wiki:doc/TorifyHOWTO

Version 196 (modified by trac, 10 years ago) (diff)

--

## Copyright (c) 2004 Thomas Sjogren. ## Distributed under the MIT license, ## See ./LegalStuff for a full text ##Original version available at http://www.northernsecurity.net/articles/torify.html [:../:up to Tor]

TORifying software HOWTO

Note that this is a very brief document on how to make various software use Tor as a proxy, you should read the documentation at freehaven/tor first. Second, since most software, web browsers for example, uses similar locations for various settings the following examples will get you going most of the time. If you're using anything that needs a bit of configuration besides the ordinary or your distribution doesn't use /etc/init.d/ for example, this guide is a bit Bash and Debian specific, feel free to edit this page. It's Wiki after all.

0. Basic Configuration Issues

0.1 Unix and Linux Configuration

Under Unix and GNU/Linux, most HTTP capable applications (i.e. lynx, wget, curl, etc.) will honor the value of the http_proxy environmental variable (some apps use all lower case, some all upper so specify both to be safe).

Add the following lines to your .*profile, .bashrc, or env settings:

http_proxy=http://127.0.0.1:8118/
HTTP_PROXY=$http_proxy
export http_proxy HTTP_PROXY

0.2 About DNS and tsocks

tsocks correctly replaces 'connect' calls with calls to your SOCKS proxy (Tor). But tsocks doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.

Tor 0.0.8 has a workaround for this problem, until we can hack tsocks (or a work-alike) to support DNS. Instead of using a hostname directly, first use 'tor-resolve' to resolve the hostname into an IP (via Tor) and then use that IP address with your tsocks-ified application.

1. Web browsers

1.1 Konqueror

Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup

HTTP/S Proxy: 127.0.0.1 port 8118

Or edit $HOME/.kde/share/config/kioslaverc

...
ProxyType=1
...
NoProxyFor=127.0.0.1,localhost
...
httpProxy=http://127.0.0.1:8118
httpsProxy=http://127.0.0.1:8118

Setup -> Network Options

HTTP Proxy: 127.0.0.1 port 8118

Or edit $HOME/.links/links.cfg

...
http_proxy "127.0.0.1:8118"
...

1.3 Lynx

Lynx will respect the http_proxy enviromental variable or you can edit /etc/lynx.cfg

...
http_proxy:http://127.0.0.1:8118/
https_proxy:http://127.0.0.1:8118/
...
no_proxy:localhost,127.0.0.1
...

