Using TOR and other proxy servers
Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Using TOR and other proxy servers

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    763

    Using TOR and other proxy servers

    This is for people with broadband connections (cable, ADSL)
    This is my little tutorial/guide on how to use TOR for windows XP. I did this actually because its raining outside and IM bored. Lets begin.
    This is for Windows XP with IE6 or IE7 firefox same setup (basically)

    Go to http://tor.eff.org/download.html.en and download the bundle which consists of Tor & Privoxy & Vidalia bundle: 0.1.1.26 (sig), 0.1.2.12-rc (sig).
    Download it, and save it on your system. Next, run it and install it on your system. After you click 'finish' the white privoxy window will display. Keep this window open just minimize it.

    Next, is Vidalia (GUI for TOR) the icon, in the system tray which is a little grey icon for TOR, before starting Vidalia lets configure our web browser. If your running IE6 OR IE7 use this configuration setup. For additional security, I would recommend disabling cookies in your web browser before configuring TOR to work with your web browser.

    Open IE go to tools, internet options, click on connections tab, click on LAN settings below, place a check in 'Use a proxy Server,' leave those two white fields blank. Next, click on the advanced button:
    Under 'Proxy address to use'
    Under HTTP: enter localhost port 8118
    Under SECURE: localhost port 8118
    under FTP: localhost port 8118
    Under Gopher: leave the field blank.
    under SOCKS: localhost port 9050
    Do not check "use the same proxy server for all protocols" also leave the bottom box blank. Click on OK. and OK and OK. This will close it.
    Now go to start, all programs, click on TOR, this will bring up a command prompt box: saying something similiar;
    Apr 15 10:58:00.665 [notice] Tor v0.1.1.26. This is experimental software. Do no
    t rely on it for strong anonymity.
    Apr 15 10:58:00.735 [notice] Initialized libevent version 1.1b using method win3
    2. Good.
    Apr 15 10:58:00.735 [notice] connection_create_listener(): Opening Socks listene
    r on 127.0.0.1:9050
    Apr 15 10:58:17.930 [notice] We now have enough directory information to build c
    ircuits.
    Apr 15 10:58:22.517 [notice] Tor has successfully opened a circuit. Looks like c
    lient functionality is working.
    Minimize this box or close it.
    Next, right click on the grey icon (tor) and go to start. It should now have a green onion instead of the grey icon. To see if TOR is successfully installed go to www.ipchicken.com or www.ip2location.com and see what it IP address it detects. Or you can open command prompt an issue netstat -ano and look for the established connections. Or you can open comand prompt and issue netsh diag connect ieproxy

    C:\Documents and Settings\sysadmin>netsh diag connect ieproxy
    Internet Explorer Web Proxy (localhost)
    IEProxyPort = 8118
    IEProxy = localhost
    Server appears to be running on port(s) [8118]

    C:\Documents and Settings\sysadmin>
    Just a little FYI, Tor uses SSL to encrypt all data, and doesn't even leak DNS requests, unlike some proxy servers. As long as it's configured properly and using an appropriate proxy (such as Privoxy, which comes in the bundle).
    TOR cannot offer 100% total anonmity so If the connection to the website is not secure (e.g https) then the last gateway will be able to see (and potentially sniff) all traffic.
    Thus, it is vitally important when using TOR to check the server certificates and only use encrypted protocols (pop3-ssl, https) if you are logging in.
    However, it is true that communication between nodes is encrypted so an intermediate node cannot intercept it.

    ---------------------------------------------------------------------
    Another way to use a proxy server to assist in your web surfing a website proxy server such as www.hidemyass.com where you enter the website you want to visit in the field provided. It will connect to them with their information instead of yours. Again, disabling cookies in your web browser first before configuring TOR to work with your web browser.
    --------------------------------------------------------------------
    Another method is to use a public proxy server from sites such as http://www.publicproxyservers.com/page1.html
    I perfer to use a proxy server from this site but in another country, and perferrably a so called* high anonymity* proxy server running on port 8080.
    To do this Open IE go to tools, internet options, click on connections tab, click on LAN settings below, place a check in 'Use a proxy Server,' this time fill in the two white fields with any of the proxy servers from this site or any proxy site. Hit OK and OK. Go to www.ipchicken.com and see what IP address it detects.

    A little more FYI I have the best luck from this site http://www.publicproxyservers.com/page1.html
    when I select proxy servers running on port 8080.

    Only downfall they leak DNS request so your not as anoymous as you think you are.
    I hope this helps. Cheers,

  2. #2
    Member
    Join Date
    Sep 2006
    Location
    At a keyboard
    Posts
    82
    Me personally, I am rather drawn to torpark which can run from a usb key. The free version is kind of limited but works fine for what I would use it for.
    "I have died, I will die, It's alright, I don't mind"

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    If you are using firefox with tor, then just be careful which plugins you have enabled. As shattereddoul mentioned, torpark is a good way to get around your extensions giving up your identity.

