Home Explore Help
Sign In
sengler
/
tor-parallel-relay-conn
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 955c8bda2b
Branches Tags
tor-parallel...
/
doc
/
CLIENTS

CLIENTS 3.0 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. 

  2.     Part one: Overview and explanation
    3. 

  3. 

  4. Because tor is an application-level proxy, it needs client-side support
    5. 

  5. from every client program that wants to use it. (This is different from
    6. 

  6. systems like Freedom, which used a single client-side program to capture
    7. 

  7. all packets and redirect them to the Freedom network.) Client applications
    8. 

  8. need two general classes of modifications to be compatible with tor:
    9. 

  9. 

  10. 1) Whenever they call connect(), they instead should connect() to the
    11. 

  11. local onion proxy and tell it "address and port". The onion proxy will
    12. 

  12. itself make a connection to "address and port", and then the client
    13. 

  13. application can talk through that socket as if it's directly connected. To
    14. 

  14. support as many applications as possible, tor uses the common "socks"
    15. 

  15. protocol which does exactly the above. So applications with socks support
    16. 

  16. will support tor without needing any modifications.
    17. 

  17. 

  18. 2) Applications must not call gethostbyname() to resolve an address
    19. 

  19. they intend to later connect() to via onion routing. gethostbyname()
    20. 

  20. contacts the dns server of the target machine -- thus giving away the
    21. 

  21. fact that you intend to make an anonymous connection to it.
    22. 

  22. 

  23. To clarify, I need to explain more about the socks protocol. Socks
    24. 

  24. comes in three flavors: 4, 4a, and 5. The socks4 protocol basically
    25. 

  25. uses IP and port -- so it is unsuitable because of the gethostbyname()
    26. 

  26. issue above. Socks4a is a slight modification to the socks4 protocol,
    27. 

  27. whereby you can specify an IP of 0.0.0.x to signal the socks server
    28. 

  28. that you will instead be sending a hostname (fqdn). So applications with
    29. 

  29. socks4a support are all set. Socks5, on the other hand, allows the client
    30. 

  30. to specify "address type" and then an address -- so some applications
    31. 

  31. choose to supply an IP and others choose to supply a hostname. If the
    32. 

  32. application uses socks5 you must investigate further to decide whether
    33. 

  33. it's leaking anonymity.
    34. 

  34. 

  35. 

  36.     Part two: using tsocks to transparently replace library calls
    37. 

  37. 

  38. tsocks (available from http://tsocks.sourceforge.net/ or from your
    39. 

  39. favorite apt-get equivalent) allows you to run a program as normal,
    40. 

  40. but it replaces the system calls for connect() to connect to the socks
    41. 

  41. server first and then pass it your destination info. In our case the
    42. 

  42. socks server is a tor process (running either locally or elsewhere).
    43. 

  43. In general this works quite well for command-line processes like finger,
    44. 

  44. ssh, etc. But there are a couple of catches: A) tsocks doesn't intercept
    45. 

  45. calls to gethostbyname. So unless you specify an IP rather than hostname,
    46. 

  46. you'll be giving yourself away. B) Programs which are suid don't let you
    47. 

  47. intercept the system calls -- ssh falls into this category. But you can
    48. 

  48. make a local copy of ssh and use that. C) Probably tsocks doesn't behave
    49. 

  49. well for behemoths like Mozilla.
    50. 

  50. 

  51. 

  52.     Part three: applications which support tor correctly
    53. 

  53. 

  54. http: Mozilla: set your socks4 proxy to be the onion proxy (but see above)
    55. 

  55.       privoxy: set your socks4a proxy to be the onion proxy
    56. 

  56. ssh: tsocks ssh arma@18.244.0.188
    57. 

  57. ftp: tsocks wget ftp://18.244.0.188/quux.tar --passive
    58. 

  58.      Mozilla: set your socks4 proxy to be the onion proxy
    59. 

  59. 

  60. 

  61.