Tor

0 readers
0 users here now

Tutorials, questions & answers about the Tor network.

We talk about the network, advising any hidden-service will lead to a ban.

founded 1 year ago
MODERATORS
1
 
 

If you didn't knew torsocks, it's a tool to safely route various commands and applications over Tor. Let's install it first:

Updating repos & intstalling requirements
  • $ sudo apt update && sudo apt install autoconf automake libtool gcc -y
Cloning the gitlab repository
  • $ git clone https://gitlab.torproject.org/tpo/core/torsocks/ && cd torsocks
Compiling the package
  • $ ./autogen.sh && ./configure && make && sudo make install
Now we can try to use any application/command by calling torsocks before
  • $ torsocks firefox-esr will route your browser over Tor
  • $ torsocks curl <arg> will route curl over Tor
You also can start a new terminal session fully routed over Tor by doing --shell
  • $ torsocks --shell
  • $ (your terminal is now using Tor)
2
 
 

This list is sponsorised by Intercambio | Tor hidden-service for making your swaps and transactions fully over Tor :D

Bitcoin

Lightning Network

Monero

Litecoin

Ethereum

3
 
 
Before starting this tutorial, heres two differences: using bridges is to hide your connection to Tor from ISPs.
Using a proxy would be to completely anonymize your connection to Tor with proxychains for example.

Step 1: Edit torrc file

  • sudo nano /etc/tor/torrc

Step 2: Add theses lines

For a HTTP proxy
  • HTTPProxy / HTTPSProxy host[:port]
  • HTTPProxyAuthenticator / HTTPSProxyAuthenticator username:password
For a SOCKS proxy
  • Socks4Proxy/Socks5Proxy host[:port]
  • Socks5ProxyUsername username
  • Socks5ProxyPassword password
For a TCP proxy
  • TCPProxy protocol host:port
For a bridge
  • UseBridges 1
  • Bridge [vanilla/obfs(3/4)/snowflake/meek] IP:Port [fingerprint]
4
 
 
Before starting this tutorial, here's what you need to know:

Geofencing on Tor (or banning specific fingerprints ect..) is for very specific usages. For example, i'm in Japan and I obvously want, to avoid Japan Internet blocking rules, then I block all Japan relays.

Step 1: Edit torrc file

  • sudo nano /etc/tor/torrc

Step 2: Add theses lines

You can also only block exit-nodes, if you don't want to apply theses rules on guard and relay nodes with:

Step 3: Save & restart Tor

  • sudo service tor restart
After theses settings were applied, all relays from your wishes will be blocked at the guard, relay and exit node level.
5
 
 

This tutorial is made, because a lot of people seems to not understanding, how to "Torrify" the network traffic of an application, but hat's not that hard.

Step 1: Find the network settings of an application

You're simply going to the application settings you wanted.

Step 2: Search a "proxy" setting

You search "proxy" to set up your application for using Tor.

Step 3: Add the Tor SOCKS5 Proxy

When add the proxy, add theses informations:

  • Proxy type: SOCKS5
  • IP/Host: (127.0.0.1 for IPv4) (::1 for IPv6)
  • Port: (9050 for Tor-CLI) (9150 for TorBrowser)

Step 4: Setup Tor as a DNS resolver to not leak your requests

6
1
submitted 1 year ago* (last edited 11 months ago) by [email protected] to c/[email protected]
 
 

Introduction

Tor (The Onion Router) is a network protocol made by the United States Naval Research Laboratory to encrypt and anonymise your network traffic trough circuits inside a decentralized relay network.

Architecture

You have five types of relays inside Tor:

  • πŸ›‘ Guards (used to connect to Tor)
  • πŸŒ‰ Bridges (get a hidden access to Tor)
  • 🧢 Relay nodes (used to make circuits)
  • πŸšͺ Exit nodes (used when you exit Tor)
  • πŸ—ƒ HSDirs (Hidden Services Directories used to contact a hidden service)

Hidden-services (.onion)

Connections to hidden-services are fully end-to-end encrypted (the base32 is the public-key) inside Tor, first we ask to a HSDir if the hidden-service is alive

  • πŸ™‹β€β™‚οΈβ†”πŸ›‘β†”πŸ§Άβ†”πŸ§Άβ†”πŸ—ƒ

Then the connection to the hidden-service looks like this

  • πŸ™‹β€β™‚οΈ β†”πŸ›‘β†”πŸ§Άβ†”πŸ§Άβ†”πŸ§Άβ†”πŸ§Άβ†”πŸ§Άβ†”πŸ§Άβ†”πŸ›‘β†”πŸ–₯

Connection to the Internet

Tor gives the possibility to reach the internet trough his exit nodes network. The exit node haves the traffic unencrypted, if you don't use HTTPs (for example) it also know where goes the traffic, it look likes this:

  • πŸ™‹β€β™‚οΈβ†”πŸ›‘β†”πŸ§Άβ†”πŸšͺ↔ (website/server)

How can you use Tor ?

7
 
 

Install Tor CLI

  • sudo apt install tor

Add the DNS port to your Tor settings

  • sudo nano /etc/tor/torrc
Add this line
  • DNSPort (a port you choose) IsolateDestAddr

Save the file and modify your DNS settings

  • sudo nano /etc/resolv.conf
Remove any nameserver line and add this one
  • nameserver 127.0.0.1:(the port you took before)
8
 
 

cross-posted from: https://monero.im/post/171

Why i should make a hidden-service for my RPC endpoint ?

Because it gives you a private and secure access to your node.

Step 1: modify torrc to activate the hidden-service

In your terminal, install Tor and modify your configuration using nano

  • sudo apt install tor
  • sudo nano /etc/tor/torrc

Now, in the hidden-service section, remove the hashtags to activate your hidden-service, replace the defaults ports for 18081 (the default port number used for the RPC) and save the file.

  • HiddenServiceDir /var/lib/tor/hidden_service/
  • HiddenServicePort 18081 127.0.0.1:18081
Step 2: restart Tor & get the hidden-service

Restart the service and then open the "hostname" file to get your hidden service.

  • sudo service tor start
  • sudo nano /var/lib/tor/hidden_service/hostname
Step 3: start your monero node

Bind the localhost interface with the --rpc-bind-ip arg of monerod.

  • ./monerod --rpc-bind-ip 127.0.0.1
Step 4: connect your wallet to your node

Use FeatherWallet, go in the network-settings, in the proxy tab add a Tor SOCKS5 proxy (127.0.0.1:9050), check the only connect to .onions and start a bundled Tor router boxes.

Now in the nodes tab, add (your_hidden_service).onion:18081 as your remote-node and you can now use your node over Tor !