Version 230 (modified by trac, 10 years ago) (diff)


## Copyright (c) 2004 Thomas Sjogren. 亲爱的网站管理员,你们网站做的确实不错,想与你们交换一个链接,以下是我的链接。任你挑选!我代表全国人民向你致敬 [url=]翻译[/url] [url=]办公家具[/url] [url=]铝镁合金丝铝合金同轴电缆铝焊条[/url] [url=]广州数据恢复广州数据修复硬盘数据恢复硬盘数据修复数据修复公司数据恢复公司[/url] [url=] 上海翻译公司北京翻译广州翻译深圳翻译url [url=]东莞翻译[/url] [url=]广州翻译北京翻译公司上海翻译[/url] [url=]仪器仪表台式万用表红外测温仪温度计[/url] [url=]深圳法语培训深圳留学移民[/url] [url=]激光加工激光雕刻镭雕加工激光打标激光切割按键加工镭射加工[/url] [url=]加拿大中文网加拿大旅行社加拿大签证加拿大旅游签证加拿大探亲签证[/url] [url=]市场研究公司市场调研公司市场调查公司[/url] [url=]万能材料试验机扭转试验机弹簧试验机拉力机[/url] [url=]开关按键开关电源插座[/url] [url=]压敏电阻PTC热敏电阻片式NTC热敏电阻贴片[/url] [url=]早泄尖锐湿疣性障碍[/url] [url=]国际机票飞机票机票预定机票价格[/url] [url=]高压电源[/url] [url=]传奇私服[/url] []口吃url [url=]柔性天花吊顶天花[/url] [url=]深圳财务咨询财务顾问[/url] [url=]深圳搬家公司深圳搬迁网深圳搬家网[/url] [url=]失眠抑郁症[/url] [url=]白癜风鱼鳞病牛皮癣[/url]


[url=]影像测绘仪测量投影仪工具显微镜测量显微镜金相显微镜显微测量影像测量仪[/url] [url=]火车票深圳机票深圳航空打折机票国际机票[/url] [url=]静电防护[/url] [url=]高血压[/url] [url=]油水分离器储气罐[/url] [url=]橱柜代理[/url] [url=]加拿大移民美国移民美国EB-3就业移民[/url] [url=]气动增压泵[/url] [url=]除湿机[/url] [url=]条码[/url] [url=]深圳网络公司深圳网站推广网络推广深圳Google广告排名Google代理公司[/url] [url=]深圳网络公司网络推广网站推广GOOGLE左侧排名GOOGLE广告深圳google推广google排名代理GOOGLE右边广告[/url] [url=]网络推广网站推广GOOGLE左侧排名GOOGLE广告深圳google推广google排名代理GOOGLE右边广告[/url] [url=]深圳自助游[/url] [url=]深圳汽车租赁深圳租车[/url] ## Distributed under the MIT license, ## See ./LegalStuff for a full text ##Original version available at [:../:up to Tor]

TORifying software HOWTO

Note that this is a very brief document on how to make various programs use Tor as a proxy; you should read the documentation at freehaven/tor first. Since most programs use similar locations for various settings, the following examples will get you going most of the time. If you're using anything that needs some exotic workarounds, or your distribution doesn't use SysV (/etc/init.d/ startup scripts), for example, this guide currently won't help you a lot, since it is a bit bash and Debian specific. Feel free to edit this page; it's a Wiki, after all.

0. Basic Configuration Issues

0.1 Unix and Linux Configuration

Under Unix and GNU/Linux, most HTTP capable applications, like lynx, wget and curl, will honor the value of the http_proxy environment variable. Some applications use all lower case, some all upper, so specify both to be safe.

Add the following lines to your $HOME/.bash_profile, $HOME/.bashrc, or env settings:

export http_proxy HTTP_PROXY

0.2 About DNS and tsocks

tsocks correctly replaces connect(2) calls with calls to your SOCKS proxy (Tor), but it doesn't do anything about requests to your DNS server. This means that if you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network, perhaps leaking the fact that you are about to connect to the corresponding server.

Tor 0.0.8 has a workaround for this problem; until we can hack tsocks (or a work-alike) to support DNS, instead of using a hostname directly, first use tor-resolve to resolve the hostname into an IP (via Tor) and then use that IP address with your tsocks-ified application.

1. Web browsers

1.1 Konqueror

Settings -> Configure Konqueror -> Proxy -> Manually Specify the proxy settings -> Setup

HTTP/S Proxy: port 8118

Or edit $HOME/.kde/share/config/kioslaverc:


Setup -> Network Options

HTTP Proxy: port 8118

Or edit /etc/links.cfg (system-wide) or $HOME/.links/links.cfg (per-user):

http_proxy ""

1.3 Lynx

Lynx will respect the http_proxy enviroment variable, but you can edit /etc/lynx.cfg:


1.4 Mozilla Firefox

Edit -> Preferences -> General -> Connection Settings -> Manual proxy configuration

HTTP Proxy: port 8118
SSL Proxy: port 8118

To change the proxy configuration for all Firefox users on your machine, edit the /usr/lib/mozilla-firefox/greprefs/all.js file:

pref("network.proxy.type",                  1);
pref("network.proxy.http",         "");
pref("network.proxy.http_port",          8118);
pref("network.proxy.ssl",          "");
pref("network.proxy.ssl_port",           8118);
pref("network.proxy.socks",                 "");
pref("network.proxy.socks_port",            0);
pref("network.proxy.socks_version",         5);
pref("network.proxy.no_proxies_on",         "localhost,");

1.5 Wget

Edit /etc/wgetrc:

http_proxy = http://localhost:8118
use_proxy = on

2. Email

2.1 Fetchmail

This isn't the most elegant solution, but it works. Rename your /etc/init.d/fetchmail file to {fetchmail-orig, for example, then save the script below as /etc/init.d/fetchmail, and restart fetchmail with /etc/init.d/fetchmail restart. Your mail will now be fetched through the Tor network.

