporn.com
 593 | biobiochile.cl
 594 | segmentfault.com
 595 | jianshu.com
 596 | lapatilla.com
 597 | google.hr
 598 | asus.com
 599 | flvto.biz
 600 | independent.co.uk
 601 | pantip.com
 602 | dmm.co.jp
 603 | thefreedictionary.com
 604 | prothomalo.com
 605 | bestadbid.com
 606 | idntimes.com
 607 | stanford.edu
 608 | okezone.com
 609 | nocookie.net
 610 | vidio.com
 611 | reundcwkqvctq.com
 612 | lenta.ru
 613 | convert2mp3.net
 614 | qingdaonews.com
 615 | cisco.com
 616 | hdzog.com
 617 | bild.de
 618 | dmm.com
 619 | avgle.com
 620 | tutorialspoint.com
 621 | urbandictionary.com
 622 | paytm.com
 623 | ck101.com
 624 | buzzadnetwork.com
 625 | coursehero.com
 626 | cricbuzz.com
 627 | marketwatch.com
 628 | primevideo.com
 629 | pearsoncmg.com
 630 | 5ch.net
 631 | cqnews.net
 632 | gmarket.co.kr
 633 | mymedianetnow.com
 634 | olx.com.br
 635 | elmundo.es
 636 | baike.com
 637 | bmovies.to
 638 | reallifecam.com
 639 | sex.com
 640 | cdstm.cn
 641 | v3rjvtt.com
 642 | cnzz.com
 643 | chatwork.com
 644 | fbsbx.com
 645 | milliyet.com.tr
 646 | www.gov.uk
 647 | yenisafak.com
 648 | chinaz.com
 649 | lazada.co.id
 650 | cbsnews.com
 651 | cdiscount.com
 652 | eventbrite.com
 653 | autodesk.com
 654 | souq.com
 655 | wattpad.com
 656 | dianping.com
 657 | addroplet.com
 658 | kickstarter.com
 659 | hm.com
 660 | linkshrink.net
 661 | grammarly.com
 662 | engadget.com
 663 | viralvideos.pro
 664 | groupon.com
 665 | wp.com
 666 | academia.edu
 667 | ajkzd9h.com
 668 | hotels.com
 669 | newegg.com
 670 | gyazo.com
 671 | python.org
 672 | nextlnk2.com
 673 | ca.gov
 674 | elbalad.news
 675 | jiameng.com
 676 | filehippo.com
 677 | kizlarsoruyor.com
 678 | lie2anyone.com
 679 | as.com
 680 | drive2.ru
 681 | wtoip.com
 682 | merdeka.com
 683 | europa.eu
 684 | zztdcl.ru
 685 | telewebion.com
 686 | bittrex.com
 687 | divar.ir
 688 | getpocket.com
 689 | si.com
 690 | smallpdf.com
 691 | torrentz2.eu
 692 | expedia.com
 693 | hatena.ne.jp
 694 | mercadolibre.com.ve
 695 | disqus.com
 696 | bancodevenezuela.com
 697 | freejobalert.com
 698 | drudgereport.com
 699 | google.tn
 700 | goo.gl
 701 | ebc.net.tw
 702 | wunderground.com
 703 | timeanddate.com
 704 | epochtimes.com
 705 | newtab-tv.com
 706 | google.com.gt
 707 | google.tm
 708 | mathrubhumi.com
 709 | kinogo.cc
 710 | 4shared.com
 711 | att.com
 712 | ali213.net
 713 | gogoanime.io
 714 | merriam-webster.com
 715 | mathworks.com
 716 | hespress.com
 717 | infourok.ru
 718 | harvard.edu
 719 | mysearch.com
 720 | namasha.com
 721 | el-nacional.com
 722 | interia.pl
 723 | hh.ru
 724 | buyma.com
 725 | chouftv.ma
 726 | eksisozluk.com
 727 | premierleague.com
 728 | lifehacker.com
 729 | nature.com
 730 | ecollege.com
 731 | gsmarena.com
 732 | goal.com
 733 | mawdoo3.com
 734 | nikkei.com
 735 | labanquepostale.fr
 736 | easypdfcombine.com
 737 | lenovo.com
 738 | uploaded.net
 739 | pinterest.co.uk
 740 | chron.com
 741 | tabelog.com
 742 | people.com
 743 | caixa.gov.br
 744 | yaplakal.com
 745 | lifewire.com
 746 | 3c.tmall.com
 747 | banesconline.com
 748 | corriere.it
 749 | intel.com
 750 | google.com.ec
 751 | lemonde.fr
 752 | uniqlo.tmall.com
 753 | epicgames.com
 754 | ebay.fr
 755 | 104.com.tw
 756 | 163.com
 757 | grid.id
 758 | thesun.co.uk
 759 | infusionsoft.com
 760 | hotstar.com
 761 | lefigaro.fr
 762 | realtor.com
 763 | thepennyhoarder.com
 764 | hatenablog.com
 765 | vnexpress.net
 766 | akva-komptlt.ru
 767 | awarded.party
 768 | brilio.net
 769 | rapidgator.net
 770 | subito.it
 771 | kijiji.ca
 772 | animeflv.net
 773 | techradar.com
 774 | google.com.my
 775 | adblitz.withyoutube.com
 776 | impress.co.jp
 777 | torrent9.bz
 778 | gdax.com
 779 | mobile01.com
 780 | google.lt
 781 | coindesk.com
 782 | tistory.com
 783 | comcast.net
 784 | livescore.com
 785 | yandex.ua
 786 | tamilrockers.tw
 787 | healthline.com
 788 | myfitnesspal.com
 789 | zhanqi.tv
 790 | rbc.ru
 791 | discover.com
 792 | ssl-images-amazon.com
 793 | hcg82f2b.com
 794 | myfriendlyappz.com
 795 | anybunny.mobi
 796 | nordstrom.com
 797 | meetup.com
 798 | meteofrance.com
 799 | ruten.com.tw
 800 | eanswers.com
 801 | theatlantic.com
 802 | mellowads.com
 803 | bitbucket.org
 804 | runoob.com
 805 | tube8.com
 806 | uptobox.com
 807 | adhoc2.net
 808 | cinecalidad.to
 809 | ninisite.com
 810 | issuu.com
 811 | 1and1.com
 812 | fromdoctopdf.com
 813 | offergold.online
 814 | java.com
 815 | bitly.com
 816 | kayak.com
 817 | readms.net
 818 | gstatic.com
 819 | ecosia.org
 820 | ccm.net
 821 | duolingo.com
 822 | nhk.or.jp
 823 | southwest.com
 824 | doodle.com
 825 | service-now.com
 826 | flirt4free.com
 827 | metropoles.com
 828 | superappbox.com
 829 | 4pda.ru
 830 | verizonwireless.com
 831 | pole-emploi.fr
 832 | kotaku.com
 833 | hootsuite.com
 834 | visualstudio.com
 835 | rutube.ru
 836 | kissasian.ch
 837 | trustpilot.com
 838 | google.iq
 839 | zapmeta.ws
 840 | deadline.com
 841 | usnews.com
 842 | weibo.cn
 843 | sportbible.com
 844 | nianhuo.tmall.com
 845 | umblr.com
 846 | indiamart.com
 847 | superuser.com
 848 | mirror.co.uk
 849 | jimdo.com
 850 | ask.fm
 851 | barraceful.com
 852 | nba.com
 853 | macys.com
 854 | namu.wiki
 855 | zzrednet.cn
 856 | zara.com
 857 | blogfa.com
 858 | techcrunch.com
 859 | shopee.tw
 860 | arxiv.org
 861 | norton.com
 862 | deviantart.net
 863 | pexels.com
 864 | udn.com
 865 | digitalprivacyalert.org
 866 | mobile.de
 867 | znanija.com
 868 | nvzhuang.tmall.com
 869 | psu.edu
 870 | spankbang.com
 871 | google.si
 872 | 11st.co.kr
 873 | study.com
 874 | doorblog.jp
 875 | cnnindonesia.com
 876 | cam4.com
 877 | bankmellat.ir
 878 | google.com.af
 879 | qualtrics.com
 880 | ukr.net
 881 | nptel.ac.in
 882 | sifyitest.com
 883 | fb.ru
 884 | vesti.ru
 885 | searchencrypt.com
 886 | epwk.com
 887 | fextralife.com
 888 | zougla.gr
 889 | news.com.au
 890 | gotporn.com
 891 | allocine.fr
 892 | tandfonline.com
 893 | yandex.kz
 894 | slate.com
 895 | bhphotovideo.com
 896 | youjizz.com
 897 | commentcamarche.net
 898 | axisbank.co.in
 899 | auction.co.kr
 900 | myworkday.com
 901 | tebyan.net
 902 | motherless.com
 903 | jw.org
 904 | creditkarma.com
 905 | mobafire.com
 906 | padlet.com
 907 | secureserver.net
 908 | utorrent.com
 909 | discuss.com.hk
 910 | agoda.com
 911 | ivi.ru
 912 | sinoptik.ua
 913 | dmv.org
 914 | urdupoint.com
 915 | videodownloadconverter.com
 916 | dafont.com
 917 | tvbs.com.tw
 918 | lazada.co.th
 919 | blpmovies.com
 920 | correios.com.br
 921 | gazetaexpress.com
 922 | gamespot.com
 923 | badoo.com
 924 | y8.com
 925 | codepen.io
 926 | thehill.com
 927 | aastocks.com
 928 | liveinternet.ru
 929 | purdue.edu
 930 | caf.fr
 931 | state.gov
 932 | popmyads.com
 933 | focus.de
 934 | myfreecams.com
 935 | qiita.com
 936 | comicbook.com
 937 | costco.com
 938 | android.com
 939 | asahi.com
 940 | tomsguide.com
 941 | zing.vn
 942 | 17track.net
 943 | nasa.gov
 944 | sputniknews.com
 945 | kp.ru
 946 | justdial.com
 947 | lazada.com.my
 948 | dwatchseries.to
 949 | fatosdesconhecidos.com.br
 950 | cnbeta.com
 951 | livestrong.com
 952 | uber.com
 953 | ebay.in
 954 | infobae.com
 955 | socialblade.com
 956 | cdninstagram.com
 957 | mileroticos.com
 958 | 58.com
 959 | okcupid.com
 960 | mercari.com
 961 | instructables.com
 962 | avast.com
 963 | digialm.com
 964 | egy.best
 965 | politico.com
 966 | fanfiction.net
 967 | internetdownloadmanager.com
 968 | bodybuilding.com
 969 | n11.com
 970 | mydrivers.com
 971 | conservativetribune.com
 972 | historyinorbit.com
 973 | subject.tmall.com
 974 | hawaaworld.com
 975 | cbc.ca
 976 | ted.com
 977 | huawei.com
 978 | els-cdn.com
 979 | berkeley.edu
 980 | unsplash.com
 981 | usaa.com
 982 | abcnews.go.com
 983 | americanas.com.br
 984 | wittyfeed.com
 985 | steemit.com
 986 | edx.org
 987 | lolesports.com
 988 | biblegateway.com
 989 | kinokrad.co
 990 | fanserials.org
 991 | hitomi.la
 992 | jeuxvideo.com
 993 | itmedia.co.jp
 994 | geeksforgeeks.org
 995 | speed-open2.com
 996 | td.com
 997 | pinterest.es
 998 | jqw.com
 999 | cimaclub.com
1000 | voirfilms.ws
1001 | 


--------------------------------------------------------------------------------
/assets/ClientConf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/refraction-networking/Metis/a56f9c49726972bfb6e48cff28a90940ead42714/assets/ClientConf


