Title: How to use Tor only for onion addresses in a web browser | |
Author: Solène | |
Date: 12 June 2021 | |
Tags: tor openbsd networking security privacy | |
Description: | |
# Introduction | |
A while ago I published about Tor and Tor hidden services. As a quick | |
reminder, hidden services are TCP ports exposed into the Tor network | |
using a long .onion address and that doesn't go through an exit node | |
(it never leaves the Tor network). | |
If you want to browse .onion websites, you should use Tor, but you may | |
not want to use Tor for everything, so here are two solutions to use | |
Tor for specific domains. Note that I use Tor but this method works | |
for any Socks proxy (including ssh dynamic tunneling with ssh -D). | |
I assume you have tor running and listening on port 127.0.0.1:9050 | |
ready to accept connections. | |
# Firefox extension | |
The easiest way is to use a web browser extension (I personally use | |
Firefox) that will allow defining rules based on URL to choose a proxy | |
(or no proxy). I found FoxyProxy to do the job, but there are | |
certainly other extensions that propose the same features. | |
FoxyProxy for Firefox | |
Install that extension, configure it: | |
- add a proxy of type SOCKS5 on ip 127.0.0.1 and port 9050 (adapt if | |
you have a non standard setup), enable "Send DNS through SOCKS5 proxy" | |
and give it a name like "Tor" | |
- click on Save and edit patterns | |
- Replace "*" by "*.onion" and save | |
In Firefox, click on the extension icon and enable "Proxies by pattern | |
and order" and visit a .onion URL, you should see the extension icon to | |
display the proxy name. Done! | |
# Using privoxy | |
Privoxy is a fantastic tool that I forgot over the time, it's an HTTP | |
proxy with built-in filtering to protect users privacy. Marcin | |
Cieślak shared his setup using privoxy to dispatch between Tor or no | |
proxy depending on the url. | |
The setup is quite easy, install privoxy and edit its main | |
configuration file, on OpenBSD it's /etc/privoxy/config, and add the | |
following line at the end of the file: | |
```privoxy config line | |
forward-socks4a .onion 127.0.0.1:9050 . | |
``` | |
Enable the service and start/reload/restart it. | |
Configure your web browser to use the HTTP proxy 127.0.0.1:8080 for | |
every protocol (on Firefox you need to check a box to also use the | |
proxy for HTTPS and FTP) and you are done. | |
Marcin Cieślak mastodon account (thanks for the idea!). | |
# Conclusion | |
We have seen two ways to use a proxy depending on the location, this | |
can be quite useful for Tor but also for some other use cases. I may | |
write about privoxy in the future but it has many options and this will | |
take time to dig that topic. | |
# Going further | |
Duckduck Go official Tor hidden service access | |
Check if you use Tor, this is a simple but handy service when you play with pro… | |
Official Duckduck Go about their Tor hidden service | |
# TL;DR on OpenBSD | |
If you are lazy, here are instructions as root to setup tor and privoxy | |
on OpenBSD. | |
```shell commands | |
pkg_add privoxy tor | |
echo "forward-socks4a .onion 127.0.0.1:9050 ." >> /etc/privoxy/… | |
rcctl enable privoxy tor | |
rcctl start privoxy tor | |
``` | |
Tor may take a few minutes the first time to build a circuit (finding | |
other nodes). |