Written: 2018-05-23 (Jaruga)

Torifying WeeChat

Weechat (or 'Wee Enhanced Environment for Chat') is a terminal-based free and open-source Internet Relay Chat client originally released in 2003. It focuses heavily on being fast, lightweight and highly extensible. Weechat is available for download and use on *NIX based systems (GNU/Linux, BSD and MacOS) and is found in the repositories of many major distributions. It supports a number of additional features such as IPv6, TLS/SSL, OTR and proxy configurations.

Weechat has a user interface called 'curses' that often comes packaged alongside Weechat on installation. Users can also opt to use other interfaces with it; they can be installed and managed with the relay plugin.

Official site:

Installation and setup

Note: While the below section outlines how to connect to .onion IRC servers, the same instructions are suitable for clearnet-facing ones.

Installing and configuring Weechat is largely done the same way across all distributions, the primary difference being how it is installed. If the below instructions do not cover your system please refer to the related documentation for more information.

  1. First, ensure you have installed Tor and it is currently running.
  2. Install Weechat. It can be found in the repositories of most major distributions.
    • for Debian / Ubuntu: apt-get install weechat-curses
    • for Fedora / RPM-based: dnf install weechat-curses
  3. After installation is complete, run Weechat by issuing the command weechat-curses.
  4. Note: Weechat uses your systems username as its default nick.
    • To change it, enter /set irc.server.default.nicks "user"
    • (Replace 'user' with your desired nick)

Proxy configuration / connecting to Onion services

Now that Weechat and Tor are both installed and configured, you will be able to use Tor as a proxy and set up connections to onion services.

  1. To add Tor as a proxy in Weechat, issue the command /proxy add tor socks5 9050.
  2. Now add your desired Onion IRC servers:
    • /server add MyIRC-Tor exampleaddress.onion/6667
    • (replace "myIRC-Tor" with desired server name)
  3. Set Tor as the desired proxy for the new server:
    • /set irc.server.MyIRC-Tor.proxy "tor"

When set up and configuration are complete, type the command /connect MyIRC-Tor to connect to the IRC server over the Tor network.

Additional steps

Reducing fingerprint

It is highly recommended to perform the following steps to strengthen your anonymity.

Weechat (and IRC clients in general) by default are quite insecure, and will give a lot of information about your setup when proded. This allows an adversary to build a better profile of your system. It is possible to reduce this in Weechat by performing the following:

  1. Disable IRC part and quit messages:
    /set irc.server_default.msg_part ""
    /set irc.server_default.msg_quit ""
  1. Disable answers to all CTCP queries:
    /set irc.ctcp.clientinfo ""
    /set irc.ctcp.finger ""
    /set irc.ctcp.source ""
    /set irc.ctcp.time ""
    /set irc.ctcp.userinfo ""
    /set irc.ctcp.version ""
    /set ""

Note: the " " in steps 1 and 2 is simply a filler space and can be changed to suit your needs (though keeping them blank is recommended). For an example of how this appears, a quit message will come up: * user has quit (" ")

  1. Unload and disable auto-loading of "xfer" plugin (used for IRC DCC):
    /plugin unload xfer
    /set weechat.plugin.autoload "*,!xfer"

(Optional) TLS / SSL

As almost every .onion IRC server that supports SSL is self-signed, connecting to a server via TLS/SSL quite often involves extra steps. This is done by doing the following:

  1. First, enable TLS/SSL on your desired server with /set irc.server.MyIRC-Tor.ssl on.
  2. As self-signed certificates will not pass the verification test, you will need to disable certificate verification for the server by entering /set irc.server.MyIRC-Tor.ssl_verify off.
    • Note: Without following step 3 this can be dangerous, as it will allow Weechat to connect using any certificate. This opens users up to MitM attacks.
  3. Enable fingerprints with the command /set irc.server.MyIRC-Tor.ssl_fingerprint. This will display the certificate every time you connect, allowing you to compare it with the official fingerprint to verify its authenticity.

(Optional) SASL

For those who require SASL, simply add the following commands to add your nick and password:

/set irc.server.MyIRC-Tor.sasl_username "yourusernamehere"
/set irc.server.MyIRC-Tor.sasl_password "yourpasswordhere"
Last modified 2 years ago Last modified on Jun 6, 2018, 4:51:03 AM