# Fetchmail+Tor init script

set -e

# Defaults

test -f $DAEMON || exit 0

case "$1" in
		$DAEMON $FMINIT start	
		$DAEMON $FMINIT restart
		$DAEMON $FMINIT try-restart
		$DAEMON $FMINIT awaken
		$DAEMON $FMINIT debug-run
		echo "Usage: /etc/init.d/fetchmail {start|stop|restart|force-reload|awaken|debug-run}"
		echo "  start - starts system-wide fetchmail service"
		echo "  stop  - stops system-wide fetchmail service"
		echo "  restart, force-reload - starts a new system-wide fetchmail service"
		echo "  awaken - tell system-wide fetchmail to start a poll cycle immediately"
		echo "  debug-run [strace [strace options...]] - start a debug run of the"
		echo "    system-wide fetchmail service, optionally running it under strace"
		exit 1

exit 0

An alternative configuration for fetchmail for those that prefer to start it on a per-user basis. Add the following to the user's .bashrc:


  function FetchMailAlive () {
    if test -f $CONF_FILE && test -f $FETCHMAIL; then  
      if test -f $PID_FILE; then 
        if ! kill -0 `cut -d \  -f1 $PID_FILE` 2>/dev/null; then
          eval $($TSOCKS $FETCHMAIL)
          echo New FetchMail started. >&2
        eval $($TSOCKS $FETCHMAIL)
        echo New FetchMail started. >&2
      echo Fetchmail not installed or configured properly. >&2

# Call it

Then it checks for a running fetchmail daemon every time a new shell is opened and starts one if needed.

3. Instant messaging

3.1 Gaim

Preferences -> Network -> Proxy

Proxy type: Socks 5
Port: 9050

3.2 Psi

Psi is a Jabber client with support for additional Jabber JEP-0027 encryption, with GnuPG and Socks 5 proxy support.

Account Setup -> Modify -> Connection -> Proxy -> Edit -> New

Name: Tor
Type: SOCKS Version 5
Port: 9050


4.1 Irssi

Run Irssi with tsocks irssi. Unfortunately, Irssi's own proxy configuration options are HTTP specific.

For Gentoo and Debian users: torify irssi

4.2 X-Chat

Settings-> Preferences -> Network -> Network setup -> Proxy server

Port: 9050
Type: Socks5 

4.3 SILC

Since the SILC client is based on Irssi, you can follow the same procedure to make it use Tor. Combining Tor and SILC might be one of the safest ways to communicate with someone over the Internet. More information about SILC is available at its website.

4.4 BitchX

In order to use BitchX with tor, you first need to get ProxyChains, a *NIX-only HTTP and SOCKS proxy client. On Debian systems, install the proxychains package. Once installed, just add

socks5 9050
http localhost 8118

to the ProxyChains config file at ~/.proxychains/proxychains.conf. Now that it is configured, type proxychains bitchx at the command line.

5. BitTorrent

Same procedure as with BitchX, but using proxychains btdownloadcurses.

5.1 Azureus


6. Misc

6.1 GnuPG

Add or edit the following lines in your $HOME/.gnupg/gpg.conf:

keyserver x-hkp://yod73zr3y6wnm2sw.onion
keyserver-options honor-http-proxy broken-http-proxy

You may obviously use any public keyserver, like, but hidden services are preferred. At the time of this writing. only two key servers running as hidden servers are publicly available -- d3ettcpzlta6azsm.onion/ and yod73zr3y6wnm2sw.onion.

After that is done, just run

export http_proxy=
gpg --refresh-keys

If you don't want to write the export line every time, you can add alias gpg='http_proxy= gpg' to your .bashrc file as well; if you have set the http_proxy environment variable, you may skip this step.

6.2 SSH --via--> Tor with connect

Method 1 - These instructions should work on most *nix systems. Tested on Mac OS X 10.3.x and Debian GNU/Linux.

1 - Upgrade your SSH to an OpenSSH version that has Socks 5 support. The OpenSSH client that is shipped with Mac OS X 10.3 (aka Panther) - OpenSSH_3.6.1p1 - will not work correctly. Download, build and install the current stable version from the OpenSSH website. If you're using Mac OS X, using fink may be easier for you.

2 - Download and build the connect source code. Connect will allow socket connections using SOCKS4/5 and HTTP tunnels. For detailed information on connect, please visit its website.

A pre-compiled version of connect for Mac OS X is available here. (md5sum: b5180cb789813fc958209c58b99039fa)

Install connect into the /usr/local/bin directory.

3 - Add the following line to your ssh_config file located at: /etc/ssh/ssh_config (system-wide) or $HOME/.ssh/config (on a per-user basis).

If you used fink to install OpenSSH, it is located at /sw/etc/ssh/ssh_config.

ProxyCommand /usr/local/bin/connect -4 -S %h %p

All SSH connections will now go through tor.


Thomas Sjogren with Northern Security started this howto and still maintains a copy at:

Other Contributing Authors:

  • Dave Vehrs
  • Nick Mathewson
  • Thomas Hardly