 |
Title: How to use Tor only for onion addresses in a web browser |
|
Author: Solène |
|
Date: 12 June 2021 |
|
Tags: tor openbsd networking security privacy |
|
Description: |
|
|
|
# Introduction |
|
|
|
A while ago I published about Tor and Tor hidden services. As a quick |
|
reminder, hidden services are TCP ports exposed into the Tor network |
|
using a long .onion address and that doesn't go through an exit node |
|
(it never leaves the Tor network). |
|
|
|
If you want to browse .onion websites, you should use Tor, but you may |
|
not want to use Tor for everything, so here are two solutions to use |
|
Tor for specific domains. Note that I use Tor but this method works |
|
for any Socks proxy (including ssh dynamic tunneling with ssh -D). |
|
|
|
I assume you have tor running and listening on port 127.0.0.1:9050 |
|
ready to accept connections. |
|
|
|
# Firefox extension |
|
|
|
The easiest way is to use a web browser extension (I personally use |
|
Firefox) that will allow defining rules based on URL to choose a proxy |
|
(or no proxy). I found FoxyProxy to do the job, but there are |
|
certainly other extensions that propose the same features. |
|
|
 |
FoxyProxy for Firefox |
|
|
|
Install that extension, configure it: |
|
|
|
- add a proxy of type SOCKS5 on ip 127.0.0.1 and port 9050 (adapt if |
|
you have a non standard setup), enable "Send DNS through SOCKS5 proxy" |
|
and give it a name like "Tor" |
|
- click on Save and edit patterns |
|
- Replace "*" by "*.onion" and save |
|
|
|
In Firefox, click on the extension icon and enable "Proxies by pattern |
|
and order" and visit a .onion URL, you should see the extension icon to |
|
display the proxy name. Done! |
|
|
|
# Using privoxy |
|
|
|
Privoxy is a fantastic tool that I forgot over the time, it's an HTTP |
|
proxy with built-in filtering to protect users privacy. Marcin |
|
Cieślak shared his setup using privoxy to dispatch between Tor or no |
|
proxy depending on the url. |
|
|
|
The setup is quite easy, install privoxy and edit its main |
|
configuration file, on OpenBSD it's /etc/privoxy/config, and add the |
|
following line at the end of the file: |
|
|
|
```privoxy config line |
|
forward-socks4a .onion 127.0.0.1:9050 . |
|
``` |
|
|
|
Enable the service and start/reload/restart it. |
|
|
|
Configure your web browser to use the HTTP proxy 127.0.0.1:8080 for |
|
every protocol (on Firefox you need to check a box to also use the |
|
proxy for HTTPS and FTP) and you are done. |
|
|
|
Marcin Cieślak mastodon account (thanks for the idea!). |
|
|
|
# Conclusion |
|
|
|
We have seen two ways to use a proxy depending on the location, this |
|
can be quite useful for Tor but also for some other use cases. I may |
|
write about privoxy in the future but it has many options and this will |
|
take time to dig that topic. |
|
|
|
# Going further |
|
|
|
Duckduck Go official Tor hidden service access |
|
Check if you use Tor, this is a simple but handy service when you play with pro… |
|
Official Duckduck Go about their Tor hidden service |
|
|
|
# TL;DR on OpenBSD |
|
|
|
If you are lazy, here are instructions as root to setup tor and privoxy |
|
on OpenBSD. |
|
|
|
```shell commands |
|
pkg_add privoxy tor |
|
echo "forward-socks4a .onion 127.0.0.1:9050 ." >> /etc/privoxy/… |
|
rcctl enable privoxy tor |
|
rcctl start privoxy tor |
|
``` |
|
|
|
Tor may take a few minutes the first time to build a circuit (finding |
|
other nodes). |
