October 31st, 2005, 08:12 AM
HOWTO : Surf anonymous with TOR and onion routing
HOWTO surf anonymous with Onion Routing (TOR) and Privoxy.
2. What's TOR?
3. Secure, but how secure actually??
4. What's Privoxy?
5. Let's install it
6. Let's configure it
7. How do I use it?
8. How can I tweak it?
Well, we all know that security has become a very important aspect of the internet, maybe the most
important medium the world is relying on these days. It maybe stating the obvious to you guys over again about what we are protecting ourselves against out there: all the bad things that go bump in the night. Or you're an admin trying to defend his precious serverfarm. Or you're, maybe were, that person with malicious-intentions once, trying to fsck over that admin and his serverfarm. Anyways, "The Thin Red Line" shouldn't be a movie about war, but should be a movie about the thin border between hacking/cracking and securing. At least, that's my belief. One example of a technology that becomes more and more important, and is actually a nice example of that thin red line is anonymity on the internet. We all like to hide out there. Certainly when doing our stuff, no matter if it's a hacker/cracker trying to disguise himself from getting traced or to a federal agent trying to frame some criminal without giving away his federal identity. Everyone has his reasons to get anonymous. The morality of doing so is the topic of another discussion.
In this tutorial I'd like to show you guys what a nice example of anonymizing on the internet is, and how you can use it. Now I've seen a few threads on this subject, but no tutorial or HOWTO use/install it. If you already use it, the better; if you don't, then this might get interesting for you.
I'd like to show how you can hide effectively out there with the use of TOR (Onion routing) and a proxy. In this case Privoxy. Don't shoot me with all the manuals and the RTFM people should do. I know there are other tuts around but I thought it was to introduce it here. Hope you like it.
2. What is TOR ?
TOR is actually an anonymizing system that uses onion routing to hide and encrypt data in such way that it hides the source. First, I'll explain briefly IP to enlight this technology. The internet makes use of mostly IP to route packets between a source and destination. Every packet contains a header and a payload area. Now I'm not going into detail about the header but the header contains amongst others 2 fields, namely "source ip" and "destination ip". These get filled in by the nodes at the end (e.g., your pc and a webserver).
Also, you need to know that in a normal sequence these fields NEVER change. I hear you thinking about IP spoofing now. Well if so, you're kinda on the right track, except it's not actually IP spoofing that the onion routing does. The TOR-client sets up a session with the nearest onion-router of the meshed onion-router-network. Then, it tries to make a random path OVER all these onion routers towards the destination you want to reach. This path is encrypted over virtual tunnels between the onion routers. Every onion router only sees the source ip of the router it got data from, meaning no onion-router ever knows the whole path.
Now comes the beauty of it. When you reach the last hop (meaning the last onion router) before the destination, this last hop changes the source ip of the previous router and replaces it with its own ip and also decrypts the data, wehereafter it sends it to the destination. This means that the last onion router will be seen as the source IP rather that your actual IP address. That last router only changes back the ip of the server it got data from and the data hops back to you back to you, back over the virtual encrypted tunnel. These tunnels are random and change every given time, so it could be that you seem to be coming from Australia and 5 minutes later from Finland. I'll demonstrate this later.
3.Secure, but how secure actually??
Well, this might invoke an interesting discussion, as I will try to explain the security that's used throught TOR. I will also try to shed some light on the possible flaws that might exist as well. First off, let me put a statement: "TOR is an implementation that uses Onion routing". The Onion routing itself gets its name from the "ONION-alike" data structures it creates and sends throughout its network. This is a technique to ensure a route is created and yet, every router only will know the previous router to itself and its next router. Every shell of the onion exists at 2 layers: 1 encryption layer and 1 data layer, which contains the necessary data of the next hop, like the IP address. Every hop (onion router) sees the request come in with the IP of the previous hop, It will then decrypt the first layer to get to its second layer of data. It then passes the onion to the IP address it found. In the heart of the onion is the data found which will be passed in clear-text from the last hop to the destination. This should give a general idea of the structure of the onion.
Now onto the encryptions. The encryptions used in the encryption-layers are PKI-based (Public Key Infrastructure). This technique was used in early implementations, and is actually vulnerable to a specific attack: Man-in-the-Middle. Basically, the attacker can insert himself between two points, and capture the traffic. Once enough traffic is capture it can be decrypted at a later time and eventually, the keys used could be discovered.
Therefore, TOR (the latest implementation) uses DIffie-Hellman key exchange, considered as a safe PKI, and Perfect Forwarding Secrecy (PFS). These keys are only used during the lifetime of the virtual connections, much like a session key. The Diffie-Hellman is a key exchange method based on computing together a preshared key, which will be used for further encryptions of the communication. For a more in-depth view of Diffie-Hellman, please check the references list on the bottom. Now this key exchange is combined with PFS.
So, the PFS ensures that a key used to protect transmission data, can never be used as a key to setup a new key. In this case the DH-keying, and vice versa.
PFS ensures that the compromise of a single key permits access only to data that is protected by it, not necessarily to the entire communication
Although these things look pretty secure, and mostly they are, there are as always exceptions. For example I'd like to point you to
Here for an advisory of August 2005 on TOR.
