View previous topic :: View next topic |
Author |
Message |
Pythonhead Developer
Joined: 16 Dec 2002 Posts: 1801 Location: Redondo Beach, Republic of Calif.
|
Posted: Wed Dec 22, 2004 11:42 pm Post subject: Anonymous web browsing / instant messaging etc. |
|
|
In this HOWTO I'll explain how you can browse the web anonymously* by using tor and privoxy with Gentoo.
Tor can also be used to make other network clients (instant messaging, usenet, etc) act anonymously. I will also explain how to make servers on your machine available anonymously through Tor's "hidden services" mechanism.
If you have concerns about aiding infidels, puppy-jugglers or child pornographers, please understand that running a tor client does not require you to operate a node in a p2p network.
*Note: You'll need to disable javascript and java in your browser if you'd like to be as anonymous as possible. See Tor's homepage http://tor.eff.org/ for more information.
Browsing the web anonymously:
As root:
Code: | emerge net-misc/tor
emerge www-proxy/privoxy |
Add this line to /etc/privoxy/config
Code: | forward-socks4a / localhost:9050 . |
You can put that line at the top of the file, but line 1010 looks like the right place.
Start privoxy:
Code: | /etc/init.d/privoxy start |
Copy the tor sample rc file. There is no need to edit for regular operation:
Code: |
cp /etc/tor/torrc.sample /etc/tor/torrc |
Start tor:
Code: | /etc/init.d/tor start |
If you want to start tor with every boot (probably not):
Code: | rc-update add tor default |
Configure your web browser's http proxy to point to:
host: 127.0.0.1 port: 8118
(Under Firefox, go to the Edit menu/Prerences/General/Connection)
You should also set your SSL proxy to the same thing, to hide your SSL traffic.
You are now browsing anonymously.
To test it, go to this site and see what ip it reports as your own:
http://peertech.org/privacy-knoppix/
You can use network clients enabled with SOCKS in a similar way.
How to use Gaim, any protocol (Yahoo, Aim etc.) with tor:
Make sure you have privoxy and tor running as explained above.
In Gaim, go to the Tools menu, select Accounts. Select the IM protocol you want to anonymize, click Modify.
Click 'Show more options'
Under 'Proxy Options' select proxy type SOCKS 5
Enter 127.0.01 for the host
Enter 9050 for the port
Leave user/pass blank
No idea how to test this except to have a friend tell you what your ip is. The above method will work with any network client that is capable of SOCKS proxy, such as x-chat, irssi, Azureus etc.
Offering hidden services
A hidden service is a server on your computer that you make available via tor with a .onion top level domain.
A website offered through a hidden service looks like this:
http://6sxoyfb3h2nvok2d.onion/tor/SocatHelp
You can offer hidden services while tor is running as a client or server.
To make your web server available anonymously, edit ~/.tor/torrc and in the hidden services portion add these lines:
Code: | HiddenServiceDir ~/apache_hidden/
HiddenServicePort 80 127.0.0.1:80
|
Now create ~/apache_hidden and start tor. Look in the file ~/apache_hidden/hostname for the .onion address you want to publish.
Using tor and privoxy makes offering hidden services for web servers easy, but what if you want to make a non-http service available?
Say you have a mud server running on port 5454 and want to make it available as a hidden service. Follow the above steps, creating a directory named ~/mud_hidden/ instead.
To get to your mud people would use the address 34vss3f3tohrri.onion:5454
But telnet can't use the .onion namespace so we need to use socat.
Code: | emerge net-misc/socat
socat TCP4-LISTEN:2222,fork SOCKS4A:localhost:34vss3f3tohrri.onion:7878,socksport=9050
|
Now you can test it by telnet'ing to localhost: 2222
Do this from another machine to verify its working anonymously.
Note: All of the above steps will enable tor to be used as a client only. In other words you won't be a node and using 20 gigabytes of bandwidth per month, just what you'd normally use by surfing the web.
Todo: Browsing through Tor is a little slow and not necessary for daily use by most. It'd be nice to have a script that starts privoxy, tor, then Firefox with a config that has the proxy set to 127.0.0.1:8118, then shuts it all down when you exit Firefox. For now you can tell privoxy to stop working but not quit, so you don't have to reconfigure your web browser by bookmarking one of the listed bookmarklets:
http://config.privoxy.org/toggle
Tip: To make apps that use http such as wget, lynx, curl etc. use tor automagically put this in your .profile, or .bashrc etc:
Code: |
http_proxy=http://127.0.0.1:8118/
HTTP_PROXY=$http_proxy
export http_proxy HTTP_PROXY |
This is probably a dumb idea for most people, since it will slow down wget when used by emerge. Not good!
