- new advice (February 2014)
- old advice (outdated)
Read first TorifyHOWTO!!!
new advice (February 2014)
Use the Tor Browser!
In the past the given advice was much smaller
- to use a separate Firefox profile
- avoid DNS leak
Nowadays the knowledge and security precautions are much higher, if you're interested in how complex things became see The Design and Implementation of the Tor Browser [DRAFT] and Torbutton Design Documentation.
The Tor Developer Team transformed Firefox into the Tor Browser, to help achieve better anonymity:
- Tor Browser (TB) includes security patches specially designed for safer browsing
- Preconfigured anonymity / security settings
- Preconfigured secure addons
- Better handling of insecure additional technologies that work through the browser (See above)
- Your browser won't stand out as a target for attack
- And many other reasons
If you understand all of that, that's great, now you can torifiy yourself. Otherwise better to not try to torify Firefox or any other browsers such as Opera yourself.
Keep old settings after update
While keeping the whole old profile when updating Tor Browser is unwise, because Tor Browser anonymity fixes sometimes change new stock profile. Before you start the fresh Tor Browser for the first time, go to your old profile and copy some files from the old profile to the new profile. It should not be required to overwrite files.
- key3.db and
- signons.sqlite contains your saved passwords
Leave Tor Running while closing Firefox (Tor Browser)
The Tor Browser Bundle contains Tor and Firefox. Those components are packaged into one bundle and tweaked for anonymous usage (patches, addons, etc.). The version of Tor and is the as in the standalone Tor package. The difference is, on Windows, once you close Firefox, also Tor will be shut down. If you don't wish Tor to be shut down, when you close the Tor Browser, you can use a workaround such as an external minimize to tray application. Doing so, Tor Browser will not be closed, but out of your way. And you can continue to use Tor.
The TorifyHOWTO below assumes that Tor is running. Which will not be the case once you closed the Tor Browser (described above). If you know what you are doing (see TorifyHOWTO introduction), there is no reason, not to use Tor, like described in the following TorifyHOWTO. Tor still offers a SocksPort on port 9050. No one stops you from using tools like torsocks/usewithtor pointing to the standard port 9050, there are no changes required, beside that Firefox has to remain open (at least hidden or in tray).
Alternatively, you could also use a second Tor instance and let it listen on another port.
Source: tor-talk Restarting Firefox
Use Tor Browser with a locally installed Tor/Vidalia [*NIX ONLY]
Add to /etc/environment...
## Deactivate tor-launcher, ## a Idalia replacement as browser extension, ## to prevent running Tor over Tor. ## https://trac.torproject.org/projects/tor/ticket/6009 ## https://gitweb.torproject.org/tor-launcher.git export TOR_SKIP_LAUNCH=1
From now, only the browser component of the Tor Browser Bundle will be started. It will use your locally installed Tor/Vidalia, unless you configure otherwise (see below).
Tor Browser behind a transparent or isolating proxy
To use the Tor Browser without the bundled Tor/Vidalia on Linux:
- Download the Linux Tor Browser Bundle from torproject.org.
- Verify the download.
- Extract it (e.g. 'tar -xzvf tor-browser*.tar.gz').
- Editing the 'start-tor-browser' script is no longer required since TBB 3.x.
- Set the TOR_SKIP_LAUNCH=1 environment variable (see above).
- Start Tor Browser.
- right click on Tor Button -> preferences -> switch to 'Transparent Torification (Requires custom transproxy or Tor router)'
- If you use SocksPort instead of TransPort (recommended) select "use custom proxy settings", leave everything blank above SOCKS Host. There enter the IP of Tor-Gateway (192.168.0.10) Port is the browser SocksPort as set in torrc (Whonix uses 9100). Select SOCKSv5, you can leave "No Proxies for" as is.
More than one Tor Browser behind a transparent or isolating proxy
Read above first.
If you want to use for some reason multiple instances of Tor Browser you can extract another copy of Tor Browser to it's own folder.
Adding '-no-remote' to the 'start-tor-browser' script is no longer required, since TBB does this by default since version 3.x.
old advice (outdated)
This section is mostly outdated / incomplete. Rather use the advice above.
Warning: Internet Explorer has many flaws which could drastically reduce your anonymity. It is highly advised to use another, more secure browser.