--------------------------------------------------------------------------------
/bloom/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2014 Will Fitzgerald. All rights reserved.
 2 | 
 3 | Redistribution and use in source and binary forms, with or without
 4 | modification, are permitted provided that the following conditions are
 5 | met:
 6 | 
 7 |    * Redistributions of source code must retain the above copyright
 8 | notice, this list of conditions and the following disclaimer.
 9 |    * Redistributions in binary form must reproduce the above
10 | copyright notice, this list of conditions and the following disclaimer
11 | in the documentation and/or other materials provided with the
12 | distribution.
13 | 
14 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
15 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
16 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
17 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
18 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
20 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


--------------------------------------------------------------------------------
/bloom/bloom.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | //TODO: What does Metis's license file have to look like if I include this?
 4 | 
 5 | import(
 6 | 	"github.com/willf/bloom"
 7 | )
 8 | 
 9 | var filter *bloom.BloomFilter
10 | 
11 | func initFilter(){
12 | 	//TODO: figure out how to size the filter correctly. Error rate?
13 | 	n := uint(1000)
14 | 	filter = bloom.New(20*n, 5)
15 | }
16 | 
17 | func addStr(str string){
18 | 	filter.Add([]byte(str))
19 | }
20 | 
21 | func testStr(str string) bool {
22 | 	return filter.Test([]byte(str))
23 | }
24 | 


--------------------------------------------------------------------------------
/defense.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/refraction-networking/Metis/a56f9c49726972bfb6e48cff28a90940ead42714/defense.pptx


--------------------------------------------------------------------------------
/meek_adapter.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"os/exec"
 5 | 	"os"
 6 | 	"log"
 7 | 	"fmt"
 8 | )
 9 | 
10 | func logKill(p *os.Process) error {
11 | 	log.Printf("killing PID %d", p.Pid)
12 | 	err := p.Kill()
13 | 	if err != nil {
14 | 		log.Print(err)
15 | 	}
16 | 	return err
17 | }
18 | 
19 | func runMeekClient(cmdName string, args []string) (cmd *exec.Cmd, err error) {
20 | 	//TODO: where to put meek's command line client?
21 | 	//Ellipsis allows you to pass a slice as a variadic parameter
22 | 	cmd = exec.Command(cmdName, args...)
23 | 	cmd.Stdout = os.Stdout
24 | 	cmd.Stderr = os.Stderr
25 | 	log.Printf("running meek-client command %q", cmd.Args)
26 | 	err = cmd.Start()
27 | 	if err != nil {
28 | 		return
29 | 	}
30 | 	log.Printf("meek-client started with pid %d", cmd.Process.Pid)
31 | 	err = cmd.Wait()
32 | 	if err != nil {
33 | 		fmt.Fprintln(os.Stderr, "Error waiting for Cmd", err)
34 | 		os.Exit(1)
35 | 	}
36 | 	return cmd, nil
37 | }
38 | 
39 | func configureEnv() (error) {
40 | 	err := os.Setenv("TOR_PT_MANAGED_TRANSPORT_VER", "1")
41 | 	if err != nil {
42 | 		return err
43 | 	}
44 | 	err = os.Setenv("TOR_PT_CLIENT_TRANSPORTS", "meek")
45 | 	return nil
46 | }
47 | 
48 | func main() {
49 | 	//TODO: put all configuration flags for PTs in a config file.
50 | 
51 | 	configureEnv()
52 | 
53 | 	//meek-client --url=https://meek-reflect.appspot.com/ --front=www.google.com
54 | 	cmd := "C:\\Users\\Audrey\\go\\src\\github.com\\arlolra\\meek\\meek-client\\meek-client.exe"
55 | 	args := []string{"--url=https://meek-reflect.appspot.com/", "--front=www.google.com", "--log=meek-client.log"}
56 | 	meekClientCmd, err := runMeekClient(cmd, args)
57 | 	if err != nil {
58 | 		log.Print(err)
59 | 		return
60 | 	}
61 | 	//TODO: Figure out what kind of message the client expects, and send it, because it isn't just a browser connection.
62 | 	defer logKill(meekClientCmd.Process)
63 | }
64 | 


--------------------------------------------------------------------------------
/metis.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/refraction-networking/Metis/a56f9c49726972bfb6e48cff28a90940ead42714/metis.pdf


--------------------------------------------------------------------------------
/notes.md:
--------------------------------------------------------------------------------
  1 | The process should look something like:
  2 | 1) Receive a connection and bytes from a local browser (e.g. "GET" or "CONNECT" stuff)
  3 | 2) Pass these bytes to some HTTP proxy library parser, that parses them and returns some HTTP request object
  4 | 3) Host/destination is extracted from the request object, and we determine if the request needs a proxy or not
  5 | 4) If it needs a proxy, pass the bytes to tapdance/whatever proxy system we're using. If it doesn't need a proxy,
  6 |  you pass the bytes to a local library that does the GET or CONNECT for you (aka, goproxy).
  7 | 
  8 | Metis goes here: browser -> Metis -> Tapdance client or local HTTP proxy
  9 | 
 10 | # TODO
 11 | 
 12 | This link might be useful: https://github.com/elazarl/goproxy
 13 | 
 14 | Notes on the Tapdance station:
 15 | the station runs in an ISP
 16 | you shouldn't have to worry too much about what it's doing
 17 | it terminates (is the other endpoint) of the HTTP proxy though
 18 | so normally, we have browser -> tapdance client
 19 | and then tapdance client -> tapdance station -> squid
 20 | and what the browser really sees, is that it's just talking to squid
 21 | (squid is an HTTP proxy)
 22 | Metis goes in between the browser and tapdance client, and decides, for each request, whether to use the tapdance client, or just fetch the request directly
 23 | if it's directly though, Metis COULD fetch it "itself" (implementing a local HTTP proxy, essentially), but likely there exists a go library that will do that for you like https://github.com/elazarl/goproxy
 24 | 
 25 | browser starts a connection to tapdance client (which starts a connection to tapdance station, (which starts a connection to squid))
 26 | then browser sends up that path the request
 27 | and receives back down the response
 28 | yeah, squid doesn't do any decoy routing (refraction networking)
 29 | the only things that do that are the tapdance client and tapdance station
 30 | you can think of it like, we provide transport of data between browser and squid
 31 | the browser doesn't know it's talking to tapdance, or what any of this stuff is
 32 | all it cares is: it connects to *something* that talks HTTP proxy
 33 | we encode and decode and transport that something, and ultimately it ends up at a squid instance
 34 | that squid instance doesn't know what connected to it (or anything about tapdance or decoy routing/refraction networking)
 35 | it just knows it gets a connection, and an HTTP proxy request
 36 | and then it fulfills that request, and sends a response
 37 | we take that response, encapsulate it back into the tapdance protocol, get it back down to the client, and then the client sends it back to the browser
 38 | 
 39 | but basically, the only things you'll see a browser produce is a `GET http://site.com/ HTTP/1.1` for HTTP requests, and a `CONNECT site.com:443 HTTP/1.1` for TLS
 40 | https://en.wikipedia.org/wiki/Proxy_server#Implementations_of_proxies
 41 | 
 42 | 
 43 | # Notes 10/2:
 44 | 
 45 | 1) If I get a GET request, close clientConn when? While clientConn is open (while it doesn't throw an error), 
 46 | response = http.defaultTransport(request). 
 47 | Forward response to client. 
 48 | 2) If I get a CONNECT request, it might be followed by an SSL handshake. Assuming the http parsing logic is right after
 49 |  accept(), stop parsing incoming msgs as HTTP right after you get a CONNECT and send the 200 OK. Switch to byte copying
 50 |  from then on, copy bytes from clientConn to remoteConn which you create using net.Dial.
 51 | 3) Close CONNECT clientConn when?
 52 | 4) accept() should return a socket sock. 
 53 | 5) TODO: replace goproxy with sergey's DualStream function from forward_proxy.
 54 | 6) Basically, the code I had at first is what should happen for GET requests. The code I have now should happen for CONNECTs.
 55 | Except that I should replace goproxy with DualStream.
 56 | 
 57 | tdConn, err := tapdance.Dial("tcp", "censoredsite.com:80")
 58 | 
 59 | # Notes 11/7
 60 | If a client goes to server.com/GET/getBlocked, server responds with the blocked list. RESTful API. There are libraries 
 61 | for this. Look at Coinbase's API for examples. Basically, each URL returns a requested piece of info. server.com/POST/addBlocked
 62 | should 
 63 | 
 64 | # Notes 11/8
 65 | 
 66 | Iran's censorship: a Lantern contributor says they determine a site to be blocked if:
 67 | 1) remote address resolves to 10.10.34.34
 68 | 2) response is 403 with an iframe to 10.10.34.34
 69 | 3) it times out
 70 | 4) EPIPE or ECONNRESET
 71 | 
 72 | Detecting DNS poisoning works as follows:
 73 | 1) Do the DNS resolution and get a lie
 74 | 2) Connect to it over TCP (because you don't know it's a lie yet) 
 75 | 3) it either doesn't respond (timeout), responds with a RST, or tries to inject a page. 
 76 | If it's TLS, it won't be able to inject a page, and its certificate won't match.
 77 | 
 78 | ##Notes 1/22
 79 | 
 80 | When Metis is run in China, and Firefox connects to it from the US, and is asked for www.google.com, AND google isn't on
 81 |  the blocked list, then the connection hangs indefinitely. So whatever response Metis gets when it tries to reach Google
 82 |  isn't being handled as evidence of a censored connection. Actually, Chrome exhibits the same behavior. This is a 
 83 |  critical bug, and evidence of a lack of knowledge of how to test code rigorously - something I should keep in mind for 
 84 |  future work. Solution for this one is probably to implement my own timeouts?
 85 |  
 86 |  ##Notes 2/3
 87 |  This website http://english.cri.cn/4406/2010/08/09/1981s587568.htm demonstrates an instance of "Tapdance responded with
 88 |   503 Service Unavailable" being displayed on the website in place of the (probably) ad meant to be there. When loaded
 89 |   through not-Tapdance, this item displays "comment.cri.cn’s server IP address could not be found."
 90 |   
 91 | http://libraries.colorado.edu/record=b3535240~S3 also causes problems. 
 92 | 
 93 | ##Notes 2/18
 94 | 
 95 | Symptoms of censorship observed so far:
 96 | 1) can't curl the page and can't ping the page: traffic to that domain is being dropped.
 97 | 2) Can ping, but can't curl the page: connection reset by peer, reset received, etc. Firewall sent a reset?
 98 | 3) Could not resolve host: DNS poisoning OR timeout from DNS server
 99 | 
100 | Broad categories of censorship:
101 | 1) News
102 | 2) Social media
103 | 3) Porn
104 | 
105 | OONIprobe has done this - detecting censorship
106 | How do we determine what evaluation metric tells us if a website is blocked?
107 | What kind of confidence to decide site is blocked? If curl ever gets through, out of 100 runs, site is not blocked.
108 | So how many failures to connect in a row do we need? Find how often a site connects, use that to say "odds of this many failure
109 | were 5%" or whatever. Take the minimum over all sites?
110 | 
111 | TODO:
112 | 1) Find out why Metis is only 70% accurate. Timeouts? Try through Metis again and figure out how often the blocked things are blocked.
113 | 2.5) Find out how many things fail through Metis, fail through testing script, always fail - use that to create evaluation metric
114 | 2) Redesign curl script for greater certainty that things I think are blocked, actually are. Use OONIprobe.
115 | Test how often I get each error - Fermi approximation.
116 | 
117 | For next Tues: ground truth and Metis's accuracy as compared to that ground truth
118 | Were the false positives from Metis actually just failed? There was a bug where they were getting logged in detour and failed.
119 | 
120 | 


--------------------------------------------------------------------------------
/proxy.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"log"
  5 | 	"net"
  6 | 	"net/http"
  7 | 	"io"
  8 | 	"bufio"
  9 | 	"net/url"
 10 | 	"github.com/sergeyfrolov/gotapdance/tapdance"
 11 | 	"fmt"
 12 | 	"strconv"
 13 | 	"sync"
 14 | 	"encoding/json"
 15 | 	"bytes"
 16 | 	"net/http/httputil"
 17 | 	"os"
 18 | 	//"math/rand"
 19 | 	"golang.org/x/net/proxy"
 20 | 	"errors"
 21 | 	"runtime"
 22 | 	"strings"
 23 | 	"time"
 24 | 	"math/rand"
 25 | )
 26 | 
 27 | type Endpoint struct {
 28 | 	listener net.Listener
 29 | 	mutex sync.RWMutex
 30 | }
 31 | 
 32 | type Website struct {
 33 | 	Domain string `json:"domain,omitempty"`
 34 | }
 35 | 
 36 | type SvrMsg struct {
 37 | 	Cohort int `json:"cohort,omitempty"`
 38 | 	Reports []int `json:"reports,omitempty"`
 39 | }
 40 | 
 41 | var client = &http.Client{
 42 | 	Transport: &http.Transport{
 43 | 		Dial: (&net.Dialer{
 44 | 			//Limits the time spent establishing a TCP connection (if a new one is needed)
 45 | 			//TODO: tweak this value. How? Time how long usual connections take. Valid to take avg over all domains?
 46 | 			Timeout:   5 * time.Second,
 47 | 			KeepAlive: 30 * time.Second,
 48 | 		}).Dial,
 49 | 		//limits the time spent performing the TLS handshake.
 50 | 		TLSHandshakeTimeout:   5 * time.Second,
 51 | 		//Limits time spent reading response headers. TODO: Possibly unnecessary?
 52 | 		ResponseHeaderTimeout: 10 * time.Second,
 53 | 		ExpectContinueTimeout: 1 * time.Second,
 54 | 	},
 55 | }
 56 | 
 57 | var transport string
 58 | var hmacSecret string
 59 | var cohort int
 60 | 
 61 | /*
 62 | Domains Metis is reasonably certain are censored are stored here.
 63 |  */
 64 | var blockedDomains []string
 65 | 
 66 | /*
 67 | Domains that Metis has trouble accessing for reasons that might not be censorship are stored here.
 68 |  */
 69 | var tempBlockedDomains []string
 70 | 
 71 | func contains(slice []string, s string) bool {
 72 | 	for _, e := range slice {
 73 | 		if strings.Contains(s, e) { return true}
 74 | 	}
 75 | 	return false
 76 | }
 77 | 
 78 | func isBlocked(url *url.URL) (bool) {
 79 | 	/*r := rand.Intn(100)
 80 | 	if r < 50 {
 81 | 		return false
 82 | 	} else {
 83 | 		return true
 84 | 	}*/
 85 | 	return true
 86 | 	//return contains(blockedDomains, url.Hostname()) || contains(tempBlockedDomains, url.Hostname())
 87 | }
 88 | 
 89 | func remove(s []string, e string) []string {
 90 | 	for i, ele := range s {
 91 | 		if ele==e && i+1 < len(s){
 92 | 			s = append(s[:i], s[i+1:]...)
 93 | 		} else if ele == e {
 94 | 			s = s[:i]
 95 | 		}
 96 | 	}
 97 | 	return s
 98 | }
 99 | 
100 | func getBlockedList() (error){
101 | 	req, err := http.NewRequest("GET", "HTTP://localhost:5000/blocked", nil)
102 | 	if err != nil {
103 | 		log.Println(err)
104 | 		return err
105 | 	}
106 | 	resp, err := client.Do(req)
107 | 	if err != nil {
108 | 		log.Println(err)
109 | 		return err
110 | 	}
111 | 	defer resp.Body.Close()
112 | 	//body, _ := ioutil.ReadAll(resp.Body)
113 | 	//fmt.Println("Body is: ", body)
114 | 	dec := json.NewDecoder(resp.Body)
115 | 
116 | 
117 | 	// read open bracket
118 | 	t, err := dec.Token()
119 | 	if err != nil {
120 | 		log.Println("In getBlockedList, ", err)
121 | 		return err
122 | 	}
123 | 	fmt.Printf("First character type: %T, character: %v\n", t, t)
124 | 
125 | 
126 | 	// while the array contains values
127 | 	for dec.More() {
128 | 		var site Website
129 | 		// decode an array value (Message)
130 | 		err := dec.Decode(&site)
131 | 		if err != nil {
132 | 			log.Println("In getBlockedList, ", err)
133 | 			return err
134 | 		}
135 | 		fmt.Printf("Domain: %v\n", site.Domain)
136 | 		if !contains(blockedDomains,site.Domain) {
137 | 			blockedDomains = append(blockedDomains, site.Domain)
138 | 		}
139 | 	}
140 | 
141 | 	// read closing bracket
142 | 	t, err = dec.Token()
143 | 	if err != nil {
144 | 		log.Println(err)
145 | 		return err
146 | 	}
147 | 	fmt.Printf("%T: %v\n", t, t)
148 | 	return nil
149 | }
150 | 
151 | func generateSecret(){
152 | 	rand.Seed(time.Now().UnixNano())
153 | 	var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
154 | 	b := make([]rune, 10)
155 | 	for i := range b {
156 | 		b[i] = letterRunes[rand.Intn(len(letterRunes))]
157 | 	}
158 | 	hmacSecret =  string(b)
159 | }
160 | 
161 | // If the buffer gets too slow, see pipe tutorial here:
162 | // https://medium.com/stupid-gopher-tricks/streaming-data-in-go-without-buffering-3285ddd2a1e5
163 | func updateMasterList() error {
164 | 	var buf bytes.Buffer
165 | 	var s SecureIrrRand
166 | 	var p Params
167 | 	p.init()
168 | 	s.init(p)
169 | 	var e Encoder
170 | 
171 | 	e.init(p, cohort, hmacSecret, &s)
172 | 	var rappor []int
173 | 	for i := 0; i < len(blockedDomains); i++ {
174 | 		//fmt.Println("Blocked domains[i]: ", blockedDomains[i])
175 | 		//fmt.Println(e.Encode([]byte(blockedDomains[i])))
176 | 		rappor = append(rappor, e.Encode([]byte(blockedDomains[i])))
177 | 	}
178 | 	svrMsg := SvrMsg{cohort, rappor}
179 | 	err := json.NewEncoder(&buf).Encode(svrMsg)
180 | 	if err != nil {
181 | 		return err
182 | 	}
183 | 	resp, err := http.Post("HTTP://localhost:5000/blocked", "application/json", &buf)
184 | 	if err != nil {
185 | 		return errors.New("Master list update failed with error "+err.Error())
186 | 	}
187 | 	if resp.StatusCode != 200 {
188 | 		return errors.New("Master list update failed with response "+string(resp.StatusCode))
189 | 	}
190 | 	fmt.Println("Post request completed successfully.")
191 | 	return nil
192 | }
193 | 
194 | func parseRequest(conn net.Conn)(*http.Request, error){
195 | 	connReader := bufio.NewReader(conn)
196 | 	req, err := http.ReadRequest(connReader)
197 | 	if err != nil {return nil, err}
198 | 	return req, nil
199 | }
200 | 
201 | func detectedTampering(id int, req *http.Request, resp *http.Response, err error) (bool, error) {
202 | 	//TODO: do resets get caught correctly here?
203 | 	//TODO: how to catch TLS certificate errors?
204 | 	netErr, ok := err.(net.Error)
205 | 	if ok {
206 | 		//Timeout, RST?
207 | 		log.Println(id, "Website timed out with network error ", netErr)
208 | 		blockedDomains = append(blockedDomains, req.URL.Hostname())
209 | 		return true, nil
210 | 	}
211 | 	_, ok = err.(*net.OpError)
212 | 	if ok {
213 | 		//Finds ECONNRESET and EPIPE?
214 | 		log.Println(id, "Website threw net.OpError ", err)
215 | 		blockedDomains = append(blockedDomains, req.URL.Hostname())
216 | 		return true, nil
217 | 	}
218 | 	if err != nil {
219 | 		log.Println(id, "Website threw unknown error ", err)
220 | 		//Don't add to blockedDomains because error wasn't due to censorship?
221 | 		return false, err
222 | 	} else {
223 | 		//HTTP poisoning: Iran only, code taken from https://github.com/getlantern/detour/blob/master/detect.go
224 | 		byteResp, dmpErr := httputil.DumpResponse(resp, true)
225 | 		if dmpErr != nil {
226 | 			err = errors.New("response couldn't be dumped to byte slice")
227 | 			return false, err
228 | 		}
229 | 		http403 := []byte("HTTP/1.1 403 Forbidden")
230 | 		iranIFrame := []byte(`<iframe src="http://10.10.34.34`)
231 | 		if bytes.HasPrefix(byteResp, http403) && bytes.Contains(byteResp, iranIFrame) {
232 | 			blockedDomains = append(blockedDomains, req.URL.Hostname())
233 | 			return true, nil
234 | 		}
235 | 		//TODO: Other tampering detection should go here
236 | 	}
237 | 	return false, nil
238 | }
239 | 
240 | func detectedFailedConn(err error) bool {
241 | 	//TODO: What errors will get thrown if a connection is censored? Distinguish them from non-censorship errs.
242 | 	//TODO: Should putting things in blocked lists go here?
243 | 	if err == nil {
244 | 		return false
245 | 	}
246 | 	return true
247 | }
248 | 
249 | func doHttpRequest(clientConn net.Conn, req *http.Request, id int) error {
250 | 	defer clientConn.Close()
251 | 	log.Println(id, ": Performing non-CONNECT HTTP request to ", req.Host)
252 | 	//http.Request has a field RequestURI that should be replaced by URL, RequestURI cannot be set for client.Do.
253 | 	req.RequestURI = ""
254 | 	resp, err := client.Do(req)
255 | 	if err != nil {
256 | 		return err
257 | 	}
258 | 	defer resp.Body.Close()
259 | 	tampered, tamperingErr := detectedTampering(id, req, resp, err)
260 | 	if tamperingErr != nil {
261 | 		log.Println("Error attempting to detect tampering: ", err)
262 | 		return err
263 | 	}
264 | 	if tampered {
265 | 		return connectToResource(clientConn, req, id, true)
266 | 
267 | 	}
268 | 	logDomains("direct", req.URL.Hostname(), id)
269 | 	err = resp.Write(clientConn)
270 | 	return err
271 | }
272 | 
273 | 
274 | func connectToTapdance(clientConn net.Conn, req *http.Request, id int) (net.Conn, error){
275 | 	port := req.URL.Port()
276 | 	host := req.URL.Hostname()
277 | 	if port == "" && req.TLS == nil {
278 | 		port = "80"
279 | 	} else if port == "" {
280 | 		port = "443"
281 | 	}
282 | 	remoteConn, err := tapdance.Dial("tcp", host+":"+port)
283 | 	return remoteConn, err
284 | }
285 | 
286 | func getMeekListeningPort() (string) {
287 | 	//TODO: Move to meek_adapter
288 | 	//TODO: Scrape meek's log file for last instance of "Listening on..."
289 | 	//TODO: Change log file name to global, pass in from proxy.go
