Template:Article summary start Template:Article summary text Template:Article summary heading Template:Article summary link Template:Article summary link Template:Article summary link Template:Article summary heading Template:Article summary wiki Template:Article summary wiki Template:Article summary end
Tor is an open source implementation of 2nd generation onion routing that provides free access to an anonymous proxy network. Its primary goal is to enable online anonymity by protecting against traffic analysis attacks.
- 1 Introduction
- 2 Installation
- 3 Configuration
- 4 Usage
- 5 Web browsing
- 6 Irssi with Tor
- 7 Tor with an HTTP Proxy
- 8 Running a Tor Server
- 9 TorDNS
- 10 Torify
- 11 Troubleshooting
- 12 External Links
Template:Wikipedia Users of the Tor network run an onion proxy on their machine. This software connects out to Tor, periodically negotiating a virtual circuit through the Tor network. Tor employs cryptography in a layered manner (hence the 'onion' analogy), ensuring perfect forward secrecy between routers. At the same time, the onion proxy software presents a SOCKS interface to its clients. SOCKS-aware applications may be pointed at Tor, which then multiplexes the traffic through a Tor virtual circuit.
Through this process the onion proxy manages networking traffic for end-user anonymity. It keeps a user anonymous by encrypting traffic, sending it through other nodes of the Tor network, and decrypting it at the last node to receive your traffic before forwarding it to the server you specified. Although Tor is considerably safer than the commonly used direct DNS connections (i.e. without a proxy), it can be considerably slower due to the large amount of traffic re-routing. Additionally, although Tor provides protection against traffic analysis it cannot prevent traffic confirmation at the boundaries of the Tor network (i.e. the traffic entering and exiting the network).
# pacman -S tor
The default configuration should work fine for most Tor users, with the one notable exception being those using Vidalia, a Qt GUI frontend for Tor. There is a Vidalia package available in the AUR. In addition to controlling the process Vidalia allows you to view the status of Tor; monitor bandwidth usage; view, filter, and search log messages; and configure some aspects of Tor.
To start Tor issue the following command as root to start the Tor service:
# /etc/rc.d/tor start
DAEMONS=(... tor ...)
Tor is supported primarily by Firefox, but can also be used with Chromium.
If you use Firefox, you can install this plug-in: TorButton. This will allow you to toggle very easily between tor navigation and normal navigation. If you're using multiple Proxies (for example if you want to use both TOR and "ssh -D") then there's also an addon called "FoxyProxy" for Firefox which allows you to specify multiple Proxies for different URLs or for all your browsing. Just point it to port 8118 (where polipo is running) on localhost. To test it, point your browser to this website with and without tor enabled.
Please read the official doc for more infos.
You do not need polipo to use TOR with Chromium. Simply start the TOR daemon, and run:
$ chromium --proxy-server="socks://localhost:9050"
Irssi with Tor
Freenode does not recommend that you use Privoxy with Irssi. Instead they recommend using the Template:Codeline approach and running Template:Codeline to start it up. Therefore, add the following to Template:Filename:
mapaddress 10.40.40.40 p4fsi4ockecnea7l.onion
Freenode requires charybdis and ircd-seven's SASL mechanism for identifying to nickserv during connection. Download Template:Filename, which enables SASL, from the Freenode website (i.e. http://www.freenode.net/sasl/cap_sasl.pl) and save it to Template:Codeline
$ pacman -S perl-crypt-openssl-bignum perl-crypt-blowfish
Alternatively, you can install the modules using perl:
$ perl -MCPAN -e 'install Crypt::OpenSSL::Bignum Crypt::DH Crypt::Blowfish'
$ torify irssi
Load the script that will employ the SASL mechanism.
/script load cap_sasl.pl
Set your identification to nickserv, which will be read when connecting. Supported mechanisms are PLAIN and DH-BLOWFISH.
/sasl set <network> <username> <password> <mechanism>
Connect to Freenode:
/connect -network <network> 10.40.40.40
If you are having errors check this thread.
Tor with an HTTP Proxy
If you need an HTTP proxy.
Polipo is a small and fast HTTP proxy. Install and configure according to the Polipo article. The Tor Project has created a custom Polipo configuration file to prevent potential problems with Polipo as well to provide better anonymity.
