Add pluggable transports and bridges support for Tor

[tildelowengrimm]

We should eventually make it easy to configure advanced user-facing Tor features like bridges and pluggable transports.

[Raj2032]

Hope to see this implemented sometime mate (by the way I am joe232 from the brave community)

[ferremi]

There is a forecast for this feature deployment?

[tildelowengrimm]

No, this work is not scheduled.

[Ghostineuro]

Hope to see this work in the near future...

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

this is the missing piece of the puzzle. it should be treated with highest priority instead.

[ghost]

Tor feature as it is, is just basically useless. This should be scheduled.

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

Can we please schedule this? World needs it..

[Strykar]

@tomlowenthal Tor is almost unusable via the Private Tor Window as it defaults to standard exit node which Cloudflare's HCaptcha is pretty brutal to verify. This is trivially worked around by folks who run their own bridge and would make this feature usable.

Is it really a large development effort to add an option so users can specify their own bridge?

[jkmartindale]

Is it really a large development effort to add an option so users can specify their own bridge?

Work on a pull request and find out 😳

[Strykar]

Work on a pull request and find out

I was curious how much effort it might be, if I could have, I would have led with a PR 😄

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

Can we have a priority increase?

[MARTINrichard05]

we are still waiting for obfs4 support

[AhmedElhadidii]

looking forward to see this

[ghost]

pls add config

[apatrushev]

ToR was blocked in Russia. Lovely ToR feature of Brave browser will be useless soon without this option.

[darakcheeff]

Tor still blocked and we need bridge feature in brave for russian users

[MrTomasRipley]

Could you please increase the priority of this proposal?

[Uj947nXmRqV2nRaWshKtHzTvckUUpD]

this should be at least a P2...wtf P5??

[volucris1]

My tor-torrc:

SocksPort auto
ControlPort auto
CookieAuthentication 1

UseBridges 1 
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy 
Bridge obfs4 5.161.61.213:443 04A8B84D840E96BF27CCC8575E9701410D68640C cert=SUbYQu1b+BMQpy+pR4BySzXAa/ogsDXDTH2Q0QvS9CK1rG4HfOeJmfd4Z1tW0OnSczqqEQ iat-mode=0
Bridge obfs4 51.79.53.112:52234 343FD85CDFAF09C3F19F7C7B93917B290EF72D47 cert=iAXNyHJ4VdQoQOHvO9rEvlvvv8y9lIQYOOdKbVu5n/MUaVlseNRNam602biHdrGDhL0+Nw iat-mode=0
Bridge obfs4 89.58.37.243:9117 EBE8ABF8522F9E09DC83675FCA1227037A4CAB06 cert=+RnVWpoYiOqo2cDX62oiizAv8UlPJAMN370PpxzI2uPq1yTxrJ4KsMQVPlaCkJ7o9JvBCw iat-mode=0

[stephendonner]

@brave/qa-team not technically blocked here on Windows and Linux, but it might be wise to wait until the bridge/pluggable-transport issue has been fixed and verified first on macOS (to save redoing regression testing): #25293 👍

[MadhaviSeelam]

Verification PASSED using

Brave | 1.44.93 Chromium: 105.0.5195.136 (Official Build) beta (64-bit)
-- | --
Revision | 872774b783d0e674186a3adcd2f92e7aa22a219c-refs/branch-heads/5195_124@{#4}
OS | Windows 11 Version 21H2 (Build 22000.978)

Steps:

brave://settings/privacy - PASSED

1. installed 1.44.93
2. launched Brave
3. opened brave://settings/privacy
4. navigated to Tor windows section and confirmed following settings:
   • Private window with Tor - ON
   • Automatically redirect .onion sites - OFF
   • Use Bridges - OFF

Tor windows settings

Private window with Tor - PASSED

1. opened brave://settings/privacy
2. toggle OFF (or click the tab) to disable Private window with Tor setting
3. confirmed Automatically redirect .onion sites and Use Bridges settings are greyed out
4. confirmed private window with TOR option is not available in hamburger menu
5. toggle ON restored defaults
6. launched Tor window (Alt + Shift + N OR from hamburger menu)
7. loaded brave://components in a NTP
8. Brave Tor Client Updater (Windows) component displayed with updated status as expected
9. visited check.torproject.org
10. additionally, invoked New Tor connection for this site and confirmed it reloaded with a new Tor IP address
11. confirmed page reloaded with a new IP address when did a hard refresh (Ctrl+F5)

