Tor - is a connection-oriented anonymizing communication service.
Install Tor
Start/Restart/Stop Tor Service
# Start
sudo service tor start
# Restart
sudo service tor restart
# Stop
sudo service tor stop
# Status
sudo service tor statur
Proxychains
Proxychains forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.
- configuration
vim /etc/proxychains.conf
# -----------------------------------------------------
# If performing nmap for port scan through proxychains, comment out the following. Otherwise it will hang and crash.
proxy_dns
If you lost a configuration file, download from the repository.
wget https://raw.githubusercontent.com/haad/proxychains/master/src/proxychains.conf -O /etc/proxychains.conf
Now start the Tor service and run the following command to open the Firefox via proxychains.
Anonymize Traffic with Tor
We can anonymize our traffic using Tor proxy and proxychains. Please note that this method does not provide complete anonymity.
- https://geekflare.com/anonymize-linux-traffic/
- https://0x00sec.org/t/how-to-become-a-ghost-hacker-merozey-tips/591
- https://0x00sec.org/t/anonymity-basics/722
- https://www.edureka.co/blog/proxychains-anonsurf-macchanger-ethical-hacking/
Privacy Friendly OS
- Tails
- Qubes
- Whonix
Anonymization
1. Configure Proxychains
First off, find the location of the proxychains configuration file.
Assume we found /etc/proxychains.conf then modify this file.
We need to remove # in front of dynamic_chains, then comment out the strict_chain line and the random_chain line.
In addition, check the proxy_dns is uncommented for avoiding our DNS to be leaked.
Add socks4 127.0.0.1 9050 and socks5 127.0.0.1 9050 in the ProxyList section.
2. Start Tor Service
Before using proxychains, we need to start Tor service.
3. Use Proxychains
Now we can execute arbitrary command with proxychains. Our traffic should be anonymous thanks to Tor.
- Check Public IP
To check our public ip address from command line, run the following command.
- Proxhchains Bash
If we don't want to append proxychains command every time, proxychains bash command eliminates the need to do that.
4. Use Burp Suite
To use Burp Suite over Tor proxy, setup the SOCKS proxy in Burp Suite as below.
- Open Burp Suite. We need to normally start Burp Suite without
proxychainscommand. - Go to Proxy tab and click Proxy settings. Settings window opens.
- In Settings window, go to User tab at the left pane, and click Network → Connections.
-
In SOCKS proxy section, click the switch "Override options for this project only", and fill the following forms:
5. After that, check "Use SOCKS proxy". 6. Close the Settings window.
After setting up, we can use Burp Suite built-in browser over Tor proxy.
5. Stop Tor Service
After using proxychains and Tor, stop the Tor service.
Check Your IP
After anonyzation, check your ip.
Change MAC Address
Create Tor Onion Service with Nginx
- https://community.torproject.org/onion-services/setup/
1. Setup Tor
1. Install Tor
Then enable and start tor service.
2. Configure Tor Onion Service
Edit /etc/tor/torrc for adding the following lines (remove # at the target lines and modify values):
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 unix:/var/run/tor/hidden_service.sock
3. Restart Tor Service
4. Check Your Onion Domain
Your onion domain is stored at /var/lib/tor/hidden_service/hostname.
2. Setup Nginx
1. Install Nginx
2. Create Website Contents
Here we create a directory /var/www/onion and put the contents here.
Then write contents for index.html such as below:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Hidden Site</title>
</head>
<body>
<h1>Welcome to Hidden Site</h1>
</body>
</html>
After that change permission for allow nginx to read files under /var/www/onion.
Remember to update permission of /var/www/onion with above command every time you add new files/directories under /var/www/onion.
3. Configure Nginx
Create /etc/nginx/conf.d/onion.conf and add the following directive. Replace <your-onion-address>.onion with your Onion domain stored at /var/lib/tor/hidden_service/hostname.
server {
listen unix:/var/run/tor/hidden_service.sock;
server_name <your-onion-address>.onion;
access_log /var/log/nginx/hidden_service.log;
index index.html;
root /var/www/onion;
location / {
root /var/www/onion;
index index.html index.htm;
}
}
4. Start Nginx Server
Before starting the Nginx, if the SELinux is activated, temporarily disable the SELinux to give Nginx permission to process UNIX sockets (/var/run/tor/hidden_service.sock).
# 0: Set `Permissive` mode temporarily
setenforce 0
# Check status (the `Permissive` mode is expected)
getenforce
Then start Nginx.
3. Access To You Onion Service
Using Tor Browser, you can access to the onion service by entering your .onion domain. See the domain in /var/lib/tor/hidden_service/hostname.
To monitor access log, use tail command.
4. Backup HiddenServiceDir
To keep your onion service available for a long time, make a backup copy of the /var/lib/tor/hidden_service directory somewhere.
When starting Hidden Service using this directory, just simply copy it to /var/lib/tor/ as below:
Then modify /etc/tor/torrc and start tor service.
5. (Optional) Get Vanity Address
If you want to use a custom Onion domain with arbitrary prefix such as exampleabcdef....onion, you can generate it using mkp224o.
1. Install Dependencies
# on Debian/Ubuntu
apt install gcc libc6-dev libsodium-dev make autoconf
# on Fedora
sudo dnf install -y gcc
sudo dnf install -y glibc-static
sudo dnf install -y libsodium-devel
sudo dnf install -y make
sudo dnf install -y autoconf
2. Build the mkp224o Project
3. Generate Vanity Address
# -d: Specify output directory
# -n: The number of domains to generate
./mkp224o -d domains -n 5 mysite
# Result examples:
mysiteabcdef.....onion
mysite012334.....onion
mysiteef0123.....onion
mysite789abc.....onion
mysite345def.....onion
4. Copy the Key Files
After generating, the key files are saved under domains/mysite...onion directory.
Choose one domain and copy these files to /var/lib/tor/hidden_service/ .
5. Update the Nginx Config
Replace the original onion domain to our vanity address in /etc/nginx/conf.d/onion.conf
6. Restart Tor and Nginx
Now restart Tor and Nginx to apply the domain.
Access to mysite...onion in Tor Browser.
6. (Optional) Make Your Onion Service To Be More Secure
If you want your onion service to be more secure, add additional configurations.
Hide Nginx Version
Usually the Nginx version is displayed in the HTTP response header such as below:
You may want to hide the version. To hide it, add the server_tokens off in the /etc/nginx/nginx.conf as follow:
This hide the Nginx version from the Server header such as below:
Rate Limiting Requests
Reference: https://www.nginx.com/blog/rate-limiting-nginx/
By rate limiting requests per second (or millisecond), it may prevent DDoS attacks.
Add limit_req_zone and limit_req directives to /etc/nginx/conf.d/onion.conf.
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
Server {
...
location / {
limit_req zone=mylimit burst=20 nodelay;
...
}
}