Changes between Version 184 and Version 185 of doc/TorifyHOWTO


Ignore:
Timestamp:
Apr 23, 2010, 4:49:06 AM (10 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO

    v184 v185  
    11#pragma section-numbers on
    22## Copyright (c) 2004 Thomas Sjogren.
    3 ## Copyright (C) 2004, 2005, 2006  Contributors
    43## Distributed under the MIT license,
    54## See ./LegalStuff for a full text
    65[:../:up to Tor]
    76
    8 = Torifying software HOWTO =
    9 
    10 This document explains how to configure particular programs to use Tor. It was originally written for
    11 a Linux/UNIX environment, but it should include some instructions for Windows and OS X users too. Please add your own Windows configurations to this document.
    12 
    13 Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page --- it's a Wiki, after all.
    14 
    15 
    167Table of Contents
    178[[TableOfContents]]
    189
    19 [[Anchor(BasicConfigIssues)]]
    20 = Basic Configuration Issues =
    21 [#BasicConfigIssues [link]]
     10= TORifying software HOWTO =
     11
     12Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page; it's a Wiki, after all.
     13
     14== Basic Configuration Issues ==
    2215
    2316[[Anchor(UnixLinuxConfiguration)]]
    24 == Unix and Linux Configuration ==
    25 [#UnixLinuxConfiguration [link]]
    26 
    27 First, we assume you installed Privoxy. Many applications can be set to use an http proxy,
    28 and that will make your life much easier.
     17=== Unix and Linux Configuration ===
    2918
    3019Under Unix and GNU/Linux, most HTTP capable applications, like {{{lynx}}}, {{{wget}}} and {{{curl}}}, will honor the value of the {{{http_proxy}}} environment variable. Some applications use all lower case, some all upper, so specify both to be safe.
     
    3726export http_proxy HTTP_PROXY
    3827}}}
     28[#UnixLinuxConfiguration [#]]
    3929
    4030[[Anchor(DNSNote)]]
    41 == About DNS and tsocks ==
    42 [#DNSNote [link]]
     31=== About DNS and tsocks ===
    4332
    4433tsocks correctly replaces ''connect(2)'' calls with calls to your SOCKS proxy (Tor), but it doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.
     
    5140
    5241'''NOTE:''' There is now a patch to the tsocks code that handles dns leaks and .onion addresses, [http://www.totalinfosecurity.com/patches/tor.php tordns]
     42[#DNSNote [#]]
    5343
    5444[[Anchor(Socat)]]
    55 == About socat ==
    56 [#Socat [link]]
     45=== About socat ===
    5746
    5847[http://www.dest-unreach.org/socat/ socat] is a multipurpose relay for bidirectional data transfer.  It is possible to use socat as a general means by which programs agnostic of SOCKS can use Tor by connecting to a local TCP port.
     
    8776when a direct DNS resolution attempt failed, thus possibly revealing which DNS names you
    8877accessed through socat. See [http://archives.seul.org/or/dev/Jul-2004/msg00000.html this post tor-dev] for details.
     78[#Socat [#]]
    8979
    9080[[Anchor(SocatOpenBSD)]]
    91 === Socat on OpenBSD ===
    92 [#SocatOpenBSD [link]]
    93 
    94 For enhanced security you can use socat like this:
     81==== Socat on OpenBSD 3.7 ====
     82
     83There is no port or package for socat in OpenBSD.  It compiles cleanly from the source.
     84If you only use socat for Tor, I'd suggest trying these configure options:
     85
     86{{{
     87./configure --disable-file --disable-creat --disable-gopen --disable-pipe --disable-unix --disable-exec \
     88            --disable-system --disable-pty --disable-readline --prefix=/usr/local/opt
     89gmake && gmake install
     90}}}
     91
     92to install everything into /usr/local/opt (to avoid overwriting normal ports).
     93
     94Instead of the above socat command, you can also make it bind only to localhost:
    9595
    9696{{{
     
    181181This also assumes that you have dsocks' {{{tor-dns-proxy.py}}} setup to handle DNS requests on
    182182127.0.0.1:53.
    183 
    184 [[Anchor(#WebBrowsers)]]
    185 = Web browsers =
    186 [#WebBrowsers [link]]
    187 
    188 Web browsing and Privoxy is also covered in the [http://tor.eff.org/documentation tor setup docs], specifically
    189  * http://tor.eff.org/docs/tor-doc-osx
    190  * http://tor.eff.org/docs/tor-doc-unix
    191  * http://tor.eff.org/docs/tor-doc-win32
     183[#SocatOpenBSD [#]]
     184
     185== Web browsers ==
    192186
    193187[[Anchor(Konqueror)]]
    194 == Konqueror ==
    195 [#Konqueror [link]]
     188=== Konqueror ===
    196189
    197190Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup
     
    212205httpsProxy=http://127.0.0.1:8118
    213206}}}
     207[#Konqueror [#]]
    214208
    215209[[Anchor(Links)]]
    216 == Links ==
    217 [#Links [link]]
     210=== Links ===
    218211
    219212Setup -> Network Options
     
    230223...
    231224}}}
     225[#Links [#]]
    232226
    233227[[Anchor(Lynx)]]
    234 == Lynx ==
    235 [#Lynx [link]]
     228=== Lynx ===
    236229
    237230Lynx will respect the {{{http_proxy}}} enviroment variable, but you can edit {{{/etc/lynx.cfg}}}:
     
    245238...
    246239}}}
    247 
    248 
    249 [[Anchor(Opera)]]
    250 == Opera ==
    251 [#Opera [link]]
    252 
    253 Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers. Check HTTP and enter "127.0.0.1" and "8118" as port or open about:config and enter "127.0.0.1:8118" in Proxy -> HTTP Server.
     240[#Lynx [#]]
    254241
    255242[[Anchor(MozillaFirefox)]]
    256 == Mozilla Firefox ==
    257 [#MozillaFirefox [link]]
    258 
    259 In later versions of Firefox, at least in the current version 1.5.0.1 under Linux and Windows XP, you can enable the browser to do remote domain name lookups. The option network.proxy.socks_remote_dns is available via about:config and should look like
    260 
    261 {{{
    262 network.proxy.socks_remote_dns  user set        boolean         true
    263 }}}
    264 
    265 At [http://www.imperialviolet.org/deerpark.html http://www.imperialviolet.org/deerpark.html] you can find an excellent step-by-step introduction on how to configure Firefox in this manner.
    266 '''Be careful, though:  In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work.  In this case, you may want to use Privoxy or similar projects.'''  To find out whether your version implements remote DNS resolution correctly, you may try out a URL ending in `.onion`, like [http://6sxoyfb3h2nvok2d.onion/tor/ this one] leading to the [http://6sxoyfb3h2nvok2d.onion/tor/ the Hidden Tor Wiki].  If the Hidden Wiki shows up, remote DNS resolution works.
    267 
    268 Otherwise, to use Privoxy with Firefox 1.5x on Windows, do the following in Firefox:
    269 
    270 Tools -> Options -> General -> Connection Settings -> Manual proxy configuration
    271 
    272 Set HTTP Proxy 127.0.0.1 (or localhost), port 8118 and tick the box [X] Use for all protocols.  Or you may explicitly set the Proxy information for SSL, FTP, and Gopher to localhost/8118 and then set the SOCKS Host information to localhost/9050, making sure to specify SOCKS v5.
    273 
    274 '''Remember: Configuring Privoxy for FTP will break ftp:// URLs, but if you don't do this, your Firefox will leak your IP address for those sites. Use Filezilla for handling FTP traffic (Windows only) or read the [#FTP FTP] section below.'''
    275 
    276 
    277 http://wiki.noreply.org/images/firefox_proxy.png
     243=== Mozilla Firefox ===
     244
     245Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration
     246{{{
     247HTTP Proxy: 127.0.0.1 port 8118
     248SSL Proxy: 127.0.0.1 port 8118
     249SOCKS v5
     250}}}
     251
     252To change the proxy configuration for all Firefox users on your machine, edit the {{{/usr/lib/mozilla-firefox/greprefs/all.js}}} file:
     253
     254{{{
     255...
     256pref("network.proxy.type",                  1);
     257...
     258pref("network.proxy.http",         "127.0.0.1");
     259pref("network.proxy.http_port",          8118);
     260pref("network.proxy.ssl",          "127.0.0.1");
     261pref("network.proxy.ssl_port",           8118);
     262pref("network.proxy.socks",                 "");
     263pref("network.proxy.socks_port",            0);
     264pref("network.proxy.socks_version",         5);
     265pref("network.proxy.no_proxies_on",         "localhost, 127.0.0.1");
     266...
     267}}}
     268
     269In later versions of Firefox, you need to get a nightly-build at the moment, you can enable the browser to do remote domain name look ups. The option network.proxy.socks_remote_dns is available via about:config and should look like
     270
     271{{{
     272network.proxy.socks_remote_dns  user    set     boolean         true
     273}}}
    278274
    279275Also, Mac OS X users should change the above preferences by entering about:config in the URL bar because the firefox preferences dialog is a bit screwy.
    280 
    281 
    282 [[Anchor(OpenHTTPProxies)]]
    283 == Circumventing Tor blocks using open HTTP proxies ==
    284 [#OpenHTTPProxies [link]]
    285 
    286 Some websites have blocked access from Tor users. Often, however, these websites still allow access from any of millions of open HTTP proxies on the internet. Unfortunately, using an open HTTP proxy directly is not very anonymous.
    287 
    288 The solution is to chain an open HTTP proxy between Tor and the unfriendly website. This provides all the anonymity benefits of Tor, while obscuring the fact that you're using Tor from the website.
    289 
    290 === Privoxy ===
    291 
    292 One method involves Privoxy. This example config will send all requests through Tor, only chaining an open HTTP proxy after Tor for a select site. Replace 0.0.0.0:80 with the proxy's address and port.
    293 
    294 {{{
    295 forward-socks4a / localhost:9050 .
    296 forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80
    297 }}}
    298 
    299 === Socat ===
    300 
    301 Another method requires Socat. This will forward all connections to localhost:8080 to an open HTTP proxy through Tor. Just configure your browser to use localhost:8080 as an HTTP proxy. Once again, replace 0.0.0.0:80 with the proxy's address and port.
    302 
    303 {{{
    304 socat TCP4-LISTEN:8080,bind=localhost,fork SOCKS4A:localhost:0.0.0.0:80,socksport=9050
    305 }}}
    306 
    307 === 3proxy ===
    308 
    309 Download and install (may need compiling) the [http://www.security.nnov.ru/soft/3proxy/ 3proxy] proxy server. Create a configuration file (plain text) like this:
    310 
    311 {{{
    312 # put 3proxy in background mode. For Windows replace with "service"
    313 daemon
    314 # set archiver to compress log files. Remove or replace for Windows.
    315 archiver gz /bin/gzip %F
    316 # we'll have 2 log files
    317 rotate 2
    318 # format of log record
    319 logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T"
    320 # path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly
    321 log /tmp/3proxy.log M
    322 # set timeouts above defaults, because tor may be a bit slow
    323 timeouts 30 30 60 60 180 1800 60 120
    324 # this is required to use ACLs and redirections
    325 auth iponly
    326 # preventing DNS requests leak
    327 fakeresolve
    328 # redirect all traffic
    329 allow *
    330 # first redirection hop is tor
    331 parent 1000 socks4+ 127.0.0.1 9050
    332 # and the second hop is an open HTTP proxy. Replace "0.0.0.0 80" with the proxy's address and port.
    333 parent 1000 http 0.0.0.0 80
    334 # now, start anonymous HTTP proxy on localhost:8080, configure this in
    335 # your browser as single proxy for all protocols
    336 proxy -a -i127.0.0.1 -p8080
    337 }}}
    338 (you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like {{{./3proxy ./3proxyrc}}}.
    339 
    340 
    341 [[Anchor(Email)]]
    342 = Email =
    343 [#Email [link]]
     276[#MozillaFirefox [#]]
     277
     278== Email ==
    344279
    345280[[Anchor(Fetchmail)]]
    346 == Fetchmail ==
    347 [#Fetchmail [link]]
     281=== Fetchmail ===
    348282
    349283This isn't the most elegant solution, but it works. Rename your {{{/etc/init.d/fetchmail}}} file to {{{{fetchmail-orig}}}, for example, then save the script below as {{{/etc/init.d/fetchmail}}}, and restart fetchmail with {{{/etc/init.d/fetchmail restart}}}. Your mail will now be fetched through the Tor network.
     
    429363You may want to look up your mail server's IP with {{{tor-resolve}}} and use the IP in place
    430364of a hostname; see the note on tsocks and DNS above.
    431 
    432 If you are lazy you can also just call {{{torify fetchmail}}} or {{{torify fetchmail -d 900}}}.
    433 
    434 [[Anchor(Thunderbird)]]
    435 == Mozilla Thunderbird ==
    436 [#Thunderbird [link]]
    437 
    438 Install the [https://addons.mozilla.org/thunderbird/2275/ Torbutton] extension and enable Tor in Thunderbird by clicking on the onion in the toolbar (if it has a red cross).
    439 
    440 Just remember to '''exclude all your SMTP servers''' in th Connection settings (Edit-Preferences-General or Tools-Options-General) dialog box, otherwise you probably won't be able to send any mail.
    441 
    442 If you're using the same server name for receiving and sending mail but still want to recieve mail through Tor, change your SMTP server's name to it's IP and exclude the IP from being proxied. This way, mail will be received from your mail server by it's name (and through Tor), but sent by the same server without Tor.
    443 
    444 [[Anchor(POP3_3proxy)]]
    445 == 3proxy as a POP3 proxy ==
    446 [#POP3_3proxy [link]]
    447 
    448 Download and install (may need compiling) the [http://www.security.nnov.ru/soft/3proxy/ 3proxy] proxy server.
    449 
    450 Let's say you have a POP3 account with settings below:
    451  E-mail: testaccount@gmail.com
    452 
    453  POP3 server: pop.gmail.com
    454 
    455  Account name: testaccount@gmail.com
    456 
    457  Pasword: ******
    458 
    459 First,  you  need  to  configure  and  start 3proxy as a pop3 proxy with
    460 redirection to tor. Create a configuration file (plain text) like this:
    461 
    462 {{{
    463 # put 3proxy in background mode. For Windows replace with "service"
    464 daemon
    465 # set archiver to compress log files. Remove or replace for Windows.
    466 archiver gz /bin/gzip %F
    467 # we'll have 2 log files
    468 rotate 2
    469 # format of log record
    470 logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T"
    471 # path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly
    472 log /tmp/3proxy.log M
    473 # set timeouts above defaults, because tor may be a bit slow
    474 timeouts 30 30 60 60 180 1800 60 120
    475 # this is required to use ACLs and redirections
    476 auth iponly
    477 # preventing DNS requests leak
    478 fakeresolve
    479 # redirect all traffic
    480 allow *
    481 # redirect traffic to Tor
    482 parent 1000 socks4+ 127.0.0.1 9050
    483 # now, start pop3 proxy on port 127.0.0.1:110
    484 # you can run it on alternative port, if port 110 is in use or not accessible
    485 pop3p -i127.0.0.1 -p110
    486 }}}
    487 
    488 (you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like {{{./3proxy ./3proxyrc}}}.
    489 
    490 Now,  you  must  configure  your  e-mail  agent  (any with POP3 support:
    491 Eudora,  Outlook  Express,  Outlook,  Apple Mail). Specify 3proxy server
    492 (localhost  in  example)  as  a POP3 server and add address of real POP3
    493 server  to  account  login  name  after  '@'  characcter. That is, e-mail agent
    494 settings are now:
    495 
    496  E-mail: testaccount@gmail.com
    497 
    498  POP3 server: 127.0.0.1
    499 
    500  Account name: testaccount@gmail.com@pop.gmail.com
    501 
    502  Pasword: ******
    503 
    504 If the POP3 proxy on a different port than 110, you should also change
    505 POP3 port settings in your mail agent.
    506 
    507 [[Anchor(3proxySMTP)]]
    508 == SMTP with "Submission" protocol and 3proxy portmapping ==
    509 [#3proxySMTP [link]]
    510 
    511 As   a  measure  against  spammers,  Tor  doesn't  allow  outgoing  SMTP
    512 connection to TCP/25 port, but some mail servers still may be reached by
    513 alternative   ports. The most commonly used one is TCP/587 (submission).
    514 "Submission"  is  actually  SMTP  protocol with moderate authentication.
    515 smtp.gmail.com,  smtp.aol.com,  smtp.yandex.ru and many others are known
    516 to  support  submission protocol. You can use e.g. portmapping (see
    517 [#TCP General TCP] below)
    518 to  map  some  port  on  local  host  to port 587 of your preferred mail
    519 server.
    520 
    521 Gmail example: for any 3proxy configuration above, like [#POP3_3proxy POP3],
    522 add a line
    523 
    524 {{{tcppm -i127.0.0.1 2525 smtp.gmail.com 587}}}
    525 
    526 This maps local 2525 port to Submission port of smtp.gmail.com.
    527 
    528 Now  set  up  SMTP host 127.0.0.1 and SMTP port 2525 for your mail agent
    529 and  configure  SMTP  authentication.  Currently  there is no SMTP proxy
    530 server  support.  If  you  need a  second  submission  server, add a second
    531 portmapping with different local port (e.g. 2526) to configuration.
    532 
    533 Note:  some  mail agents, including Microsoft Outlook and Outlook Express
    534 are  known  to  leak  sensitive information, including local IP address,
    535 through mail headers.
    536 
    537 [[Anchor(IM)]]
    538 = Instant messaging =
    539 [#IM [link]]
    540 
    541 [[Anchor(qip)]]
    542 == qip ==
    543 http://img209.imageshack.us/img209/6103/qipyq5.png
    544 
    545 [[Anchor(ICQ)]]
    546 == ICQ ==
    547 
    548 First Step:
    549 
    550 http://img60.imageshack.us/img60/4654/icq1ps8.png
    551 
    552 Second Step:
    553 
    554 http://img209.imageshack.us/img209/6752/icq2ec7.png
    555 
    556 [[Anchor(Pidgin)]]
    557 == Pidgin (formerly Gaim) ==
    558 [#Pidgin [link]]
     365[#Fetchmail [#]]
     366
     367== Instant messaging ==
     368
     369[[Anchor(Gaim)]]
     370=== Gaim ===
    559371
    560372Preferences -> Network -> Proxy
     
    566378
    567379See the note on tsocks and DNS above.
    568 
    569 [[Anchor(Konversation)]]
    570 == Konversation ==
    571 [#Konversation [link]]
    572 
    573 See the note on [#KDE KDE Applications] below.
    574 
    575 
    576 [[Anchor(Kopete)]]
    577 == Kopete ==
    578 [#Kopete [link]]
    579 
    580 See the note on [#KDE KDE Applications] below.
    581 
     380[#Gaim [#]]
    582381
    583382[[Anchor(Psi)]]
    584 == Psi ==
    585 [#Psi [link]]
     383=== Psi ===
    586384
    587385[http://psi.affinix.com/ Psi] is a Jabber client with support for
     
    601399
    602400See the note on tsocks and DNS above.
    603 
    604 [[Anchor(Miranda)]]
    605 == Miranda ==
    606 [#Miranda [link]]
    607 "M" Menu -> Options -> Network
    608 
    609 {{{
    610 Proxy Type: SOCKS5
    611 Proxy Server: localhost or 127.0.0.1
    612 Port: 9050
    613 }}}
    614 
    615 [[Anchor(Bitlbee)]]
    616 == Bitlbee ==
    617 [#Bitlbee [link]]
    618 
    619 Simply add the following to {{{/etc/bitlbee/bitlbee.conf}}} and connect with your favorite IRC client:
    620 {{{
    621 Proxy = socks5://localhost:9050
    622 }}}
    623 
    624 
    625 [[Anchor(GG)]]
    626 == Gadu-Gadu ==
    627 [#GG [link]]
    628 
    629 To use Gadu-Gadu (the Polish closed and insecure instant messaging network) with Tor, point your client program to Privoxy (127.0.0.1 and port 8118). In [http://www.kadu.net Kadu], this is in: Menu - Konfiguracja - Siec. In [http://ekg.chmurka.net EKG], go to the main window, type {{{set proxy 127.0.0.1:8118}}}, then type {{{save}}} and reconnect.
    630 
    631 [[Anchor(IRC)]]
    632 = IRC/SILC =
    633 [#IRC [link]]
    634 
    635 [[Anchor(weechat)]]
    636 == weechat ==
    637 [#weechat [link]]
    638 
    639 weechat is (afaik) the only console irc client with working socks5 support. Making it play nice with Tor is as easy as changing the following lines in the [proxy] section of ~/weechat/weechat.rc :
    640 
    641 {{{
    642 [proxy]
    643 proxy_use = on
    644 proxy_type = socks5
    645 proxy_ipv6 = off
    646 proxy_address = "127.0.0.1"
    647 proxy_port = 9050
    648 }}}
    649 
    650 This works fine with in-Tor IRC servers as well (notably ORC at irc://3d2et7ek4jjhnv3k.onion)
     401[#Psi [#]]
     402
     403== IRC/SILC ==
    651404
    652405[[Anchor(Irssi)]]
    653 == Irssi ==
    654 [#Irssi [link]]
    655 
     406=== Irssi ===
    656407If you are running Privoxy, as recommended, you can just configure irssi's own proxy settings to use Privoxy as an HTTP proxy.
    657408Otherwise, you can run Irssi with {{{tsocks irssi}}}.  Unfortunately, as mentioned above, Irssi's own proxy configuration options are HTTP specific.
    658409
    659 Alternative: {{{torify irssi}}}.  Note that torify is just a shell script that calls
    660 tsocks after setting the config file to /etc/tor/tor-tsocks.conf.
     410For Gentoo and Debian users: {{{torify irssi}}}.  Note that torify is just a shell script that calls
     411tsocks after setting the config file to /etc/tor/tor-tsocks.conf so it is not Gentoo/Debian specific.
    661412
    662413For OpenBSD users, you can either hack tsocks to work (as of 3.6 there is no port) or you can use dante.
     
    684435    proxy_password = "";
    685436    use_proxy = "yes";
    686     proxy_string = "CONNECT %s:%d HTTP/1.0\n\n";
     437    proxy_string = "CONNECT %s:%d HTTP/1.0\012\012";
    687438    proxy_port = "8118";
    688439    proxy_address = "127.0.0.1";
     
    691442}}}
    692443
    693 Don't forget to modify the limit-connect settings in the Privoxy .action files first. This is typically found in default.action, and is a filter that limits what ports Privoxy will connect to. Since Privoxy only listens on the local interface, it is safe to replace this line with '+limit-connect{1-}' which allows Privoxy to connect to all ports.
     444Don't forget to modify the limit-connect settings in the Privoxy .action files first.
    694445
    695446To minimize information leakage about your client and timezone add
     
    710461/save
    711462}}}
     463[#Irssi [#]]
    712464
    713465[[Anchor(XChat)]]
    714 == X-Chat ==
    715 [#XChat [link]]
    716 
    717 [http://www.xchat.org/ X-Chat] supports SOCKS 5 and does not leak DNS requests.
    718 
     466=== X-Chat ===
    719467Settings-> Preferences -> Network -> Network setup -> Proxy server
    720468{{{
     
    724472}}}
    725473
    726 [http://xrl.us/h7rs Unofficial builds] of X-Chat for Windows are free.
    727 
    728474See the note on tsocks and DNS above.
    729 
    730 [[Anchor(X-Chat Aqua)]]
    731 == X-Chat Aqua 0.16.0 ==
    732 [#XChatAqua [link]]
    733 
    734 [http://sourceforge.net/projects/xchataqua/ X-Chat Aqua is X-Chat with an Aqua interface for MacOS X. X-Chat Aqua uses the irc engine from X-Chat, and is designed to look and feel like the GTK+ front end.
    735 
    736 This is a free IRC client for Macintosh OSX that works with TOR.
    737 
    738 X-Chat Aqua-> Preferences -> Network -> Network setup
    739 {{{
    740 Address to bind to:
    741 Proxy server: localhost
    742 Port: 9050
    743 Proxy type: Socks5
    744 }}}
     475[#XChat [#]]
    745476
    746477[[Anchor(SILC)]]
    747 == SILC ==
    748 [#SILC [link]]
    749 
     478=== SILC ===
    750479Since the [http://www.silcnet.org SILC] client is based on Irssi, you can follow the same procedure to make it use Tor. Combining Tor and SILC might be one of the safest ways to communicate with someone over the Internet. More information about SILC is available at [http://www.silcnet.org its website].
     480[#SILC [#]]
    751481
    752482[[Anchor(Silky)]]
    753 === Silky ===
    754 [#Silky [link]]
    755 
     483==== Silky ====
    756484[http://silky.sf.net/ Silky] is a GTK2 SILC client. It does not currently support SOCKS, so the best way to make it work with Tor is using socat (IMO).:
    757485
     
    759487
    760488And then tell Silky to connect to localhost:6666.
     489[#Silky [#]]
    761490
    762491[[Anchor(BitchX)]]
    763 == BitchX ==
    764 [#BitchX [link]]
    765 
     492=== BitchX ===
    766493In order to use [http://www.bitchx.org BitchX] with tor, you first need to get [http://proxychains.sourceforge.net ProxyChains], a *NIX-only HTTP and SOCKS proxy client.  On Debian systems, install the {{{proxychains}}} package.  Once installed, just add
    767494
     
    778505You may want to look up your IRC server's IP with {{{tor-resolve}}} and use the IP in place
    779506of a hostname; see the note on tsocks and DNS above.
     507[#BitchX [#]]
    780508
    781509[[Anchor(mIrc)]]
    782 == mIRC ==
    783 [#mIrc [link]]
    784 
     510=== mIRC ===
    785511Mirc.co.uk: [http://www.mirc.co.uk/help/proxies.html Proxies and Firewalls]
    786512
     