step 3	step 4	step 5	step6	step7	step 9

Automatically redirect .onion sites - PASSED

1. New profile
2. opened brave://settings/privacy
3. enabled Automatically redirect .onion sites
4. confirmed following .onion sites automatically redirected to Tor window with .onion URL:
   • brave.com -->https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/
   • mail.protonmail.com --> https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/

step 4a	step 4b

Brave | 1.44.95 Chromium: 106.0.5249.40 (Official Build) (64-bit)
-- | --
Revision | fab1d91915d2722d6339aaa7f4e9ce44f1e9b103-refs/branch-heads/5249@{#442}
OS | Windows 11 Version 21H2 (Build 22000.978)

Use Bridges - PASSED

Case 1: Select a built-in-bridge - obfs4 PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. leave the default value as obfs4 for Select a built-in-bridge and click Apply changes
5. open brave://tor-internals
6. launch private window with Tor (Alt+Shift+N)
7. confirmed Tor connection was successful
8. confirmed TP component Id dnkcahhmfcanmkjhnjejoomdihffoefm shown in the profile
9. loaded yandex.com/internet and noted the ip address: 185.220.101.2
10. switched to snowflake and clicked Apply changes
11. reloaded yandex.com/internet and confirmed got ip address: 185.170.114.125
12. close private window with Tor
13. confirmed component dnkcahhmfcanmkjhnjejoomdihffoefm was deleted from the profile when Use Bridges was disabled`

step 4	step5-7	step 8	step 9	step11	step 13

brave://tor-internals - logs

NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
NOTICE: Bootstrapped 40% (loading_keys): Loading authority key certs
NOTICE: The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6747, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 57% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 64% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 69% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 80% (ap_conn): Connecting to a relay to build circuits
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
NOTICE: Bootstrapped 100% (done): Done

Case 2: Select a built-in-bridge - Snowflake PASSED

1. continue case 1
2. opened brave://settings/privacy
3. toggle OFF and ON for Private window with TOR setting
4. enable Use Bridges and select Snowflake for Select a built-in-bridge and click Apply changes
5. open brave://tor-internals
6. launch private window with Tor (Alt+Shift+N)
7. confirmed TP component Id dnkcahhmfcanmkjhnjejoomdihffoefm shown in the profile
8. load check.torproject.org and Tor connection was successful
9. close private window with Tor
10. confirmed component was deleted from the profile when Use Bridges was disabled`

step 5	step 7	step 8	step10

brave://tor-internals - logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: Delaying directory fetches: No running bridges
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": offer created
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": broker rendezvous peer received
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": connected
NOTICE: new bridge descriptor 'flakey4' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey4 [1zOHpg+FxqQfi/6jDLtCpHHqBTH8gjYmCKXkus1D5Ko] at 192.0.2.3
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 57% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 62% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 69% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": offer created
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": broker rendezvous peer received
NOTICE: Managed proxy "../../dnkcahhmfcanmkjhnjejoomdihffoefm/1.0.0/tor-snowflake-brave": connected
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
NOTICE: Bootstrapped 100% (done): Done

Case 3: Select a built-in-bridge - meek-Azure PASSED

1. continue from case 2:
2. opened brave://settings/privacy
3. toggle OFF and ON for Private window with TOR setting
4. enable Use Bridges and select meek-azure for Select a built-in-bridge and click Apply changes
5. open brave://tor-internals
6. launch private window with Tor (Alt+Shift+N)
7. confirmed TP component Id dnkcahhmfcanmkjhnjejoomdihffoefm shown in the profile
8. load check.torproject.org and Tor connection was succesful
9. close private window with Tor
10. confirmed the component was deleted from the profile when Use Bridges was disabled`

step 4	step 5	step 8	step 10

brave://tor-internals - logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: Delaying directory fetches: No running bridges
NOTICE: new bridge descriptor 'cymrubridge02' (fresh): $97700DFE9F483596DDA6264C4D7DF7641E1E39CE~cymrubridge02 [/LIpGKq6STgqkVJaKWDj92BCzGWbwqe3lBU+8hsQKP8] at 192.0.2.2
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 56% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 62% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 70% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
NOTICE: Bootstrapped 100% (done): Done

