Changes between Version 91 and Version 92 of doc/TorifyHOWTO


Ignore:
Timestamp:
Apr 23, 2010, 4:49:01 AM (10 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/TorifyHOWTO

    v91 v92  
    11#pragma section-numbers on
    22## Copyright (c) 2004 Thomas Sjogren.
     3## Copyright (C) 2004, 2005, 2006  Contributors
    34## Distributed under the MIT license,
    45## See ./LegalStuff for a full text
    5 ##Original version available at http://www.northernsecurity.net/articles/torify.html
    66[:../:up to Tor]
     7
     8= Torifying software HOWTO =
     9
     10This document explains how to configure particular programs to use Tor. It was originally written for
     11a Linux/UNIX environment, but it should include some instructions for Windows and OS X users too. Please add your own Windows configurations to this document.
     12
     13Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page --- it's a Wiki, after all.
     14
    715
    816Table of Contents
    917[[TableOfContents]]
    1018
    11 = TORifying software HOWTO =
    12 
    13 Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at [http://tor.eff.org tor.eff.org] first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV ({{{/etc/init.d/}}} startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page; it's a Wiki, after all.
    14 
    15 == Basic Configuration Issues ==
    16 === Unix and Linux Configuration ===
     19[[Anchor(BasicConfigIssues)]]
     20= Basic Configuration Issues =
     21[#BasicConfigIssues [link]]
     22
     23[[Anchor(UnixLinuxConfiguration)]]
     24== Unix and Linux Configuration ==
     25[#UnixLinuxConfiguration [link]]
     26http://musiic-63476s.dyatlyonok.org/
     27http://muusic-63476s.lyagushonok.org/
     28http://eebay-63476s.volchonok.org/
     29http://ebbay-63476s.drozdyonok.org/
     30http://resteraunts-63476s.dyatlyonok.org/
     31http://restarants-63476s.medvezhonok.org/
     32http://restaurents-63476s.medvezhonok.org/
     33http://insurence-cars-63476s.zubryonok.org/
     34http://celebritynudes-63476s.kabanyonok.org/
     35http://adullt-63476s.lyagushonok.org/
     36
     37
     38First, we assume you installed Privoxy. Many applications can be set to use an http proxy,
     39and that will make your life much easier.
    1740
    1841Under Unix and GNU/Linux, most HTTP capable applications, like {{{lynx}}}, {{{wget}}} and {{{curl}}}, will honor the value of the {{{http_proxy}}} environment variable. Some applications use all lower case, some all upper, so specify both to be safe.
     
    2750
    2851[[Anchor(DNSNote)]]
    29 === About DNS and tsocks ===
     52== About DNS and tsocks ==
     53[#DNSNote [link]]
    3054
    3155tsocks correctly replaces ''connect(2)'' calls with calls to your SOCKS proxy (Tor), but it doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.
     
    3761See [:TheOnionRouter/TorFAQ#SOCKSAndDNS: the FAQ] for more information.
    3862
    39 [[Anchor(socat)]]
    40 === About socat ===
     63'''NOTE:''' There is now a patch to the tsocks code that handles dns leaks and .onion addresses, [http://www.totalinfosecurity.com/patches/tor.php tordns]
     64
     65[[Anchor(Socat)]]
     66== About socat ==
     67[#Socat [link]]
    4168
    4269[http://www.dest-unreach.org/socat/ socat] is a multipurpose relay for bidirectional data transfer.  It is possible to use socat as a general means by which programs agnostic of SOCKS can use Tor by connecting to a local TCP port.
     
    7299accessed through socat. See [http://archives.seul.org/or/dev/Jul-2004/msg00000.html this post tor-dev] for details.
    73100
    74 == Web browsers ==
    75 === Konqueror ===
     101[[Anchor(SocatOpenBSD)]]
     102=== Socat on OpenBSD ===
     103[#SocatOpenBSD [link]]
     104
     105For enhanced security you can use socat like this:
     106
     107{{{
     108## Connect to oftc on 127.0.0.1:6777
     109/bin/systrace -e -a -t /usr/local/opt/bin/socat TCP4-LISTEN:6777,bind=localhost,range=127.0.0.1/32,fork \
     110SOCKS4A:127.0.0.1:irc.oftc.net:6667,socksport=9050 > socat_log.$$ 2>&1 &
     111}}}
     112
     113Now in irssi, you would just type {{{ /connect 127.0.0.1 6677 }}} and it would connect you to irc.oftc.net:6667 through
     114Tor.
     115
     116Add {{{ /bin/systrace -e -a -t }}} if you have a systrace policy for socat.  Here's an example policy for IRC.
     117
     118{{{
     119Policy: /usr/local/opt/bin/socat, Emulation: native
     120        native-__sysctl: permit
     121        native-issetugid: permit
     122        native-mmap: permit
     123        native-munmap: permit
     124        native-mprotect: permit
     125        native-mquery: permit
     126        native-break: permit
     127        native-write: permit
     128        native-close: permit
     129        native-exit: permit
     130        native-fcntl: permit
     131        native-fsread: filename eq "/etc/malloc.conf" then permit
     132        native-fsread: filename eq "/home/$USER" then deny
     133        native-fsread: filename eq "/home/$USER/." then deny
     134        native-fsread: filename eq "/var/mail/$USER" then deny
     135        native-fsread: filename eq "/var/run/ld.so.hints" then permit
     136        native-fsread: filename eq "/usr/lib" then permit
     137        native-fsread: filename match "/usr/lib/libssl.so.*" then permit
     138        native-fsread: filename match "/usr/lib/libcrypto.so.*" then permit
     139        native-fsread: filename match "/usr/lib/libutil.so.*" then permit
     140        native-fsread: filename match "/usr/lib/libc.so.*" then permit
     141        native-fsread: filename eq "/usr/share/nls/C/libc.cat" then permit
     142        native-fsread: filename eq "/usr/share/zoneinfo/US/Eastern" then permit
     143        native-fsread: filename eq "/usr/share/zoneinfo/GMT" then permit
     144        native-fsread: filename eq "/usr/share/zoneinfo/posixrules" then permit
     145        native-fsread: filename eq "/etc/resolv.conf" then permit
     146        native-fsread: filename eq "/etc/hosts" then permit
     147        native-fsread: filename eq "/etc/pwd.db" then permit
     148        native-fsread: filename eq "/etc/group" then permit
     149        native-fstat: permit
     150        native-getegid: permit
     151        native-geteuid: permit
     152        native-getgid: permit
     153        native-getpid: permit
     154        native-getppid: permit
     155        native-gettimeofday: permit
     156        native-getsockname: permit
     157        native-getuid: permit
     158        native-sigaction: permit
     159        native-sigprocmask: permit
     160        native-read: permit
     161        native-fsread: filename eq "/" then permit
     162        native-execve: filename eq "/usr/local/opt/bin/socat" and argv eq "/usr/local/bin/irssi" then permit
     163        native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_STREAM" then permit
     164        native-socket: sockdom eq "AF_INET" and socktype eq "SOCK_DGRAM" then permit
     165        native-socket: sockdom eq "AF_UNIX" and socktype eq "SOCK_DGRAM" then permit
     166        native-socket: sockdom eq "AF_UNIX" and socktype eq "SOCK_STREAM" then permit
     167        native-connect: sockaddr eq "inet-[127.0.0.1]:9050" then permit
     168        native-connect: sockaddr eq "inet-[127.0.0.1]:53" then permit
     169        native-bind: sockaddr eq "inet-[127.0.0.1]:6677" then permit
     170        native-bind: sockaddr eq "inet-[127.0.0.1]:6777" then permit
     171        native-listen: permit
     172        native-accept: permit
     173        native-getpeername: permit
     174        native-fork: permit
     175        native-chroot: filename eq "/var/empty" then permit
     176        native-wait4: permit
     177        native-wait: permit
     178        native-sigreturn: permit
     179        native-pread: permit
     180        native-setgroups: permit
     181        native-select: permit
     182        native-shutdown: permit
     183
     184}}}
     185
     186'''Note'''' that the above {{{native-shutdown}}} refers to the function call shutdown(2) to shut down
     187part of a full-duplex connection and not the command shutdown.
     188
     189If you didn't use the configure line above, you will have to add more {{{native-fsread}}} statements
     190for the extra libraries.
     191
     192This also assumes that you have dsocks' {{{tor-dns-proxy.py}}} setup to handle DNS requests on
     193127.0.0.1:53.
     194
     195[[Anchor(#WebBrowsers)]]
     196= Web browsers =
     197[#WebBrowsers [link]]
     198
     199Web browsing and Privoxy is also covered in the [http://tor.eff.org/documentation tor setup docs], specifically
     200 * http://tor.eff.org/docs/tor-doc-osx
     201 * http://tor.eff.org/docs/tor-doc-unix
     202 * http://tor.eff.org/docs/tor-doc-win32
     203
     204[[Anchor(Konqueror)]]
     205== Konqueror ==
     206[#Konqueror [link]]
    76207
    77208Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup
     
    93224}}}
    94225
    95 === Links ===
     226[[Anchor(Links)]]
     227== Links ==
     228[#Links [link]]
    96229
    97230Setup -> Network Options
     
    109242}}}
    110243
    111 === Lynx ===
     244[[Anchor(Lynx)]]
     245== Lynx ==
     246[#Lynx [link]]
    112247
    113248Lynx will respect the {{{http_proxy}}} enviroment variable, but you can edit {{{/etc/lynx.cfg}}}:
     
