wiki:doc/torsocks

Usage

Once you have installed torsocks, just launch it like so:

  usewithtor [application]

So, for example you can use ssh to a some.ssh.com by doing:

  usewithtor ssh username @ some.ssh.com 

or launch pidgin by doing:

  usewithtor pidgin 

An alternative to usewithtor is torsocks, which is the same except that it only loads a configuration file if the corresponding environment variable is set.

  torsocks pidgin

Security

The tables below list applications that usewithtor/torsocks will send through Tor. At the moment a 100% guarantee of safe interoperability with Tor can only be given for a few of them. This is because the operation of the applications and the data they transmit has not been fully researched, so it is possible that a given application can leak user/system data at a level that neither Tor nor torsocks can control.

The following administrative applications are known to be compatible with usewithtor:

Application 100% Safe DNS Comments
ssh M Y Potential for identity leaks through login.
telnet M Y Potential for identity leaks through login and password.
svn M Y
gpg M Y gpg --refresh-keys works well enough.

The following messaging applications are known to be compatible with usewithtor:

Application 100% Safe DNS Comments
pidgin M Y Potential for identity leaks through login and password.
kopete M Y Potential for identity leaks through login and password.
konversation M Y Potential for identity leaks through login and password.
irssi M Y Potential for identity leaks through login and password.
silc M Y Potential for identity leaks through login and password.

The following email applications are known to be compatible with usewithtor:

Application 100% Safe DNS Comments
claws-mail * * Use TorBirdy (Tor Button for Thunderbird) instead!
thunderbird * * Use TorBirdy (Tor Button for Thunderbird) instead!

The following file transfer applications are known to be compatible with usewithtor:

Application 100% Safe DNS Comments
wget N N Probable identity leaks through http headers. Leaks DNS and connects directly in certain cases when used with polipo and torsocks. http://pastebin.com/iTHbjfqM http://pastebin.com/akbRifQX
ftp M Y Passive mode works well generally.

Table legend:

DNS: DNS requests safe for Tor?
           N - The application is known to leak DNS requests when used with torsocks.
           Y - Testing has shown that application does not leak DNS requests.
100% Safe: Fully verified to have no interoperability issues with Tor?
           N - Anonymity issues suspected, see comments column.
           M - Safe enough in theory, but either not fully researched or anonymity can be compromised 
               through indiscreet use (e.g. email address, login, passwords).
           Y - Application has been researched and documented to be safe with Tor.

uwt - modified usewithtor to improve Tor stream isolation

This is a modified usewithtor to support setting proxy type, ip and port by command line parameter to prevent identity correlation through circuit sharing.

Written by Whonix developer proper/adrelanos. The Tails developers contributed feedback and a patch.

*nix only, because torsocks/usewithtor is not available for Windows.1
1 Perhaps a modified proxychains might work. Modified a similar way.

Additional SocksPorts

You need to add additional SocksPorts to your torrc.

Add to /etc/tor/torrc.

SocksPort 9052
SocksPort 9053

Don't forget to restart Tor.

uwt

uwt, the torsocks wrapper. (It's a fork of usewithtor from the torsocks package.)

nano /usr/local/bin/uwt

UPDATE 17

Applies to non-Whonix users. Some versions prior UPDATE 15 were affected by a security issue. If you command included localhost or 127.0.0.1 it leaked.

Thanks to intrigeri for reporting the issue!

Moved to github.

https://github.com/Whonix/uwt/blob/master/usr/bin/uwt

Manual use

Example for manual usage invoked by command line.

uwt -t 5 -i 127.0.0.1 -p 9050 /usr/bin/wget -c https://check.torproject.org
sudo uwt -t 5 -i 127.0.0.1 -p 9050 /usr/bin/apt-get --yes dist-upgrade

Wrapper use

For example, if you wish enforce the proxy settings without entering such a long command every time, you can use a wrapper, . The wrapper has to be placed in PATH ('echo $PATH') before the real executable.

nano /usr/local/bin/wget

Insert the following.

#!/bin/bash
#echo "This is uwt /usr/local/bin/wget wrapper."
/usr/local/bin/uwt -t 5 -i 192.168.0.10 -p 9109 /usr/bin/wget $*

In this example, if you want to use wget, you don't have to type 'uwt -t 5 -i 192.168.0.10 -p 9109 -c "/usr/bin/wget -c https://check.torproject.org"', you can simply use 'wget -c https://check.torproject.org'. The wrapper calls uwt and uwt calls torsocks. Your request will be routed through socks5, IP 192.168.0.10, port 9109.

Thanks to intrigeri, for bringing up this suggestion!

See also

You may also be interested in wpolipo - polipo manger init script to improve Tor stream isolation, see Polipo.

Related discussion

Workaround for IPv6 leak bug

As long as this bug https://code.google.com/p/torsocks/issues/detail?id=37 isn't fixed...

If you on a IPv6 enabled network and use usewithtor <some-IPv6-aware-application>, then IPv6 traffic will be send in the clear, thus de-anonymzing you.

Workaround: Add to /etc/sysctl.conf.

net.ipv6.conf.all.disable_ipv6 = 1

Run

sysctl -p

to activate. (Will remain activated after reboot.)

Of course you can and should only apply this workaround if you don't depend on IPv6.

