TorAS for AIR: ActionScript + HTTPS (TLS/SSL) + Tor

This TorAS thing is going to be a lengthy project — there’s still lots left to implement and older code to one day upgrade — but I received some great feedback about the appropriateness of communicating over Tor using unencrypted HTTP (it’s not very appropriate in many situations). So I’ve branched the current stable version and added TLS/SSL support (courtesy of as3crypto), in a development branch:

I’ll add it back into the main branch as soon as I get some time to document it fully, but the bulk of the new functionality has been covered in the updated Developers Guide:

I may also have added source code comments so have a peek.

TorAS ActionScript source code is made public under a liberal license (MIT), developed on open source technology (FlashDevelop), incorporating open source technology (Tor “Expert Bundle” binary , released under a similar license and spirit),  and comes with a handy step-by-step guide. It’s most powerful on Windows (on account of the bundled Tor binary), but you should be able to use it on AIR for Android with something like Orbot (is there an official Tor router app for iOS?), and in fact anywhere AIR and Tor can run together.

    • I don’t agree, Cato.

      RTMFP has been built into Flash/AIR for a few versions, at least, and it looks pretty complete to me. I’ll be posting an extensive RTMFP ActionScript library shortly — it’s what I used to create SocialCastr — and I’ll be incorporating that into another project that uses TorAS. I haven’t tested this yet but I believe that RTMFP can even communicate through a Tor tunnel, which would add just that much more security to an already (reasonably) secure form of networking.

      One of the big pieces that was missing, however, was the server component (used to be called Cirrus on Adobe Labs, as is noted in the link you supplied). Clients (Flash/AIR) communicate mostly with each other (it is a P2P technology, after all), but that initial connection to the amorphous RTMFP/P2P network still needs a server, not unlike a BitTorrent tracker. There’s always the free rendezvous service at, but that limits the number of people that can connect to your P2P groups, and has other constraints that don’t make it a good solution for anything other than development. There’s always the option of licensing Adobe Media Server which has RTMFP and RTMP baked in, but that can get expensive (especially on a $0 budget).

      That almost put the kaibosh on SocialCastr for me until I discovered OpenRTMFP/Cumulus. As the name implies, this is an open source RTMFP server solution that fills in the one missing piece — the rendezvous server. Any negative commentary I’ve heard about this solution is based on good old-fashioned ignorance (often made by people who have never even tried it); my experience has been nothing but positive. In some ways I’d even say OpenRTMFP is the best solution because it’s so easily programmable via LUA (many people commenting on the project are using the server this way, by itself, in strange and interesting ways), but also because the full C++ source code means both that anyone can adapt it, and also that it runs pretty natively fast (which is less important than it would be for something like a web server).

      So not only did Adobe finish RTMFP (I don’t know what else they could add, to be honest), but there are now entirely open source and free solutions for complete end-to-end connectivity. An example of such a stack would be: FlashDevelop or the open source Flex SDK (for client), and OpenRTMFP (for server).

      I’m not going to lie and claim that coding the client portion, compiling the server, creating firewall traversal systems, etc. was easy — it was a challenge! But at this point I can confidently say that RTMFP is a great solution for encrypting data, communicating peer to peer (file sharing, including very large files is very do-able despite what anyone claims)

Add Comment

Required fields are marked *. Your email address will not be published.