    I can think of a couple of extensions off the top of my head that would help to blow your cover. forecast fox will give up your zip code. foxmarks will give up your userid for syncing bookmarks. I'd think that the foxmarks servers would also have logs of what other IPs you're syncing from...

    That said, there are other applications on your computer that may "phone home" using the IE connection settings. Do you have the weatherbug installed? What about AV programs that may have to reach the internet for updates but also send subscription to verify the product still has support?

    It might be wise to just use a Virtual Machine with VMWare Server or Player. http://www.vmware.com/vmtn/appliances/directory/392

    BTW: A lot of IDS and firewalls will alert to tor being used. A security admin at a company may want to block proxies such as tor so users can't bypass the content filtering system. I know it is blocked where I work... and the bleeding snort rules go crazy when it detects connection attempts to the tor network. Depending on the placement of the the IDS sensors, alerts will still go off even if the connection attempt fails due to a firewall blocking it.
    Last edited by phishphreek; April 16th, 2007 at 12:14 PM.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    This is a nice quick & dirty setup guide.

    One small comment though.

    Go to http://tor.eff.org/download.html.en and download the bundle which consists of Tor & Privoxy & Vidalia bundle: 0.1.1.26 (sig), 0.1.2.12-rc (sig).
    The rc build is a newer build (release candidate). The other is the current GA build. I tend to play with RC builds but it should be clear that you only need to download one or the other, not both.

    BTW: A lot of IDS and firewalls will alert to tor being used. A security admin at a company may want to block proxies such as tor so users can't bypass the content filtering system. I know it is blocked where I work... and the bleeding snort rules go crazy when it detects connection attempts to the tor network. Depending on the placement of the the IDS sensors, alerts will still go off even if the connection attempt fails due to a firewall blocking it.
    We know the *second* someone attempts to fire up TOR.
    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    763
    A lot of IDS and firewalls will alert to tor being used.
    Why is that? Do they see TOR as a threat or just something to take notice and be concered of? Average users do not know how to setup or configure TOR.

    I know it is blocked where I work... and the bleeding snort rules go crazy when it detects connection attempts to the tor network. Depending on the placement of the the IDS sensors, alerts will still go off even if the connection attempt fails due to a firewall blocking it.
    What do the alerts look like? I never setup or used snort so I don't know.

    We know the *second* someone attempts to fire up TOR.
    You guys are pretty good.

  6. #6
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    TOR is used by BotNet masters now. Obviosly having a covert channel to pipe data/commands in/out of the environment without being able to see it poses a *huge* security risk.

    We look for the protocol on our wire at the network choke point and if seen, fire rains down from the sky.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  7. #7
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    763
    We look for the protocol on our wire at the network choke point and if seen, fire rains down from the sky.
    Which protocol exactly? Also, does websites do this aswell or just networks? Websites have applications that can detect when someone is using tor but is their a way to spoof the protocol or use a protocol cleaner like program to assist with this? Not that Im trying to dodge any IDS or bypass security or anything like that but find this interesting.

    cheers, cn22
    Last edited by Computernerd22; April 18th, 2007 at 05:12 PM.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    We block tor and try to detect it because it has no place in a workplace like mine. It can be used to bypass content filtering systems, run hidden services and if configured as a router... use bandidth and serve up those hidden services.

    The alerts look like any other snort alert. You can view the policy file or rules for "BLEEDING-SNORT POLICY TOR" in the following rules file.
    http://www.bleedingthreats.net/rules...g-policy.rules

    Here is more info about how tor can be used not to just bypass proxies or content filtering systems, but also host servers.
    http://tor.eff.org/docs/tor-hidden-service.html.en

    Here is a recent high profile case on why you don't want tor running on your corporate network!
    http://arstechnica.com/news.ars/post/20060911-7709.html

    You can out more about the tor protocol specifications @
    http://tor.eff.org/cvs/doc/tor-spec.txt
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    763
    Very cool indeed. Thanks for the links.

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    is their a way to spoof the protocol or use a protocol cleaner like program to assist with this?
    I have not heard of or come across any such tool. Knowing how the protocol works, I think you'd be hard pressed (if at all possible) to design such a tool.

    Phishy likes snort but one day he will see the light and listen to his mentor on why he should be careful with that tool.

    I use a commercial product called Websense to stomp out the TOR protocol.

    --TH13
    Last edited by thehorse13; April 19th, 2007 at 11:13 AM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides