wiki:doc/SupportPrograms

This is just a list. Not so frequently updated. Some applications might be outdated.
See also the Torify HOWTO for warnings and instructions how to use them.

Commonly used to integrate with Tor

SOCKS Client Wrappers

  • dsocks: SOCKS client wrapper with enough support to use the built-in OpenSSH or Tor local SOCKS proxy. Still current / recommend? (BSD, OS X)
  • torsocks: A program that intercepts connect() system calls and redirects them through Tor. The Tor-friendly successor to tsocks. It will also be installed when you install Tor. Still current as in 2012. Check the bug tracker for open issues and see if you are affected. Torsocks allows you to use most socks-friendly applications in a safe way with Tor. It ensures that DNS requests are handled safely and explicitly rejects UDP traffic from the application you're using. For instructions on how to use it see torsocks. (BSD, OS X, Linux)
  • ProxyChains: like tsocks, features user-defined list of proxies and has full DNS support. Warning: proxychains bypasses exit nodes DNS resolvers. <-- Still true or fixed? Any reference for this? (Linux, BSD, Solaris)

SOCKS-supporting Relays

socat

socat: multipurpose relay including SOCKS4a support. (Win32 under Cygwin, Linux, BSD, OS X)

Socat is a multipurpose relay for bidirectional data transfer. It is possible to use socat as a general means by which programs agnostic of SOCKS can use Tor by connecting to a local TCP port.

Socat (for SOcket CAT) establishes two bidirectional byte streams and transfers data between them. Data channels may be files, pipes, devices (terminal or modem, etc.), or sockets (Unix, IPv4, IPv6, raw, UDP, TCP, SSL). It provides forking, logging and tracing, different modes for interprocess communication and many more options.

It can be used, for example, as a TCP relay (one-shot or daemon), as an external socksifier, as a shell interface to Unix sockets, as an IPv6 relay, as a netcat and rinetd replacement, to redirect TCP-oriented programs to a serial line, or to establish a relatively secure environment (su and chroot) for running client or server shell scripts inside network connections.

Suppose that you wanted to connect to an IRC server running on barbaz.com, port 6667.

socat TCP4-LISTEN:4242,fork SOCKS4A:localhost:barbaz.com:6667,socksport=9050

Connecting to localhost, port 4242, would then be equivalent to connecting to barbaz.com, port 6667, via Tor.

What interests us most for Tor is that it supports socks4a redirection, allowing your client to connect to an hidden service. Assuming you want to join to an hidden IRC server running on foo.onion on port 6667.

You might want to start a local tunnel that forwards connection for local port 4242 to this service using Tor.

socat TCP4-LISTEN:4242,fork SOCKS4A:localhost:foo.onion:6667,socksport=9050

Warning: socat versions up to and including 1.3.2.2 had a bug that would use SOCKS4A only when a direct DNS resolution attempt failed, thus possibly revealing which DNS names you accessed through socat. See http://archives.seul.org/or/dev/Jul-2004/msg00000.html for details.

Socat on OpenBSD

For enhanced security you can use socat like this:

## Connect to oftc on 127.0.0.1:6777
/bin/systrace -e -a -t /usr/local/opt/bin/socat TCP4-LISTEN:6777,bind=localhost,range=127.0.0.1/32,fork \
SOCKS4A:127.0.0.1:irc.oftc.net:6667,socksport=9050 > socat_log.$$ 2>&1 &

Now in Irssi, you would just type /connect 127.0.0.1 6677 and it would connect you to irc.oftc.net:6667 through Tor.

Add /bin/systrace -e -a -t if you have a systrace policy for socat. An example policy for IRC can be found at /SystracePolicy

connect

  • connect: adds SOCKS support to SSH. (Win32, Linux, BSD, OS X)

sslredir

  • sslredir: if your IRC server or news site supports SSL, you can send an encrypted connection through Tor even if your client application doesn't support SSL. (Linux, more?)