Troubleshooting: The above steps should work for most machines. If you have strict firewall rules you'll need to allow local connections to port 8118 and port 9050. If your firewall blocks outgoing connections, punch a hole so it can connect to TCP ports 80, 443, and 9001-9033.
Last edited by Pythonhead on Sat Mar 12, 2005 6:18 am; edited 17 times in total |
|
Back to top |
|
|
Deranger Veteran
Joined: 26 Aug 2004 Posts: 1215
|
Posted: Thu Dec 23, 2004 12:25 am Post subject: |
|
|
This is pretty nice, I am going to try this with DC++ and Firefox...I will report how it goes
Thanks for this tip, Pythonhead! |
|
Back to top |
|
|
Greven Tux's lil' helper
Joined: 28 Jul 2002 Posts: 138
|
Posted: Thu Dec 23, 2004 12:44 am Post subject: |
|
|
Post this on the Gentoo-wiki. The forums fill up to fast, and this is a great tip. _________________ veritas vos liberabit...
Linux User Number: 346805
Wine-Wiki
AMD 64 3500+ | MSI "K8T NEO2-FIR" | mushkin Dual Channel DDR 400 |
|
Back to top |
|
|
ewan.paton Veteran
Joined: 29 Jul 2003 Posts: 1219 Location: glasgow, scotland
|
Posted: Fri Dec 24, 2004 7:15 am Post subject: |
|
|
whenever i add forward-socks4a / localhost:9050 . into the config i get an error connecting to any website and a bunch of privoxy options i read tor had been on slashdot and was wondering if they were down
edit ignore me i thought it was either as root or user not both needed to done _________________ Giay tay nam | Giay nam cao cap | Giay luoi
Last edited by ewan.paton on Sun Dec 26, 2004 3:56 pm; edited 1 time in total |
|
Back to top |
|
|
TecHunter Tux's lil' helper
Joined: 15 Feb 2003 Posts: 124
|
Posted: Fri Dec 24, 2004 10:37 am Post subject: |
|
|
good howto
But anyone knows how to supply anonymous service for the computers in lan on the gateway? _________________ Gentoo is GREAT!!! |
|
Back to top |
|
|
Eejay n00b
Joined: 12 Nov 2004 Posts: 13 Location: California
|
Posted: Sun Dec 26, 2004 1:45 am Post subject: |
|
|
Dose this method work with SUSE Linux 9.2 professional edition along with a KDE/ Konqueror web browser
I know, This forums for people who use Gentoo Linux but everyone keep telling me that Gentoo Linux would be to difficult for me to use and recommended SUSE Linux.
I went through life living hell installing SUSE Linux so I don't want to make any mistakes and have to go through the nightmare of having to install SUSE again. _________________ Eejay |
|
Back to top |
|
|
troworld Tux's lil' helper
Joined: 20 Dec 2003 Posts: 95 Location: ON, CA
|
Posted: Sun Dec 26, 2004 5:04 am Post subject: |
|
|
I just posted this article at Gentoo Wiki with some additions/changes. You may have to refresh the page a few times to get to the article, since the wiki is suffering from some weird problem, where all links get you to a random page the first few times you try them. |
|
Back to top |
|
|
prolific Apprentice
Joined: 19 Apr 2002 Posts: 237
|
Posted: Sun Dec 26, 2004 10:55 am Post subject: |
|
|
ok i tried tor with a few irc servers ... it works but i get banned from the irc servers and get a msg saying forward dns doesn't match reverse dns .... if anyone finds an EFNET server that allows tor to go through, post here .. |
|
Back to top |
|
|
elabdel n00b
Joined: 19 Apr 2004 Posts: 71 Location: France
|
Posted: Tue Dec 28, 2004 8:10 am Post subject: |
|
|
Hello and thank you for this topic
Now I can browse the web anonymously, but somes targets (ports) witch were closed or hiden are now opened.
http://www.auditmypc.com/freescan/scanoptions.asp
How could I hide targets with a firewall and what firewall is easy to use. |
|
Back to top |
|
|
zephyr1256 Apprentice
Joined: 10 Mar 2003 Posts: 170 Location: Kingsport, TN
|
Posted: Mon Jan 10, 2005 12:42 am Post subject: |
|
|
Works very well for me, not too slow, and I can browse the regular internet anonymously, unlike freenet(which was way too slow, has been known to produce so much traffic it caused my soho router to reset, and didn't help with anonymity on the internet in general).
Almost perfect. Almost, the one problem is that some secure login sites do not work if you are using tor. Simple enough, I can use another browser for those sites and have the best of both worlds.
edit: Another odd thing I've noticed, when using the proxy, is that google usually thinks I'm from some other country because it regionalizes based on location of the detected ip of the client. Search still works, but it may alter the results, and certainly results in me seeing stuff in different languages on the google site. Fortunately the links it returns so far are usually English language sites, so its still usable. _________________ The Congress shall have power...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries; --U.S. Constitution. Article 1, Section 8. |
|
Back to top |
|
|
Joseph_sys Advocate
Joined: 08 Jun 2004 Posts: 2712 Location: Edmonton, AB
|
Posted: Fri Jan 14, 2005 8:23 pm Post subject: |
|
|
Code: | $ /usr/bin/tor -f ~/.tor/torrc |
Do I need to start tor as user and run it in a background?
When I start it as user it doesn't return to command prompt.
Do I need to start it in a background?
Does anybody know how to ad this code to one of the Firefox profiles? |
|
Back to top |
|
|
troworld Tux's lil' helper
Joined: 20 Dec 2003 Posts: 95 Location: ON, CA
|
Posted: Fri Jan 14, 2005 8:36 pm Post subject: |
|
|
To run that command in the background, add a "&" at the end, so:
Code: | $ /usr/bin/tor -f ~/.tor/torrc & |
I don't use Firefox, so I don't know how profiles work, but you could always write a two-line bash script that would contain the above tor line and the firefox command. Then you could run that script instead of /usr/bin/firefox (or whatever it is in your case). |
|
Back to top |
|
|
Pink Veteran
Joined: 24 Jul 2003 Posts: 1062
|
Posted: Fri Jan 14, 2005 8:40 pm Post subject: |
|
|
nm: read it again and found the obvious answer |
|
Back to top |
|
|
Master One l33t
Joined: 25 Aug 2003 Posts: 754 Location: Austria
|
Posted: Sat Jan 15, 2005 10:42 am Post subject: |
|
|
That's pretty amazing, just doing some tests with tor in client mode on a local proxyserver (lan -> squid -> privoxy -> tor -> inet), which works pretty impressively fast.
BTW There is an option in the torrc to have it run in daemon mode, so no need to start it with '/usr/bin/tor -f ~/.tor/torrc &'.
Why is there no init script for this software? _________________ Las torturas mentales de la CIA |
|
Back to top |
|
|
Master One l33t
Joined: 25 Aug 2003 Posts: 754 Location: Austria
|
Posted: Sat Jan 15, 2005 10:47 am Post subject: |
|
|
BTW Can anyone explain to me, how that trick of http://www.auditmypc.com/freescan/scanoptions.asp with exposing my internal IP address works, and how to prevent that? _________________ Las torturas mentales de la CIA |
|
Back to top |
|
|
etnoy Apprentice
Joined: 29 Aug 2003 Posts: 255 Location: Västerås, Sweden
|
Posted: Sat Jan 15, 2005 8:49 pm Post subject: |
|
|
I'd also like to know that. _________________ The md5sum of the above post is 06280ccd85ef9deb49c336e7945f4b5c
God is dead! - Nietzsche
Nietzsche is dead! -God |
|
Back to top |
|
|
Joseph_sys Advocate
Joined: 08 Jun 2004 Posts: 2712 Location: Edmonton, AB
|
Posted: Sat Jan 15, 2005 9:21 pm Post subject: |
|
|
It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong. |
|
Back to top |
|
|
etnoy Apprentice
Joined: 29 Aug 2003 Posts: 255 Location: Västerås, Sweden
|
Posted: Sat Jan 15, 2005 10:42 pm Post subject: |
|
|
Joseph_sys wrote: |
It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong. |
I see that, but I also see the following:
Code: | Notice!
