Wednesday, May 14, 2014

Setting up tor proxy

Tor is an anonymizing network, designed to enhance your privacy on internet. You can easily install an tor daemon and setup it as your proxy, to start private browsing. This post shows how to do this.


Before you start setting up tor network, please note, that there are always ways how to trace your activity (this is not 100% anonymous) and that tor network provides currently very low speeds (depending on tor exit node you're connected to).

Setting tor as HTTP Proxy:
Tor is primarily designed to work as SOCKS proxy, but you can use it also as HTTP proxy. Setup is pretty simple, just install tor daemon (ArchLinux Package) and add to configuration file /etc/tor/torrc following:
TransPort 192.168.10.1:9040
Where TransPort is the IP address of your network interface and HTTP port tor will listen on.

Routing network interface traffic via Tor Proxy:
I share my network connection via wlan0 interface to other devices. You can use iptables to route all traffic from such an interface to tor HTTP Proxy. Just add few simple rules:
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
iptables -t filter -A TCP -p tcp --dport 9040 -j ACCEPT
NOTE: wlan0 shares my connection from eth0 and 9040 is my tor HTTP Proxy port. For more details on connection sharing see ICS post.

Setting tor as SOCKS Proxy:
This is again very simple. Just add following line to tor configuration:
SocksPort 192.168.10.1:9050
To create a HTTP bridge to SOCKS Proxy, you can use redsocks. Setting redsocks will allow e.g. your browser to be able to connect to SOCKS Proxy via created bridge. Setup redsocks (/etc/redsocks.conf):
redsocks {
    /* `local_ip' defaults to 127.0.0.1 for security reasons,
     * use 0.0.0.0 if you want to listen on every interface.
     * `local_*' are used as port to redirect to.
     */
    local_ip = 192.168.10.1;
    local_port = 9040;

    // `ip' and `port' are IP and tcp-port of proxy-server
    // You can also use hostname instead of IP, only one (random)
    // address of multihomed host will be used.
    ip = 192.168.10.1;
    port = 9050;

    // known types: socks4, socks5, http-connect, http-relay
    type = socks5;

    // login = "foobar";
    // password = "baz";
}
Now you will have SOCKS Proxy listening on port 9050 and HTTP Proxy bridged to SOCKS Proxy on port 9040.
Posted by krisko at 6:54 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)