DNS Resolvers

  • tor-resolve: turns hostnames into IPs privately via Tor. Shipped with the Tor package. (Win32, Linux, BSD, OS X)
  • BIND: Configure BIND DNS-Server (usable on Windows, Mac OS X, Linux, Unix (with slight modification)). by 'bee'.
  • DNS2SOCKS: can listen on most network interface's/adapter's IP-Address and on any port, for DNS & DNSSEC type of queries from apps. And it can forward such DNS queries through Tor-proxy to any (one) remote DNS-Servers (Internet servers or HiddenService servers). Includes a built-in cache, and can be disabled if needed. Many apps still do not support SOCKS-5 or SOCKS-4A, from such app, all DNS traffic suppose to go through Tor-proxy, when used for anonymity (and Privacy) related purpose, DNS2SOCKS is very useful for such scenario. Such apps can use Polipo-to-SOCKS-proxy to transfer HTTP and HTTPS traffic through Tor-proxy. DNS traffic in-between DNS2SOCKS and remote DNS-Server, can be encrypted using simple "socat" based tunnels, if remote DNS-Server also supports "socat" based decryption.

Tor Controllers

  • TorK: an advanced Tor controller for KDE, with many features. Quite useful! (Unix, BSD, Linux)
  • Vidalia: a cross-platform Tor controller with GUI. Under development, so check it out! You can download it directly from torproject.org. (Win32, OS X, X11)
  • Arm: Terminal status monitor for Tor relays. Very useful for servers, over SSH, in console without X/X11. (Unix/BSD/Linux)

Tor-Friendly Browsers

  • Torora: A WebKit-based browser designed exclusively for use with Tor. In active development? Last download from 2009. Still recommend?
  • Tor Browser: Firefox optimized for use with Tor. Integrated into the Tor Browser Bundle. Current, recommend and supported by torproject.org. (Firefox)

Might also be useful but less tested

shim

shim -- wedge this HTTP proxy between your browser and Tor.

Can afaik provide a http proxy and redirect to a socks proxy.

For some discussion and examples see:

  • #2846 Patch GPG to support SOCKS proxies
  • #6060 add http proxy support to Tor

About OnionCat

OnionCat is software that allows users to tunnel TCP, UDP, ICMP or any other protocol through Tor.

It is now possible to tunnel more than TCP through Tor using OnionCat. OnionCat uses an IPv6 VPN-like TAP/TUN tunneling device.

More OnionCat information can be found at the OnionCat homepage, OnionCat download page, and through Tor at the Hidden Wiki.

Tor Libraries

  • TorAS: An ActionScript (Adobe AIR / Flash) implementation of the Tor control(v1) and SOCKS5 client protocols.

SOCKS Libraries

  • Antinat: seems to be a SOCKS client library (and server, but you'd only want the client side) that supports SOCKS4a.

DNS

warning: If you use a local DNS resolver which redirects all your DNS queries through Tor, this has two big implications for your security.

  1. Your DNS requests for anonymous use and your DNS requests for non-anonymous use will both go through Tor.
  2. Risk for DNS identity correlation, as all DNS request for different applications will be handled by the same circuit.

Tor's 0.2.0.x series provides a built-in DNS forwarder, obsoleting TorDNS and dns-proxy-tor. ttdnsd might still be useful since it supports all query and RR types, but with negative implications for anonymity since it bypasses your current exit node's resolver.

  • TorDNS: a DNS server for Windows that runs on localhost and proxies queries through Tor.
  • dns-proxy-tor: a DNS server that uses Tor to map IP addresses to domain names. (Win32, Linux, BSD, OS X?)
  • TTDNSD - TOR TCP DNS Daemon: A DNS resolver for Tor that basically just bridges UDP to TCP. Provides full DNS over Tor which is especially useful for running a transparent proxy. (un*x)
  • DNSEye - DNS Lookup Monitoring: A DNS monitor which displays DNS lookups and may be useful for detecting leaks. DNS lookups done though Tor should not be detected by this monitor. (Win32)

Virtual Machines

  • Whonix: multi-system anonymity setup built around Tor's Transparent Proxy
  • List (not exclusively) with other Virtual Machines
  • VM: List of VM/guest creator software for host OS & computers, List of VM based, LiveCD, LiveDVD, LiveISO, etc based solutions & options for Windows, MacOSX, Linux, Unix.

misc projects

  • List with a lot misc projects, few outdated, few current

unknown status

For the Crazy and Lazy

If you are lazy and don't want to repeat most of the steps laid out here every time you call the program (and who would?) you can have a look at http://shellscripts.org/project/toraliases. From 2007. Use at your own risk. Please leave feedback.

do not use / obsolete / outdated / listed for historical reasons

SOCKS-supporting Relays

On Linux and BSD, most utilities that aim to transparently intercept connections and redirect them through Tor. Now obsolete. Tor has it's own Transparent Proxy feature.