290 | 	return "59094"
291 | }
292 | 
293 | func connectToMeek(clientConn net.Conn, req *http.Request, id int) (net.Conn, error) {
294 | 	proxy_addr := "127.0.0.1:"+getMeekListeningPort()
295 | 	socksDialer, err := proxy.SOCKS5("tcp", proxy_addr, nil, proxy.Direct)
296 | 	if err != nil {
297 | 		fmt.Fprintln(os.Stderr, "can't connect to the proxy:", err)
298 | 		return nil, err
299 | 	}
300 | 	port := req.URL.Port()
301 | 	host := req.URL.Hostname()
302 | 	if port == "" && req.TLS == nil {
303 | 		port = "80"
304 | 	} else if port == "" {
305 | 		port = "443"
306 | 	}
307 | 	//Check args on this
308 | 	//Returns remoteConn, err
309 | 	remoteConn, err := socksDialer.Dial("tcp", host+":"+port)
310 | 	if err != nil {
311 | 		fmt.Println(id,": Error dialing meek!")
312 | 	} else {
313 | 		fmt.Println(id, "Successfully dialed meek!")
314 | 		//n, err := remoteConn.Write([]byte("Hello world"))
315 | 		if err != nil {
316 | 			fmt.Println("Error writing to meek: ", err)
317 | 		}
318 | 		//fmt.Println(n, " bytes written to meek.")
319 | 	}
320 | 	return remoteConn, err
321 | }
322 | 
323 | func transmitError(clientConn net.Conn, err error){
324 | 	defer clientConn.Close()
325 | 	_, ok := err.(net.Error)
326 | 	if ok {
327 | 		clientConn.Write([]byte("HTTP/1.1 504 Gateway Timeout\r\n\r\n"))
328 | 		return
329 | 	}
330 | 	_, ok = err.(*net.OpError)
331 | 	if ok {
332 | 		clientConn.Write([]byte("HTTP/1.1 504 Gateway Timeout\r\n\r\n"))
333 | 		return
334 | 	}
335 | 	if err != nil {
336 | 		//TODO: Tapdance sometimes responds with HTTP errors (503 Service Unavailable), how do I make sure an error is an HTTP response?
337 | 		clientConn.Write([]byte(err.Error()))
338 | 	}
339 | }
340 | 
341 | func connectToTransport(clientConn net.Conn, req *http.Request, id int) (net.Conn, error){
342 | 	switch transport {
343 | 	case "meek":
344 | 		conn, err := connectToMeek(clientConn, req, id)
345 | 		//fmt.Println("Using meek: err = ", err)
346 | 		return conn, err
347 | 	case "tapdance":
348 | 		return connectToTapdance(clientConn, req, id)
349 | 	default:
350 | 		return connectToTapdance(clientConn, req, id)
351 | 	}
352 | }
353 | 
354 | func connectToResource(clientConn net.Conn, req *http.Request, id int, routeToTd bool) error {
355 | 	log.Println(id, ": CONNECTing to resource ", req.Host)
356 | 	var remoteConn net.Conn
357 | 	var err error
358 | 	errChan := make(chan error)
359 | 
360 | 	if !routeToTd {
361 | 		remoteConn, err = net.DialTimeout("tcp", req.URL.Hostname()+":"+req.URL.Port(), 5*time.Second)
362 | 		if detectedFailedConn(err) || err!=nil{
363 | 			log.Println("Goroutine", id, "failed to CONNECT to resource directly with error", err)
364 | 			tempBlockedDomains = append(tempBlockedDomains, req.URL.Hostname())
365 | 			remoteConn, err = connectToTransport(clientConn, req, id)
366 | 			if err != nil {
367 | 				tempBlockedDomains = remove(tempBlockedDomains, req.URL.Hostname())
368 | 				log.Println(id, ": Cannot connect to ", req.URL.Hostname(), ": ", err)
369 | 				logDomains("failed", req.URL.Hostname(), id)
370 | 				//TODO: Check this error handling.
371 | 				transmitError(clientConn, err)
372 | 				return err
373 | 			} else {
374 | 				blockedDomains = append(blockedDomains, req.URL.Hostname())
375 | 				logDomains("detour", req.URL.Hostname(), id)
376 | 			}
377 | 		} else {
378 | 			logDomains("direct", req.URL.Hostname(), id)
379 | 		}
380 | 	} else {
381 | 		remoteConn, err = connectToTransport(clientConn, req, id)
382 | 		if err != nil {
383 | 			//Try again
384 | 			//TODO: Should I be retrying to connect here like this?
385 | 			remoteConn, err = connectToTransport(clientConn, req, id)
386 | 		}
387 | 		if err != nil {
388 | 			//Request probably isn't going through, it failed twice.
389 | 			tempBlockedDomains = remove(tempBlockedDomains, req.URL.Hostname())
390 | 			log.Println(id, ": Cannot connect to Tapdance after two tries: ", err)
391 | 			logDomains("failed", req.URL.Hostname(), id)
392 | 			transmitError(clientConn, err)
393 | 			return err
394 | 		}
395 | 		logDomains("detour", req.URL.Hostname(), id)
396 | 		blockedDomains = append(blockedDomains, req.URL.Hostname())
397 | 	}
398 | 
399 | 	defer func() {
400 | 		remoteConn.Close()
401 | 		clientConn.Close()
402 | 		_ = <- errChan
403 | 	}()
404 | 
405 | 	if req.Method != "CONNECT" {
406 | 		requestDump, err := httputil.DumpRequestOut(req, req.Body != nil)
407 | 		fmt.Println(requestDump)
408 | 		if err != nil {
409 | 			fmt.Println(err)
410 | 			//TODO: return err here?
411 | 		}
412 | 		_, err = remoteConn.Write(requestDump)
413 | 		if err != nil {
414 | 			fmt.Println(err)
415 | 		}
416 | 		rBuf := make([]byte, 65536)
417 | 		_, err = io.CopyBuffer(clientConn, remoteConn, rBuf)
418 | 		if err != nil {
419 | 			log.Println("Error transmiting response from HTTP request through Tapdance to client: ", err)
420 | 			return err
421 | 		}
422 | 		return nil
423 | 	}
424 | 
425 | 	clientConn.Write([]byte("HTTP/1.1 200 Connection established\r\n\r\n"))
426 | 
427 | 	forwardFromClientToRemote := func() {
428 | 		cBuf := make([]byte, 65536)
429 | 		n, err := io.CopyBuffer(remoteConn, clientConn, cBuf)
430 | 		log.Println(id, ": Client request length: - ", n)
431 | 		errChan <- err
432 | 	}
433 | 
434 | 	forwardFromRemoteToClient := func() {
435 | 		rBuf := make([]byte, 65536)
436 | 		//remoteConn never sends EOF?
437 | 		n, err := io.CopyBuffer(clientConn, remoteConn, rBuf)
438 | 		log.Println(id, ": Remote response length: - ", n)
439 | 		errChan <- err
440 | 	}
441 | 
442 | 	go forwardFromClientToRemote()
443 | 	go forwardFromRemoteToClient()
444 | 
445 | 	err = <-errChan
446 | 	if err != nil {
447 | 		log.Println(err)
448 | 	}
449 | 	return err
450 | }
451 | 
452 | //Assumes clientConn is not nil. TODO: check assumption
453 | func handleConnection(clientConn net.Conn, id int) {
454 | 	//Parse the request as HTTP
455 | 	req, err := parseRequest(clientConn)
456 | 	if err == io.EOF { return }
457 | 	if err != nil {
458 | 		log.Println ("Error parsing HTTP request: ", err)
459 | 		clientConn.Write([]byte("HTTP/1.1 400 Bad request\r\n\r\n"))
460 | 		return
461 | 	}
462 | 	method := req.Method
463 | 	reqUrl := req.URL
464 | 
465 | 	//Check to see where request should be routed
466 | 	routeToTransport := isBlocked(reqUrl)
467 | 	log.Println("Goroutine", id, "is connecting to ", reqUrl)
468 | 	if !routeToTransport && method != "CONNECT" {
469 | 		err = doHttpRequest(clientConn, req, id)
470 | 		if err != nil {
471 | 			tempBlockedDomains = append(tempBlockedDomains, req.URL.Hostname())
472 | 			log.Println("Goroutine", id, "failed to connect directly with error", err)
473 | 			err = connectToResource(clientConn, req, id, true)
474 | 		}
475 | 	} else {
476 | 		err = connectToResource(clientConn, req, id, routeToTransport)
477 | 	}
478 | 	if err != nil {
479 | 		fmt.Println("Goroutine", id, "returned error", err)
480 | 	}
481 | }
482 | 
483 | func (e *Endpoint) handleConnection(clientConn net.Conn, id int, handler func(net.Conn, int)) {
484 | 	defer log.Println("Goroutine", id, "is closed. Number of goroutines:", runtime.NumGoroutine())
485 | 	handler(clientConn, id)
486 | }
487 | 
488 | func (e *Endpoint) Listen(port int, handler func(net.Conn, int)) error {
489 | 	id := 0
490 | 	var err error
491 | 	portStr := strconv.Itoa(port)
492 | 	e.listener, err = net.Listen("tcp", "127.0.0.1:"+portStr)
493 | 	if err != nil {
494 | 		log.Println("Unable to listen on port", portStr, err)
495 | 		return err
496 | 	}
497 | 	log.Println("Listening on", e.listener.Addr().String())
498 | 	for {
499 | 		//Spins until a request comes in
500 | 		conn, err := e.listener.Accept()
501 | 		if err != nil {
502 | 			log.Println("Failed accepting a connection request:", err)
503 | 			continue
504 | 		}
505 | 		go e.handleConnection(conn, id, handler)
506 | 		id++
507 | 	}
508 | }
509 | 
510 | func logDomains(logFile string, d string, id int) {
511 | 	domainLog, err := os.OpenFile("log/"+logFile+".txt",os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0666)
512 | 	if err != nil {
513 | 		log.Println("Couldn't open log file "+logFile+".txt")
514 | 		return
515 | 	}
516 | 	defer domainLog.Close()
517 | 	_, err = domainLog.WriteString(d+"\r\n")
518 | 	if err != nil {
519 | 		log.Println("Couldn't write to log file "+logFile+".txt")
520 | 		return
521 | 	}
522 | 	domainLog.Sync()
523 | }
524 | 
525 | func talkToServer() {
526 | 	for {
527 | 		if updateMasterList() != nil {
528 | 			log.Println("Error updating server with my blocked list!")
529 | 		}
530 | 		time.Sleep(300*time.Second)
531 | 	}
532 | }
533 | 
534 | func main() {
535 | 	log.SetFlags(log.LstdFlags | log.Lmicroseconds)
536 | 	endpt := new(Endpoint)
537 | 	transport = "tapdance"
538 | 	log.Println("Starting Metis proxy....")
539 | 	//Set the HMAC secret for generating the PRRs in RAPPOR
540 | 	generateSecret()
541 | 	//TODO: Have the server tell the client what cohort it belongs to?
542 | 	cohort=1
543 | 	//Ask the master server for the blocked list
544 | 	if getBlockedList() != nil {
545 | 		log.Println("Error getting blocked list, starting with empty blocked list!")
546 | 	}
547 | 	go talkToServer()
548 | 	endpt.Listen(8080, handleConnection)
549 | }
550 | 
551 | 


--------------------------------------------------------------------------------
/rappor_implementation.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"crypto/rand"
  6 | 	"encoding/binary"
  7 | 	"crypto/md5"
  8 | 	"io"
  9 | 	"crypto/hmac"
 10 | 	"crypto/sha256"
 11 | )
 12 | 
 13 | /*
 14 | RAPPOR encoding parameters.
 15 | These affect privacy/anonymity. See paper for details.
 16 |  */
 17 | type Params struct{
 18 | 	//k
 19 | 	numBloomBits int
 20 | 	//h
 21 | 	numHashes int
 22 | 	//m
 23 | 	numCohorts int
 24 | 	//p
 25 | 	probP float64
 26 | 	//q
 27 | 	probQ float64
 28 | 	//f
 29 | 	probF float64
 30 | }
 31 | 
 32 | func (p *Params) init(){
 33 | 	p.numBloomBits = 16
 34 | 	p.numHashes = 2
 35 | 	p.numCohorts = 64
 36 | 	p.probP = 0.50
 37 | 	p.probQ = 0.75
 38 | 	p.probF = 0.25
 39 | }
 40 | 
 41 | type SecureRandom struct {
 42 | 	probOne float64
 43 | 	numBits int
 44 | }
 45 | 
 46 | func (s *SecureRandom) setBits() (int, error) {
 47 | 	p := s.probOne
 48 | 	r := 0
 49 | 	b := make([]byte, s.numBits)
 50 | 	_, err := rand.Read(b)
 51 | 	if err != nil {
 52 | 		fmt.Println("error:", err)
 53 | 		return 0, err
 54 | 	}
 55 | 	var i uint
 56 | 	for i = 0; i < uint(s.numBits); i++ {
 57 | 		//fmt.Println("b[i]: ", uint(b[i]), ", p*256: ", uint(p*256))
 58 | 		if uint(b[i]) < uint(p*256) {
 59 | 			r |= 0x1 << i
 60 | 		}
 61 | 		//fmt.Printf("r: %04b\n", r)
 62 | 	}
 63 | 	return r, nil
 64 | 
 65 | }
 66 | 
 67 | func (s *SecureRandom) init(probOne float64, numBits int) (int, error){
 68 | 	s.probOne = probOne
 69 | 	s.numBits = numBits
 70 | 	r, err := s.setBits()
 71 | 	if err != nil {
 72 | 		return 0, err
 73 | 	}
 74 | 	//fmt.Println(r, err)
 75 | 	return r, nil
 76 | }
 77 | 
 78 | type SecureIrrRand struct {
 79 | 	pGen int
 80 | 	qGen int
 81 | 	numBits int
 82 | }
 83 | 
 84 | func (s *SecureIrrRand) init(params Params) {
 85 | 	s.numBits = params.numBloomBits
 86 | 	var sr SecureRandom
 87 | 	pGen, err := sr.init(params.probP, s.numBits)
 88 | 	if err != nil {
 89 | 		fmt.Println("Error generating pGen")
 90 | 	} else {
 91 | 		s.pGen = pGen
 92 | 	}
 93 | 	qGen, err := sr.init(params.probQ, s.numBits)
 94 | 	if err != nil {
 95 | 		fmt.Println("Error generating qGen")
 96 | 	} else {
 97 | 		s.qGen = qGen
 98 | 	}
 99 | }
100 | 
101 | func toBigEndian(i int64) []byte {
102 | 	/*Convert integer to 4-byte big endian string*/
103 | 	buf := make([]byte, binary.MaxVarintLen64)
104 | 	binary.PutVarint(buf, i)
105 | 	//fmt.Printf("%x\n", buf[:n])
106 | 	return buf
107 | }
108 | 
109 | func getBloomBits(word []byte, cohort int, numHashes int, numBloombits int) []int {
110 | 	/*
111 | 	Return an array of bits to set in the bloom filter.
112 | 	In the real report, we bitwise-OR them together.  In hash candidates, we put
113 | 	them in separate entries in the "map" matrix.
114 | 	*/
115 | 	//Cohort is 4 byte prefix
116 | 	//Need variadic ellipsis because word is []byte, not byte
117 | 	value := append(toBigEndian(int64(cohort)), word...)
118 | 	h := md5.New()
119 | 	io.WriteString(h, string(value))
120 | 	digest := h.Sum(nil)
121 | 
122 | 	// Each hash is a byte, which means we could have up to 256 bit Bloom filters.
123 | 	// There are 16 bytes in an MD5, in which case we can have up to 16 hash
124 | 	// functions per Bloom filter.
125 | 	if numHashes > len(digest) {
126 | 		fmt.Println("Error: can't have more than ", len(digest), " hashes")
127 | 		return []int{}
128 | 	}
129 | 	var retVal []int
130 | 	for i := 0; i < numHashes; i++ {
131 | 		retVal = append(retVal, int(digest[i])%numBloombits)
132 | 	}
133 | 	return retVal
134 | }
135 | 
136 | func getPrrMasks(secret string, word string, probF float64) (int, int){
137 | 	key := []byte(secret)
138 | 	hash := hmac.New(sha256.New, key)
139 | 	hash.Write([]byte(word))
140 | 	digestBytes := hash.Sum(nil)
141 | 	if len(digestBytes) != 32 {
142 | 		panic("digest_bytes needs to be 32 bytes long!")
143 | 	}
144 | 	threshold128 := probF*128
145 | 	uniform := 0
146 | 	fMask := 0
147 | 
148 | 	for i, ch := range digestBytes {
149 | 		byt := int(ch)
150 | 		uBit := byt & 0x01 //1 bit of entropy
151 | 		uniform |= uBit << uint(i) //maybe set bit in mask
152 | 		rand128 := byt >> 1 //7 bits of entropy
153 | 		var noiseBit int
154 | 		if float64(rand128) < threshold128 {
155 | 			noiseBit = 0x01
156 | 		} else {
157 | 			noiseBit = 0x00
158 | 		}
159 | 		fMask |= noiseBit << uint(i)
160 | 	}
161 | 	return uniform, fMask
162 | }
163 | 
164 | type Encoder struct{
165 | 	params Params
166 | 	cohort int
167 | 	secret string
168 | 	irrRand *SecureIrrRand
169 | }
170 | 
171 | func (e *Encoder) init(params Params, cohort int, secret string, irrRand *SecureIrrRand) {
172 | 	/*
173 | 	Args:
174 | 		params: RAPPOR Params() controlling privacy
175 | 		cohort: integer cohort, for Bloom hashing.
176 | 		secret: secret string, for the PRR to be a deterministic function of the
177 | 	reported value.
178 | 		irr_rand: IRR randomness interface.
179 | 	*/
180 | 	// RAPPOR params.  NOTE: num_cohorts isn't used.  p and q are used by irr_rand.
181 | 	e.params = params
182 | 	e.cohort = cohort
183 | 	e.secret = secret
184 | 	e.irrRand = irrRand
185 | }
186 | 
187 | func (e *Encoder) internalEncodeBits(bits int) (int, int){
188 | 	/*
189 | 	Helper function for simulation / testing.
190 | 	Returns:
191 | 		The PRR and IRR.  The PRR should never be sent over the network.
192 | 	*/
193 | 	// Compute Permanent Randomized Response (PRR). Uniform and fMask are 32 bits long.
194 | 	uniform, fMask := getPrrMasks(e.secret, string(toBigEndian(int64(bits))), e.params.probF)
195 | 	/*
196 | 	Suppose bit i of the Bloom filter is B_i.  Then bit i of the PRR is
197 | 	defined as:
198 | 		1   with prob f/2
199 | 		0   with prob f/2
200 | 		B_i with prob 1-f
201 | 
202 | 	Uniform bits are 1 with probability 1/2, and f_mask bits are 1 with
203 | 	probability f.  So in the expression below:
204 | 
205 | 	- Bits in (uniform & f_mask) are 1 with probability f/2.
206 | 	- (bloom_bits & ~f_mask) clears a bloom filter bit with probability
207 | 	f, so we get B_i with probability 1-f.
208 | 	- The remaining bits are 0, with remaining probability f/2.
209 | 	*/
210 | 	//TODO: Make certain that ^x in Go === ~x in Python
211 | 	prr := (int(bits) & ^fMask) | (uniform & fMask)
212 | 
213 | 	// Compute Instantaneous Randomized Response (IRR).
214 | 	// If PRR bit is 0, IRR bit is 1 with probability p.
215 | 	// If PRR bit is 1, IRR bit is 1 with probability q.
216 | 	e.irrRand.init(e.params)
217 | 	pBits := e.irrRand.pGen
218 | 	qBits := e.irrRand.qGen
219 | 
220 | 	irr := (pBits & ^prr) | (qBits & prr)
221 | 
222 | 	return prr, irr  // IRR is the rappor
223 | }
224 | 
225 | func (e *Encoder) internalEncode(word []byte) (int, int, int) {
226 | 	/*
227 | 	Helper function for simulation / testing.
228 | 	Returns:
229 | 		The Bloom filter bits, PRR, and IRR.  The first two values should never
230 | 		be sent over the network.
231 | 	*/
232 | 	bloomBits := getBloomBits(word, e.cohort, e.params.numHashes, e.params.numBloomBits)
233 | 	bloom := 0
234 | 	for bitToSet := range bloomBits {
235 | 		bloom |= 1 << uint(bitToSet)
236 | 	}
237 | 	prr, irr := e.internalEncodeBits(bloom)
238 | 	return bloom, prr, irr
239 | }
240 | 
241 | func (e *Encoder) encodeBits(bits int) int {
242 | 	/*
243 | 	Encode a string with RAPPOR.
244 | 	Args:
245 | 		bits: An integer representing bits to encode.
246 | 	Returns:
247 | 		An integer that is the IRR (Instantaneous Randomized Response).
248 | 	*/
249 | 	_, irr := e.internalEncodeBits(bits)
250 | 	return irr
251 | }
252 | 
253 | func (e *Encoder) Encode(word []byte) int {
254 | 	/*Encode a string with RAPPOR.
255 | Args:
256 | word: the string that should be privately transmitted.
257 | 		Returns:
258 | 	An integer that is the IRR (Instantaneous Randomized Response).
259 | 	*/
260 | 	_, _, irr := e.internalEncode(word)
261 | 	return irr
262 | }
263 | 
264 | func estimateSetBits(reports []int, params Params) []float64 {
265 | 	/*
266 | 	Estimate which bits were truly set in B for a particular cohort.
267 | 	Returns: Y, a slice of the number of times each bit was estimated
268 | 	to have been truly set in B.
269 | 	This function will be called for each cohort. j represents the jth
270 | 	cohort and is included only to keep variable names matching the paper.
271 | 	 */
272 | 	p := params.probP
273 | 	q := params.probQ
274 | 	f := params.probF
275 | 	Nj := float64(len(reports))
276 | 	var Y_j []float64
277 | 	for i:=0; i<32; i++ {
278 | 		c_ij := 0.0
279 | 		for _, rep := range reports {
280 | 			if rep & (1<<uint(i)) == 1 {
281 | 				c_ij += 1.0
282 | 			}
283 | 		}
284 | 		t_ij := c_ij-(p+0.5*f*q-0.5*f*p)*Nj/((1-f)*(q-p))
285 | 		Y_j = append(Y_j, t_ij)
286 | 	}
287 | 	return Y_j
288 | }
289 | 
290 | /*func main() {
291 | 	//var s SecureRandom
292 | 	//s.init(0.5,4)
293 | 	//s.setBits()
294 | 	var s SecureIrrRand
295 | 	var p Params
296 | 	p.init()
297 | 	s.init(p)
298 | 	getBloomBits([]byte("asdf"), 0, 0, 0)
299 | 	var e Encoder
300 | 	e.init(p, 1,"my secret string is very secret", &s)
301 | 	rep1 := e.encode([]byte("google.com"))
302 | 	rep2 := e.encode([]byte("facebook.com"))
303 | 	fmt.Println(rep1, ", ", rep2)
304 | }*/


