wiki:doc/TorifyHOWTO/WebBrowsers

Read first TorifyHOWTO!!!

new advice (February 2014)

Use the Tor Browser!

In the past the given advice was much smaller

  • to use a separate Firefox profile
  • to deactivate java/javascript/plugins, delete cookies
  • avoid DNS leak

Nowadays the knowledge and security precautions are much higher, if you're interested in how complex things became see The Design and Implementation of the Tor Browser [DRAFT] and Torbutton Design Documentation.

The Tor Developer Team transformed Firefox into the Tor Browser, to help achieve better anonymity:

If you understand all of that, that's great, now you can torifiy yourself. Otherwise better to not try to torify Firefox or any other browsers such as Opera yourself.

Keep old settings after update

While keeping the whole old profile when updating Tor Browser is unwise, because Tor Browser anonymity fixes sometimes change new stock profile. Before you start the fresh Tor Browser for the first time, go to your old profile and copy some files from the old profile to the new profile. It should not be required to overwrite files.

Leave Tor Running while closing Firefox (Tor Browser)

The Tor Browser Bundle contains Tor and Firefox. Those components are packaged into one bundle and tweaked for anonymous usage (patches, addons, etc.). The version of Tor and is the as in the standalone Tor package. The difference is, on Windows, once you close Firefox, also Tor will be shut down. If you don't wish Tor to be shut down, when you close the Tor Browser, you can use a workaround such as an external minimize to tray application. Doing so, Tor Browser will not be closed, but out of your way. And you can continue to use Tor.

The TorifyHOWTO below assumes that Tor is running. Which will not be the case once you closed the Tor Browser (described above). If you know what you are doing (see TorifyHOWTO introduction), there is no reason, not to use Tor, like described in the following TorifyHOWTO. Tor still offers a SocksPort on port 9050. No one stops you from using tools like torsocks/usewithtor pointing to the standard port 9050, there are no changes required, beside that Firefox has to remain open (at least hidden or in tray).

Alternatively, you could also use a second Tor instance and let it listen on another port.

Source: tor-talk Restarting Firefox

Use Tor Browser with a locally installed Tor/Vidalia [*NIX ONLY]

Add to /etc/environment...

## Deactivate tor-launcher,
## a Idalia replacement as browser extension,
## to prevent running Tor over Tor.
## https://trac.torproject.org/projects/tor/ticket/6009
## https://gitweb.torproject.org/tor-launcher.git
export TOR_SKIP_LAUNCH=1

...and reboot.

From now, only the browser component of the Tor Browser Bundle will be started. It will use your locally installed Tor/Vidalia, unless you configure otherwise (see below).

Tor Browser behind a transparent or isolating proxy

To use the Tor Browser without the bundled Tor/Vidalia on Linux:

  • Download the Linux Tor Browser Bundle from torproject.org.
  • Verify the download.
  • Extract it (e.g. 'tar -xzvf tor-browser*.tar.gz').
  • Editing the 'start-tor-browser' script is no longer required since TBB 3.x.
  • Set the TOR_SKIP_LAUNCH=1 environment variable (see above).
  • Start Tor Browser.
  • right click on Tor Button -> preferences -> switch to 'Transparent Torification (Requires custom transproxy or Tor router)'
  • If you use SocksPort instead of TransPort (recommended) select "use custom proxy settings", leave everything blank above SOCKS Host. There enter the IP of Tor-Gateway (192.168.0.10) Port is the browser SocksPort as set in torrc (Whonix uses 9100). Select SOCKSv5, you can leave "No Proxies for" as is.

More than one Tor Browser behind a transparent or isolating proxy

Read above first.
If you want to use for some reason multiple instances of Tor Browser you can extract another copy of Tor Browser to it's own folder.

Adding '-no-remote' to the 'start-tor-browser' script is no longer required, since TBB does this by default since version 3.x.

old advice (outdated)

Warning!

This section is mostly outdated / incomplete. Rather use the advice above.

Web browsers

Internet Explorer

Warning: Internet Explorer has many flaws which could drastically reduce your anonymity. It is highly advised to use another, more secure browser.

Tools -> Internet options -> Connections -> LAN settings -> Proxy server -> Use a proxy server for your LAN

Address: 127.0.0.1
Port: 8118

See also http://support.microsoft.com/kb/135982 for informations on how to set up a proxy server

Konqueror

Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup

HTTP/S Proxy: 127.0.0.1 port 8118

Or edit $HOME/.kde/share/config/kioslaverc:

...
ProxyType=1
...
NoProxyFor=127.0.0.1,localhost
...
httpProxy=http://127.0.0.1:8118
httpsProxy=http://127.0.0.1:8118

Setup -> Network Options

HTTP Proxy:  127.0.0.1 port 8118

Or edit /etc/links.cfg (system-wide) or $HOME/.links/links.cfg (per-user):

...
http_proxy 127.0.0.1:8118
...