Case 4: Request a bridge from torprojecct.org - ` PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. select Request a new bridge from torproject.org radio button
5. clicked on Request a New Bridge...
   6 entered the CAPTCHA text
6. clicked Submit
7. confirmed the dialog dismissed
8. confirmed the bridges' obfs4 xxx.xxx.xxx.xxx configs appeared in the text area
9. clicked on Apply changes
10. open brave://tor-internals and click logs in NTP
11. clicked on the "hamburger menu" -> New Private Window with Tor
12. loaded check.torproject.org
13. additionally, invoked New Tor connection for this site and confirmed it reloaded with a new Tor IP address
14. confirmed it reloaded with a new Tor IP address with hard refresh (Ctrl+F5)

step 7	step 9	step 13

brave://tor-internals - logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Delaying directory fetches: No running bridges
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
NOTICE: Bridge 'maIDor' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address (78.199.154.217:34161) based on the configured Bridge address.
NOTICE: new bridge descriptor 'maIDor' (fresh): $29C8E90E8FEBB7F5F67C4364224FBF4747DFA0A6~maIDor [9roIn0oKAYwKb/m4BvfHmXHblueA5FSIICEf8uoA6rA] at 78.199.154.217 and [2a01:e34:ec79:ad90::12]
NOTICE: new bridge descriptor 'torbridgeasus' (fresh): $5C72EEEE587AB1C7021A78707DAB80427F7A9B43~torbridgeasus [wqdOFnLhcx3QwFyWhUNgOJGbGGv4Xe21u0mRd7BbA44] at 132.145.63.40
NOTICE: Bridge 'smallautorelay' has both an IPv4 and an IPv6 address.  Will prefer using its IPv4 address (31.7.187.163:3397) based on the configured Bridge address.
NOTICE: new bridge descriptor 'smallautorelay' (fresh): $0451295D566AEAA1940C62D39BB0601FF958D607~smallautorelay [OpdtXOflm9lyJ/nbNdCSRLcgOOYNhVoSawbwOOBkKQ8] at 31.7.187.163 and [2a01:4a0:67:18::82d6]
NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
NOTICE: Bootstrapped 40% (loading_keys): Loading authority key certs
NOTICE: The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6747, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 56% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 62% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 69% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
WARN: Proxy Client: unable to connect OR connection (handshaking (proxy)) with 78.199.154.217:34161 ID=9roIn0oKAYwKb/m4BvfHmXHblueA5FSIICEf8uoA6rA RSA_ID=29C8E90E8FEBB7F5F67C4364224FBF4747DFA0A6 ("general SOCKS server failure")
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
NOTICE: Bootstrapped 100% (done): Done

Case 5: Provide a bridge - bad bridge config - PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. select Provide a bridge radio button
5. paste obfs4 99.124.226.90:9998 8BFDDB7D7D2D4BDD4169170C818B175C6B60F799 cert=fmp+hf7s1QH6Crg+FW39P5KTxy57NCfXs+t1vBrNuYrHGebGtbRrdkKfk+pcgZhBdbrVcw iat-mode=0
6. click Apply changes
7. open brave://tor-internals
8. launch private window with Tor (Alt+Shift+N)
9. Confirmed Tor connection failed error message displayed
10. clicked on the contact support link and confirmed it loaded https://support.brave.com/hc/en-us in a new tab

step 5	ste9	step10

brave://tor-internals - Logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Delaying directory fetches: No running bridges
WARN: Proxy Client: unable to connect OR connection (handshaking (proxy)) with 99.124.226.90:9998 ID=<none> RSA_ID=8BFDDB7D7D2D4BDD4169170C818B175C6B60F799 ("general SOCKS server failure")
WARN: Proxy Client: unable to connect OR connection (handshaking (proxy)) with 99.124.226.90:9998 ID=<none> RSA_ID=8BFDDB7D7D2D4BDD4169170C818B175C6B60F799 ("general SOCKS server failure")
NOTICE: new bridge descriptor 'rosewood' (fresh): $8BFDDB7D7D2D4BDD4169170C818B175C6B60F799~rosewood [gOByIgst/TyMvnA1bUblN8ieB5N8at82Z0NLAeCliYA] at 99.124.226.90
WARN: Proxy Client: unable to connect OR connection (handshaking (proxy)) with 99.124.226.90:9998 ID=gOByIgst/TyMvnA1bUblN8ieB5N8at82Z0NLAeCliYA RSA_ID=8BFDDB7D7D2D4BDD4169170C818B175C6B60F799 ("general SOCKS server failure")
NOTICE: Delaying directory fetches: No running bridges

Bugs filed:

• Bridge download takes longer with meek-azure  #25536

[stephendonner]

The testplan for this issue is the same as for #16624 (comment), which I've verified on Windows 10, already.