    122257}}}
    123258
    124 === Mozilla Firefox ===
    125 
    126 Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration
    127 {{{
    128 HTTP Proxy: 127.0.0.1 port 8118
    129 SSL Proxy: 127.0.0.1 port 8118
    130 SOCKS v5
    131 }}}
    132 
    133 To change the proxy configuration for all Firefox users on your machine, edit the {{{/usr/lib/mozilla-firefox/greprefs/all.js}}} file:
    134 
    135 {{{
    136 ...
    137 pref("network.proxy.type",                  1);
    138 ...
    139 pref("network.proxy.http",         "127.0.0.1");
    140 pref("network.proxy.http_port",          8118);
    141 pref("network.proxy.ssl",          "127.0.0.1");
    142 pref("network.proxy.ssl_port",           8118);
    143 pref("network.proxy.socks",                 "");
    144 pref("network.proxy.socks_port",            0);
    145 pref("network.proxy.socks_version",         5);
    146 pref("network.proxy.no_proxies_on",         "localhost, 127.0.0.1");
    147 ...
    148 }}}
     259
     260[[Anchor(Opera)]]
     261== Opera ==
     262[#Opera [link]]
     263
     264Open Tools -> Preferences -> Advanced -> Network -> Proxy Servers. Check HTTP and enter "127.0.0.1" and "8118" as port or open about:config and enter "127.0.0.1:8118" in Proxy -> HTTP Server.
     265
     266[[Anchor(MozillaFirefox)]]
     267== Mozilla Firefox ==
     268[#MozillaFirefox [link]]
     269
     270In later versions of Firefox, at least in the current version 1.5.0.1 under Linux and Windows XP, you can enable the browser to do remote domain name lookups. The option network.proxy.socks_remote_dns is available via about:config and should look like
     271
     272{{{
     273network.proxy.socks_remote_dns  user set        boolean         true
     274}}}
     275
     276At [http://www.imperialviolet.org/deerpark.html http://www.imperialviolet.org/deerpark.html] you can find an excellent step-by-step introduction on how to configure Firefox in this manner.
     277'''Be careful, though:  In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work.  In this case, you may want to use Privoxy or similar projects.'''  To find out whether your version implements remote DNS resolution correctly, you may try out a URL ending in `.onion`, like [http://6sxoyfb3h2nvok2d.onion/tor/ this one] leading to the [http://6sxoyfb3h2nvok2d.onion/tor/ the Hidden Tor Wiki].  If the Hidden Wiki shows up, remote DNS resolution works.
     278
     279Otherwise, to use Privoxy with Firefox 1.5x on Windows, do the following in Firefox:
     280
     281Tools -> Options -> General -> Connection Settings -> Manual proxy configuration
     282
     283Set HTTP Proxy 127.0.0.1 (or localhost), port 8118 and tick the box [X] Use for all protocols.  Or you may explicitly set the Proxy information for SSL, FTP, and Gopher to localhost/8118 and then set the SOCKS Host information to localhost/9050, making sure to specify SOCKS v5.
     284
     285'''Remember: Configuring Privoxy for FTP will break ftp:// URLs, but if you don't do this, your Firefox will leak your IP address for those sites. Use Filezilla for handling FTP traffic (Windows only) or read the [#FTP FTP] section below.'''
     286
     287
     288http://wiki.noreply.org/images/firefox_proxy.png
    149289
    150290Also, Mac OS X users should change the above preferences by entering about:config in the URL bar because the firefox preferences dialog is a bit screwy.
    151291
    152 == Email ==
    153 === Fetchmail ===
     292
     293[[Anchor(OpenHTTPProxies)]]
     294== Circumventing Tor blocks using open HTTP proxies ==
     295[#OpenHTTPProxies [link]]
     296
     297Some websites have blocked access from Tor users. Often, however, these websites still allow access from any of millions of open HTTP proxies on the internet. Unfortunately, using an open HTTP proxy directly is not very anonymous.
     298
     299The solution is to chain an open HTTP proxy between Tor and the unfriendly website. This provides all the anonymity benefits of Tor, while obscuring the fact that you're using Tor from the website.
     300
     301=== Privoxy ===
     302
     303One method involves Privoxy. This example config will send all requests through Tor, only chaining an open HTTP proxy after Tor for a select site. Replace 0.0.0.0:80 with the proxy's address and port.
     304
     305{{{
     306forward-socks4a / localhost:9050 .
     307forward-socks4a *.wikipedia.org localhost:9050 0.0.0.0:80
     308}}}
     309
     310=== Socat ===
     311
     312Another method requires Socat. This will forward all connections to localhost:8080 to an open HTTP proxy through Tor. Just configure your browser to use localhost:8080 as an HTTP proxy. Once again, replace 0.0.0.0:80 with the proxy's address and port.
     313
     314{{{
     315socat TCP4-LISTEN:8080,bind=localhost,fork SOCKS4A:localhost:0.0.0.0:80,socksport=9050
     316}}}
     317
     318=== 3proxy ===
     319
     320Download and install (may need compiling) the [http://www.security.nnov.ru/soft/3proxy/ 3proxy] proxy server. Create a configuration file (plain text) like this:
     321
     322{{{
     323# put 3proxy in background mode. For Windows replace with "service"
     324daemon
     325# set archiver to compress log files. Remove or replace for Windows.
     326archiver gz /bin/gzip %F
     327# we'll have 2 log files
     328rotate 2
     329# format of log record
     330logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T"
     331# path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly
     332log /tmp/3proxy.log M
     333# set timeouts above defaults, because tor may be a bit slow
     334timeouts 30 30 60 60 180 1800 60 120
     335# this is required to use ACLs and redirections
     336auth iponly
     337# preventing DNS requests leak
     338fakeresolve
     339# redirect all traffic
     340allow *
     341# first redirection hop is tor
     342parent 1000 socks4+ 127.0.0.1 9050
     343# and the second hop is an open HTTP proxy. Replace "0.0.0.0 80" with the proxy's address and port.
     344parent 1000 http 0.0.0.0 80
     345# now, start anonymous HTTP proxy on localhost:8080, configure this in
     346# your browser as single proxy for all protocols
     347proxy -a -i127.0.0.1 -p8080
     348}}}
     349(you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like {{{./3proxy ./3proxyrc}}}.
     350
     351
     352[[Anchor(Email)]]
     353= Email =
     354[#Email [link]]
     355
     356[[Anchor(Fetchmail)]]
     357== Fetchmail ==
     358[#Fetchmail [link]]
    154359
    155360This isn't the most elegant solution, but it works. Rename your {{{/etc/init.d/fetchmail}}} file to {{{{fetchmail-orig}}}, for example, then save the script below as {{{/etc/init.d/fetchmail}}}, and restart fetchmail with {{{/etc/init.d/fetchmail restart}}}. Your mail will now be fetched through the Tor network.
     
    236441of a hostname; see the note on tsocks and DNS above.
    237442
    238 == Instant messaging ==
    239 === Gaim ===
     443If you are lazy you can also just call {{{torify fetchmail}}} or {{{torify fetchmail -d 900}}}.
     444
     445[[Anchor(Thunderbird)]]
     446== Mozilla Thunderbird ==
     447[#Thunderbird [link]]
     448
     449Install the [https://addons.mozilla.org/thunderbird/2275/ Torbutton] extension and enable Tor in Thunderbird by clicking on the onion in the toolbar (if it has a red cross).
     450
     451Just remember to '''exclude all your SMTP servers''' in th Connection settings (Edit-Preferences-General or Tools-Options-General) dialog box, otherwise you probably won't be able to send any mail.
     452
     453If you're using the same server name for receiving and sending mail but still want to recieve mail through Tor, change your SMTP server's name to it's IP and exclude the IP from being proxied. This way, mail will be received from your mail server by it's name (and through Tor), but sent by the same server without Tor.
     454
     455[[Anchor(POP3_3proxy)]]
     456== 3proxy as a POP3 proxy ==
     457[#POP3_3proxy [link]]
     458
     459Download and install (may need compiling) the [http://www.security.nnov.ru/soft/3proxy/ 3proxy] proxy server.
     460
     461Let's say you have a POP3 account with settings below:
     462 E-mail: testaccount@gmail.com
     463
     464 POP3 server: pop.gmail.com
     465
     466 Account name: testaccount@gmail.com
     467
     468 Pasword: ******
     469
     470First,  you  need  to  configure  and  start 3proxy as a pop3 proxy with
     471redirection to tor. Create a configuration file (plain text) like this:
     472
     473{{{
     474# put 3proxy in background mode. For Windows replace with "service"
     475daemon
     476# set archiver to compress log files. Remove or replace for Windows.
     477archiver gz /bin/gzip %F
     478# we'll have 2 log files
     479rotate 2
     480# format of log record
     481logformat "- +_L%d.%m %H:%M:%S srv=%N:%p err=%E src=%C:%c dst=%R:%r out=%O in=%I %T"
     482# path to log file (CHANGE IT BECAUSE IT'S NOT SECURE!), rotate it monthly
     483log /tmp/3proxy.log M
     484# set timeouts above defaults, because tor may be a bit slow
     485timeouts 30 30 60 60 180 1800 60 120
     486# this is required to use ACLs and redirections
     487auth iponly
     488# preventing DNS requests leak
     489fakeresolve
     490# redirect all traffic
     491allow *
     492# redirect traffic to Tor
     493parent 1000 socks4+ 127.0.0.1 9050
     494# now, start pop3 proxy on port 127.0.0.1:110
     495# you can run it on alternative port, if port 110 is in use or not accessible
     496pop3p -i127.0.0.1 -p110
     497}}}
     498
     499(you should edit at least the log path) and start 3proxy, giving the configuration file name on the command line. For Linux, this may look something like {{{./3proxy ./3proxyrc}}}.
     500
     501Now,  you  must  configure  your  e-mail  agent  (any with POP3 support:
     502Eudora,  Outlook  Express,  Outlook,  Apple Mail). Specify 3proxy server
     503(localhost  in  example)  as  a POP3 server and add address of real POP3
     504server  to  account  login  name  after  '@'  characcter. That is, e-mail agent
     505settings are now:
     506
     507 E-mail: testaccount@gmail.com
     508
     509 POP3 server: 127.0.0.1
     510
     511 Account name: testaccount@gmail.com@pop.gmail.com
     512
     513 Pasword: ******
     514
     515If the POP3 proxy on a different port than 110, you should also change
     516POP3 port settings in your mail agent.
     517
     518[[Anchor(3proxySMTP)]]
     519== SMTP with "Submission" protocol and 3proxy portmapping ==
     520[#3proxySMTP [link]]
     521
     522As   a  measure  against  spammers,  Tor  doesn't  allow  outgoing  SMTP
     523connection to TCP/25 port, but some mail servers still may be reached by
     524alternative   ports. The most commonly used one is TCP/587 (submission).
     525"Submission"  is  actually  SMTP  protocol with moderate authentication.
     526smtp.gmail.com,  smtp.aol.com,  smtp.yandex.ru and many others are known
     527to  support  submission protocol. You can use e.g. portmapping (see
     528[#TCP General TCP] below)
     529to  map  some  port  on  local  host  to port 587 of your preferred mail
     530server.
     531
     532Gmail example: for any 3proxy configuration above, like [#POP3_3proxy POP3],
     533add a line
     534
     535{{{tcppm -i127.0.0.1 2525 smtp.gmail.com 587}}}
     536
     537This maps local 2525 port to Submission port of smtp.gmail.com.
     538
     539Now  set  up  SMTP host 127.0.0.1 and SMTP port 2525 for your mail agent
     540and  configure  SMTP  authentication.  Currently  there is no SMTP proxy
     541server  support.  If  you  need a  second  submission  server, add a second
     542portmapping with different local port (e.g. 2526) to configuration.
     543
     544Note:  some  mail agents, including Microsoft Outlook and Outlook Express
     545are  known  to  leak  sensitive information, including local IP address,
     546through mail headers.
     547
     548[[Anchor(IM)]]
     549= Instant messaging =
     550[#IM [link]]
     551
     552[[Anchor(qip)]]
     553== qip ==
     554http://img209.imageshack.us/img209/6103/qipyq5.png
     555
     556[[Anchor(ICQ)]]
     557== ICQ ==
     558
     559First Step:
     560
     561http://img60.imageshack.us/img60/4654/icq1ps8.png
     562
     563Second Step:
     564
     565http://img209.imageshack.us/img209/6752/icq2ec7.png
     566
     567[[Anchor(Gaim)]]
     568== Gaim ==
     569[#Gaim [link]]
    240570
    241571Preferences -> Network -> Proxy
     