Lynx

Lynx will respect the http_proxy enviroment variable, but you can edit /etc/lynx.cfg:

...
http_proxy:http://127.0.0.1:8118/
https_proxy:http://127.0.0.1:8118/
...
no_proxy:localhost,127.0.0.1
...

Opera

Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers. Check HTTP and enter "127.0.0.1" and "8118" as port or open about:config and enter "127.0.0.1:8118" in Proxy -> HTTP Server.

Mozilla Firefox

In later versions of Firefox, at least in the current version 1.5.0.1 under Linux and Windows XP, you can enable the browser to do remote domain name lookups. The option network.proxy.socks_remote_dns is available via about:config and should look like

network.proxy.socks_remote_dns 	user set 	boolean 	true

At http://www.imperialviolet.org/deerpark.html you can find an excellent step-by-step introduction on how to configure Firefox in this manner. Be careful, though: In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work. In this case, you may want to use Privoxy or similar projects. To find out whether your version implements remote DNS resolution correctly, you may try out a URL ending in .onion, like http://6sxoyfb3h2nvok2d.onion/tor/leading to the http://6sxoyfb3h2nvok2d.onion/tor/. If the Hidden Wiki shows up, remote DNS resolution works.

Otherwise, to use Privoxy with Firefox 1.5x on Windows, do the following in Firefox:

Tools -> Options -> General -> Connection Settings -> Manual proxy configuration

Set HTTP Proxy 127.0.0.1 (or localhost), port 8118 and tick the box [X] Use for all protocols. Or you may explicitly set the Proxy information for SSL, FTP, and Gopher to localhost/8118 and then set the SOCKS Host information to localhost/9050, making sure to specify SOCKS v5.

Remember: Configuring Privoxy for FTP will break ftp:// URLs, but if you don't do this, your Firefox will leak your IP address for those sites. Use Filezilla for handling FTP traffic or read the FTP section.

Also, Mac OS X users should change the above preferences by entering about:config in the URL bar because the firefox preferences dialog is a bit screwy.

See Also: http://wiki.greenmilitia.com/index.php?title=Set_Up_Iceweasel_for_TOR on Greenmilitia's wiki

Circumventing Tor blocks using open HTTP proxies

Some websites have blocked access from Tor users. Often, however, these websites still allow access from any of millions of open HTTP proxies on the internet. Unfortunately, using an open HTTP proxy directly is not very anonymous.

The solution is to chain an open HTTP proxy between Tor and the unfriendly website. This provides all the anonymity benefits of Tor, while obscuring the fact that you're using Tor from the website.

Privoxy

One method involves Privoxy. This example config will send all requests through Tor, only chaining an open HTTP proxy after Tor for a select site. Replace 0.0.0.0:80 with the proxy's address and port.

forward-socks4a / localhost:9050 .
forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80

Socat

Another method requires Socat. This will forward all connections to localhost:8080 to an open HTTP proxy through Tor. Just configure your browser to use localhost:8080 as an HTTP proxy. Once again, replace 0.0.0.0:80 with the proxy's address and port.

Warning: Not sure if this works. In doubt turn off Tor for a test. If it's still working, your connections are obviously not routed through Tor.

socat TCP4-LISTEN:8080,bind=localhost,fork SOCKS4A:localhost:0.0.0.0:80,socksport=9050

3proxy

Download and install (may need compiling) the 3Proxy proxy server. Create a configuration file (plain text) like this:

# put 3proxy in background mode. For Windows replace with "service"
daemon
# set archiver to compress log files. Remove or replace for Windows.
archiver gz /bin/gzip %F
# we'll have 2 log files
rotate 2
# format of log record
logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T"
# path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly
log /tmp/3proxy.log M
# set timeouts above defaults, because tor may be a bit slow
timeouts 30 30 60 60 180 1800 60 120
# this is required to use ACLs and redirections
auth iponly
# preventing DNS requests leak
fakeresolve
# redirect all traffic
allow *
# first redirection hop is tor
parent 1000 socks4+ 127.0.0.1 9050
# and the second hop is an open HTTP proxy. Replace "0.0.0.0 80" with the proxy's address and port.
parent 1000 http 0.0.0.0 80
# now, start anonymous HTTP proxy on localhost:8080, configure this in
# your browser as single proxy for all protocols
proxy -a -i127.0.0.1 -p8080

(you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like ./3proxy ./3proxyrc.

Last modified 2 months ago Last modified on Feb 23, 2014 11:51:32 AM