--------------------------------------------------------------------------------
/server/LICENSE_trie:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2013 Florian von Bock
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of
 6 | this software and associated documentation files (the "Software"), to deal in
 7 | the Software without restriction, including without limitation the rights to
 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
 9 | the Software, and to permit persons to whom the Software is furnished to do so,
10 | subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


--------------------------------------------------------------------------------
/server/alexa_random_100.txt:
--------------------------------------------------------------------------------
  1 | google.com.au
  2 | ebay.com
  3 | facebook.com
  4 | google.com.hk
  5 | youtube.com
  6 | google.com.ar
  7 | tribunnews.com
  8 | adobe.com
  9 | imdb.com
 10 | pornhub.com
 11 | google.fr
 12 | twitch.tv
 13 | cnn.com
 14 | stackoverflow.com
 15 | dropbox.com
 16 | vk.com
 17 | google.com.tw
 18 | live.com
 19 | alipay.com
 20 | google.co.in
 21 | msn.com
 22 | bongacams.com
 23 | t.co
 24 | imgur.com
 25 | googleusercontent.com
 26 | amazon.co.uk
 27 | livejasmin.com
 28 | google.com.tr
 29 | google.com.eg
 30 | yandex.ru
 31 | ok.ru
 32 | hao123.com
 33 | gmw.cn
 34 | tmall.com
 35 | aliexpress.com
 36 | paypal.com
 37 | amazon.de
 38 | google.ru
 39 | mail.ru
 40 | microsoftonline.com
 41 | wikia.com
 42 | login.tmall.com
 43 | apple.com
 44 | google.pl
 45 | yahoo.co.jp
 46 | xnxx.com
 47 | pages.tmall.com
 48 | blogspot.com
 49 | wikipedia.org
 50 | netflix.com
 51 | wordpress.com
 52 | naver.com
 53 | google.co.jp
 54 | bbc.co.uk
 55 | weibo.com
 56 | deloton.com
 57 | pinterest.com
 58 | microsoft.com
 59 | instagram.com
 60 | popads.net
 61 | linkedin.com
 62 | savefrom.net
 63 | coccoc.com
 64 | xvideos.com
 65 | amazon.co.jp
 66 | google.com.mx
 67 | soso.com
 68 | mozilla.org
 69 | amazon.com
 70 | google.co.uk
 71 | sina.com.cn
 72 | baidu.com
 73 | google.co.id
 74 | google.es
 75 | xhamster.com
 76 | google.com
 77 | diply.com
 78 | taobao.com
 79 | reddit.com
 80 | google.nl
 81 | whatsapp.com
 82 | google.it
 83 | qq.com
 84 | twitter.com
 85 | csdn.net
 86 | google.de
 87 | office.com
 88 | jd.com
 89 | github.com
 90 | tumblr.com
 91 | google.co.th
 92 | yahoo.com
 93 | sohu.com
 94 | google.ca
 95 | google.com.br
 96 | google.com.sa
 97 | espn.com
 98 | 360.cn
 99 | bing.com
100 | so.com


