Torifying PuTTY

PuTTY is an open-source terminal emulator, serial console and network file transfer application that supports several network protocols including SCP, SSH, Telnet, rlogin, and raw socket connections. While it was originally written for Windows, it has been ported to many operating systems including macOS and GNU/Linux.

PuTTY was written and is maintained primarily by Simon Tatham whom wrote the original code in 1999. According to him, there is no meaning behind the name.

Windows users and those looking to compile from source may download PuTTY here. It is also available as a package in the repositories of many popular distributions including Debian and Ubuntu.

Last leaktested: 06-04-2018 (Jaruga)

Modifying internal proxy settings

The first application to Torify is Putty itself. This is a combined Telnet/SSH client. When started, you are presented with a Session configuration screen (shown below).

Warning: Telnet is NOT encrypted! Even when routing the protocol over Tor, credentials will be passed in cleartext over the exit node. This makes them vulnerable to sniffing. It's advised to avoid using it all together!

This screen is used to select the host you wish to connect with, the preferred port and the connection type, (Raw, Telnet, Rlogin, SSH). It also enables a session configuration to be saved and retrieved. For this reason, I suggest configuring the other session tabs first and then returning to this one in order to save the configuration.

Only one other tab requires configuration specifically for Tor, and that's the Proxy tab (shown below).

The above image shows the settings exactly as they should be set for usage with Tor. Pay particular attention to the "Do DNS lookup at proxy end:" option. If this is set to Off or Auto, then DNS will leak information about what services are being used.

That's it for Putty. Return to the Session tab and save the configuration if desired.

Putty Command Line Tools

The situation is slightly different for command-line tools such as PSCP (the Putty SCP client). In order to use these through Tor, a previously saved configuration must be specified. Assuming during the Putty instructions above, a configuration was created with the name 'tor_default'. The PSCP command line would be something like:

pscp -load tor_default -ls

This would retrieve a directory listing of the files in the users homedir.

pscp -load tor_default sample.txt

This would copy a file sample.txt to a subdir called examples under the users homedir.


Sometimes it can be hard to tell if a command line tool is really using Tor. One solution to this dilemma is to create a tor_test configuration file with the option "Do DNS lookup at proxy end:" set to no. This will result in the Tor log containing a warning about the DNS leak if the connection is routing through Tor. Of course this should only be used for testing purposes.

Last modified 8 days ago Last modified on Apr 15, 2018, 9:45:22 PM