INCREASE YOUR SECURITY MUSCLES USING TOR

INTRODUCTION 

An anonymous proxy working on a basis of a distributed network. It allows all applications, which are able to use SOCKS4, to establish anonymous connections via a path randomly chosen from a network of relays. It is also possible to start one's own relay.

Quick start – Windows: 

Assume that you would like to be able to establish an anonymous connection to any website from Windows XP.

Start by installing Tor. During the installation, it is advis-able to check the Run at startup option so that Tor will start automatically at system startup. As soon as the installation is complete, the Tor client will start and a console window will open, which should not be closed. After being started, the Tor client accepts SOCKS4 connections on port 9050. However, in order to remain completely anonymous while connecting to websites (DNS queries do not go through SOCKS4), Privoxy should also be installed. Privoxy can be downloaded from http://www.privoxy.org. Once installed and started, the program's icon will appear in the system tray. Right-click on this icon and choose Edit->Main Con-figuration. In the configuration file (at the very top, for instance) the following line should be added:

 forward-socks4a / localhost:9050 

Save the file and close the window. From now on, Privoxy will send all connections to Tor. Now just configure your browser to use the localhost:8118 proxy for both HTTP and HTTPS connections. Once this is done, visit http:// ipid.shat.net/ and check whether the IP address dis-played is the actual address of your computer. If it is not, Tor has been configured correctly.

Quick start – Linux

Now assume that you are an administrator of a small server and you want all connec-tions from your users to websites to be anonymous.

Download the Tor source (the *.tar.gz file) to a temporary directory, then unpack and compile the source in the usual way (./configure, make, make install). Create a directory named usr/local/var/lib/tor and a user tor, whose home directory is set to be the newly created one (remembering to properly set the directory's owner).

Before tor is started, the /usr/local/etc/tor/torrc.sample file must be copied to /usr/local/etc/tor/torrc and the destination file opened for editing. In order to have tor accept connections from the entire local network (it is being assumed that your local network has the addresses 192.168.1.0/24 and the server is 192.168.1.1), the follow-ing options should be set:

SocksPort 9050

SocksBindAddress 192.168.1.1

SocksPolicy accept 192.168.1.0/24

RunAsDaemon 1

Once the file is edited, tor is then started using the command tor --user tor. If we want Tor to run at system start-up, a suitable init script should be created and placed in /etc/rc.d or /etc/init.d depending on the distribution.

Just as for Windows, once Tor is installed and run-ning, Privoxy must also be installed. After installation, the configuration file /etc/privoxy/config should be edited and the following line added at the top :

forward-socks4a / 192.168.1.1:9050 .

The following option must also be amended:


listen-address 192.168.1.1:8118

In order for Privoxy to listen on a local network address rather than just localhost. Now Privoxy must be started:

# /usr/sbin/privoxy --user privoxy /etc/privoxy/config 

Just like with Tor, a suitable init script is needed for Privoxy to run at system startup. Finally, iptables is used to create a transparent proxy by adding the following line to the firewall configuration file:

iptables -t nat -A PREROUTING -p TCP -i eth0 \ --dport 80 -j REDIRECT --to-port 8118

where it has been assumed that eth0 is the local inter-face. All connections made by users to port 80 on this interface will be redirected to port 8118 – the Privoxy port, which in turn will then connect to Tor.


Other useful features: 

Since Tor is a SOCKS4 proxy, one can use anonymous connections from the level of any application, which has a built in SOCKS4 interface (on port 9050). This way, it is possible to make anonymous connections to IRC or discussion groups.