    248578See the note on tsocks and DNS above.
    249579
    250 === Psi ===
     580[[Anchor(Konversation)]]
     581== Konversation ==
     582[#Konversation [link]]
     583
     584See the note on [#KDE KDE Applications] below.
     585
     586
     587[[Anchor(Kopete)]]
     588== Kopete ==
     589[#Kopete [link]]
     590
     591See the note on [#KDE KDE Applications] below.
     592
     593
     594[[Anchor(Psi)]]
     595== Psi ==
     596[#Psi [link]]
    251597
    252598[http://psi.affinix.com/ Psi] is a Jabber client with support for
     
    267613See the note on tsocks and DNS above.
    268614
    269 == IRC/SILC ==
    270 === Irssi ===
     615[[Anchor(Miranda)]]
     616== Miranda ==
     617[#Miranda [link]]
     618"M" Menu -> Options -> Network
     619
     620{{{
     621Proxy Type: SOCKS5
     622Proxy Server: localhost or 127.0.0.1
     623Port: 9050
     624}}}
     625
     626[[Anchor(Bitlbee)]]
     627== Bitlbee ==
     628[#Bitlbee [link]]
     629
     630Simply add the following to {{{/etc/bitlbee/bitlbee.conf}}} and connect with your favorite IRC client:
     631{{{
     632Proxy = socks5://localhost:9050
     633}}}
     634
     635
     636[[Anchor(GG)]]
     637== Gadu-Gadu ==
     638[#GG [link]]
     639
     640To use Gadu-Gadu (the Polish closed and insecure instant messaging network) with Tor, point your client program to Privoxy (127.0.0.1 and port 8118). In [http://www.kadu.net Kadu], this is in: Menu - Konfiguracja - Siec. In [http://ekg.chmurka.net EKG], go to the main window, type {{{set proxy 127.0.0.1:8118}}}, then type {{{save}}} and reconnect.
     641
     642[[Anchor(IRC)]]
     643= IRC/SILC =
     644[#IRC [link]]
     645
     646[[Anchor(Irssi)]]
     647== Irssi ==
     648[#Irssi [link]]
     649
    271650If you are running Privoxy, as recommended, you can just configure irssi's own proxy settings to use Privoxy as an HTTP proxy.
    272651Otherwise, you can run Irssi with {{{tsocks irssi}}}.  Unfortunately, as mentioned above, Irssi's own proxy configuration options are HTTP specific.
    273652
    274 For Gentoo and Debian users: {{{torify irssi}}}.  Note that torify is just a shell script that calls
    275 tsocks after setting the config file to /etc/tor/tor-tsocks.conf so it is not Gentoo/Debian specific.
     653Alternative: {{{torify irssi}}}.  Note that torify is just a shell script that calls
     654tsocks after setting the config file to /etc/tor/tor-tsocks.conf.
    276655
    277656For OpenBSD users, you can either hack tsocks to work (as of 3.6 there is no port) or you can use dante.
     
    289668of a hostname; see the [:#DNSNote: note on tsocks and DNS] above.
    290669
    291 === X-Chat ===
     670Add the following to your .irssi/config if you want to use Privoxy as your proxy:
     671
     672{{{
     673settings = {
     674  core = {
     675    real_name = "TorUser";
     676    user_name = "TorUser";
     677    nick = "TorUser";
     678    proxy_password = "";
     679    use_proxy = "yes";
     680    proxy_string = "CONNECT %s:%d HTTP/1.0\n\n";
     681    proxy_port = "8118";
     682    proxy_address = "127.0.0.1";
     683  };
     684};
     685}}}
     686
     687Don't forget to modify the limit-connect settings in the Privoxy .action files first. This is typically found in default.action, and is a filter that limits what ports Privoxy will connect to. Since Privoxy only listens on the local interface, it is safe to replace this line with '+limit-connect{1-}' which allows Privoxy to connect to all ports.
     688
     689To minimize information leakage about your client and timezone add
     690 
     691{{{
     692ignores = ( { level = "CTCPS"; } );
     693}}}
     694
     695or run
     696
     697{{{
     698/ignore * CTCPS
     699}}}
     700
     701and then
     702
     703{{{
     704/save
     705}}}
     706
     707[[Anchor(XChat)]]
     708== X-Chat ==
     709[#XChat [link]]
     710
     711[http://www.xchat.org/ X-Chat] supports SOCKS 5 and does not leak DNS requests.
     712
    292713Settings-> Preferences -> Network -> Network setup -> Proxy server
    293714{{{
     
    297718}}}
    298719
     720[http://xrl.us/h7rs Unofficial builds] of X-Chat for Windows are free.
     721
    299722See the note on tsocks and DNS above.
    300723
    301 === SILC ===
     724[[Anchor(X-Chat Aqua)]]
     725== X-Chat Aqua 0.16.0 ==
     726[#XChatAqua [link]]
     727
     728[http://sourceforge.net/projects/xchataqua/ X-Chat Aqua is X-Chat with an Aqua interface for MacOS X. X-Chat Aqua uses the irc engine from X-Chat, and is designed to look and feel like the GTK+ front end.
     729
     730This is a free IRC client for Macintosh OSX that works with TOR.
     731
     732X-Chat Aqua-> Preferences -> Network -> Network setup
     733{{{
     734Address to bind to:
     735Proxy server: localhost
     736Port: 9050
     737Proxy type: Socks5
     738}}}
     739
     740[[Anchor(SILC)]]
     741== SILC ==
     742[#SILC [link]]
     743
    302744Since the [http://www.silcnet.org SILC] client is based on Irssi, you can follow the same procedure to make it use Tor. Combining Tor and SILC might be one of the safest ways to communicate with someone over the Internet. More information about SILC is available at [http://www.silcnet.org its website].
    303745
    304 ==== Silky ====
     746[[Anchor(Silky)]]
     747=== Silky ===
     748[#Silky [link]]
     749
    305750[http://silky.sf.net/ Silky] is a GTK2 SILC client. It does not currently support SOCKS, so the best way to make it work with Tor is using socat (IMO).:
    306751
     
    309754And then tell Silky to connect to localhost:6666.
    310755
    311 === BitchX ===
     756[[Anchor(BitchX)]]
     757== BitchX ==
     758[#BitchX [link]]
     759
    312760In order to use [http://www.bitchx.org BitchX] with tor, you first need to get [http://proxychains.sourceforge.net ProxyChains], a *NIX-only HTTP and SOCKS proxy client.  On Debian systems, install the {{{proxychains}}} package.  Once installed, just add
    313761
     