--------------------------------------------------------------------------------
/server/rappor_analysis.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | """
  3 | Created on Fri Mar 30 12:14:23 2018
  4 | 
  5 | @author: Audrey
  6 | """
  7 | 
  8 | # Copyright 2014 Google Inc. All rights reserved.
  9 | #
 10 | # Licensed under the Apache License, Version 2.0 (the "License");
 11 | # you may not use this file except in compliance with the License.
 12 | # You may obtain a copy of the License at
 13 | #
 14 | #     http://www.apache.org/licenses/LICENSE-2.0
 15 | #
 16 | # Unless required by applicable law or agreed to in writing, software
 17 | # distributed under the License is distributed on an "AS IS" BASIS,
 18 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 19 | # See the License for the specific language governing permissions and
 20 | # limitations under the License.
 21 | 
 22 | #NOTE (Audrey): To run this code, use git bash, which is running python 2.7 for some 
 23 | #reason. Don't use Spyder, it's on 3.6.
 24 | 
 25 | """RAPPOR client library.
 26 | Privacy is ensured without a third party by only sending RAPPOR'd data over the
 27 | network (as opposed to raw client data).
 28 | Note that we use MD5 for the Bloom filter hash function. (security not required)
 29 | """
 30 | import csv
 31 | import hashlib
 32 | import hmac
 33 | import json
 34 | import struct
 35 | import sys
 36 | import numpy as np
 37 | import time
 38 | import statsmodels.api as sm
 39 | 
 40 | from random import SystemRandom
 41 | from sklearn import linear_model
 42 | 
 43 | class Error(Exception):
 44 |   pass
 45 | 
 46 | 
 47 | def log(msg, *args):
 48 |   if args:
 49 |     msg = msg % args
 50 |   print >>sys.stderr, msg
 51 | 
 52 | 
 53 | class Params(object):
 54 |   """RAPPOR encoding parameters.
 55 |   These affect privacy/anonymity.  See the paper for details.
 56 |   """
 57 |   def __init__(self, num_bloombits=16, num_hashes=2, num_cohorts=64, 
 58 |                prob_p=0.50, prob_q=0.75, prob_f=0.50):
 59 |     self.num_bloombits = num_bloombits      # Number of bloom filter bits (k)
 60 |     self.num_hashes = num_hashes          # Number of bloom filter hashes (h)
 61 |     self.num_cohorts = num_cohorts        # Number of cohorts (m) was 64
 62 |     self.prob_p = prob_p           # Probability p
 63 |     self.prob_q = prob_q           # Probability q
 64 |     self.prob_f = prob_f           # Probability f
 65 | 
 66 |   # For testing
 67 |   def __eq__(self, other):
 68 |     return self.__dict__ == other.__dict__
 69 | 
 70 |   def __repr__(self):
 71 |     return repr(self.__dict__)
 72 | 
 73 |   def to_json(self):
 74 |     """Convert this instance to JSON.
 75 |     The names are be compatible with the apps/api server.
 76 |     """
 77 |     return json.dumps({
 78 |         'numBits': self.num_bloombits,
 79 |         'numHashes': self.num_hashes,
 80 |         'numCohorts': self.num_cohorts,
 81 |         'probPrr': self.prob_f,
 82 |         'probIrr0': self.prob_p,
 83 |         'probIrr1': self.prob_q,
 84 |     })
 85 | 
 86 |   # NOTE:
 87 |   # - from_csv is currently used in sum_bits.py
 88 |   # - to_csv is in rappor_sim.print_params
 89 |   @staticmethod
 90 |   def from_csv(f):
 91 |     """Read the RAPPOR parameters from a CSV file.
 92 |     Args:
 93 |       f: file handle
 94 |     Returns:
 95 |       Params instance.
 96 |     Raises:
 97 |       rappor.Error: when the file is malformed.
 98 |     """
 99 |     c = csv.reader(f)
100 |     ok = False
101 |     p = Params()
102 |     for i, row in enumerate(c):
103 | 
104 |       if i == 0:
105 |         if row != ['k', 'h', 'm', 'p', 'q', 'f']:
106 |           raise Error('Header %s is malformed; expected k,h,m,p,q,f' % row)
107 | 
108 |       elif i == 1:
109 |         try:
110 |           # NOTE: May raise exceptions
111 |           p.num_bloombits = int(row[0])
112 |           p.num_hashes = int(row[1])
113 |           p.num_cohorts = int(row[2])
114 |           p.prob_p = float(row[3])
115 |           p.prob_q = float(row[4])
116 |           p.prob_f = float(row[5])
117 |         except (ValueError, IndexError) as e:
118 |           raise Error('Row is malformed: %s' % e)
119 |         ok = True
120 | 
121 |       else:
122 |         raise Error('Params file should only have two rows')
123 | 
124 |     if not ok:
125 |       raise Error("Expected second row with params")
126 | 
127 |     return p
128 | 
129 | 
130 | class _SecureRandom(object):
131 |   """Returns an integer where each bit has probability p of being 1."""
132 | 
133 |   def __init__(self, prob_one, num_bits):
134 |     self.prob_one = prob_one
135 |     self.num_bits = num_bits
136 | 
137 |   def __call__(self):
138 |     p = self.prob_one
139 |     rand = SystemRandom()
140 |     r = 0
141 | 
142 |     for i in xrange(self.num_bits):
143 |       bit = rand.random() < p
144 |       r |= (bit << i)  # using bool as int
145 |     return r
146 | 
147 | 
148 | class SecureIrrRand(object):
149 |   """Python's os.random()"""
150 | 
151 |   def __init__(self, params):
152 |     """
153 |     Args:
154 |       params: rappor.Params
155 |     """
156 |     num_bits = params.num_bloombits
157 |     # IRR probabilities
158 | 
159 |     self.p_gen = _SecureRandom(params.prob_p, num_bits)
160 |     self.q_gen = _SecureRandom(params.prob_q, num_bits)
161 | 
162 | 
163 | def to_big_endian(i):
164 |   """Convert an integer to a 4 byte big endian string.  Used for hashing."""
165 |   # https://docs.python.org/2/library/struct.html
166 |   # - Big Endian (>) for consistent network byte order.
167 |   # - L means 4 bytes when using >
168 |   return struct.pack('>L', i)
169 | 
170 | 
171 | def get_bloom_bits(word, cohort, num_hashes, num_bloombits):
172 |   """Return an array of bits to set in the bloom filter.
173 |   In the real report, we bitwise-OR them together.  In hash candidates, we put
174 |   them in separate entries in the "map" matrix.
175 |   """
176 |   value = to_big_endian(cohort) + word  # Cohort is 4 byte prefix.
177 |   md5 = hashlib.md5(value)
178 | 
179 |   digest = md5.digest()
180 | 
181 |   # Each has is a byte, which means we could have up to 256 bit Bloom filters.
182 |   # There are 16 bytes in an MD5, in which case we can have up to 16 hash
183 |   # functions per Bloom filter.
184 |   if num_hashes > len(digest):
185 |     raise RuntimeError("Can't have more than %d hashes" % md5)
186 | 
187 |   #log('hash_input %r', value)
188 |   #log('Cohort %d', cohort)
189 |   #log('MD5 %s', md5.hexdigest())
190 | 
191 |   return [ord(digest[i]) % num_bloombits for i in xrange(num_hashes)]
192 | 
193 | 
194 | def get_prr_masks(secret, word, prob_f, num_bits):
195 |   h = hmac.new(secret, word, digestmod=hashlib.sha256)
196 |   #log('word %s, secret %s, HMAC-SHA256 %s', word, secret, h.hexdigest())
197 | 
198 |   # Now go through each byte
199 |   digest_bytes = h.digest()
200 |   assert len(digest_bytes) == 32
201 | 
202 |   # Use 32 bits.  If we want 64 bits, it may be fine to generate another 32
203 |   # bytes by repeated HMAC.  For arbitrary numbers of bytes it's probably
204 |   # better to use the HMAC-DRBG algorithm.
205 |   if num_bits > len(digest_bytes):
206 |     raise RuntimeError('%d bits is more than the max of %d', num_bits, len(d))
207 | 
208 |   threshold128 = prob_f * 128
209 | 
210 |   uniform = 0
211 |   f_mask = 0
212 | 
213 |   for i in xrange(num_bits):
214 |     ch = digest_bytes[i]
215 |     byte = ord(ch)
216 | 
217 |     u_bit = byte & 0x01  # 1 bit of entropy
218 |     uniform |= (u_bit << i)  # maybe set bit in mask
219 | 
220 |     rand128 = byte >> 1  # 7 bits of entropy
221 |     noise_bit = (rand128 < threshold128)
222 |     f_mask |= (noise_bit << i)  # maybe set bit in mask
223 | 
224 |   return uniform, f_mask
225 | 
226 | 
227 | def bit_string(irr, num_bloombits):
228 |   """Like bin(), but uses leading zeroes, and no '0b'."""
229 |   s = ''
230 |   bits = []
231 |   for bit_num in xrange(num_bloombits):
232 |     if irr & (1 << bit_num):
233 |       bits.append('1')
234 |     else:
235 |       bits.append('0')
236 |   return ''.join(reversed(bits))
237 | 
238 | 
239 | class Encoder(object):
240 |   """Obfuscates values for a given user using the RAPPOR privacy algorithm."""
241 | 
242 |   def __init__(self, params, cohort, secret, irr_rand):
243 |     """
244 |     Args:
245 |       params: RAPPOR Params() controlling privacy
246 |       cohort: integer cohort, for Bloom hashing.
247 |       secret: secret string, for the PRR to be a deterministic function of the
248 |         reported value.
249 |       irr_rand: IRR randomness interface.
250 |     """
251 |     # RAPPOR params.  NOTE: num_cohorts isn't used.  p and q are used by
252 |     # irr_rand.
253 |     self.params = params
254 |     self.cohort = cohort  # associated: MD5
255 |     self.secret = secret  # associated: HMAC-SHA256
256 |     self.irr_rand = irr_rand  # p and q used
257 | 
258 |   def _internal_encode_bits(self, bits):
259 |     """Helper function for simulation / testing.
260 |     Returns:
261 |       The PRR and IRR.  The PRR should never be sent over the network.
262 |     """
263 |     # Compute Permanent Randomized Response (PRR).
264 |     uniform, f_mask = get_prr_masks(
265 |         self.secret, to_big_endian(bits), self.params.prob_f,
266 |         self.params.num_bloombits)
267 | 
268 |     # Suppose bit i of the Bloom filter is B_i.  Then bit i of the PRR is
269 |     # defined as:
270 |     #
271 |     # 1   with prob f/2
272 |     # 0   with prob f/2
273 |     # B_i with prob 1-f
274 | 
275 |     # Uniform bits are 1 with probability 1/2, and f_mask bits are 1 with
276 |     # probability f.  So in the expression below:
277 |     #
278 |     # - Bits in (uniform & f_mask) are 1 with probability f/2.
279 |     # - (bloom_bits & ~f_mask) clears a bloom filter bit with probability
280 |     # f, so we get B_i with probability 1-f.
281 |     # - The remaining bits are 0, with remaining probability f/2.
282 | 
283 |     prr = (bits & ~f_mask) | (uniform & f_mask)
284 | 
285 |     #log('U %s / F %s', bit_string(uniform, num_bits),
286 |     #    bit_string(f_mask, num_bits))
287 | 
288 |     #log('B %s / PRR %s', bit_string(bloom_bits, num_bits),
289 |     #    bit_string(prr, num_bits))
290 | 
291 |     # Compute Instantaneous Randomized Response (IRR).
292 |     # If PRR bit is 0, IRR bit is 1 with probability p.
293 |     # If PRR bit is 1, IRR bit is 1 with probability q.
294 |     p_bits = self.irr_rand.p_gen()
295 |     q_bits = self.irr_rand.q_gen()
296 | 
297 |     irr = (p_bits & ~prr) | (q_bits & prr)
298 | 
299 |     return prr, irr  # IRR is the rappor
300 | 
301 |   def _internal_encode(self, word):
302 |     """Helper function for simulation / testing.
303 |     Returns:
304 |       The Bloom filter bits, PRR, and IRR.  The first two values should never
305 |       be sent over the network.
306 |     """
307 |     bloom_bits = get_bloom_bits(word, self.cohort, self.params.num_hashes,
308 |                                 self.params.num_bloombits)
309 | 
310 |     bloom = 0
311 |     for bit_to_set in bloom_bits:
312 |       bloom |= (1 << bit_to_set)
313 | 
314 |     prr, irr = self._internal_encode_bits(bloom)
315 |     return bloom, prr, irr
316 | 
317 |   def encode_bits(self, bits):
318 |     """Encode a string with RAPPOR.
319 |     Args:
320 |       bits: An integer representing bits to encode.
321 |     Returns:
322 |       An integer that is the IRR (Instantaneous Randomized Response).
323 |     """
324 |     _, irr = self._internal_encode_bits(bits)
325 |     return irr
326 | 
327 |   def encode(self, word):
328 |     """Encode a string with RAPPOR.
329 |     Args:
330 |       word: the string that should be privately transmitted.
331 |     Returns:
332 |       An integer that is the IRR (Instantaneous Randomized Response).
333 |     """
334 |     _, _, irr = self._internal_encode(word)
335 |     return irr
336 | 
337 | p = Params()
338 | s = SecureIrrRand(p)
339 | e = Encoder(p, 1, "my secret string", s)
340 | 
341 | '''results = []
342 | for i in range(0, 100):
343 |     results.append(e.encode(bytearray("www.google.com", 'utf-8')))
344 | #print(results)
345 | 
346 | domains = ["google.com", "facebook.com", "baidu.com", "twitter.com", "bongacams.com"]
347 | blooms = []
348 | for domain in domains:
349 |     bloom, _, _ = e._internal_encode(domain)
350 |     blooms.append(bloom)
351 | print(blooms)
352 | '''
353 | 
354 | def generateReports(params, domains, numDuplicates):
355 |     s = SecureIrrRand(p)
356 |     reports = {}
357 |     for cohort in range(0, params.num_cohorts):
358 |         e = Encoder(params, cohort, "my secret string", s)
359 |         reportsPerCohort = []
360 |         for i in range(0, numDuplicates):
361 |             for d in domains:
362 |                 reportsPerCohort.append(e.encode(d))
363 |         reports[cohort] = reportsPerCohort
364 |     return reports
365 | 
366 | def estimateSetBits(reports, params):
367 |     """
368 |     Estimate which bits were truly set in B for a particular cohort.
369 |     
370 |     Returns: Y, a slice of the number of times each bit was estimated
371 |     to have been truly set in B.
372 |     
373 |     This function will be called for each cohort. j represents the jth
374 |     cohort and is included only to keep variable names matching the paper.
375 |     """
376 |     p = params.prob_p
377 |     q = params.prob_q
378 |     f = params.prob_f
379 |     Nj = len(reports)
380 |     Y_j = []
381 |     for i in range(0,params.num_bloombits):
382 |         c_ij = 0.0
383 |         for rep in reports:
384 |             ithBit = (rep & (1<<i))>>i
385 |             #print("Rep: ", "{0:b}".format(rep), ", ith bit: ", ithBit)
386 |             if ithBit == 1:
387 |                 c_ij += 1.0
388 |         #print("C_ij is: ", c_ij)
389 |         t_ij = (c_ij-(p+0.5*f*q-0.5*f*p)*Nj)/((1-f)*(q-p))
390 |         Y_j.append(t_ij)
391 |     return Y_j
392 | 
393 | def getDomains(numDomains):
394 |     try:
395 |         domainFile = open('alexa_top.txt', 'r')
396 |     except:
397 |         print("Couldn't open file")
398 |     domains = []
399 | 
400 |     for line in domainFile:
401 |         #print(line.rstrip())
402 |         domains.append(line.rstrip())
403 |     return domains[0:numDomains]
404 | 
405 | def getBloomFilters(domains, cohorts, numHashes, numBloomBits):
406 |     """cohorts is a list of the cohorts that were reported this time"""
407 |     blooms = {}
408 |     for m in cohorts:
409 |         bloomsForCohort = []
410 |         for d in domains:
411 |             bits = get_bloom_bits(d, m, numHashes, numBloomBits)
412 |             #print("Cohort ", m, ": Bits for ", d, " are: ", bits)
413 |             bloomsForCohort.append(bits)
414 |         blooms[m] = bloomsForCohort
415 |     #print("Blooms:")
416 |     #print(blooms)
417 |     return blooms
418 | 
419 | def makeDesignMatrix(params, cohorts, numDomains):
420 |     """"cohorts is a list of the cohorts that were reported this time"""
421 |     k = params.num_bloombits #number of bits in Bloom filter
422 |     m = len(cohorts)
423 |     #M is number of candidate strings
424 |     #h is the number of hash functions per cohort
425 |     domains = getDomains(numDomains)
426 |     blooms = getBloomFilters(domains, cohorts, params.num_hashes, params.num_bloombits)
427 |     
428 |     X = np.zeros([k*m, numDomains])
429 |     
430 |     for cohort in blooms:
431 |         #print("Cohort: ", cohort)
432 |         domainColumn = 0
433 |         rowChunk = 0
434 |         for domain in blooms[cohort]:
435 |             #domain is a list of the bits that need to be set
436 |             for bitToSet in domain:
437 |                 X[rowChunk*k+bitToSet, domainColumn] = 1
438 |             domainColumn+=1
439 |         rowChunk += 1
440 |     #print(X)
441 |     return X, domains
442 | 
443 | def doLassoRegression(params, numDomains, reports):
444 |     #reports is supposed to be a dictionary whose keys are the cohort number and whose values are the list of reports from that cohort
445 |     #This needs to be rethought because every time we run this code, we're only using one cohort
446 |     #Need to redesign on client side to send cohort #
447 |     #So server needs to send cohort # when client first requests blocked list
448 |     X, domains = makeDesignMatrix(params, reports.keys(), numDomains)
449 |     Y_list = []
450 |     for key in reports:
451 |         Y_j = estimateSetBits(reports[key], params)
452 |         Y_list.append(Y_j)
453 |     Y = np.array(Y_list)
454 |     Y = Y.flatten()
455 | 
456 |     print("********X_shape: ", X.shape, ", y-shape: ", Y.shape)
457 |     linreg = linear_model.LassoCV(n_alphas=10, cv=10)
458 |     linreg.fit(X,Y)
459 |     print("Coefficients: ", linreg.coef_)
460 |     print("Alpha: ", linreg.alpha_)
461 |     return X, Y, linreg, domains
462 | 
463 | def doLinearRegression(X, Y, M):
464 |     X = sm.add_constant(X)
465 |     ols = sm.OLS(Y,X)
466 |     results = ols.fit()
467 |     #Apply Bonferroni error correction
468 |     bonferroni_alpha = 0.05/M
469 |     #Remove the first p-value: it's for the added constant term, not a coefficient associated with a domain
470 |     p_vals = results.pvalues[1:]
471 |     
472 |     return np.where(p_vals <= bonferroni_alpha)[0]
473 |     
474 | def testAllTheThings(numReportedDomains, numTotalDomains, numDuplicates):
475 |     domainsToReport = getDomains(numReportedDomains)
476 |     print("Domains to report:", domainsToReport)
477 |     
478 |     prob_fs = [0.0, 0.01, 0.1, 0.25, 0.5]
479 |     coefs = {}
480 |     for f in prob_fs:
481 |         p = Params(prob_f=f)
482 |         reports = generateReports(p, domainsToReport, numDuplicates)
483 |         print("Reports:", len(reports[0]))
484 |         coefs[f] = doLassoRegression(p, numTotalDomains, reports)
485 |     return coefs
486 | 
487 | def readRapporReports(filename):
488 |     reportFile = open(filename, 'r')
489 |     reps = []
490 |     for line in reportFile:
491 |         reps.append(int(line.rstrip()))
492 |     reportFile.close()
493 |     return reps
494 | 
495 | def analyzeReports(reps, params, numDomains):
496 |     lassX, lassY, lassoReg, domains = doLassoRegression(params, numDomains, reps)
497 |     relevantDomains = np.where(lassoReg.coef_!=0)[0]
498 |     linX = lassX[:,relevantDomains]
499 |     print("domains: ", domains, ", relevantDomains: ", relevantDomains)
500 |     #Keep track of the domains the LASSO selected
501 |     if len(relevantDomains) != 0:
502 |         doms = np.array(domains)
503 |         rels = np.array(relevantDomains)
504 |         linDoms = doms[rels]
505 |         #Confirm that the domains LASSO selected are relevant using linear regression
506 |         #This may prune out even more domains than LASSO did
507 |         finalRelevantIdxs = doLinearRegression(linX, lassY, numDomains)
508 |         return linDoms[finalRelevantIdxs]
509 |     else:
510 |         return []
511 | 
512 | """def main():
513 |     rapporRepsFile = "rappor_reports.txt"
514 |     numDomains = 10
515 |     params = Params(prob_f=0.2)
516 |     reportedDoms = analyzeReports(rapporRepsFile, params, numDomains)
517 |     
518 |     masterBlockedList = "master_blocked_list.txt"
519 |     mbl = open(masterBlockedList, 'r+')
520 |     alreadyBlocked = []
521 |     for line in mbl:
522 |         alreadyBlocked.append(line.rstrip())
523 |     
524 |     newBlocked = []
525 |     for d in reportedDoms:
526 |         if d not in alreadyBlocked:
527 |             newBlocked.append(d)
528 |     mbl.close()
529 |     
530 |     mbl = open(masterBlockedList, 'a')
531 |     for d in newBlocked:
532 |         mbl.write(d+"\r\n")
533 |     
534 | 
535 | """
536 | 
537 | 
538 | 
539 | '''t0 = time.time()
540 | coefs = testAllTheThings(5, 10, 10000, 91)
541 | print(len(np.where(coefs != 0)[0]))
542 | t1 = time.time()
543 | print("Time taken: ", t1-t0)
544 | #It sort of looks like alpha should scale based on number of features:
545 | #if alpha=80 is right for 1,000, then alpha=800 is right for 10,000
546 | '''
547 | 
548 | 
549 | 
550 | 
551 | 
552 | 
553 | 
554 | 
555 | 
556 | 
557 | 
558 | 
559 | 
560 | 


