Note: this is a copy of the v1/v2 project notes. It does not represent the current status of the project.
Cupcake Bridge helps users makes bridges automagically! Get the Cupcake browser extension for Chrome and Firefox
- Chrome - download on google
- Firefox - download from Mozilla (Special thanks to Uzair Farooq for creating the original Firefox port of Cupcake.
- Opera 26 (works on v15+)
- Wordpress
- Facebook App (html5/css3/javascript)
- Flex shim
- Drupal 7+ module
In 2015, a full security audit of both Cupcake and Flashproxy was conducted by Cure53. Both projects passed the audit with compliments. The full report is available here.
Cupcake uses something called Flashproxy to create special Tor pathways that are harder to block. As with all circumvention projects, there's a lot more to it than that, but that is the jist. Flashproxy was created by David Fifield, and there is a lot of ongoing research in this area. You can learn more at the Stanford Flashproxy site. Cupcake exists as an easy way to distribute Flashproxy, with the goal of getting as many people to become bridges as possible.
Cupcake can be distributed in two ways:
- As a chrome or firefox add-on (turning your computer in to a less temporary proxy)
- As a module/theme/app on popular web platforms (turning every visitor to your site in to a temporary proxy)
There is this thing called a Flash Proxy[1] - basically a code snippet that you run on sites and visitors become tor bridges temporarily.
I kind of love/hate the idea, because visitors aren't willing participants and the bridges last a short short while. But it means that you don't have to run the whole Tor shebang if you only want to make bridges. It's really innovative, and uses technology that the majority of computer owners have enabled (JavaScript).
So, what I decided to do is take that same client-side code snippets and turn it into a browser extension. People install it and they opt-in to become really robust bridges. It was a total experiment, but it went so well that I decided to expand the project.
"The purpose of this project is to create many ephemeral bridge IP addresses, with the goal of outpacing a censor's ability to block them. Rather than increasing the number of bridges at static addresses, we aim to make existing bridges reachable by a larger and changing pool of addresses." [2]
The easiest way to help the project is by installing one of the browser extensions. It's not resource intensive at all -- flashproxy uses about as much bandwidth in a day as a 5-minute YouTube video (around 6mb).
- Translation - Help Out!
- Enabling wordpress.COM users to add flashproxy to their theme. (Can you help with this? Send me an email! griffin @ cryptolab.net )
- Joomla Extension
- Flash/SWF App Shim (actionscript & html)
- /img-embed
- Tumblr post demo post
- Tumblr theme demo
- Facebook App (html5/css3/javascript)
- incognito:split This is useful during testing, so that incognito won't use cookies from standard browsing mode.
- incognito:spanning When deployed, prevents incognito windows from creating additional Cupcake processes. Proxy will continue even if all the browser windows are in incognito mode.
- permissions:background is used so that the extension will notify of updates and display the post-installation page. Also used so that Cupcake will start/run on startup, before the browser is started (Windows only).
- permissions:cookies allows reading/writing of cookies, but may not be necessary, since Cupcake doesn't currently use the Cookies API.
Much of the Cupcake Bridge projects are self-funded by @glamrock, but the Chrome and Firefox extensions were covered under a generous grant from the Open Tech Fund from 2013-2014.
My software is free to use, free to give to friends, & open-source, so everyone can make sure it's safe for people to use. Want to make changes? Go for it! 🐶 Cupcake uses the Revised BSD license -- see license.txt for more legal info.
[1] https://crypto.stanford.edu/flashproxy/
[2] https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/README
[3] https://gitweb.torproject.org/flashproxy.git/tree/proxy