Our system detects your internal IP address as 192.168.0.12 and your external address as XX.XXX.XX.XXX Your internal IP should be hidden whereas your external is always exposed. |
So somehow they can detect my internal NATed IP. How to fix that? _________________ The md5sum of the above post is 06280ccd85ef9deb49c336e7945f4b5c
God is dead! - Nietzsche
Nietzsche is dead! -God |
|
Back to top |
|
|
Ohnodoctor n00b
Joined: 02 Jun 2004 Posts: 17 Location: /home/
|
Posted: Sun Jan 16, 2005 3:12 am Post subject: |
|
|
I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences. |
|
Back to top |
|
|
amiatrome Apprentice
Joined: 28 Jun 2004 Posts: 180 Location: Campus | Arena Country Club | Home
|
Posted: Sun Jan 16, 2005 3:24 am Post subject: |
|
|
Nice! This will come in very handy on my laptop. _________________ blog | homepage | alias | prompts |
|
Back to top |
|
|
Master One l33t
Joined: 25 Aug 2003 Posts: 754 Location: Austria
|
Posted: Sun Jan 16, 2005 3:46 pm Post subject: |
|
|
Ohnodoctor wrote: | I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences. |
Quite insteresting, but I only use Konqueror.
Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?
BTW Does anybody have any experience with Azureus running over TOR? At the moment I am using mldonkey, but it has no SOCKS support (tried it with http_proxy connecting to my squid -> privoxy -> tor line, but this does not work at all). If someone could confirm, that Azureus is working fine with tor, it would be a great step forward in anonymous P2P usage, and I really would consider swapping from mldoney to Azureus. _________________ Las torturas mentales de la CIA |
|
Back to top |
|
|
OverlordQ n00b
Joined: 17 Jan 2005 Posts: 2
|
Posted: Mon Jan 17, 2005 6:15 am Post subject: |
|
|
etnoy wrote: | Joseph_sys wrote: |
It is not your IP that is exposed, it is an IP of the last box that connection went out to destination you specified, so you are not testing open ports on your box but the box that connection went out on.
Correct me anybody if I'm wrong. |
I see that, but I also see the following:
Code: | Notice!
Our system detects your internal IP address as 192.168.0.12 and your external address as XX.XXX.XX.XXX Your internal IP should be hidden whereas your external is always exposed. |
So somehow they can detect my internal NATed IP. How to fix that? |
Um, disable Java? |
|
Back to top |
|
|
OverlordQ n00b
Joined: 17 Jan 2005 Posts: 2
|
Posted: Mon Jan 17, 2005 6:16 am Post subject: |
|
|
Master One wrote: | Ohnodoctor wrote: | I might also mention the Switchproxy Extention for Firefox. It lets you switch between multiple proxies from the status bar, so you don't have to keep changing it in Prefrences. |
Quite insteresting, but I only use Konqueror.
Is this a normal plugin, that can be used in Konquerer as well, or is there something similar especially for Konqueror?
BTW Does anybody have any experience with Azureus running over TOR? At the moment I am using mldonkey, but it has no SOCKS support (tried it with http_proxy connecting to my squid -> privoxy -> tor line, but this does not work at all). If someone could confirm, that Azureus is working fine with tor, it would be a great step forward in anonymous P2P usage, and I really would consider swapping from mldoney to Azureus. |
You shouldn't use Tor for Az since it mainly can't handle the traffic, but if you'd FGI, you'd come up with this link: http://azureus.sourceforge.net/doc/AnonBT/ |
|
Back to top |
|
|
sprite Tux's lil' helper
Joined: 10 Jun 2003 Posts: 143 Location: Camarillo, California (USA)
|
Posted: Mon Jan 17, 2005 6:33 am Post subject: |
|
|
this is a badass guide =] and to top it off, the switchproxy plugin is incredible... thanks~
tag for refrence.. |
|
Back to top |
|
|
Ateo Advocate
Joined: 02 Jun 2003 Posts: 2021 Location: Republic of California
|
Posted: Mon Jan 17, 2005 7:52 pm Post subject: |
|
|
This is a great tip. However, it doesn't seem practical when browsing slows. I understand the original author said it's not practical for daily browsing.... So what's the point of this?
Also, I have found that I need to restart both the proxy and tor frequently in order to browse. Nonetheless, it does work. I have a admin access to a phpbb forum and thus checked my IP. They are always different. |
|
Back to top |
|
|
|