--------------------------------------------------------------------------------
/server/server.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"log"
 5 | 	//"github.com/refraction-networking/Metis/endpoint"
 6 | 	"encoding/json"
 7 | 	"github.com/gorilla/mux"
 8 | 	"net/http"
 9 | 	"errors"
10 | 	"fmt"
11 | 	"strings"
12 | )
13 | 
14 | type Website struct {
15 | 	Domain string `json:"domain,omitempty"`
16 | 	IRR int
17 | 	/*
18 | 	//Accuracy - number of times we've tested this domain and run into a problem indicative of censorship.
19 | 	//If we ever test this site and get through, we remove it from the blocked list.
20 | 	acc float `json:"???"
21 | 	 */
22 | }
23 | 
24 | var blockedList []Website
25 | 
26 | func containsStr(slice []Website, s string) bool {
27 | 	for _, e := range slice {
28 | 		if strings.Contains(s, e.Domain) { return true}
29 | 	}
30 | 	return false
31 | }
32 | 
33 | func containsInt(slice []Website, i int) bool {
34 | 	for _, e := range slice {
35 | 		if i==e.IRR { return true}
36 | 	}
37 | 	return false
38 | }
39 | 
40 | func getBlocked(writer http.ResponseWriter, req *http.Request) {
41 | 	//Creates a json encoder that writes to writer
42 | 	json.NewEncoder(writer).Encode(blockedList)
43 | }
44 | 
45 | //Adds all RAPPOR reports to a file for the python analysis script to read
46 | func addBlocked(writer http.ResponseWriter, req *http.Request) {
47 | 	if req.Body == nil {
48 | 		log.Fatal(errors.New("POST request from Metis client was empty"))
49 | 		return
50 | 	}
51 | 	dec := json.NewDecoder(req.Body)
52 | 	// read open bracket
53 | 	t, err := dec.Token()
54 | 	if err != nil {
55 | 		log.Fatal(err)
56 | 	}
57 | 	fmt.Printf("%T: %v\n", t, t)
58 | 
59 | 	// while the array contains values
60 | 	for dec.More() {
61 | 		var irr int
62 | 		// decode an array value (Message)
63 | 		err := dec.Decode(&irr)
64 | 		if err != nil {
65 | 			log.Fatal(err)
66 | 		}
67 | 
68 | 		fmt.Println(irr)
69 | 		/*if !containsInt(blockedList, irr) {
70 | 			blockedList = append(blockedList, Website{Domain: d})
71 | 		}*/
72 | 	}
73 | 
74 | 	// read closing bracket
75 | 	t, err = dec.Token()
76 | 	if err != nil {
77 | 		log.Fatal(err)
78 | 	}
79 | }
80 | 
81 | func main() {
82 | 	//log.SetFlags(log.LstdFlags | log.Lmicroseconds)
83 | 	//endpt := new(endpoint.Endpoint)
84 | 	log.Println("Starting Metis server...")
85 | 	router := mux.NewRouter()
86 | 	router.HandleFunc("/blocked", getBlocked).Methods("GET")
87 | 	router.HandleFunc("/blocked/add", addBlocked).Methods("POST")
88 | 	blockedList = append(blockedList, Website{Domain: "facebook.com"})
89 | 	blockedList = append(blockedList, Website{Domain: "google.com"})
90 | 	blockedList = append(blockedList, Website{Domain: "bettermotherfuckingwebsite.com"})
91 | 	log.Fatal(http.ListenAndServe(":9099", router))
92 | }
93 | 


--------------------------------------------------------------------------------
/server/server.py:
--------------------------------------------------------------------------------
  1 | # -*- coding: utf-8 -*-
  2 | #!/usr/bin/python
  3 | 
  4 | from flask import Flask, request
  5 | from flask_restful import Resource, Api, reqparse
  6 | 
  7 | import json
  8 | import sqlite3
  9 | 
 10 | import rappor_analysis as rappor
 11 | 
 12 | numDoms = 100
 13 | 
 14 | def getRandomDomains():
 15 |     allDoms = open("alexa_random_100.txt", "r")
 16 |     doms = []
 17 |     for line in allDoms:
 18 |         doms.append(line.rstrip())
 19 |     allDoms.close()
 20 |     if numDoms > len(allDoms):
 21 |         print "ERROR: Can return a maximum of "+str(len(allDoms))+"from this file."
 22 |         return doms
 23 |     return doms[0:numDoms]
 24 | 
 25 | class Sql():
 26 |     def __init__(self, dbName):
 27 |         self.conn = sqlite3.connect(dbName)
 28 |         self.crsr = self.conn.cursor()
 29 |         
 30 |         cmd = """CREATE TABLE IF NOT EXISTS domains 
 31 |         (domain VARCHAR(80) PRIMARY KEY);"""
 32 |         self.crsr.execute(cmd)
 33 |         self.conn.commit()
 34 |             
 35 |     def populateDummyData(self):
 36 |         doms = getRandomDomains()
 37 |         if not doms:
 38 |             return
 39 |         for d in doms:
 40 |             sql_command = "INSERT OR IGNORE INTO domains VALUES (\""+d+"\");"
 41 |             self.crsr.execute(sql_command)
 42 |         self.conn.commit()
 43 |         
 44 |     def addToDB(self, domain):
 45 |         cmd = "INSERT OR IGNORE INTO domains VALUES (\""+domain+"\");"
 46 |         self.crsr.execute(cmd)
 47 |         self.conn.commit()
 48 |     
 49 |     def getBlockedList(self):
 50 |         cmd = "SELECT * FROM domains;"
 51 |         self.crsr.execute(cmd)
 52 |         return self.crsr.fetchall()
 53 |     
 54 |     def clearDB(self):
 55 |         cmd = "DELETE FROM domains;"
 56 |         self.crsr.execute(cmd)
 57 |         self.conn.commit()
 58 |         
 59 | 
 60 | class BlockedList(Resource):
 61 |     def __init__(self):
 62 |         self.sql = Sql("master_blocked_list.db")
 63 |         #self.sql.clearDB()
 64 |         self.sql.populateDummyData()
 65 |         
 66 |     def get(self):
 67 |         print("Request for blocked list made by client: ")
 68 |         sqlBlocked = self.sql.getBlockedList()
 69 |         blocked = []
 70 |         for dom in sqlBlocked:
 71 |             blocked.append({'Domain':dom[0]})
 72 |         return blocked
 73 |     
 74 |     def post(self):
 75 |         print("Client sent RAPPOR things to us: ")
 76 |         data = request.data
 77 |         print(data)
 78 |         cliMsg = json.loads(data)
 79 |         print("Client message is ", cliMsg)
 80 |         reps = {cliMsg["cohort"]:cliMsg["reports"]}
 81 |         numDomains = 10
 82 |         params = rappor.Params(prob_f=0.2)
 83 |         doms = rappor.analyzeReports(reps, params, numDomains)
 84 |         for d in doms:
 85 |             self.sql.addToDB(d)
 86 |         return '', 200
 87 | 
 88 | def main():
 89 |     app = Flask(__name__)
 90 |     api = Api(app)
 91 |     api.add_resource(BlockedList, "/blocked")
 92 |     print("Starting Metis server...")
 93 |     app.run(debug=True, threaded=True)
 94 |     
 95 | main()
 96 | 
 97 | 
 98 | 
 99 | 
100 | 
101 | 
102 | 
103 | 
104 | 
105 | 
106 | 
107 | 
108 | 
109 | 


--------------------------------------------------------------------------------
/testAccuracy.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"fmt"
  5 | 	"os"
  6 | 	"log"
  7 | 	"bufio"
  8 | 	"strings"
  9 | 	"os/exec"
 10 | 	"math"
 11 | 	"time"
 12 | )
 13 | 
 14 | func exp(x int) float64 {
 15 | 	return 100.0*math.Exp(-0.2*float64(x))
 16 | }
 17 | 
 18 | func executeCurl(line string, output *os.File){
 19 | 	cmd := exec.Command("curl", "-x", "127.0.0.1:8080", "-s","--connect-timeout", "5", "-m", "10", line)
 20 | 	err := cmd.Run()
 21 | 	if err != nil {
 22 | 		fmt.Println(line)
 23 | 		output.WriteString(line+": "+err.Error()+"\n")
 24 | 		output.Sync()
 25 | 	}
 26 | }
 27 | 
 28 | func executeAB(line string) string {
 29 | 	//Run Apache Benchmark through Metis, attempting to connect to the Alexa top N
 30 | 	output, err := exec.Command("ab", "-X", "127.0.0.1:8080", "-c", "1", "-n", "1", "http://"+line+"/").Output()
 31 | 	if err != nil {
 32 | 		fmt.Println("Error for line ", line, " is:", err)
 33 | 		return ""
 34 | 	}
 35 | 	out := string(output) 
 36 | 	//fmt.Println(out)
 37 | 	startIdx := strings.Index(out, "Time per request:")
 38 | 	endIdx := strings.Index(out, "[ms]")
 39 | 	avgReqTime := out[startIdx+17:endIdx]
 40 | 	avgReqTime = strings.Trim(avgReqTime, " 	")
 41 | 	fmt.Println("avgTime:", avgReqTime)
 42 | 	return avgReqTime
 43 | }
 44 | 
 45 | func main() {
 46 | 	test := "ab"
 47 | 
 48 | 	file, err := os.Open("alexa_top_100.txt")
 49 | 	if err != nil {
 50 | 		fmt.Println(err)
 51 | 		os.Exit(1)
 52 | 	}
 53 | 	output, err := os.Create("alexa_top_detours.txt")
 54 | 	if err != nil {
 55 | 		fmt.Println(err)
 56 | 		os.Exit(1)
 57 | 	}
 58 | 	abResults, err := os.Create("ab_results.txt")
 59 | 	if err != nil {
 60 | 		fmt.Println(err)
 61 | 		os.Exit(1)
 62 | 	}
 63 | 	defer file.Close()
 64 | 	defer output.Close()
 65 | 	defer abResults.Close()
 66 | 
 67 | 	scanner := bufio.NewScanner(file)
 68 | 	x := 0
 69 | 	var rtts []string
 70 | 	for scanner.Scan() {
 71 | 		line := scanner.Text()
 72 | 		if !strings.Contains(line, "www.") {
 73 | 			line = "www."+line
 74 | 		}
 75 | 		if test == "curl" {
 76 | 			copies := exp(x)
 77 | 			for i := 0; i < int(copies); i++ {
 78 | 				executeCurl(line, output)
 79 | 				time.Sleep(2 * time.Second)
 80 | 			}
 81 | 			x++
 82 | 		} else if test == "ab" {
 83 | 			rtt := executeAB(line)
 84 | 			rtts = append(rtts, rtt)
 85 | 		}
 86 | 	}
 87 | 	
 88 | 	if test == "ab" {
 89 | 		for i := 0; i < len(rtts); i++ {
 90 | 			_, err := abResults.WriteString(rtts[i])
 91 | 			if err != nil {
 92 | 				fmt.Println(err)
 93 | 			}
 94 | 			abResults.Sync()
 95 | 		}
 96 | 	}
 97 | 	if err := scanner.Err(); err != nil {
 98 | 		log.Fatal(err)
 99 | 	}
100 | }
101 | 
102 | 


--------------------------------------------------------------------------------