This is a list of Seldomly Asked Questions pertaining to Tor Browser
How do I make Tor Browser 7.x to 9.x (may work for later versions) use the tor that is already running on the system?
See the section Using a system-installed Tor process with Tor Browser in the file $TB_INST_DIR/Browser/start-tor-browser where $TB_INST_DIR is your tor browser installation directory (e.g. tor-browser_en-US) for instructions. Alternatively, you can view them online (onion). Be careful, the online version is on the master branch, which may be too new for your tor browser. When in doubt, follow the one coming with your tor browser.
How do I make Tor Browser 5.x use the tor that is already running on the system?
WARNING Using Tor Browser in this manner is NOT OFFICIALLY SUPPORTED
Using a local Tor SOCKS daemon
First of all, find the group that the Tor process runs under. On debian deriviatives, this will be 'debian-tor', on redhat/fedoracore this will be '_tor', on arch linux 'tor'. then run the command (as root):
usermod -a -G $GROUP $USERwhere $GROUP is the group Tor runs under for your OS, and $USER is the user that will be running Tor Browser.
You will need to login again for the group change to be applied. Login again via:
su $USERadd or edit the following in your torrc
SocksPort 9050 IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth
ControlPort 9051
CookieAuthentication 1
CookieAuthFile /var/run/tor/control.authcookie
CookieAuthFileGroupReadable 1The CookieAuthFile should be stored in a directory that the Tor process can write to and that you can read from. The Debian tor package already sets these for you.
Set some environment variables so that Tor Browser (the Tor Button and Tor Launcher extensions) knows how to talk to our local tor process.
export TOR_CONTROL_COOKIE_AUTH_FILE=/var/run/tor/control.authcookie
export TOR_CONTROL_PORT=9051
export TOR_SOCKS_PORT=9050
export TOR_SKIP_LAUNCH=1Problems
It will no longer be able to make changes to your torrc, because in the system daemon tor ethos, it should not be able to edit it's own torrc So this will mean changes to bridges will be ephemeral, you should make any configuration changes to the /etc/tor/torrc file for bridges or proxy settings.
Using an external Tor SOCKS daemon
Qubes, Whonix, PORTAL and other Isolating Proxies
Here we won't be able to use cookie auth as we did previously, we'll need to use a HashedControlPassword (a pre-shared secret/password), to generate one run the command:
tor --hash-password "$PASSWORD"Where $PASSWORD is the password you've chosen as your shared secret.
This will produce output like:
16:ED8B416384FE8EA660D22C7315374363C8C64BCE01EF7F82783DE02668add or edit the following in your torrc
SocksPort 192.168.1.1:9050 KeepAliveIsolateSOCKSAuth
ControlPort 192.168.1.1:9051
HashedControlPassword 16:ED8B416384FE8EA660D22C7315374363C8C64BCE01EF7F82783DE02668Replacing '192.168.1.1' with the IP address of the interface that the Tor Browser client will be connecting to.
Set some environment variables so that Tor Browser (the Tor Button and Tor Launcher extensions) knows how to talk to our local tor process.
export TOR_SOCKS_HOST=192.168.1.1
export TOR_SOCKS_PORT=9050
export TOR_CONTROL_HOST=192.168.1.1
export TOR_CONTROL_PORT=9051
export TOR_SKIP_LAUNCH=1
export TOR_CONTROL_PASSWD='"$PASSWORD"'Ensure that you replace $PASSWORD with the password you hashed earlier. It must remain inside of double quotes.
Problems
Your data will traverse the connection before Torification or encryption, ensure that this connection is not shared, (eg, it is virtual and local or direct and physical and resistant to wiretapping)
Using an upstream Tor TransProxy daemon
Here we again can't use cookie auth, we also will not be able to take advantage or Tor Browser 4.5's SOCKS isolation-by-domain method. I will not be providing a guide here as to how you should make your control port available through your packet filter, I highly recommend that you do otherwise you will lose the new identity functionality. This guide assumes you've already set up an upstream transproxy tor daemon.
Follow the steps for the external SOCKS daemon section above to generate a control password hash.
add or edit the following in your torrc
ControlPort 192.168.1.1:9051
HashedControlPassword 16:ED8B416384FE8EA660D22C7315374363C8C64BCE01EF7F82783DE02668Set some environment variables so that Tor Browser (the Tor Button and Tor Launcher extensions) knows how to talk to our local tor process.
export TOR_CONTROL_HOST=192.168.1.1
export TOR_CONTROL_PORT=9051
export TOR_SKIP_LAUNCH=1
export TOR_TRANSPROXY=1
export TOR_CONTROL_PASSWD='"$PASSWORD"'Ensure that you replace $PASSWORD with the password you hashed earlier. It must remain inside of double quotes.
Problems
Lacking some of the context-aware isolation that the SOCKS method can provide this is certainly not the favored option, without the control port this becomes far more apparent as it wouldn't be able to send the NEWNYM signal to the remote Tor instance to force it to use new circuits for future connections.