Title: Tor part 1: how-to use Tor | |
Author: Solène | |
Date: 10 October 2018 | |
Tags: openbsd unix tor security | |
Description: | |
Tor is a network service allowing to hide your traffic. People | |
sniffing your network will not be able to know what server you reach | |
and people on the remote side (like the administrator of a web | |
service) will not know where you are from. Tor helps keeping your | |
anonymity and privacy. | |
To make it quick, tor make use of an entry point that you reach | |
directly, then servers acting as relay not able to decrypt the data | |
relayed, and up to an exit node which will do the real request for | |
you, and the network response will do the opposite way. | |
You can find more details on the | |
[Tor project homepage](https://www.torproject.org). | |
Installing tor is __really__ easy on OpenBSD. We need to install it, | |
and start its daemon. The daemon will listen by default on localhost | |
on port 9050. On others systems, it may be quite similar, install the | |
tor package and enable the daemon if not enabled by default. | |
# pkg_add tor | |
# rcctl enable tor | |
# rcctl start tor | |
Now, you can use your favorite program, look at the proxy settings and | |
choose "SOCKS" proxy, v5 if possible (it manage the DNS queries) and | |
use the default address: `127.0.0.1` with port `9050`. | |
If you need to use tor with a program that doesn't support setting a | |
SOCKS proxy, it's still possible to use **torsocks** to wrap it, that | |
will work with most programs. It is very easy to use. | |
# pkg_add torsocks | |
$ torsocks ssh remoteserver | |
This will make ssh going through tor network. | |
Using tor won't make you relaying anything, and is legal in most | |
countries. Tor is like a VPN, some countries has laws about VPN, check | |
for your country laws if you plan to use tor. Also, note that using | |
tor may be forbidden in some networks (companies, schools etc..) | |
because this allows to escape filtering which may be against some kind | |
of "Agreement usage" of the network. | |
I will cover later the relaying part, which can lead to legal | |
uncertainty. | |
Note: as torsocks is a bit of a hack, because it uses LD_PRELOAD to | |
wrap network system calls, there is a way to do it more cleanly with | |
ssh (or any program supporting a custom command for initialize the | |
connection) using netcat. | |
ssh -o ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p' | |
address.onion | |
This can be simplified by adding the following lines to your | |
**~/.ssh/config** file, in order to automatically use the proxy | |
command when you connect to a .onion hostname: | |
Host *.onion | |
ProxyCommand='/usr/bin/nc -X 5 -x 127.0.0.1:9050 %h %p' | |
This netcat command is tested under OpenBSD, there are differents | |
netcat implementations, the flags may be differents or may not even | |
exist. |