4. What is PRIVOXY ?
Privoxy is simply a proxy program that can be used as to relay the traffic. In this case we will use it as an addition on the TOR for extra anonymity, such as changed User-Agents, pop-up-blocker, etc ... For those who don't know what a proxy is: a proxy is a server that sits between one computer system and another. (e.g., your browser and a web server). Your browser makes a request to the proxy, and the proxy effectively gets the data and passes it back to you. Proxies are widely used for several implementations. Now, some of you will say, "Why not just use a free open proxy and we're set?" That's another way in anonymizing but open anonymous proxies are mostly very slow and unreliable when free. Also, they are not randomizing like TOR nor will they (mostly) encrypt your data.
5. Let's install it ...
I am using Slackware 10.2 at this time and will use this distro for the demonstration. I also use Mozilla Firefox for my browser and Xchat as my irc client. Other package handlers might even be easier. There even are Windows and MacOSX packages available. If you really need help on that I suggest that you first go and read the manual of your OS and/or package handler. I might be able to help out on other OS-es over IRC (check my signature for irc). So now open a console-window and head to root (su).
First we need to get the packages : We need :
- libevent (dependency for tor)
#cd <dld-or-tmp-directory> (cd in a workable temp directory to keep oversight)
- TOR (For tor I've used the source tarball, since i didn't find the latest slackpack)
Now try and run it already to test. It prolly will complain about an old libevent, but thats no big issue.
You can upgrade later. Possibly simply through your package handler
If not, its possible you need to copy the sample config over. Do that like this
#tor (if this works you can CTRL + C out)
If all goes well start tor in the background
#cp /usr/local/etc/torrc.sample /usr/local/etc/torrc
The slackpack also made a nice startupscript for you and can be found at /etc/rc.d/rc.privoxy. So check if it starts well.
That should be it. All necessary packages should be installed now. If you have problems installing or with the runscripts, contact me through pm or rather on irc. I'll help you out.
Now let's move on to configuring ....
6. Let's configure it
First go in your browser prefernces and change proxy settings.
For Mozilla Firefox this is the next sequence :
Tor has a pretty solid default configuration, so we can leave that one alone. There is one configuration thing we need to do though, and that's to point the Privoxy towards the TOR-engine. We will need to filter the browser request through the Privoxy proxy filters. Then we can safely pass that result towards the TOR-engine which will initiate the rest of the connection.
- Edit - Preferences - General - Connection Settings
- Check "Manual Proxy Configuration" and point HTTP, FTP and SSL to 127.0.0.1 port 8118 (the port of privoxy)
- Open /etc/privoxy/config with your favorite editor. Mine's nano, so ....
For the record, by default TOR listens @ port 9050 and privoxy @ port 8118
Go to the last line and add the next between the quotes but not the quotes themselves => "forward-socks4a / localhost:9050 ."
The sequence thus is : Browser-request => Privoxy@8118 => TOR@9050 => Onion-router-network => destination
7. How do I use it ?
I made a little page that will show you how to set your browser settings. And let's you see if you're hidden or not. If you configured all well you should be able to surf the net, and then you can surf to Here . Now, you see your current public IP. That's for browsing, ftp connections and http over ssl-connections. (also see section 5 if you forgot the browser-configurations )
Now onto xchat, that means IRC of course.
Go into your irc-client, in my case xchat and follow the next sequence :
- Settings - Preferences - Network Setup
- Set hostname : 127.0.0.1
- Set port : 9050
- Set type : Socks4
Now goto the server you wanna connect and edit its settings :
- Xchat - Server List
- Choose your server and select Edit
- Check the "Use a proxy server"
Connect and wait and see yourself evading those .... errmmm your anonymity ...
It's possible though that if you get detected using TOR on IRC you might get asked not to use the TOR because of it's a hard to ban an TOR-client :P
So that's it on how to use it. An ethical point, however: while it's good to be anonymous, as most of us know, as do hackers/crackers/trolls/ogres know these techniques and have known them a very long time. Use the knowledge wisely; don't abuse it. Anyway thats up to yourself.
8. How do I tweak it ?
Well, I told you the tweaking concerning browsing and the ircing. Other programs are similar.
If the program has an option to use a proxy server you're set. But I'm sure you will be clever enough to figure those out yourself.
- The TOR-client doesn't need much tweaking, but you can tweak it further if you want. Therefore modify /usr/local/etc/torrc.
- The Privoxy can be tweaked much more to your needs. To do this, do the following steps:
- Invoke a 404, for.ex. browse to http://www.test.test/ ( dunno another way to access it good, if you know contact me)
- You should see the proxy page now
- Go to "view and edit current configuration"
- click view and/or edit /etc/privoxy/default.action
- You'll see three main modes "Cautious, medium and Adventuresome"
- I choose Medium and then clicked edit to modify the hide-user-agent entry (always fun )
Anyway lots of options to tweak and places to see, all anonymously now,
Hope ya liked it.
Cheers from Belgium.
9. References :
- Onion Routing for Anonymous Communications - [ur]http://ntrg.cs.tcd.ie/undergrad/4ba2.05/group10/[/url]
- Diffie - Hellman - http://en.wikipedia.org/wiki/Diffie-Hellman
- IPSEC - http://www.microsoft.com/technet/pro...b4a2a1190.mspx
- TOR - http://tor.eff.org/
Last but not least, thnx to TheHorse13 and MsMittens on additional advice and review.