oaÍøÂçµç»°µ¥Æ¬»úÊý¾Ý»Ö¸´Êý¾Ý»Ö¸´Éý½µ»úÉý½µ»ú¾Û°±õ¥·¢µç»úÆû³µÍŹºhttp://c62.voip99.netÊý¾Ý»Ö¸´Êý¾Ý»Ö¸´Êý¾ÝÐÞ¸´Éý½µ»ú ¼¤¹âµñ¿Ìhttp://c53.voip99.netÊý¾Ý»Ö¸´http://c56.voip99.netciÉè¼ÆGPRSÅ×Íè»úµç×Ó°×°åÉîÛÚ»úƱledÏÔʾÆÁlcdÏÔʾÆÁupsµçÔ´Â齫»úÆðÖØ»ú³ÉÈËÓÃÆ·²æ³µhttp://www09.voip99.com´ó¼Ò²»ÒªÏàÐŵØÏÂÏã¸ÛÁùºÏ²Ê¹«Ë¾ÄÚÄ»,Ïã¸ÛÁùºÏ²ÊÏà¹Ø½éÉÜÊÇÏã¸ÛÁùºÏ²Ê´²ÉÏÓÃÆ·http://www35.voip99.comledÏÔʾÆÁÉý½µ»úhttp://www46.voip99.com¼¤¹âÇиî»ú·­ÒëÌÕ´É´ò±ê»úËÅ·þµç»ú»îÐÔÌ¿µç¶¯³µ±ê×¼¼þ¸Ö¹Ü·ç»ú¹ø¯ÀëºÏÆ÷LED×¢²áÏã¸Û¹«Ë¾Ôö¸ß°×ñ°·ç¼¯Íŵ绰µç»ú×¢²áÓ¢¹ú¹«Ë¾erpvpn»õ¼ÜÕ¹¼Ü»õ¼Ü±êÇ©´òÓ¡»úµ¥Æ¬»úLCDÏÊ»¨GPSϵͳVODhttp://c41.voip99.netÁåÉùÊÖ»úÁåÉùÊÖ»úÁåÉùÏÂÔزÊÁå¶ÌÐÅÃÀÅ®ÃÀŮͼƬÃÀŮдÕæÊÓƵÃÀÅ®ÃÀŮͼÊÖ»ú¶ÌÐÅÊÖ»úͼƬÁåÉùÏÂÔزÊÐÅÃâ·ÑÊÖ»úÁåÉùÏÂÔØÈýÐÇÊÖ»úÁåÉùÏÂÔØÊÖ»úͼƬÏÂÔØÃâ·ÑÊÖ»úÁåÉùÊÖ»ú²ÊÁåÊÖ»úÓÎÏ·ÏÂÔØŵ»ùÑÇÊÖ»úÁåÉùÏÂÔØÃâ·ÑÁåÉùÏÂÔغÍÏÒÁåÉùÃâ·ÑÁåÉùСÁéͨÁåÉùÏÂÔزÊÐã²ÊÁåÏÂÔØÒƶ¯²ÊÁåÖйúÒƶ¯²ÊÁå12530²ÊÁåÁªÍ¨²ÊÁåÓÄĬ¶ÌПãЦ¶ÌÐŶÌÐÅЦ»°¾­µä¶ÌÐÅÃâ·Ñ¶ÌÐÅÃâ·Ñ·¢¶ÌÐÅ°®Çé¶ÌÐÅÁªÍ¨ÊÖ»úÁåÉùÏÂÔØÈýÐÇÊÖ»úÁåÉùÊÖ»ú²ÊÁåÏÂÔØtclÊÖ»úÁåÉùÏÂÔØÈýÐÇÊÖ»úͼƬÊÖ»úÏÂÔز¨µ¼ÊÖ»úÁåÉùÏÂÔØÊÖ»ú²ÊÐÅÊÖ»ú²ÊͼÊÖ»úÁáÉùÊÖ»úÁåÒôtclÊÖ»úÁåÉù²ÊÁáÖйúÒƶ¯12530²ÊÁå12530Òƶ¯²ÊÁåÏÂÔØСÁéͨ²ÊÁåÊÖ»ú²ÊÁåÏÂÔØÖйúÁªÍ¨²ÊÁåÕã½­Òƶ¯²ÊÁå¹ã¶«Òƶ¯²ÊÁå12530²ÊÐÅͼƬ²ÊÐÅÁåÉù²ÊÐÅÏà²á²ÊÐÅÏÂÔØ2004ÓÄĬ¸ãЦ¶ÌÐÅÏ¢ÊÖ»úÓÄĬ¶ÌÐŶÌÐÅÏ¢ÊÖ»ú¶ÌÐÅЦ»°Ãâ·Ñ·¢ÊÖ»ú¶ÌÐÅÃâ·Ñ¶ÌÐÅÏ¢ÓÄĬЦ»°ÖØÑô½Ú¶ÌО­µäÊÖ»ú¶ÌÐÅÊÖ»ú¶ÌÐÅÏ¢ÍøÉÏÃâ·Ñ·¢¶ÌÐÅÊÖ»ú¶ÌÐÅÏ¢ÓÄĬЦ»°Ãâ·Ñ·¢¶ÌÐÅÈí¼þÃâ·ÑÊÖ»ú¶ÌПãЦÊÖ»ú¶ÌÐŲÊÐŶ¯»­Ãâ·Ñ²ÊÐÅÊÖ»úͼƬÏÂÔØÈýÐÇÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùÏÂÔØÖÐÐÄÊÖ»úÁåÉùÏÂÔضÌО«Æ·ÓÄĬË÷Äá°®Á¢ÐÅÁåÉùĦÍÐÂÞÀ­ÊÖ»úÁåÉùÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùÏÂÔØÖÐÐÄÊÖ»ú¶ÌО«Æ·ÓÄĬ40ºÍÏÒÏÂÔØÃâ·ÑÊÖ»úÁåÉùÏÂÔØÃâ·ÑÊÖ»úÁåÉù²¨µ¼ÊÖ»úÁåÉùÏÂÔØÈýÐÇÊÖ»úÁåÉùÏÂÔØÈýÐÇÁåÉùÏÂÔØtclÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùÏÂÔØÊÖ»úÊÒÊÖ»ú²ÊÐÅÊÖ»úͼƬÏÂÔØÊÖ»ú²ÊÐÅÁåÉù²ÊÐÅͼƬÏÂÔزÊÐÅÏÂÔض¯»­Í¼Æ¬ÏÂÔØÊÖ»úÁåÉùÏÂÔØÈýÁâÊÖ»úÁåÉùÏÂÔØÊÖ»ú²ÊÐÅÁåÉùÈýÐÇÊÖ»úÁåÉùŵ»ùÑÇÁåÉùÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùÏÂÔØÍø´ý»ú²ÊͼÊÖ»úÁåÉùÏÂÔØcaishowÊÖ»úÁåÉùÏÂÔØÏÂÔØÊÖ»ú²ÊͼÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùºÍÏÒÁåÉùÊÖ»úÁåÉùÏÂÔØÊÖ»úÁåÉùÏÂÔØÊÖ»ú²ÊÐÅÏÂÔØ

1.4 Mozilla Firefox

Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration

HTTP Proxy: 127.0.0.1 port 8118
SSL Proxy: 127.0.0.1 port 8118
SOCKS v5

To change the default configuration for the Firefox installation, edit the /usr/lib/mozilla-firefox/greprefs/all.js file.

...
pref("network.proxy.type",         1);
...
pref("network.proxy.http",     "127.0.0.1");
pref("network.proxy.http_port",     8118);
pref("network.proxy.ssl",     "127.0.0.1");
pref("network.proxy.ssl_port",      8118);
pref("network.proxy.socks",         "");
pref("network.proxy.socks_port",      0);
pref("network.proxy.socks_version",     5);
pref("network.proxy.no_proxies_on",     "localhost, 127.0.0.1");
...

1.5 Wget

Edit /etc/wgetrc

...
http_proxy = http://localhost:8118
use_proxy = on
...

2. Email

2.1 Fetchmail

This isn't the most beautiful solution but it works. Rename your /etc/init.d/fetchmail file to fetchmail-orig for example, use the script below as /etc/init.d/fetchmail, and restart fetchmail with /etc/init.d/fetchmail restart . Your mail is now fetched thrugh the Tor network.

#!/bin/sh
#
# Fetchmail+Tor init script
#

set -e

# Defaults
DAEMON=/usr/bin/tsocks
FMINIT=/etc/init.d/fetchmail-orig
PATH=/sbin:/bin:/usr/sbin:/usr/bin

test -f $DAEMON || exit 0

case "$1" in
	start)
		$DAEMON $FMINIT start	
		;;
	stop)
		$DAEMON $FMINIT stop	
		;;
	force-reload|restart)
		$DAEMON $FMINIT restart
		;;
	try-restart)
		$DAEMON $FMINIT try-restart
		;;
	awaken)
		$DAEMON $FMINIT awaken
		;;
	debug-run)
		$DAEMON $FMINIT debug-run
		;;
	*)
		echo "Usage: /etc/init.d/fetchmail {start|stop|restart|force-reload|awaken|debug-run}"
		echo " start - starts system-wide fetchmail service"
		echo " stop - stops system-wide fetchmail service"
		echo " restart, force-reload - starts a new system-wide fetchmail service"
		echo " awaken - tell system-wide fetchmail to start a poll cycle immediately"
		echo " debug-run [strace [strace options...]] - start a debug run of the"
		echo "  system-wide fetchmail service, optionally running it under strace"
		exit 1
		;;
esac

exit 0

An alternative configuration for Fetchmail for those that prefer to start it on a per user basis. Add the following to the users .bashrc:

CONF_FILE="$HOME/.fetchmailrc"
PID_FILE="$HOME/.fetchmail.pid"
FETCHMAIL="/usr/bin/fetchmail"
TSOCKS="/usr/bin/tsocks"

 function FetchMailAlive () {
  if test -f $CONF_FILE && test -f $FETCHMAIL; then 
   if test -f $PID_FILE; then 
    if ! kill -0 `cut -d \ -f1 $PID_FILE` 2>/dev/null; then
     eval $($TSOCKS $FETCHMAIL)
     echo New FetchMail started. >&2
    fi
   else  
    eval $($TSOCKS $FETCHMAIL)
    echo New FetchMail started. >&2
   fi
  else
   echo Fetchmail not installed or configured properly. >&2
  fi
 }

# Call it
FetchMailAlive

Then it checks for a running fetchmail daemon everytime a new shell is openned and starts one if needed.

3. Instant messaging

3.1 Gaim

Preferences -> Network -> Proxy

Proxy type: Socks 5
Host: 127.0.0.1
Port: 9050

3.2 Psi

Psi is a Jabber client with support for additional Jabber JEP-0027 encryption with GnuPG and Socks5 Proxy support.

Account Setup -> Modify -> Connection -> Proxy -> Edit -> New

Properties:
Name: Tor
Type: SOCKS Version 5
Settings:
Host: 127.0.0.1
Port: 9050

4. IRC/SILC

4.1 Irssi

Add alias irssi='tsocks irssi' to your .bashrc file.

4.2 Xchat

Settings-> Preferences -> Network -> Network setup -> Proxy server

Hostname: 127.0.0.1
Port: 9050
Type: Socks5 

4.3 SILC-client

Since the SILC-client is based on irssi just add alias silc='tsocks silc' to your .bashrc file. Combining Tor and SILC might be one of the safest ways to communicate with someone over the Internet. More information about SILC is available at www.silcnet.org.

5. BitTorrent

5.1 Azureus

See http://azureus.sourceforge.net/doc/AnonBT/

6. Misc

6.1 GnuPG

Add or edit the following lines in your .gnupg/gpg.conf:

keyserver x-hkp://yod73zr3y6wnm2sw.onion
keyserver-options honor-http-proxy broken-http-proxy

The key server can of course be any key server available, subkeys.pgp.net for example, but hidden services are always nice. At the time of this writing only two key servers with a onion-address is publicly available: d3ettcpzlta6azsm.onion/ and yod73zr3y6wnm2sw.onion.

After that's done just do

export http_proxy=http://127.0.0.1:8118/
gpg --refresh-keys

If you don't want to write the export line every time you can add alias gpg='http_proxy=http://127.0.0.1:8118/ gpg' to your .bashrc file as well.

6.2 SSH --via--> Tor with connect

Method 1 - These instructions should work on most *nix systems. Tested on Mac OSX 10.3.x

1- Upgrade your SSH to a openssh version that has socks5 support. The default openssh that comes shipped with OSX 10.3 (OpenSSH_3.6.1p1) will not work correctly. Download, build and install the current stable version of openssh (http://www.openssh.org). If your using OSX an easy method is to use fink (http://fink.sourceforge.net).

2 - Download the connect source code (http://www.taiyo.co.jp/~gotoh/ssh/connect.c), build the code. Connect will allow socket connections using SOCKS4/5 and HTTP tunnel. For detailed information on connect: http://www.taiyo.co.jp/~gotoh/ssh/connect.html

Install connect into the directory: /usr/local/bin/

3 - Add the following line to your ssh_config file located at: /etc/ssh_config

If you used fink to install openssh then it is located at: /sw/etc/ssh/ssh_config

ProxyCommand /usr/local/bin/connect -4 -S 127.0.0.1:9050 %h %p

4 - Use the following command to use ssh via tor:

ssh -l username server

all connections via ssh will use tor

Credits

Thomas Sjogren with Northern Security started this howto and still maintains a copy at:

http://www.northernsecurity.net/articles/torify.html

Other Contributing Authors:

 • Dave Vehrs
 • Nick Mathewson
 • Thomas Hardly