Tools -> Internet options -> Connections -> LAN settings -> Proxy server -> Use a proxy server for your LAN
Address: 127.0.0.1 Port: 8118
See also http://support.microsoft.com/kb/135982 for informations on how to set up a proxy server
Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup
HTTP/S Proxy: 127.0.0.1 port 8118
Or edit $HOME/.kde/share/config/kioslaverc:
... ProxyType=1 ... NoProxyFor=127.0.0.1,localhost ... httpProxy=http://127.0.0.1:8118 httpsProxy=http://127.0.0.1:8118
Setup -> Network Options
HTTP Proxy: 127.0.0.1 port 8118
Or edit /etc/links.cfg (system-wide) or $HOME/.links/links.cfg (per-user):
... http_proxy 127.0.0.1:8118 ...
Lynx will respect the http_proxy enviroment variable, but you can edit /etc/lynx.cfg:
... http_proxy:http://127.0.0.1:8118/ https_proxy:http://127.0.0.1:8118/ ... no_proxy:localhost,127.0.0.1 ...
Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers. Check HTTP and enter "127.0.0.1" and "8118" as port or open about:config and enter "127.0.0.1:8118" in Proxy -> HTTP Server.
In later versions of Firefox, at least in the current version 126.96.36.199 under Linux and Windows XP, you can enable the browser to do remote domain name lookups. The option network.proxy.socks_remote_dns is available via about:config and should look like
network.proxy.socks_remote_dns user set boolean true
At http://www.imperialviolet.org/deerpark.html you can find an excellent step-by-step introduction on how to configure Firefox in this manner. Be careful, though: In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work. In this case, you may want to use Privoxy or similar projects. To find out whether your version implements remote DNS resolution correctly, you may try out a URL ending in .onion, like http://6sxoyfb3h2nvok2d.onion/tor/leading to the http://6sxoyfb3h2nvok2d.onion/tor/. If the Hidden Wiki shows up, remote DNS resolution works.
Otherwise, to use Privoxy with Firefox 1.5x on Windows, do the following in Firefox:
Tools -> Options -> General -> Connection Settings -> Manual proxy configuration
Set HTTP Proxy 127.0.0.1 (or localhost), port 8118 and tick the box [X] Use for all protocols. Or you may explicitly set the Proxy information for SSL, FTP, and Gopher to localhost/8118 and then set the SOCKS Host information to localhost/9050, making sure to specify SOCKS v5.
Remember: Configuring Privoxy for FTP will break ftp:// URLs, but if you don't do this, your Firefox will leak your IP address for those sites. Use Filezilla for handling FTP traffic or read the FTP section.
Also, Mac OS X users should change the above preferences by entering about:config in the URL bar because the firefox preferences dialog is a bit screwy.
See Also: http://wiki.greenmilitia.com/index.php?title=Set_Up_Iceweasel_for_TOR on Greenmilitia's wiki
Circumventing Tor blocks using open HTTP proxies
Some websites have blocked access from Tor users. Often, however, these websites still allow access from any of millions of open HTTP proxies on the internet. Unfortunately, using an open HTTP proxy directly is not very anonymous.
The solution is to chain an open HTTP proxy between Tor and the unfriendly website. This provides all the anonymity benefits of Tor, while obscuring the fact that you're using Tor from the website.
One method involves Privoxy. This example config will send all requests through Tor, only chaining an open HTTP proxy after Tor for a select site. Replace 0.0.0.0:80 with the proxy's address and port.
forward-socks4a / localhost:9050 . forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80
Another method requires Socat. This will forward all connections to localhost:8080 to an open HTTP proxy through Tor. Just configure your browser to use localhost:8080 as an HTTP proxy. Once again, replace 0.0.0.0:80 with the proxy's address and port.
Warning: Not sure if this works. In doubt turn off Tor for a test. If it's still working, your connections are obviously not routed through Tor.
socat TCP4-LISTEN:8080,bind=localhost,fork SOCKS4A:localhost:0.0.0.0:80,socksport=9050
Download and install (may need compiling) the 3Proxy proxy server. Create a configuration file (plain text) like this:
# put 3proxy in background mode. For Windows replace with "service" daemon # set archiver to compress log files. Remove or replace for Windows. archiver gz /bin/gzip %F # we'll have 2 log files rotate 2 # format of log record logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T" # path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly log /tmp/3proxy.log M # set timeouts above defaults, because tor may be a bit slow timeouts 30 30 60 60 180 1800 60 120 # this is required to use ACLs and redirections auth iponly # preventing DNS requests leak fakeresolve # redirect all traffic allow * # first redirection hop is tor parent 1000 socks4+ 127.0.0.1 9050 # and the second hop is an open HTTP proxy. Replace "0.0.0.0 80" with the proxy's address and port. parent 1000 http 0.0.0.0 80 # now, start anonymous HTTP proxy on localhost:8080, configure this in # your browser as single proxy for all protocols proxy -a -i127.0.0.1 -p8080
(you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like ./3proxy ./3proxyrc.