Just a thought: doubled-up coverage on Tor would be good, but perhaps do a critical subset, rather than the full set, @MadhaviSeelam ?

[stephendonner]

Verified PASSED using

Brave	1.44.92 Chromium: 105.0.5195.136 (Official Build) beta (64-bit)
Revision	872774b783d0e674186a3adcd2f92e7aa22a219c-refs/branch-heads/5195_124@{#4}
OS	Windows 10 Version 21H2 (Build 19044.2006)

Note the section from Bridges (basic) onward: #16624 (comment)

[MadhaviSeelam]

Verification PASSED using

Brave | 1.44.97 Chromium: 106.0.5249.55 (Official Build) (64-bit)
-- | --
Revision | 4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS | Linux

Steps:

brave://settings/privacy - PASSED

1. installed 1.44.93
2. launched Brave
3. opened brave://settings/privacy
4. navigated to Tor windows section and confirmed following settings:
   • Private window with Tor - ON
   • Automatically redirect .onion sites - OFF
   • Use Bridges - OFF

Tor windows settings

Private window with Tor - PASSED

1. opened brave://settings/privacy
2. toggle OFF (or click the tab) to disable Private window with Tor setting
3. confirmed Automatically redirect .onion sites and Use Bridges settings are greyed out
4. confirmed private window with TOR option is not available in hamburger menu
5. toggle ON restored defaults
6. launched Tor window (Alt + Shift + N OR from hamburger menu)
7. loaded brave://components in a NTP
8. `Brave Tor Client Updater (Linux) - Version: 1.0.28 component displayed with updated status as expected
9. visited check.torproject.org
10. additionally, invoked New Tor connection for this site and confirmed it reloaded with a new Tor IP address
11. confirmed page reloaded with a new IP address when did a hard refresh (Ctrl+F5)

step 2-4	step 5	step 7-8	step 9

Automatically redirect .onion sites - PASSED

1. New profile
2. opened brave://settings/privacy
3. enabled Automatically redirect .onion sites
4. open following sites in NTP
   -a. brave.com
   -b. mail.protonmail.com
5. confirmed following .onion sites automatically redirected to Tor window with .onion URL:
   • a. brave.com -->https://brave4u7jddbv7cyviptqjc7jusxh72uik7zt6adtckl5f4nwy2v72qd.onion/
   • b. mail.protonmail.com --> https://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/

step 4	step 5a	step 5b

Use Bridges - PASSED

Case 1: Select a built-in-bridge - obfs4 PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. leave the default value as obfs4 for Select a built-in-bridge and click Apply changes
5. confirmed the component Brave Pluggable Transports (Linux) - Version: 1.0.0
6. open brave://tor-internals
7. launch private window with Tor (Alt+Shift+N)
8. confirmed Tor connection was successful
9. confirmed TP component Id apfggiafobakjahnkchiecbomjgigkkn shown in the profile
10. loaded yandex.com/internet and noted the ip address: 107.189.30.58
11. switched to snowflake and clicked Apply changes
12. reloaded yandex.com/internet and confirmed got ip address: 2.58.56.101
13. close private window with Tor
14. confirmed component was deleted from the profile when Use Bridges was disabled`