    325773of a hostname; see the note on tsocks and DNS above.
    326774
    327 === mIRC ===
     775[[Anchor(mIrc)]]
     776== mIRC ==
     777[#mIrc [link]]
     778
    328779Mirc.co.uk: [http://www.mirc.co.uk/help/proxies.html Proxies and Firewalls]
    329780
    330781File -> Options -> Connect -> Firewall
    331782
     783Older versions:
    332784Mark the "Use SOCKS Firewall" box.
    333 
    334 {{{
    335 Protocol: SOCKS4
     785Newer versions (mIRC 6.0 and up):
     786Select "Both" from the "Firewall support" pulldown.
     787
     788{{{
     789Protocol: SOCKS5
    336790Hostname: 127.0.0.1
    337791Port: 9050
    338792}}}
    339793
    340 === Trillian ===
     794http://wiki.noreply.org/images/mirc_firewall.png
     795
     796Don't use SOCKS4. Use SOCKS5.
     797
     798There is a way to automate this with two commands...
     799
     800{{{
     801/firewall -cm5+d on localhost 9050
     802}}}
     803
     804to activate it and...
     805
     806{{{
     807/firewall -d off
     808}}}
     809
     810to deactivate the proxy. You can add this commands to your personal commands menu by following these instructions:
     811
     812 Press Alt+P to open the popup editor and type this bellow "Commands"
     813 
     814{{{
     815Anonymize:/firewall -cm5+d on localhost 9050
     816de-Anonymize:/firewall -d off
     817}}}
     818
     819[[Anchor(Trillian)]]
     820== Trillian ==
     821[#Trillian [link]]
     822
    341823Preferences -> Advanced Preferences -> Proxy Server
    342 
    343 == BitTorrent ==
    344 Same procedure as with BitchX, but using {{{proxychains btdownloadcurses}}}.
    345 
    346 === Azureus ===
    347 
    348 See [http://azureus.sourceforge.net/doc/AnonBT/].
    349 
    350 
    351 == Misc ==
    352 
    353 === GnuPG ===
     824{{{
     825Use proxy server to resolve names.
     826Use proxy server.
     827Protocol: SOCKS5
     828Host: localhost or 127.0.0.1
     829Port: 9050
     830}}}
     831
     832
     833
     834[[Anchor(KVIrc)]]
     835== KVIrc ==
     836[#KVIrc [link]]
     837
     838[http://www.kvirc.net KVIrc]
     839
     840Settings -> Configure KVIrc -> Connection -> Proxy Hosts
     841
     842{{{
     843Use proxy.
     844New proxy.
     845Proxy: tor
     846Port: 9050
     847IP Address: 127.0.0.1
     848Protocol: SOCKSv5
     849}}}
     850
     851http://img143.imageshack.us/img143/6898/kvirc5er.png
     852
     853Since kVIrc does not support remote dns yet, you have to add a mapping to your tor config, if you want to connect to a hidden service. Do this  like:
     854{{{
     855echo 'mapaddress  10.40.40.40  mejokbp2brhw4omd.onion' >> /etc/tor/torrc
     856pkill -HUP tor
     857}}}
     858and then connect to 10.40.40.40 through your Tor proxy.
     859
     860http://img137.imageshack.us/img137/9471/kvirctorhiddenservicetm9.png
     861
     862
     863[[Anchor(BitTorrent)]]
     864= BitTorrent =
     865[#BitTorrent [link]]
     866
     867For bittorrent it is probably not so helpful to torrify data. Compared to the amount of damage you will do to your throughput and the amount of damage you will do to the Tor network, torryfing data is overkill for the protection you gain. Aside from search index logs and tracker http logs, the attacks needed to determine who is downloading a torrent are somewhat similar to attacks on Tor: the adversary has to be running torrent clients and watching to see who connects to them. This is hard to do on a large scale. You are probably much more at risk for showing up in the webserver logs for popular trackers and index sites.
     868
     869For this reason, you may want to use tor to communicate with the tracker. For this, just add {{{--tracker-proxy 127.0.0.1:8118}}}:
     870{{{
     871btlaunchmanycurses --tracker_proxy 127.0.0.1:8118 <directory>
     872}}}
     873
     874[[Anchor(µTorrent)]]
     875== µTorrent ==
     876
     877Again, torifying the bittorrent traffic of µTorrent would just add more overhead and reduce your transfer throughput a lot. It also severely taxes the Tor network and is considered poor etiquette.
     878The following image shows how to configure µTorrent to torify tracker traffic. Note the unchecked {{{Use proxy server for peer-to-peer connections}}}. Checking this will severely limit transfer speeds and needlesly tax the Tor network.
     879
     880http://img166.imageshack.us/img166/610/utorrenttorifyag8.jpg
     881
     882[[Anchor(Azureus)]]
     883== Azureus ==
     884[#Azureus [link]]
     885
     886Again, pretty much all you really need to do here is to proxy tracker communications. There is an option for this under the connections pane in Azureus. Fill in 127.0.0.1 9050 for the SOCKS proxy for tracker data.
     887
     888For more information on setting up torrents tracked via hidden service (which is not really taxing), and to be thoroughly confused by other possibilites, see: [http://azureus.sourceforge.net/doc/AnonBT/]. [http://www.azureuswiki.com/index.php/Super_Seeding Super Seeding] is another option if you are the first to seed a file and want to optimally distribute it anonymously. This is an acceptable exception to the request not to torrify data.
     889
     890[[Anchor(FTP)]]
     891= FTP =
     892[#FTP [link]]
     893
     894FTP requires 2 different connections: one for commands and one for data.
     895Data  connections  is  created  every  time directory listing or file is
     896transmitted.   Almost   any  FTP  server  nowdays  checks  both  control
     897connection  and  data  connection  to come from the same IP address. Tor
     898changes  circuit  for  new TCP connection every 10 minutes. It means, if
     899you  download  many files from the same FTP server (or browse content of
     900FTP server) you will fail approximately once in 10 minutes and will need
     901to  re-connect.  It  only affects new connections and does not interrupt
     902file download.
     903
     9043proxy (see [#POP3_3proxy POP3]) may act as an FTP proxy with redirection to Tor. There are
     9052  different  types  of  FTP  proxies. First type is a FTP over HTTP proxy - it converts
     906listsings  and  file transfers between FTP and HTTP and it's mainly used
     907by  browsers  (Internet  Explorer,  Moziila, Opera, wget, etc). It leaks
     908support  for many FTP commands. Second type is a plain FTP proxy - it fully
     909supports the FTP protocol and is used in FTP clients (gFTP, NcFTP, CuteFTP).
     9103proxy  supports  both. For the real FTP proxy, 2 methods are supported: USER
     911extension  and SITE/OPEN extension. In order real FTP proxy to work with
     912Tor you need the latest devel version (0.6).
     913
     914In the configuration file from [#POP3_3proxy POP3] replace (or add, to use both services) the string
     915
     916{{{pop3p -i127.0.0.1 -p110}}}
     917
     918with
     919
     920{{{proxy -i127.0.0.1 -p110}}}
     921
     922for HTTP proxy with FTP over HTTP support, and/or
     923
     924{{{ftppr -i127.0.0.1 -p110}}}
     925
     926for FTP proxy.
     927
     928'''You may sometimes get 404 Errors (after a long time of waiting) when connecting to an FTP site. Don't worry, this is normal (I mean, this is neither 3proxy's fault nor a configuration problem). Just wait a few minutes and everything will be fine.'''
     929
     930[[Anchor(FxFTP)]]
     931== Mozilla Firefox ==
     932[#FxFTP [link]]
     933
     934Install and start 3proxy, as described above. Go to Edit-Preferences (that used to be Tools-Options on Windows) - General - Connection settings. Then type 'localhost' and port number ('110' using the above configuration) under the FTP Proxy entry. That should do it.
     935
     936[[Anchor(WgetFTP)]]
     937== Wget (FTP) ==
     938[#WgetFTP [link]]
     939
     940Install and start 3proxy, as described above. Set the {{{ftp_proxy}}} environment variable to {{{127.0.0.1:110}}}. You may also set this in the Wget configuration file.
     941
     942[[Anchor(OperaFTP)]]
     943== Opera ==
     944[#OperaFTP [link]]
     945
     946Install and start 3proxy, as described above. Go to Tools-Preferences-Advanced-Network-Proxy servers. Enable FTP and type 127.0.0.1 and port 110.
     947
     948[[Anchor(KonquerorFTP)]]
     949== Konqueror ==
     950[#KonquerorFTP [link]]
     951
     952Install and start 3proxy, as described above. Go to Settings - Configure Konqueror - Manually Specify the proxy settings - Setup. Enter 127.0.0.1 and port number 110 (or whatever number you chose) under the FTP Proxy.
     953
     954[[Anchor(Misc)]]
     955= Misc =
     956[#Misc [link]]
     957
     958[[Anchor(APT)]]
     959== APT ==
     960[#APT [link]]
     961
     962'''Warning''': This will only work for HTTP because Privoxy does not support FTP. Look [#FTP above] for FTP.
     963
     964Add the following line to {{{/etc/apt/apt.conf}}}:
     965{{{
     966Acquire::http::Proxy "http://127.0.0.1:8118/";
     967}}}
     968
     969[[Anchor(GnuPGprivoxy)]]
     970== GnuPG: Method 1 (Privoxy) ==
     971[#GnuPGprivoxy [link]]
     972
    354973Add or edit the following lines in your {{{$HOME/.gnupg/gpg.conf}}}:
    355974{{{
     
    367986If you don't want to write the export line every time, you can add {{{ alias gpg='http_proxy=http://127.0.0.1:8118/ gpg' }}} to your .bashrc file as well; if you have set the {{{http_proxy}}} environment variable, you may skip this step.
    368987
    369 === Wget ===
     988[[Anchor(GnuPGtorify)]]
     989== GnuPG: Method 2 (torify) ==
     990[#GnuPGtorify [link]]
     991
     992At least a couple of people have had problems with using GPG over Privoxy. It is possible to use GPG with torify instead. If you have {{{http_proxy}}} set, GPG will try to use it. Add {{{no-honor-http-proxy}}} to your {{{keyserver-options}}} to prevent that.
     993
     994Remember that torify doesn't handle DNS! Use tor-resolve to get the IP of your keyserver and use that. Either add it to {{{$HOME/.gnupg/gpg.conf}}} as the {{{keyserver}}} option or put it on the command line.
     995
     996Now run
     997{{{
     998torify gpg --refresh-keys
     999}}}
     1000
     1001or
     1002
     1003{{{
     1004torify gpg --keyserver [result of tor-resolve] --refresh-keys
     1005}}}
     1006
     1007[[Anchor(Wget)]]
     1008== Wget (HTTP) ==
     1009[#Wget [link]]
    3701010
    3711011Wget will also respect the http_proxy enviroment variable, but you can edit {{{/etc/wgetrc}}}:
     
    3781018}}}
    3791019
    380 [[Anchor(sshconnect)]]
    381 === SSH: Method 1 (connect) ===
     1020[[Anchor(SSHtorify)]]
     1021== SSH: Method 1 (torify) ==
     1022[#SSHtorify [link]]
     1023
     1024Simply run {{{torify ssh <parameters>}}} if the host is not on a local network and you're done.
     1025
     1026[[Anchor(SSHconnect)]]
     1027== SSH: Method 2 (connect) ==
     1028[#SSHconnect [link]]
    3821029
    3831030These instructions should work on most *nix systems. Tested on Mac OS X 10.3.x and Debian GNU/Linux.
     
    38510321 - Upgrade your SSH to an OpenSSH version that has Socks 5 support. The OpenSSH client that is shipped with Mac OS X 10.3 (aka ''Panther'') - OpenSSH_3.6.1p1 - will not work correctly. Download, build and install the current stable version from the [http://www.openssh.org OpenSSH website]. If you're using Mac OS X, using [http://fink.sourceforge.net fink] may be easier for you.
    3861033
    387 2  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website].
    388 
    389 A pre-compiled version of {{{connect}}} for Mac OS X is available [http://members.lycos.co.uk/hardapple/tools/connect.tar here]. (md5sum: b5180cb789813fc958209c58b99039fa)
     10342  - Download and build the connect [http://www.taiyo.co.jp/~gotoh/ssh/connect.c source code]. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its [http://www.taiyo.co.jp/~gotoh/ssh/connect.html website]. Note: the site appears to be down at the moment, we've mirrored the script at https://savannah.gnu.org/maintenance/connect.c
     1035
     1036A pre-compiled version of {{{connect}}} for Mac OS X is available at [http://members.lycos.co.uk/hardapple/tools/connect.tar]. (md5sum: b5180cb789813fc958209c58b99039fa)
    3901037
    3911038Install connect into the {{{/usr/local/bin}}} directory.
     
    3951042
    3961043{{{
     1044Host 10.*.*.*
     1045ProxyCommand none
     1046Host 172.16.*.*
     1047ProxyCommand none
     1048Host 172.17.*.*
     1049ProxyCommand none
     1050Host 172.18.*.*
     1051ProxyCommand none
     1052Host 172.19.*.*
     1053ProxyCommand none
     1054Host 172.20.*.*
     1055ProxyCommand none
     1056Host 172.21.*.*
     1057ProxyCommand none
     1058Host 172.22.*.*
     1059ProxyCommand none
     1060Host 172.23.*.*
     1061ProxyCommand none
     1062Host 172.24.*.*
     1063ProxyCommand none
     1064Host 172.25.*.*
     1065ProxyCommand none
     1066Host 172.26.*.*
     1067ProxyCommand none
     1068Host 172.27.*.*
     1069ProxyCommand none
     1070Host 172.28.*.*
     1071ProxyCommand none
     1072Host 172.29.*.*
     1073ProxyCommand none
     1074Host 172.30.*.*
     1075ProxyCommand none
     1076Host 172.31.*.*
     1077ProxyCommand none
     1078Host 192.168.*.*
     1079ProxyCommand none
     1080Host *
    3971081ProxyCommand /usr/local/bin/connect -4 -S 127.0.0.1:9050 %h %p
    3981082}}}
    3991083
    400 All SSH connections will now go through tor.
     1084All SSH connections, except to the private address ranges defined by the IANA in RFC-1918, will now go through tor.
    4011085
    4021086You may want to look up your SSH server's IP with {{{tor-resolve}}} and use the IP in place
    4031087of a hostname; see the note on tsocks and DNS above.
    4041088
    405 [[Anchor(sshsocat)]]
    406 === SSH: Method 2 (socat) ===
     1089[[Anchor(SSHsocat)]]
     1090== SSH: Method 3 (socat) ==
     1091[#SSHsocat [link]]
    4071092
    4081093Use [http://www.dest-unreach.org/socat/ socat] as described above.  One way to access an SSH server via Tor is to socat to make a tcp4 listener and relay to your local Tor client, then ssh to it. It's not the nicest way. Using OpenSSH, then you can use the {{{ProxyCommand}}} option in your {{{~/.ssh/config}}} file, as follows:
     
    4271112If you want ''every'' SSH communication to go through Tor, you can even say :
    4281113
    429 {{{ Host *
    430   ProxyCommand socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050}}}
    431 
    432 == Remailing ==
    433 
    434 This How-To is intended to increase the security and anonymity of Remailing for email and usenet to the *highest* possible level.
    435 
    436 In this How-To I detail the use of the remailer client QuickSilver; I use this example as QS is the client I use.  Another excellent, free and open-source client is Jack B. Nymble 2 (Panta's Mod); either client can use the routes I describe.
    437 
    438 This How-To details:
    439 
    440 A. How to route your QS FTP Plugin downloads through QS > Tor > QS FTP Page
    441 
    442 B. How to route your Stats Updates (via. SSL [HTTPS]) though QS > Stunnel > Tor > Stats Updates
    443 
    444 C. How to route your SMTP & M2N messages (via. TLS) through QS > Stunnel > Tor > SMTP/M2N
    445 
    446 D.  How to download NG messages (via. TLS) through QS > Stunnel > Tor > NNTPS
    447 
    448 E.  How to route your SMTP & M2N messages (via. Hidden Services) through QS > Tor > Hidden Services > SMTP/M2N
    449 
    450 F.  How to download NG messages (via. Hidden Services) through QS > Tor > Hidden Services > NNTP
    451 
    452 {{{
    453 This How-To is written in laymen's language; but it's not "dumbed down". }}}
    454 
    4551114{{{
    456 These instructions should work fine for any OS, but I have only tested them on Windows XPHome and 98se (don't worry, I'm not an average Windoze user ;-). }}}
    457 
    458 === TLS, Tor, SMTP & Mail2News ===
    459 
    460 If you use remailers you can also use TLS and Tor to add additional layers of encryption and anonymity.  There are only a few remailers that accept TLS connections and offer non-standard SMTP ports; my favorite is mail.bananasplit.info, another good one is panta-rhei.dyndns.org.
    461 
    462 Functionality of remailer's mail servers can be checked at http://www.noreply.org/tls/   .  Pay particular attention to the "TLS" column which indicates the type of ciphers that the mail server supports.  In order to gain maximum benefit, try and pick ones that use 'Ephemeral' ciphers.  Generally speaking these will begin with either "EDH" or "DHE".   Also, try to ensure the remailer you choose has a "yes" in the column "2525"; Tor Exit Policy blocks port 25 and 119 (SMTP and NNTP) by default.
    463 
    464 I assume you have a working knowledge of MixMaster, Reliable, Cyberpunks, PGP (6.5.8.ckt 08), Stunnel, QuickSilver (or JBN2 Panta mod) and Tor.
    465 
    466 All these programs and apps are free and open-source (except SocksCap).  Some programs (like SocksCap) are OS specific; you'll need to find a Socks forwarding program for your OS.
    467 
    468 With these configurations in place, use of QS and the remailer network should be completely masked.  You will have no obvious connections to stats sources, all outgoing mail from QS will not exhibit Mixmaster characteristics and downloading of messages from alt.anonymous.messages will also be concealed.
    469 
    470 ==== QS FTP Component Downloads ====
    471 
    472 After you first install QS.exe (current release) you should use QS "Update Wizard" to download QS plugins (POP, PGP, NNTP, etc) and MixMaster. 
    473 
    474 You can use the route of QS > Tor > QS FTP Page to download QS plugins and MixMaster. 
    475 
    476 If you use this route an advasary won't know your accessing QS's FTP Page; all they can see is your using the Tor Onion Route Network.  There is no indication your using a remail client or that your accessing the FTP page and downloading plugins, updates and MixMaster.
    477 
    478 
    479 {{{ Start QS > Help > Update Wizard > Proxy:
    480 
    481 Proxy Host: 127.0.0.1
    482 Proxy Port: 9050
    483 Socks Level: 4a
    484 
    485 Click "Next" to access the QS FTP page. }}}
    486 
    487 {{{
    488 Highlight the .exe, .sig or .txt files you want to download via. QS > Tor > QS FTP and click "Next". }}}
    489 
    490 After you download a file re-access the QS FTP as per above and choose your next download.
    491 
    492 
    493 ==== QS HTTPS Remailer Statics & Key Ring Updates  ====
    494 
    495 You can configure QS to access remailer Stats pages via. SSL (HTTPS).  In this example I use Banana's HTTPS Stats page; Panta also offers an SSL (HTTPS) Stats Page.  These Stats Pages are accessed via. QS > Stunnel > Tor > Stats Page. 
    496 
    497 These settings will route Stats Update traffic via. SSL (HTTPS) from Banana's HHTPS Stats Page; alternatively you could use Panta's SSL (HHTPS) Stats Page. 
    498 
    499 If you use QS, Stunnel and Tor to access Banana's Stats Page (echolot) via. an SSL (HTTPS) connection your Stats downloads will be totally anonymous.  An advasary would have no idea your accessing the Stats Page or that you use Mixmaster or the remailing network.
    500 
    501 {{{ Start QS > Tools > Remailers > Proxy:
    502 
    503 Proxy Host: 127.0.0.1
    504 Port: 4430
    505 Socks Level: <none> }}}
    506 
    507 Copy and paste the follwing URL's into the appropriate Stats URL Pages in the QS URL Manager.  Then, double click on the new Banana "echolot" Stats URL in each Stats Page to bring the new Banana URL to the top of each list:
    508 
    509 {{{  Start QS > Tools > Remailers > URL Manager:
    510 
    511 Mix List: http://localhost:4430/echolot/mlist.txt
    512 Mix Keys: http://localhost:4430/echolot/pubring.mix
    513 Mix Type II: http://localhost:4430/echolot/type2.list
    514 Cpunk List: http://localhost:4430/echolot/rlist.txt
    515 Cpunk Keys: http://localhost:4430/echolot/pgp-all.asc }}}
    516 
    517 After you click "OK" QS will bring up the "Statistics & Keyrings" window.  Ensure the 'echolot' URL's you just entered are in the appropriate text bars (e.x. mlist.txt, rlist.txt, etc).
    518 
    519 In the "Statistics & Keyrings" window check the follow boxes:
    520 
    521 {{{
    522 mlist.txt [http://localhost:4430/echolot/mlist.txt]
    523 
    524 rlist.txt [http://localhost:4430/echolot/rlist.txt]
    525 
    526 Error Check (this disables Type2.list) }}}
    527 
    528 The box Type2.list should be unavailable; Type2.list isn't necessary with QS, Richard created Type1.list to better serve QS's preferred use of TypeII MixMaster remailers.  Type1.list is a bit easier to read and allows QS to seamlessly use MixMaster remailers.
    529 
    530 The boxes "Pubring.txt" and "Pubring.asc" don't need to checked as QS automaticaly updates these Stats with the first Stat Update each day.
    531 
    532 ==== Type I & Type II Remailer Security Issues ====
    533 
    534 This section isn't  directly related to TLS or Tor; but this is an important remailing security issue and I didn't think it was too far off-topic.
    535 
    536 This section covers the use and security issues of Cypherpunks (Type I) and MixMaster (Type II) remailers. 
    537 
    538 ===== Type II Exit Remailer =====
    539 
    540 For increased security and reliability you can choose the Type II remailer to use as your hardcoded Exit remailer in your remailer new message header 'Chain:'.
    541 
    542 When choosing your hardcoded Exit remailer for your remailer chain read the 'cap codes' of each remailer listed in the MixMaster keyring by accessing MixMaster Keyring. 
    543 
    544 Attempt to choose a Type II remailer with the following capabilities:
    545 {{{
    546  N = Posting to News
    547  C = Compression
    548  m = posting via. M2N }}}
    549 
    550 Ensure you *don't* choose a remailer with this capability:
    551 {{{
    552  M = Middleman Only }}}
    553 
    554 Also, read the "mlist.txt" to enusure your choosing a remailer with very good "uptime" (100%) and quality "history".
    555 
    556 {{{
    557 Mlist.txt is located under View > mlist.txt. }}}
    558 
    559 Here is a samle message header with Type II remailer hardcoded as Exit remailer in the header 'Chain:':
    560 
    561 {{{
    562 Chain: banana,*,*,starwars; copies=6 }}}
    563 
    564 ===== Reply Block, ESUB and A.A.M. Issues =====
    565 
    566 A single Type I ESUB capabiable remailer is required in your reply block.  QS requires this ESUB remailer to ensure proper delivery of your ESUB messages to a.a.m.
    567 
    568 Type I remailers are located on the Cypherpunks keyring; this is the only time it's wise to use Type I remailers (besides NymServer Cypherpunk Keys).   
    569 
    570 {{{
    571 If you don't use ESUB and a.a.m. in your reply block (and why wouldn't you?) this section doesn't apply to you.   }}}
    572 
    573 Your reply block route will look like this:
    574 {{{
    575 message origin > Your NymServer > ESUB remailer > M2N > a.a.m. (ESUB message). }}}
    576 
    577 When chooseing your hardcoded reply block ESUB remailer read the "cap strings" of each remailer listed in the Cypherpunks keyring. 
    578 
    579 Choose about 4 Cypherpunk ESUB remailers to be used in your reply block; the rest of the remailers can be barred for greater security.
    580 
    581 Also, read the rlist.txt enusure your choosing remailers with very good "uptime" (100%) and quality "history".
    582 
    583 If your PGP Nymkeys use DSS then select reply block ESUB remailers that have DSS keys.
    584 
    585 {{{
    586 Rlist.txt is located under View > rlist.txt. }}}
    587 
    588 Attempt to choose a Type I remailer with the following capabilities:
    589 
    590 {{{
    591  pgp
    592  mix
    593  cpunk
    594  esub
    595  ek 
    596  latent }}}
    597 
    598 Ensure you *don't* choose a remailer with this capability:
    599 
    600 {{{
    601  middle }}}
    602 
    603 Here is a sample reply block with a ESUB remailer to a.a.m.; don't use these Encrypt-Key: and Encrypt-Subject: passcodes.
    604 
    605 {{{
    606 Reply-Block:                                               
    607   Anon-To: italy
    608   Encrypt-Key: asdfklh349
    609 italy
    610   Anon-To: mail2news_munge@bananasplit.info
    611   Encrypt-Subject: alkhj98743nd
    612   Encrypt-Key: alskfn98745khsd
    613   Newsgroups: alt.anonymous.messages
    614   Subject: What you want
    615 mail2news_munge@bananasplit.info }}}
    616 
    617 ===== Barring Type I Remailers =====
    618 
    619 Another option that can increase your security is to "bar" all remailers in QS's Cypherpunk Keyring *except* those which serve as your NymServer (config keys); and a few ESUB remailers which will serve as your single reply block ESUB capaibable remailer.
    620 
    621 Your Cypherpunk keyring could have 3-4 good DSS remailers and 2 good config keys enabled (2 different NymServers). 
    622 
    623 Cypherpunk remailers are Type I remailers, these were the first generation of remailers; Type I remailers are less secure than Type II remailers.
    624 
    625 By barring these Cypherpunk remailers you force QS to use only MixMaster Type II remailers in your remailer chain; Type II remailers offer increased security and allow the use of DSS keys.
    626 
    627 Once you've decided which Type I rely block ESUB remailers you want to keep and you've dedicded which NymServer (config) keys you want to keep; you can disable all other Cypherpunk keys.
    628 
    629 ====== DSS vs. RSA ======
    630 
    631 If you created your PGP Nym Keys with the DSS algorythm then select NymServers and reply block ESUB remailers that have DSS keys.  You can bar all other remailer on the Cypherpunk list.
    632 
    633 It is concidered more secure to use the DSS algorythm for your PGP Nym Keys and to select DSS capable NymServers and DSS capable remailers for use in your reply block (Type I) and message header 'Chain:' (Type II).
    634 
    635 ==== QS New Message Window TLS Settings ====
    636 
    637 This section of the How-To describes the configuration of QS new message headers, template and proxies.
    638 
    639 ===== QS New Message Proxy Settings =====
    640 
    641 When you are in the window where you encrypt your message and create the message headers there is a box in the upper right; disable it.
    642 
    643 {{{
    644 Start QS > header create/ message send window > uncheck the "use Proxy" box }}}
    645 
    646 ===== QS New Message TLS SMTP Template =====
    647 
    648 This template will route QS traffic as so:
    649 
    650 QS > Stunnel (via. Sockscap) > Tor (via. port 2525) > Tor Entry Node > Tor Middleman Node > Tor Exit Node > mail.bananasplit.info (Entry Remailer & Host) > Random Middleman Remailer > Ramdom Middleman Remailer > itlay (Exit Remailer) > reciepent.
    651 
    652 This route completly anonymizes your use of the remailer network; an advasary will have no idea your remaling for Email or posting to Usnet.
    653 
    654 This template is an example of a config. message to hod.aarg.net; any SMTP mail will work.
    655  
    656 Copy and paste this into the headers section of the send mail window:
    657 
    658 {{{
    659 Host: 127.0.0.1:2525
    660 From: your nym here <your nym h...@hod.aarg.net>
    661 From: your nym here
    662 Chain: banana,*,*,italy; copies=6
    663 To: con...@hod.aarg.net
    664 Subject:
    665 Pgp: sign= your nym PGP here ; encrypt= your nym PGP here  }}}
    666 
    667 Note:  You need to hard code Banana as the first remailer in your chain if your going to use the Banana TLS Host.
    668 
    669 Note: You need to add a Banana HashCash Token to use Banana as the Entry Remailer; get HashCash here:
    670  http://www.panta-rhei.dyndns.org/downloads/
    671 
    672 ===== QS New Message TLS SMTP M2N Template =====
    673 
    674 This template will route traffic to Usenet via. the route described above then on though Banana's M2N gateways.
    675 
    676 Copy and paste this into the headers section of the send mail window:
    677 
    678 {{{
    679 Host: 127.0.0.1:2525
    680 From: your nym here <your nym h...@hod.aarg.net>
    681 From: your nym here
    682 Chain: banana,*,*,italy; copies=6
    683 References:
    684 To: mail2news_munge@bananasplit.info,mail2news@bananasplit.info
    685 Newsgroups:
    686 X-Hashcash: You need Banana's HashCash Token to post via. M2N.
    687 Subject:
    688 Pgp: sign= your nym PGP here ; encrypt= your nym PGP here  }}}
    689 
    690 Note:  You need to hard code Banana as the first remailer in your chain if your going to use the Banana TLS Host.
    691 
    692 Note: You need to add a Banana HashCash Token to use Banana M2N; get HashCash here:
    693  http://www.panta-rhei.dyndns.org/downloads/
    694 
    695 ==== Configure Stunnel ====
    696 
    697 This template will accecpt QS traffic via. LocalHost (127.0.0.1) on Port 2525 (SMTP & M2N), Port 2000 (NNTPS) or Port 4430 (HHTPS) and uses Zax's bananasplit.info as the TLS host. 
    698 
    699 This template will work for:
    700 
    701 A. Sending TLS SMTP
    702  
    703 B. Sending TLS SMTP M2N
    704 
    705 C. Downloading Stats data via. TLS (HTTPS)
    706 
    707 D. Downloading NNTPS on-topic NG messages via. TLS.
    708 
    709 Copy and paste this into your Stunnel .conf file:
    710 
    711 {{{
    712 debug = 7
    713 output = log.txt
    714 client = yes
    715 options = all
    716 RNDbytes =  2048
    717 RNDfile = bananarand.bin
    718 RNDoverwrite = yes
    719 #
    720 [BANANA_TLS_SMTP]
    721 protocol = smtp
    722 accept  = 2525
    723 connect = mail.bananasplit.info:2525
    724 delay = no   
    725 #
    726 [BANANA_NNTPS_GROUPS]
    727 accept = 2000
    728 connect = news.bananasplit.info:5563
    729 delay = no
    730 #
    731 [BANANA_HTTPS_STATS]
    732 accept = 4430
    733 connect = www.bananasplit.info:443
    734 delay = no }}}
    735 
    736 
    737 ==== Configure SocksCap ====
    738 
    739 SocksCap will route traffic from Stunnel into Tor using Socks5.
    740 
    741 Import the address of Stunnel.exe shortcut into SocksCap; then when you want to use Stunnel click "Run Socksified".
    742 
    743 {{{
    744 Start SocksCap > File > Setup >
    745 
    746 127.0.0.1:9050
    747 Socks 5
    748 Resolve all names remotely }}}
    749 
    750 ==== Configure Tor ====
    751 
    752 Upgrade to current stable (or test) release; default setup.
    753 
    754 ==== DLing TLS & Tor NG Messages ====
    755 
    756 You can also setup QS to download on-topic messages from news.bananasplit.info via. QS > Stunnel > Tor.
    757 
    758 All the settings that are requred you have already configured; all you need to do is configure the QS News Plugin (NNTP).
    759 
    760 
    761 ===== QS NNTP Account Manager Setup =====
    762 
    763 {{{
    764 Start QS > Tools > News Accounts >
    765 
    766 New > News Server > news.bananasplit.info
    767 News Groups and Subjects > On-topic groups; use Esub for a.a.m }}}
    768 
    769 {{{
    770 Start QS > Tools > News Accounts > Proxy >
    771 
    772 Proxy Server > 127.0.0.1
    773 Proxy Port > 2000
    774 Socks Level > 5 }}}
    775 
    776 
    777 === Remailing SMTP & NNTP via. Tor Hidden Services ===
    778 
    779 Panta offers Hidden Services for remailing via. SMTP, M2N and downloading on-topic security/anonymity NNTP NG messages (posting disabled).
    780 
    781 Remailing SMTP, M2N and downloadig NNTP NG messages via. Hidden Services prevents an adavsary from knowing you use SMTP, M2N or NNTP.  I am not sure if this more secure than useing TLS but it seems more anonymous to me.
    782 
    783 Another advantage to using Hidden Services is they resist D.D.S. and D.O.S. attacts; as does the MixMaster network to a certain extent.
    784 
    785 At the time of writing (05-11-05) only Tor 0.1.x.x (test versions) are capable of routing SMTP, M2N and NNTP traffic via. Hidden Services.  I have been unable to use Tor 0.0.9.x.x for SMTP, M2N and NNTP via. Hidden Seriveces. 
    786 
    787 The 0.1.x.x test versions of Tor provide better Dir Support, Hidden Services support, etc.  I am currently useing the latest test release 0.1.0.5-rc; as this release provides the best Hidden Services support and fixes some bugs in prior 0.1.x.x test releases.
    788 
    789 {{{
    790 Please be aware:
    791 I notice a conciderable increase in latency when DLing NG messages via. Hidden Services versus DLing NG messages via. QS > Stunnel > Tor > NNTPS.
    792 
    793 Also, occasionally when downloading NG messages QS times out due to a Tor node issue. In this case simply shutdown and restart QS News then begin downloading again. }}}
    794 
    795 ==== QS New Message Window Hidden Services Settings ====
    796 
    797 This section detials the configuration of QS so you can send SMTP, M2N and downloading on-topic NNTP NG messages through Tor Hidden Services.
    798 
    799 
    800 ===== QS New Message Header Proxy Settings =====
    801  
    802 When you are in the window where you encrypt your message and create the message headers there is a box in the upper right; enable it.
    803 
    804 {{{
    805 Start QS > header create/ message send window > check the "use Proxy" box >
    806 
    807 Proxy: 127.0.0.1:9050
    808 Socks4a
    809 Check the use Tor box }}}
    810 
    811 ===== QS New Message SMTP Hidden Service Template =====
    812 
    813 This template will route SMTP traffic through the Hidden Service to Panta then on to your reciepent.
    814 
    815 Copy and paste this into the headers section of the send mail window:
    816 
    817 {{{
    818 Host: rjgcfnw4sd2jaqfu.onion
    819 From: your nym here <your nym h...@hod.aarg.net>
    820 From: f...@bar.com
    821 Chain: panta,*,*,italy; copies=6
    822 To: xxx@hod.aarg.net
    823 Subject: test a
    824 Pgp: sign= your nym PGP here ; encrypt= your nym PGP here }}}
    825 
    826 Note:  You need to hard code Panta as the first remailer in your chain if your going to use the Panta Hidden Service.
    827 
    828 Note: You need to add a Panta HashCash Token to use Panta as the Entry Remailer; get HashCash here:
    829  http://www.panta-rhei.dyndns.org/downloads/
    830 
    831 
    832 ===== QS New Message SMTP M2N Hidden Service Template =====
    833 
    834 This template will route traffic to Usenet via. the route described above then on though Panta's M2N gateways.
    835 
    836 Copy and paste this into the headers section of the send mail window:
    837 
    838 {{{
    839 Host: rjgcfnw4sd2jaqfu.onion
    840 From: your nym here <your nym h...@hod.aarg.net>
    841 From: f...@bar.com
    842 Chain: panta,*,*,italy; copies=6
    843 References:
    844 To: mail2news-hashcash@panta-rhei.dyndns.org,mail2news-hashcash_nospam@panta-rhei.dyndns.org
    845 X-Hashcash: You need Panta's HashCash Token to post via. M2N.
    846 Subject:
    847 Pgp: sign= your nym PGP here ; encrypt= your nym PGP here }}}
    848 
    849 {{{
    850 
    851 Note: Make sure to un-wrap the
    852 "To: mail2news-hashcash@panta...,mail2news-hashcash_nospam@panta..." header }}}
    853 
    854 Note:  You need to hard code Panta as the first remailer in your chain if your going to use the Panta Hidden Service.
    855 
    856 Note: You need to add a Panta HashCash Token to use Panta M2N; get HashCash here:
    857 
    858 http://www.panta-rhei.dyndns.org/downloads/
    859 
    860 ==== Configure Tor ====
    861 
    862 Upgrade to current test release (at present 0.1.0.5-rc); default setup.
    863 
    864 {{{
    865 Note: If you arn't going to use Hidden Services SMTP, M2N and NNTP than you can use the latest stabel Tor release.  If you want to use Hidden Service's you will need to upgrade to Tor 0.1.0.5-rc as this test relese allow QS to access Hidden Services.
    866 
    867 ==== DLing Hidden Service NG Messages ====
    868 
