wiki:doc/TorifyHOWTO/Misc

Misc. Torifying Instructions

The below section contains instructions on tools and programs commonly used with Tor, but do not have enough required information to warrant their own individual pages.

Filesharing / Bittorrent

It is highly advised against torrenting over Tor. Not only is it unsecured and prone to leakage, it creates a significant load on the network that it is not designed to manage. This harms every other person using it.

SSH

More recent dedicated article SSH.
The information originally found under the SSH section has been merged to that page as well.

Video streams

You can use streamlink with proxy settings.

streamlink --http-proxy socks5h://127.0.0.1:9050/ --https-proxy socks5h://127.0.0.1:9050/ --rtmp-proxy socks5h://127.0.0.1:9050/ https://www.twitch.tv/<yourstream> 480p

In place of 480p you can use e.g. 720p, best. By default it will try to run vlc or another player that it finds; use the --player=<command> option to customize. Notice the socks5h scheme on the proxy URLs. The `h` means to do DNS lookups through the proxy; this is an artifact of the urllib3 library that streamlink uses underneath. If you use just plain socks5 instead of socks5h, you will definitely leak DNS requests.

TLS / SSL / HTTPS

Tor Browser uses HTTPS Everywhere to make preference for TLS connections.

Tor Browser also pins the https://check.torproject.org SSL certificate, see TBB: hardcode SSL cert check to prevent MITM.

To enhance the situation there are several ways:

  • Pin the SSL CA. This assumes, that the issuing SSL CA must be compromised. Therefore not any SSL CA can issue a fraudulent certificate. It's more secure, but not perfect.
  • (For your own servers:) Use self-signed certificates and check the fingerprint or save the public key in your keyring. The fingerprints must be shared over a pre-shared secure channel, such as a meeting (where you do not need to stay anonymous) or GPG encrypted.

Wget (HTTP)

Quick note: wget sends a User-Agent that often provides both a wget version number and the originating platform. For example, Tails 2.5 provides wget/1.16 (linux-gnu) as its User-Agent. Every operating system will provide different versions of wget in their repositories at any given time, thus allowing a hypothetical observer to make an educated guess at your current operating system. It's advisable to either fake your User-Agent (you can find the one Tor Browser is using by searching general.useragent.override in about:config), use a common operating system like Ubuntu or Debian, or simply by using a distribution like Tails that is designed to create a consistent anonymous set for all of its users.

In wget, spoofing the User Agent can be done with the -U or --user-agent option. An example:

wget -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" [urlhere]

Method 1: Torsocks

Wget can be torified by using Torsocks. This can be accomplished simply by invoking:

torsocks wget [fileaddress]

Method 2: Proxy / Modifying wgetrc

Wget will also respect the http_proxy enviroment variable, however you can simplify the process by editing /etc/wgetrc after installing Privoxy or similar:

...
http_proxy = http://localhost:8118
use_proxy = on
...

Please note port 8118 is simply the default port of Privoxy, and should be adjusted as per your local setup / software.

cURL

Notice: Like for wget above, you must spoof your User Agent. Replace the --user-agent option in the below example with the relevant one from the general.useragent.override field in your Tor Browser's about:config.

Method 1: Proxy Settings

cURL can be torified by simply using its --proxy argument. An example:

curl --proxy "socks5h://localhost:9050" --tlsv1.2 --compressed --user-agent "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'DNT: 1' [urlhere]

Method 2: Torsocks

Using Torsocks.

Last modified 3 months ago Last modified on Jul 6, 2018, 5:08:37 PM