step 4	step 6-8	step 9	step 10	step12	step 13	step 14

brave://tor-internals - Logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Delaying directory fetches: No running bridges
WARN: Problem bootstrapping. Stuck at 5% (conn): Connecting to a relay. (Connection refused; CONNECTREFUSED; count 1; recommendation warn; host FD63B0A3E3C7B3759DE54B509BD3CD1A8C0D01C1 at 51.83.129.245:443)
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
NOTICE: new bridge descriptor 'Lisbeth' (fresh): $CDF2E852BF539B82BD10E27E9115A31734E378C2~Lisbeth [DTpHLkU/hQso35JMGpJOY/6aWYjvfaup5LFU0+2WBII] at 192.95.36.142
NOTICE: Ignoring directory request, since no bridge nodes are available yet.
NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
NOTICE: new bridge descriptor 'hopperlab' (fresh): $10A6CD36A537FCE513A322361547444B393989F0~hopperlab [xpuRzwsil54EG1HASFMlYoBCpMVFwYthoul2fMZPzQM] at 146.57.248.225
NOTICE: new bridge descriptor 'griinchux' (fresh): $011F2599C0E9B27EE74B353155E244813763C3E5~griinchux [Gf6Zetna0onvhOv8OLzeiUUfjv5zV6DFl82+x8wEt7A] at 85.31.186.98
NOTICE: new bridge descriptor 'KauBridgePale' (fresh): $2D82C2E354D531A68469ADF7F878FA6060C6BACA~KauBridgePale [oggxcozpXaXS3PpTGVlr9kolycQ7wXQx0f67YECNprA] at 193.11.166.194
NOTICE: new bridge descriptor 'zipfelmuetze' (fresh): $91A6354697E6B02A386312F68D82CF86824D3606~zipfelmuetze [7YRAoSWJ+wYD5j59olKF8/WmZ1yKaG6hoIZuOUFvsKk] at 85.31.186.26
NOTICE: new bridge descriptor 'KauBridgeBlue' (fresh): $86AC7B8D430DAC4117E9F42C9EAED18133863AAF~KauBridgeBlue [WtmZ2uv4Y7guCnLU+hI0WbjGQlZMkREbsLZltXaXadQ] at 193.11.166.194
NOTICE: new bridge descriptor 'PraxedisGuerrero' (fresh): $5EDAC3B810E12B01F6FD8050D2FD3E277B289A08~PraxedisGuerrero [qSueJICMYZBsv2+lFaemfzHkPZxDER2ZDeQdiLDMIDY] at 51.222.13.177
NOTICE: new bridge descriptor 'KauBridgeDot' (fresh): $1AE2C08904527FEA90C4C4F8C1083EA59FBC6FAF~KauBridgeDot [r7OXmH6vfpl+GJqqfajI6Zap9dSNbxbdisopTdyS6QE] at 193.11.166.194
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
NOTICE: Bootstrapped 40% (loading_keys): Loading authority key certs
NOTICE: The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6603, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 55% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 61% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 69% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
WARN: Proxy Client: unable to connect OR connection (handshaking (proxy)) with [2a0c:4d80:42:702::1]:27015 ID=<none> RSA_ID=C5B7CD6946FF10C5B3E89691A7D3F2C122D2117C ("general SOCKS server failure")
NOTICE: Bootstrapped 100% (done): Done

Case 2: Select a built-in-bridge - Snowflake PASSED

1. continue from case 2:
2. toggle OFF and ON for Private window with TOR setting
3. enable Use Bridges and select Snowflake for Select a built-in-bridge and click Apply changes
4. open brave://tor-internals
5. launch private window with Tor (Alt+Shift+N)
6. confirmed TP component Id apfggiafobakjahnkchiecbomjgigkkn shown in the profile
7. Tor connection was successful
8. load check.torproject.org and Tor connection was successful
9. close private window with Tor
10. confirmed component was deleted from the profile when Use Bridges was disabled`

step 3	step 6	step 7	step 10

brave://tor-internals - logs

NOTICE: Bootstrapped 5% (conn): Connecting to a relay
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
NOTICE: Delaying directory fetches: No running bridges
NOTICE: I learned some more directory information, but not enough to build a circuit: No running bridges
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": offer created
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": broker rendezvous peer received
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": connected
NOTICE: new bridge descriptor 'flakey6' (fresh): $2B280B23E1107BB62ABFC40DDCC8824814F80A72~flakey6 [1zOHpg+FxqQfi/6jDLtCpHHqBTH8gjYmCKXkus1D5Ko] at 192.0.2.3
NOTICE: Bootstrapped 40% (loading_keys): Loading authority key certs
NOTICE: The current consensus has no exit nodes. Tor can only build internal paths, such as paths to onion services.
NOTICE: Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
NOTICE: I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/6588, and can only build 0% of likely paths. (We have 100% of guards bw, 0% of midpoint bw, and 0% of end bw (no exits in consensus, using mid) = 0% of path bw.)
NOTICE: Bootstrapped 50% (loading_descriptors): Loading relay descriptors
NOTICE: The current consensus contains exit nodes. Tor can build exit and internal paths.
NOTICE: Bootstrapped 56% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 62% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 69% (loading_descriptors): Loading relay descriptors
NOTICE: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
NOTICE: Bootstrapped 76% (ap_conn_pt): Connecting to pluggable transport to build circuits
NOTICE: Bootstrapped 77% (ap_conn_done_pt): Connected to pluggable transport to build circuits
NOTICE: Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": offer created
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": broker rendezvous peer received
NOTICE: Managed proxy "../../apfggiafobakjahnkchiecbomjgigkkn/1.0.0/tor-snowflake-brave": connected
NOTICE: Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
NOTICE: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
NOTICE: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
NOTICE: Bootstrapped 100% (done): Done