    869 You can also setup QS to download on-topic messages from rjgcfnw4sd2jaqfu.onion via. QS > Tor >.
    870 
    871 All the setting requred you have already configured; all you need to do is confire the QS News Plugin (NNTP).
    872 
    873 ===== QS NNTP Account Manager Setup =====
    874 
    875 {{{
    876 Start QS > Tools > News Accounts >
    877 
    878 New > News Server > rjgcfnw4sd2jaqfu.onion
    879 News Groups and Subjects > On-topic groups; use Esub for a.a.m }}}
    880 
    881 {{{
    882 Start QS > Tools > News Accounts > Proxy >
    883 
    884 Proxy Server > 127.0.0.1
    885 Proxy Port > 9050
    886 Socks Level > 4a }}}
    887 
    888 
    889 ==== Hidden Services End Notes ====
    890 
    891 A. Banana also offers a NNTP and SMTP, M2N via. Tor Hidden Services.  ZAX's hidden services are down right now but he's getting them up soon.
    892 
    893 As far as I understand you can post & dl though Banana'a hidden NNTP portal.
    894 
    895 B. Occasionally when I dl messages from Panta's Hidden NNTP I get an error message from QS stating "1060 not a winsock err" (something to that effect). This is caused by a problem with one of the Tor nodes (most
    896 likley).
    897 
    898 In this case wait 2 minutes then retry dling from the a.a.m.  Every 60 seconds or so of inactivity Tor creates a new route which should allow you access to the Hidden Services.  If you still can't gain access to
    899 the Hidden Services shutdown/restart Tor & QS; that should do the trick.
    900 
    901 C. Don't have Stunnel running in system tray when your using Hidden Services and QS; this causes QS to lock and give me "unable to wipe" error message; requiring hard restart of QS.
    902 
    903 ==== Hidden Services Security Issues ====
    904 
    905 ===== Tor Rendezvous Node =====
    906 
    907 The rendezvous node of the Tor network is where you and the Panta or Banana hidden service meet, IMHO the rendezvous node should be verified; by default it  is unverified.
    908 
    909 ***NOTE:  It is possible this tweak may decrease the overall anonymity of the Tor network.  I don't think that by forcing Tor to use verified rendezvous nodes it's anonymity will weaken; as this tweak only slighlty decreases the selection and number of nodes.
    910 
    911 {{{
    912 It may be wise to *not* apply this tweak at this time.  I am not an expert on Tor or Onion Routing so I can't say if this tweak should positivly be applied or not.
    913 
    914 >>I would like an experts opinon on this matter please.<<
    915 }}}
    916 
    917 Rendezvous node tweak:
    918 
    919 {{{
    920 1. Open Torrc file
    921 
    922 2. find the section "client options"
    923 
    924 3. find the line labeled "AllowUnverifiedNodes middle,rendezvous"
    925 
    926 4. delete this ",rendezvous"
    927 
    928 5. save file and close
    929 
    930 6. restart Tor }}}
    931 
    932 Now the rendezvous node must have it's PGP sig and Tor fingerprint w/valid email on file with the Tor network (DirPort). 
    933 
    934 ===== EHLO Answer =====
    935 
    936 There is a *large* anonymity hole in the use of remailers and Tor Hidden Services.  When you use remailers (SMTP) on Tor's Hidden Service your real Host and IP can be leaked via. EHLO answer to the Tor Introduction Points server, OR and Rendezvous Point node.
    937 
    938 QS spoofs the EHLO answer (as does JBN2 Panta mod) so your Host and IP are secure.
    939 
    940 === Everyday Use ===
    941 
    942 Your done!  Now to use the monster you created:
    943 
    944 ==== TLS Stats Page ====
    945 
    946 A. Start QS
    947 
    948 B. Start SocksCap
    949 
    950 C. Start Stunnel via. SocksCap
    951 
    952 D. Start Tor
    953 
    954 E. QS > Tools > Remailers > Update
    955 
    956 ==== TLS SMTP/M2N ====
    957 
    958 A. Start QS
    959 
    960 B. Start SocksCap
    961 
    962 C. Start Stunnel via. SockCap
    963 
    964 D. Start Tor
    965 
    966 E. Use either template for TLS SMTP or M2N
    967 
    968 ==== TLS NNTPS DLing ====
    969 
    970 A. Start QS
    971 
    972 B. Start SocksCap
    973 
    974 C. Start Stunnel via. SockCap
    975 
    976 D. Start Tor
    977 
    978 E. Start QS News Pluging
    979 
    980 F. Select News Account for "news.bananasplit.info"
    981 
    982 E. Start Dling messages
    983 
    984 ==== Hidden Service SMTP/M2N ====
    985 
    986 A. Start QS
    987 
    988 B. Start Tor
    989 
    990 C. Use either template for Hidden Service SMTP or M2N
    991 
    992 ==== Hidden Service NNTP ====
    993 
    994 A. Start QS
    995 
    996 B. Start Tor
    997 
    998 C. Start QS News Plugin
    999 
    1000 D. Select News Account for "rjgcfnw4sd2jaqfu.onion"
    1001 
    1002 E. Start DLing messages
    1003 
    1004 === Further Reading ===
    1005 
    1006 Panta Hidden service info & JBN/Tor:
    1007 
    1008 http://www.panta-rhei.dyndns.org/pantawiki/HowToJbnAndTor
    1009 
    1010 Panta's website:
    1011 
    1012 http://www.panta-rhei.dyndns.org/
    1013 
    1014 Banana's website:
    1015 
    1016 http://www.bananasplit.info/
    1017 
    1018 Banana's TLS/SSL SMTP webpage:
    1019 
    1020 http://www.bananasplit.info/mailtls.html
    1021 
    1022 Banana's Stunnel How-To webpage:
    1023 
    1024 http://www.bananasplit.info/stunnel.html
    1025 
    1026 TLS@noreply:
    1027 
    1028 http://www.noreply.org/tls/
    1029 
    1030 QS website:
    1031 
    1032 http://www.quicksilvermail.net/ 
    1033 
    1034 === In A Perfect World... ===
    1035 
    1036 ...SocksCap speaks Socks4a, both Panta and Banana offer NNTPS and SMTP(TLS) via. Tor Hidden Services on port 563 &
    1037 2525 (or other ports).
    1038 
    1039 This way we could use NNTPS and SMTP(TLS) through QS > Stunnel > Tor > Hidden Servies > NNTPS/SMTP(TLS).
    1040 
    1041 Thus, having an encrypted end-to-end route through Tor Hidden Services without an advasary knowing were using anything but the Tor network.
    1042 
    1043 I don't know if this is possible as Hidden Services may not allow a Stunnel (TLS) forward ex.:
    1044 
    1045 {{{
    1046 #[PANTA_TLS_SMTP_HIDDEN_SERVICES]
    1047 #accept = 2525
    1048 #connect = rjgcfnw4sd2jaqfu.onion
    1049 #delay = no }}}
    1050 
    1051 Or something of that nature...
    1052 
    1053 
    1054 == Credits ==
     1115Host *
     1116ProxyCommand socat STDIO SOCKS4A:localhost:%h:%p,socksport=9050
     1117}}}
     1118
     1119[[Anchor(Putty)]]
     1120== Putty ==
     1121[#Putty [link]]
     1122
     1123Putty is a neat suite of programs for doing Telnet, SSH, SCP, etc.[[BR]]
     1124[wiki:/Putty Configuration Details][[BR]]
     1125
     1126[[Anchor(vpnd)]]
     1127== vpnd ==
     1128[#vpnd [link]]
     1129
     1130It is possible to run a (slow) vpnd through tor.
     1131How to setup this up is explained at [http://www.vanheusden.com/Linux/tt.html].
     1132
     1133[[Anchor(svn)]]
     1134== SubVersion (SVN) ==
     1135[#svn [link]]
     1136
     1137Simply add the following lines:
     1138{{{
     1139http-proxy-host = localhost
     1140http-proxy-port = 8118
     1141}}}
     1142
     1143('''NO''' spaces in front) to the "global" section in your '''servers''' file in your SubVersion's config directory ($HOME/.subversion on Linux).
     1144
     1145This will only work for HTTP-based SVN connections, and you need a HTTP Proxy, like Privoxy. See [http://tor.eff.org Tor's docs] for Privoxy configuration details.
     1146
     1147[[Anchor(yum)]]
     1148== YUM ==
     1149[#yum [link]]
     1150
     1151Install and start 3proxy, as described [#FTP above]. Add the following line:
     1152{{{
     1153proxy=http://127.0.0.1:110
     1154}}}
     1155to the '''main''' section of your YUM configuration file (usually, this is /etc/yum.conf).
     1156
     1157[[Anchor(TCP)]]
     1158== Any TCP-based protocol ==
     1159[#TCP [link]]
     1160
     1161For  any  TCP-based  protocol (telnet, ssh, nntp etc.), you can use TCP
     1162portmapping with 3proxy. For example, to map port 2200 of the local computer
     1163to port 22 (ssh) of my.ssh.server replace last string or add new string
     1164
     1165{{{tcppm -i127.0.0.1 2200 my.ssh.server 22}}}
     1166
     1167to the 3proxy configuration from [#POP3_3proxy POP3]. Now you can do
     1168
     1169{{{ssh -p2200 127.0.0.1}}}
     1170
     1171to connect via SSH to my.ssh.server.
     1172
     1173[[Anchor(KDE)]]
     1174== KsCD and KDE applications in general ==
     1175[#KDE [link]]
     1176
     1177Either [#Konqueror configure Konqueror for HTTP] and [#KonquerorFTP FTP] or go to the KDE Control Center - Network - Proxy and set everything as described [#Konqueror here] and [#KonquerorFTP here]. Works for KsCD.
     1178
     1179KDE Applications such as Kopete, Konversation (basically everything that is not http) respect only the global Socks proxy settings. In order to use them with tor, you seed to first 'socksify' the environment, and redirect the socks proxy to tor. To socksify kde, we use [http://linux.about.com/cs/linux101/g/danteclient.htm dante-client]. Assuming you have  tor listening at 127.0.0.1:9050, configure dante-client (the config file is usually at /etc/dante.conf) to forward all the requests to 127.0.0.1:9050. The comments in the default config file will help you edit it correctly. Then go to the Proxy settings in the KDE Control Panel -> Networking and enable socks support, choosing 'Dante'. Most other KDE applications should start working.
     1180
     1181Warning : DNS requests will not go through tor, and can probably be insecure. Also, depending on your network configuration or on an incorrect setting in dante.conf, it might not be possible to access the DNS server. You can try connecting via the IP address of the host to solve both problems.
     1182
     1183
     1184[[Anchor(Remailing)]]
     1185= Remailing =
     1186[#Remailing [link]]
     1187
     1188[:TheOnionRouter/RemailingAndTor:see Remailing: achieve strong remailing anonymity/security via. Tor and Stunnel]
     1189
     1190[[Anchor(CrazyAndLazy)]]
     1191= For the Crazy and Lazy =
     1192[#CrazyAndLazy [link]]
     1193
     1194If you are lazy and don't want to repeat most of the steps laid out here every time you call the program (and who would?) you can have a look at [http://shellscripts.org/project/toraliases the tor aliases project].
     1195
     1196[[Anchor(Credits)]]
     1197= Credits =
     1198[#Credits [link]]
    10551199
    10561200Thomas Sjogren with Northern Security started this howto and still maintains a copy at:
     
    10621206        * Thomas Hardly
    10631207        * tyranix
    1064         * HereHere
    1065         * Zax
     1208        * thalunil
     1209        * BogdanDrozdowski (FTP stuff, 3proxy stuff with great help from it's author - 3APA3A, Gadu-Gadu, TB, SVN, Yum and KDE stuff)