Keep in mind that polipo is not required if you can use a SOCKS 5 proxy, which TOR starts automatically on port 9050. Notably, if you want to use Chromium to use TOR, you do not need the polipo package. See below on how to use TOR with Chromium.
Privoxy is an HTTP proxy that speaks SOCKS4a and does html/cookie scrubbing. It can be installed and configured according to the Privoxy article.
Tor and Privoxy in Firefox
The easiest way to do this is to use the Torbutton extension.
Alternatively, you can use Foxyproxy. After restarting Firefox you will have a new toolbar. Click Add, select Standard proxy type. Choose whatever Proxy Label you want, e.g Tor. Enter into both the HTTP Proxy and SSL Proxy fields:
Hostname: 127.0.0.1 Port: 8118
This will point Firefox at Privoxy. You can also add exceptions in the No Proxy for field.
Now, return to http://whatsmyip.net/ and check so that your IP is diffrent from before.
Tor and Privoxy in other applications
You can also use this setup in other applications like instant messaging, Jabber, IRC, etc.
Applications that support HTTP proxies you can point at Privoxy (127.0.0.1 port 8118).
To use SOCKS proxy directly, you can point your application at Tor (127.0.0.1 port 9050). A problem with this method though is that applications doing DNS resolves by themselves may leak information. Consider using Socks4A (e.g. via privoxy) instead.
Running a Tor Server
You should at least share 20kb/s:
Nickname <tornickname> ORPort 9001 BandwidthRate 20 KB # Throttle traffic to 20KB/s BandwidthBurst 50 KB # But allow bursts up to 50KB/s
Allow irc ports 6660-6667 to exit from node:
ExitPolicy accept *:6660-6667,reject *:* # Allow irc ports but no more
Run Tor as an exit node:
ExitPolicy accept *:119 # Accept nntp as well as default exit policy
Run Tor as middleman ( a relay):
ExitPolicy reject *:*
The Tor 0.2.x series provides a built-in DNS forwarder. To enable it add the following lines to the Tor configuration file: Template:File And restart Tor to load the updated configuration file:
This will allow Tor to accept DNS requests (listening on port 9053 in this example) like a regular DNS server, and resolve the domain via the Tor network. A downside is that it's only able to resolve DNS queries for A-records; MX and NS queries are never answered. For more information see this Debian-based introduction.
DNS queries can also be performed through a command line interface by using Template:Codeline. For example:
$ tor-resolve archlinux.org 184.108.40.206
Template:Codeline will allow you use an application via the Tor network without the need to make configuration changes to the application involved. From the man page:
torify is a simple wrapper that calls tsocks with a tor specific configuration file. tsocks itself is a wrapper between the tsocks library and the application that you would like to run socksified
$ torify elinks checkip.dyndns.org $ torify wget -qO- https://check.torproject.org/ | grep -i congratulations
Torify will not, however, perform DNS lookups through the Tor network. A workaround is to use it in conjunction with Template:Codeline (described above). In this case, the procedure for the first of the above examples would look like this:
$ tor-resolve checkip.dyndns.org 220.127.116.11 $ torify elinks 18.104.22.168
Problem with User value
If the tor daemon failed to start, then run the following command as root (or use sudo)
If you get the following error
May 23 00:27:24.624 [warn] Error setting groups to gid 43: "Operation not permitted". May 23 00:27:24.624 [warn] If you set the "User" option, you must start Tor as root. May 23 00:27:24.624 [warn] Failed to parse/validate config: Problem with User value. See logs for details. May 23 00:27:24.624 [err] Reading config failed--see warnings above.
Then it means that the problem is with the User value. So proceed with the following steps.
Check the permissions of the directory Template:Filename by running
# ls -l /var/lib/
If the permission for Template:Filename is as shown below
drwx------ 2 tor tor 4096 May 12 21:03 tor
This means that the directory is owned by the user tor and the group tor. Change the owner to the user root, and the group root with the command:
# chown -R root:root /var/lib/tor
If you check the permissions again, it should now show
drwx------ 2 root root 4096 May 12 21:03 tor
Now open Template:Filename and find the following lines
## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. RunAsDaemon 1 User tor Group tor
Comment out the lines User tor and Group tor, so that the lines read as
## Uncomment this to start the process in the background... or use ## --runasdaemon 1 on the command line. RunAsDaemon 1 #User tor #Group tor
Save the changes and restart the tor daemon, it should now work.
# /etc/rc.d/tor restart