Case 3: Select a built-in-bridge - meek-Azure PASSED

1. continue from case 2:
2. toggle OFF and ON for Private window with TOR setting
3. enable Use Bridges and select meek-azure for Select a built-in-bridge and click Apply changes
4. open brave://tor-internals
5. launch private window with Tor (Alt+Shift+N)
6. confirmed TP component Id apfggiafobakjahnkchiecbomjgigkkn shown in the profile
7. load check.torproject.org and Tor connection was succesful
8. close private window with Tor
9. confirmed the component was deleted from the profile when Use Bridges was disabled`

Ex1	Ex2

Bug encountered:

• Bridge download takes longer with meek-azure  #25536

Case 4: Request a bridge from torprojecct.org - ` PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. select Request a new bridge from torproject.org radio button
5. clicked on Request a New Bridge...
6. entered the CAPTCHA text
7. clicked Submit
8. confirmed the dialog dismissed
9. confirmed the bridges' obfs4 xxx.xxx.xxx.xxx configs appeared in the text area
10. clicked on Apply changes
11. open brave://tor-internals and click logs in NTP
12. clicked on the "hamburger menu" -> New Private Window with Tor
13. Tor connection was successful
14. loaded check.torproject.org
15. additionally, invoked New Tor connection for this site and confirmed it reloaded with a new Tor IP address
16. confirmed it reloaded with a new Tor IP address with hard refresh (Ctrl+F5)

step 7	step 9	step 13	step 15	step 16

Case 5: Provide a bridge - Provide bad bridge - PASSED

1. New profile
2. opened brave://settings/privacy
3. toggle ON (or click the tab) to enable Use Bridges setting
4. select Provide a bridge radio button
5. paste obfs4 99.124.226.90:9998 8BFDDB7D7D2D4BDD4169170C818B175C6B60F799 cert=fmp+hf7s1QH6Crg+FW39P5KTxy57NCfXs+t1vBrNuYrHGebGtbRrdkKfk+pcgZhBdbrVcw iat-mode=0
6. click Apply changes
7. open brave://tor-internals
8. launch private window with Tor (Alt+Shift+N)
9. Confirmed Tor connection failed error message displayed
10. clicked on the contact support link and confirmed it loaded https://support.brave.com/hc/en-us in a new tab

step 5	ste9	step10

brave://tor-internals - logs

NOTICE: Switching to guard context "bridges" (was using "default")
NOTICE: Bootstrapped 10% (conn_done): Connected to a relay
NOTICE: Bootstrapped 14% (handshake): Handshaking with a relay
NOTICE: Bootstrapped 15% (handshake_done): Handshake with a relay done
NOTICE: Delaying directory fetches: No running bridges
NOTICE: Bootstrapped 20% (onehop_create): Establishing an encrypted directory connection
NOTICE: Bootstrapped 25% (requesting_status): Asking for networkstatus consensus
NOTICE: new bridge descriptor 'rosewood' (fresh): $8BFDDB7D7D2D4BDD4169170C818B175C6B60F799~rosewood [gOByIgst/TyMvnA1bUblN8ieB5N8at82Z0NLAeCliYA] at 99.124.226.90
NOTICE: Bootstrapped 30% (loading_status): Loading networkstatus consensus
NOTICE: I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
NOTICE: Bootstrapped 40% (loading_keys): Loading authority key certs
NOTICE: Delaying directory fetches: No running bridges
NOTICE: I learned some more directory information, but not enough to build a circuit: No running bridges

[stephendonner]

Verified PASSED using

Brave	1.44.99 Chromium: 106.0.5249.55 (Official Build) (x86_64)
Revision	4d5f098fca6ab7f4b6b7c240be3d9593c2357709-refs/branch-heads/5249@{#531}
OS	macOS Version 11.7 (Build 20G817)

See the notes from the Bridges (basic) section onward, here: #16624 (comment)