  • Transproxy: Transparent proxy for HTTP requests with ipfw, ipnet, ipfwadm, ipchains or iptables. (FreeBSD, Linux).
  • Kernel socks bouncer: redirects certain streams into Tor. Doesn't deal with DNS. Linux 2.6 only.
  • Transocks: Transparent proxy to redirect traffic through a SOCKS proxy. Uses iptables. (Linux)

HTTP Proxies

No longer needed. No longer supported. For historical reasons only. Tor Button which is integrated into the Tor Browser Bundle does a better job of web filtering. When you use them nowadays (in conjunction with the Tor Browser Bundle) you stand out (browser fingerprinting) of most Tor Browser Bundle users. Might only be useful for you non-Tor browser.

  • Privoxy: an HTTP proxy that speaks SOCKS4a. Also does HTML/cookie scrubbing. (Win32, Linux, BSD, OS X)
  • Polipo: a small and fast HTTP proxy that can be used instead of Privoxy. Adjustments to prevent potential problems with Polipo as well to provide better anonymity have been collected & placed into a recommended polipo.conf file for Tor users. A link & further correction of polipo.conf file is shown inside TorProject's wiki doc's Torify page on Polipo.
  • 3proxy: Small proxy with a lot of features

Windows SOCKS/http Forwarders / proxy chains

Warning: They all do "work" under Windows. If you care about your anonymity, you shouldn't blindly use any of these. No one checked with a packet sniffer if all packages are redirected through the proxy (Tor). They will all leak if you have IPv6 connectivity. Therefore not recommend unless you know what you are doing.

  • Freecap: redirects traffic to a SOCKS server. Graphical. No proxy chains. Latest project news from 2007. Latest version from 2006. (Win32)
  • Sockscap Payware in past. Website no longer offers it. Closed source no longer maintained. You will still find it on Google but not recommend. Redirects traffic to a SOCKS server. Graphical, proprietary. No proxy chains. (Win32)
  • proxifier: supports proxy chains, not so famous (well known) program, graphical, proprietary, supports forwarding socks and http. (Win32)
  • Torcap: similar to sockscap and freecap. Has different strengths/weaknesses. (Win32)

Mozilla Extensions/Add-ons

Warning: Since there is the Tor Browser Bundle you should not mess with this anymore. Note: There is no general complaint about these software. You simply don't need it for use with Tor anymore.

  • Switchproxy: Mozilla extension to help you manage your proxy settings. (Firefox, Mozilla, Thunderbird)
  • Torbutton: Firefox extension to monitor and control Firefox's use of Tor. Now integrated into the Tor Browser Bundle. (Firefox)
  • FoxyProxy: a Firefox extension/add-on that lets you configure all sorts of things, including using Tor only for certain hosts. This is currently worrisome because a website can intentionally ask you to load a page/image/etc from a host you're not proxying.

Virtual Machines

Warning: Outdated. See the link for more.

  • JanusVM: A virtual machine with transparent proxy of HTTP, TCP and DNS through Tor. (Win32)

SOCKS Client Wrappers

tsocks

tsocks: a program that intercepts connect() system calls and redirects them through Tor. Warning: the SourceForge version leaks DNS. There is a patched version, where? Use torsocks instead. (Linux, BSD)

About DNS and tsocks

tsocks correctly replaces connect(2) calls with calls to your SOCKS proxy (Tor), but it doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.

Other applications that use SOCKS 4 or SOCKS 5 directly often have the same shortcoming.

Tor 0.0.8 (or later) has a workaround for this problem; until we can hack tsocks (or a work-alike) to support DNS, instead of using a hostname directly, first use tor-resolve to resolve the hostname into an IP (via Tor) and then use that IP address with your tsocks-ified application.

See Socks and DNS for more information.

NOTE: There is now a patch to the tsocks code that handles DNS leaks and .onion addresses, http://www.totalinfosecurity.com/patches/tor.php

About dante

As the tsocks package appears to be unmaintained since 2002, you may want to consider alternatives. The dante proxy package includes a SOCKS5 client that can do proper name resolution over tor, which is required to be able to access .onion addresses.

Put the following lines into /etc/socks.conf

resolveprotocol: fake
route { 
        from: 0.0.0.0/0   to: .   via: 127.0.0.1 port = 9050
        protocol: tcp
        proxyprotocol: socks_v5
}

example usage is then socksify lynx http://anegvjpd77xuxo45.onion/services/

Last modified 5 months ago Last modified on Nov 11, 2013 4:10:06 PM