Cupcake is a simple browser extension that creates new Tor bridges with no setup or configuration required.

Cupcake uses a tool known as a “flash proxy” to create special Tor bridges that are harder to block. Flash proxies are a new way of providing access to a censorship circumvention system such as Tor. A flash proxy is a miniature proxy that runs in a web browser. It checks for clients that need access and then conveys data between them and a Tor relay.

This test against the application compound Flashproxy & Cupcake was carried out by four testers of the Cure53 team over the course of eight days in May 2015. The test only yielded two minor vulnerabilities and one general weakness. This is a rare and praiseworthy result for a software of this level of complexity, which showcases the amount of thought behind the endeavours as well as coding quality that has gone into the two projects.

The full report and summary of findings can be found below.

Cupcake / Flashproxy Penetration Test