New Tor WebTunnel Bridges Mimic HTTPS Traffic

The developers of the Tor Project have announced the launch of a new feature—WebTunnel bridges. These bridges are based on a detection-resistant HTTPT proxy and allow Tor traffic to blend in more effectively with regular HTTPS traffic.

To recap, Tor bridges are relays not listed in the public Tor directory, which help mask user connections. Since methods for detecting and blocking such connections (for example, in China) have existed for quite some time, Tor also uses obfsproxy bridges that add an extra layer of obfuscation.

How WebTunnel Bridges Work

According to the developers, WebTunnel bridges are designed to imitate encrypted traffic (HTTPS) and are based on HTTPT. They wrap the connection payload in a WebSocket-like HTTPS connection, making it appear as ordinary HTTPS (WebSocket) traffic. To an outside observer, it simply looks like a user browsing web pages over a standard HTTP connection.

“In fact, WebTunnel is so similar to regular web traffic that it can coexist on the same endpoint as a website, using the same domain, IP address, and port. This coexistence allows a standard reverse proxy to route both regular web traffic and WebTunnel traffic to the appropriate application servers. As a result, when someone tries to visit the site at the shared network address, they will just see the website’s content and will not detect the existence of the bridge (WebTunnel),” the Tor Project explains.

Current Status and Future Plans

Testing of WebTunnel began in the summer of 2023. Currently, there are about 60 WebTunnel bridges operating worldwide, with around 700 active users utilizing the new bridges daily across different platforms. However, WebTunnel is not yet available in all regions, and bridge addresses must be obtained manually—a process the developers plan to improve in the future.