    798524}}}
    799525
    800 http://wiki.noreply.org/images/mirc_firewall.png
    801 
    802 Don't use SOCKS4. Use SOCKS5.
    803 
    804 There is a way to automate this with two commands...
    805 
    806 {{{
    807 /firewall -cm5+d on localhost 9050
    808 }}}
    809 
    810 to activate it and...
    811 
    812 {{{
    813 /firewall -d off
    814 }}}
    815 
    816 to deactivate the proxy. You can add this commands to your personal commands menu by following these instructions:
    817 
    818  Press Alt+P to open the popup editor and type this bellow "Commands"
    819  
    820 {{{
    821 Anonymize:/firewall -cm5+d on localhost 9050
    822 de-Anonymize:/firewall -d off
    823 }}}
     526I get "Unable to resolve server" errors using SOCKS4 with mIRC and .onion addresses.  SOCKS5 works.
     527[#mIRC [#]]
    824528
    825529[[Anchor(Trillian)]]
    826 == Trillian ==
    827 [#Trillian [link]]
    828 
     530=== Trillian ===
    829531Preferences -> Advanced Preferences -> Proxy Server
    830 {{{
    831 Use proxy server to resolve names.
    832 Use proxy server.
    833 Protocol: SOCKS5
    834 Host: localhost or 127.0.0.1
    835 Port: 9050
    836 }}}
    837 
    838 
    839 
    840 [[Anchor(KVIrc)]]
    841 == KVIrc ==
    842 [#KVIrc [link]]
    843 
    844 [http://www.kvirc.net KVIrc]
    845 
    846 Settings -> Configure KVIrc -> Connection -> Proxy Hosts
    847 
    848 {{{
    849 Use proxy.
    850 New proxy.
    851 Proxy: tor
    852 Port: 9050
    853 IP Address: 127.0.0.1
    854 Protocol: SOCKSv5
    855 }}}
    856 
    857 http://img143.imageshack.us/img143/6898/kvirc5er.png
    858 
    859 Since kVIrc does not support remote dns yet, you have to add a mapping to your tor config, if you want to connect to a hidden service. Do this  like:
    860 {{{
    861 echo 'mapaddress  10.40.40.40  mejokbp2brhw4omd.onion' >> /etc/tor/torrc
    862 pkill -HUP tor
    863 }}}
    864 and then connect to 10.40.40.40 through your Tor proxy.
    865 
    866 http://img137.imageshack.us/img137/9471/kvirctorhiddenservicetm9.png
    867 
     532
     533[#Trillian [#]]
    868534
    869535[[Anchor(BitTorrent)]]
    870 = BitTorrent =
    871 [#BitTorrent [link]]
    872 
    873 For bittorrent it is probably not so helpful to torrify data. Compared to the amount of damage you will do to your throughput and the amount of damage you will do to the Tor network, torryfing data is overkill for the protection you gain. Aside from search index logs and tracker http logs, the attacks needed to determine who is downloading a torrent are somewhat similar to attacks on Tor: the adversary has to be running torrent clients and watching to see who connects to them. This is hard to do on a large scale. You are probably much more at risk for showing up in the webserver logs for popular trackers and index sites.
    874 
    875 For this reason, you may want to use tor to communicate with the tracker. For this, just add {{{--tracker-proxy 127.0.0.1:8118}}}:
    876 {{{
    877 btlaunchmanycurses --tracker_proxy 127.0.0.1:8118 <directory>
    878 }}}
    879 
    880 [[Anchor(µTorrent)]]
    881 == µTorrent ==
    882 
    883 Again, torifying the bittorrent traffic of µTorrent would just add more overhead and reduce your transfer throughput a lot. It also severely taxes the Tor network and is considered poor etiquette.
    884 The following image shows how to configure µTorrent to torify tracker traffic. Note the unchecked {{{Use proxy server for peer-to-peer connections}}}. Checking this will severely limit transfer speeds and needlesly tax the Tor network.
    885 
    886 http://img166.imageshack.us/img166/610/utorrenttorifyag8.jpg
     536== BitTorrent ==
     537Same procedure as with BitchX, but using {{{proxychains btdownloadcurses}}}.
     538[#BitTorrent [#]]
    887539
    888540[[Anchor(Azureus)]]
    889 == Azureus ==
    890 [#Azureus [link]]
    891 
    892 Again, pretty much all you really need to do here is to proxy tracker communications. There is an option for this under the connections pane in Azureus. Fill in 127.0.0.1 9050 for the SOCKS proxy for tracker data.
    893 
    894 For more information on setting up torrents tracked via hidden service (which is not really taxing), and to be thoroughly confused by other possibilites, see: [http://azureus.sourceforge.net/doc/AnonBT/]. [http://www.azureuswiki.com/index.php/Super_Seeding Super Seeding] is another option if you are the first to seed a file and want to optimally distribute it anonymously. This is an acceptable exception to the request not to torrify data.
    895 
    896 ==rTorrent==
    897 rTorrent can use a proxy for communicating over HTTP. One merely has to edit ~/.rtorrent.rc and insert something like the following:
    898  http_proxy = http://127.0.0.1:8118/
    899 
    900 [[Anchor(FTP)]]
    901 = FTP =
    902 [#FTP [link]]
    903 
    904 FTP requires 2 different connections: one for commands and one for data.
    905 Data  connections  is  created  every  time directory listing or file is
    906 transmitted.   Almost   any  FTP  server  nowdays  checks  both  control
    907 connection  and  data  connection  to come from the same IP address. Tor
    908 changes  circuit  for  new TCP connection every 10 minutes. It means, if
    909 you  download  many files from the same FTP server (or browse content of
    910 FTP server) you will fail approximately once in 10 minutes and will need
    911 to  re-connect.  It  only affects new connections and does not interrupt
    912 file download.
    913 
    914 3proxy (see [#POP3_3proxy POP3]) may act as an FTP proxy with redirection to Tor. There are
    915 2  different  types  of  FTP  proxies. First type is a FTP over HTTP proxy - it converts
    916 listsings  and  file transfers between FTP and HTTP and it's mainly used
    917 by  browsers  (Internet  Explorer,  Moziila, Opera, wget, etc). It leaks
    918 support  for many FTP commands. Second type is a plain FTP proxy - it fully
    919 supports the FTP protocol and is used in FTP clients (gFTP, NcFTP, CuteFTP).
    920 3proxy  supports  both. For the real FTP proxy, 2 methods are supported: USER
    921 extension  and SITE/OPEN extension. In order real FTP proxy to work with
    922 Tor you need the latest devel version (0.6).
    923 
    924 In the configuration file from [#POP3_3proxy POP3] replace (or add, to use both services) the string
    925 
    926 {{{pop3p -i127.0.0.1 -p110}}}
    927 
    928 with
    929 
    930 {{{proxy -i127.0.0.1 -p110}}}
    931 
    932 for HTTP proxy with FTP over HTTP support, and/or
    933 
    934 {{{ftppr -i127.0.0.1 -p110}}}
    935 
    936 for FTP proxy.
    937 
    938 '''You may sometimes get 404 Errors (after a long time of waiting) when connecting to an FTP site. Don't worry, this is normal (I mean, this is neither 3proxy's fault nor a configuration problem). Just wait a few minutes and everything will be fine.'''
    939 
    940 [[Anchor(FxFTP)]]
    941 == Mozilla Firefox ==
    942 [#FxFTP [link]]
    943 
    944 Install and start 3proxy, as described above. Go to Edit-Preferences (that used to be Tools-Options on Windows) - General - Connection settings. Then type 'localhost' and port number ('110' using the above configuration) under the FTP Proxy entry. That should do it.
    945 
    946 [[Anchor(WgetFTP)]]
    947 == Wget (FTP) ==
    948 [#WgetFTP [link]]
    949 
    950 Install and start 3proxy, as described above. Set the {{{ftp_proxy}}} environment variable to {{{127.0.0.1:110}}}. You may also set this in the Wget configuration file.
    951 
    952 [[Anchor(OperaFTP)]]
    953 == Opera ==
    954 [#OperaFTP [link]]
    955 
    956 Install and start 3proxy, as described above. Go to Tools-Preferences-Advanced-Network-Proxy servers. Enable FTP and type 127.0.0.1 and port 110.
    957 
    958 [[Anchor(KonquerorFTP)]]
    959 == Konqueror ==
    960 [#KonquerorFTP [link]]
    961 
    962 Install and start 3proxy, as described above. Go to Settings - Configure Konqueror - Manually Specify the proxy settings - Setup. Enter 127.0.0.1 and port number 110 (or whatever number you chose) under the FTP Proxy.
    963 
    964 [[Anchor(SmartFTP)]]
    965 == SmartFTP ==
    966 [#SmartFTP [link]]
    967 
    968 Install and start proxy. Go to Extras - Settings - Connection/Proxy. Choose Type "SOCKS 4" and Host "127.0.0.1" Port "9050".
    969 
    970 [[Anchor(File Zilla)]]
    971 == File Zilla ==
    972 [#File Zilla [link]]
    973 
    974 Install and start proxy. Go to Extras - Settings - Connection/Proxy. Choose Type "SOCKS 4a" and Host "127.0.0.1" Port "9050".
    975 
    976 [[Anchor(Misc)]]
    977 = Misc =
    978 [#Misc [link]]
     541=== Azureus ===
     542
     543See [http://azureus.sourceforge.net/doc/AnonBT/].
     544[#Azureus [#]]
     545
     546== Misc ==
    979547
    980548[[Anchor(APT)]]
    981 == APT ==
    982 [#APT [link]]
    983 
    984 '''Warning''': This will only work for HTTP because Privoxy does not support FTP. Look [#FTP above] for FTP.
     549=== APT ===
     550'''Warning''': This will only work for HTTP because Privoxy does not support FTP.
    985551
    986552Add the following line to {{{/etc/apt/apt.conf}}}:
     
    988554Acquire::http::Proxy "http://127.0.0.1:8118/";
    989555}}}
    990 
    991 [[Anchor(GnuPGprivoxy)]]
    992 == GnuPG: Method 1 (Privoxy) ==
    993 [#GnuPGprivoxy [link]]
    994 
     556[#APT [#]]
     557
     558[[Anchor(GnuPG)]]
     559=== GnuPG ===
    995560Add or edit the following lines in your {{{$HOME/.gnupg/gpg.conf}}}:
    996561{{{
     
    1007572
    1008573If you don't want to write the export line every time, you can add {{{ alias gpg='http_proxy=http://127.0.0.1:8118/ gpg' }}} to your .bashrc file as well; if you have set the {{{http_proxy}}} environment variable, you may skip this step.
    1009 
    1010 [[Anchor(GnuPGtorify)]]
    1011 == GnuPG: Method 2 (torify) ==
    1012 [#GnuPGtorify [link]]
    1013 
    1014 At least a couple of people have had problems with using GPG over Privoxy. It is possible to use GPG with torify instead. If you have {{{http_proxy}}} set, GPG will try to use it. Add {{{no-honor-http-proxy}}} to your {{{keyserver-options}}} to prevent that.
    1015 
    1016 Remember that torify doesn't handle DNS! Use tor-resolve to get the IP of your keyserver and use that. Either add it to {{{$HOME/.gnupg/gpg.conf}}} as the {{{keyserver}}} option or put it on the command line.
    1017 
    1018 Now run
    1019 {{{
    1020 torify gpg --refresh-keys
    1021 }}}
    1022 
    1023 or
    1024 
    1025 {{{
    1026 torify gpg --keyserver [result of tor-resolve] --refresh-keys
    1027 }}}
     574[#GnuPG [#]]
    1028575
    1029576[[Anchor(Wget)]]
    1030 == Wget (HTTP) ==
    1031 [#Wget [link]]
     577=== Wget ===
    1032578
    1033579Wget will also respect the http_proxy enviroment variable, but you can edit {{{/etc/wgetrc}}}:
     
    1039585...
    1040586}}}
    1041 
    1042 [[Anchor(SSHtorify)]]
    1043 == SSH: Method 1 (torify) ==
    1044 [#SSHtorify [link]]
    1045 
    1046 Simply run {{{torify ssh <parameters>}}} if the host is not on a local network and you're done.
     587[#Wget [#]]
    1047588
    1048589[[Anchor(SSHconnect)]]
    1049 == SSH: Method 2 (connect) ==
    1050 [#SSHconnect [link]]
     590=== SSH: Method 1 (connect) ===
    1051591
    1052592These instructions should work on most *nix systems. Tested on Mac OS X 10.3.x and Debian GNU/Linux.
     
    10545941 - Upgrade your SSH to an OpenSSH version that has Socks 5 support. The OpenSSH client that is shipped with Mac OS X 10.3 (aka ''Panther'') - OpenSSH_3.6.1p1 - will not work correctly. Download, build and install the current stable version from the [http://www.openssh.org OpenSSH website]. If you're using Mac OS X, using [http://fink.sourceforge.net fink] may be easier for you.
    1055595
    1056 2  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website]. Note: the site appears to be down at the moment, we've mirrored the script at https://savannah.gnu.org/maintenance/connect.c
    1057 
    1058 A pre-compiled version of {{{connect}}} for Mac OS X is available at [http://members.lycos.co.uk/hardapple/tools/connect.tar]. (md5sum: b5180cb789813fc958209c58b99039fa)
     5962  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website].
     597
     598A pre-compiled version of {{{connect}}} for Mac OS X is available [http://members.lycos.co.uk/hardapple/tools/connect.tar here]. (md5sum: b5180cb789813fc958209c58b99039fa)
    1059599
    1060600Install connect into the {{{/usr/local/bin}}} directory.
     
    1108648You may want to look up your SSH server's IP with {{{tor-resolve}}} and use the IP in place
    1109649of a hostname; see the note on tsocks and DNS above.
     650[#SSHconnect [#]]
    1110651
    1111652[[Anchor(SSHsocat)]]
    1112 == SSH: Method 3 (socat) ==
    1113 [#SSHsocat [link]]
     653=== SSH: Method 2 (socat) ===
    1114654
    1115655Use [http://www.dest-unreach.org/socat/ socat] as described above.  One way to access an SSH server via Tor is to socat to make a tcp4 listener and relay to your local Tor client, then ssh to it. It's not the nicest way. Using OpenSSH, then you can use the {{{ProxyCommand}}} option in your {{{~/.ssh/config}}} file, as follows:
     
    1138678ProxyCommand socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050
    1139679}}}
    1140 
    1141 [[Anchor(Putty)]]
    1142 == Putty ==
    1143 [#Putty [link]]
    1144 
    1145 Putty is a neat suite of programs for doing Telnet, SSH, SCP, etc.[[BR]]
    1146 [wiki:/Putty Configuration Details][[BR]]
     680[#SSHsocat [#]]
    1147681
    1148682[[Anchor(vpnd)]]
    1149 == vpnd ==
    1150 [#vpnd [link]]
    1151 
     683=== vpnd ===
    1152684It is possible to run a (slow) vpnd through tor.
    1153 How to setup this up is explained at [http://www.vanheusden.com/Linux/tt.html].
    1154 
    1155 [[Anchor(svn)]]
    1156 == SubVersion (SVN) ==
    1157 [#svn [link]]
    1158 
    1159 Simply add the following lines:
    1160 {{{
    1161 http-proxy-host = localhost
    1162 http-proxy-port = 8118
    1163 }}}
    1164 
    1165 ('''NO''' spaces in front) to the "global" section in your '''servers''' file in your SubVersion's config directory ($HOME/.subversion on Linux).
    1166 
    1167 This will only work for HTTP-based SVN connections, and you need a HTTP Proxy, like Privoxy. See [http://tor.eff.org Tor's docs] for Privoxy configuration details.
    1168 
    1169 [[Anchor(yum)]]
    1170 == YUM ==
    1171 [#yum [link]]
    1172 
    1173 Install and start 3proxy, as described [#FTP above]. Add the following line:
    1174 {{{
    1175 proxy=http://127.0.0.1:110
    1176 }}}
    1177 to the '''main''' section of your YUM configuration file (usually, this is /etc/yum.conf).
    1178 
    1179 [[Anchor(TCP)]]
    1180 == Any TCP-based protocol ==
    1181 [#TCP [link]]
    1182 
    1183 For  any  TCP-based  protocol (telnet, ssh, nntp etc.), you can use TCP
    1184 portmapping with 3proxy. For example, to map port 2200 of the local computer
    1185 to port 22 (ssh) of my.ssh.server replace last string or add new string
    1186 
    1187 {{{tcppm -i127.0.0.1 2200 my.ssh.server 22}}}
    1188 
    1189 to the 3proxy configuration from [#POP3_3proxy POP3]. Now you can do
    1190 
    1191 {{{ssh -p2200 127.0.0.1}}}
    1192 
    1193 to connect via SSH to my.ssh.server.
    1194 
    1195 [[Anchor(KDE)]]
    1196 == KsCD and KDE applications in general ==
    1197 [#KDE [link]]
    1198 
    1199 Either [#Konqueror configure Konqueror for HTTP] and [#KonquerorFTP FTP] or go to the KDE Control Center - Network - Proxy and set everything as described [#Konqueror here] and [#KonquerorFTP here]. Works for KsCD.
    1200 
    1201 KDE Applications such as Kopete, Konversation (basically everything that is not http) respect only the global Socks proxy settings. In order to use them with tor, you seed to first 'socksify' the environment, and redirect the socks proxy to tor. To socksify kde, we use [http://linux.about.com/cs/linux101/g/danteclient.htm dante-client]. Assuming you have  tor listening at 127.0.0.1:9050, configure dante-client (the config file is usually at /etc/dante.conf) to forward all the requests to 127.0.0.1:9050. The comments in the default config file will help you edit it correctly. Then go to the Proxy settings in the KDE Control Panel -> Networking and enable socks support, choosing 'Dante'. Most other KDE applications should start working.
    1202 
    1203 Warning : DNS requests will not go through tor, and can probably be insecure. Also, depending on your network configuration or on an incorrect setting in dante.conf, it might not be possible to access the DNS server. You can try connecting via the IP address of the host to solve both problems.
    1204 
     685How tho setup this up is explained here: [http://www.vanheusden.com/Linux/tt.html]
     686[#vpnd [#]]
    1205687
    1206688[[Anchor(Remailing)]]
    1207 = Remailing =
    1208 [#Remailing [link]]
     689== Remailing ==
    1209690
    1210691[:TheOnionRouter/RemailingAndTor:see Remailing: achieve strong remailing anonymity/security via. Tor and Stunnel]
    1211 
    1212 [[Anchor(CrazyAndLazy)]]
    1213 = For the Crazy and Lazy =
    1214 [#CrazyAndLazy [link]]
    1215 
    1216 If you are lazy and don't want to repeat most of the steps laid out here every time you call the program (and who would?) you can have a look at [http://shellscripts.org/project/toraliases the tor aliases project].
    1217 
    1218 [[Anchor(Credits)]]
    1219 = Credits =
    1220 [#Credits [link]]
     692[#Remailing [#]]
     693
     694== Credits ==
    1221695
    1222696Thomas Sjogren with Northern Security started this howto and still maintains a copy at:
     
    1228702        * Thomas Hardly
    1229703        * tyranix
    1230         * thalunil
    1231         * BogdanDrozdowski (FTP stuff, 3proxy stuff with great help from it's author - 3APA3A, Gadu-Gadu, TB, SVN, Yum and KDE stuff)