Tickets

Torsocks

Tickets are currently being migrated from Google Code to torproject.org trac.

Ticket Summary Status Priority Keywords Owner
#11579 Torsocks should support Java accepted Medium dgoulet
#11724 Check recvmmsg() FD passing on Unix socket for TCP socket accepted Medium dgoulet
#11727 Support shared onion pool for DNS resolution in separate process accepted Medium dgoulet
#13184 Add an option to whitelist networks accepted Medium dgoulet
#14322 torsocks fails to wrap setcap binaries accepted Medium setcap setuid LD_PRELOAD torsocks dgoulet
#16934 youtube-dl (recent), torsocks 2.1.0 and TBB5+ failure accepted Medium dgoulet
#19407 Support FD passing on Unix socket accepted Medium dgoulet
#19793 Torsocks - only torify .onion domains accepted Low dgoulet
#22068 Make it explicit that Torsocks won't work correctly in certain scenarios in the README accepted Medium easy, doc dgoulet
#8702 Support advanced polling features in OS assigned Medium dgoulet
#14132 Add SocksSocket support to torsocks assigned Medium sysrqb
#801 Torify+dsocks: A listener connection returned a socket with a mismatched family closed Low dgoulet
#6155 Import torsocks from google code to torproject.org trac closed High mwenge
#6542 curl 7.27.0 doesn't work with torsocks closed High dgoulet
#7564 [PATCH] Use libdir instead of prefix in torsocks wrapper closed Medium make install robinson
#8006 Unnecessary test in torsocks script closed Medium
#8038 Allow torsocks to interact with TBB in a useful way closed Medium
#8043 various torsocks/ttdnsd errors and discrepancies closed Medium
#8052 merge torify trac component with torsocks trac component closed Medium
#8053 add stream isolation support to torsocks closed Medium dgoulet
#8063 torsocks on doesn't work. closed Medium shell
#8066 usewithtor + irssi + ssl = "Socks version 22 not recognized" closed Medium
#8067 Three harmless compiler warnings in 1.2 and 1.3 closed Medium ioerror
#8068 Missing symbol namespacing closed Medium ioerror
#8070 Memory leaks on error in dead_pool.c closed Medium ioerror
#8137 add option to allow connections to local addresses closed Medium dgoulet
#8220 add TORSOCKS_CONF_FILE to debug output closed Medium ioerror
#8221 add configuration to debug output closed Medium ioerror
#8272 torsocks.c warning says to file bugs at code.google.com closed Medium ioerror
#8315 Please support multiarch library paths closed Medium ioerror
#8316 cvs via torsocks causes a segfault in libtorsocks.so closed Medium ioerror
#8398 res_query warning in torsocks closed Low torsocks res_query ioerror
#8495 Please remove "Call to connect received on completed request 3" closed Medium ioerror
#8585 Figure out why weechat+ssl don't play nice with torsocks closed Medium sysrqb
#8597 Catch res_n* functions on systems that support them closed Medium sysrqb
#8659 INSTALL references obsolete Makefile.cvs closed Medium ioerror
#8743 Add IPv6 support closed Medium ioerror
#8744 The show_msg() does not save correctly the errno value closed Medium ioerror
#8745 Add thread safe support with documentation closed Medium ioerror
#8754 Remove mentions of code.google.com closed Medium ioerror
#9745 libtorsocks symbol was not found closed Medium torify, torsocks, libtorsocks, symbol, not found ioerror
#10007 Code review of torsocks 2.x closed Medium ioerror
#10119 libtorsocks, torify, __res__query() (and a few others) symbol not found ERROR closed High libtorsocks __res_query symbol dgoulet
#11090 torsocks should log errors to stderr and not stdout closed Medium dgoulet
#11205 [PATCH] gethostbyname2 needs to be supported in addition to gethostbyname closed Medium ioerror
#11456 'make test' should run the tests closed Medium dgoulet
#11541 torsocks Does Not Work with dig on Fedora 20 closed Medium dgoulet
#11723 Support res_* API of libresolv closed Medium dgoulet
#11725 Support the complete list of dangerous syscall numbers with syscall() closed Medium dgoulet
#11726 choosing ip / port by command line closed Medium dgoulet
#11810 Connection through torsocks(1) impossible closed Medium dgoulet
#13256 torsocks 1.3 possibly leaks username closed High leak dgoulet
#13294 futex support closed Medium syscall futex dgoulet
#13571 torsocks doesnt compile under MacOSX 10.10 (SO_DOMAIN linux only?) closed Medium dgoulet
#13896 torsocks prints wrong error messages about setuid/setgid executables closed Medium dgoulet
#13909 Torsocks GitHub and Track failed usage closed High dgoulet
#14021 torsocks: remove tsocks from wikistart closed Medium dgoulet
#14166 torsock's configure.ac: avoid tests which have both -pie and -static closed Medium dgoulet
#14210 Enhance torsocks with ControlPort GETINFO communication skills and additional Socks* options closed Medium dgoulet
#14265 Torsocks works badly with default VirtualAddrNetworkIPv4 ranges closed Medium dgoulet
#14268 torsocks "make check" target broken in out of tree builds closed Low easy, makefiles dgoulet
#14281 Add option to allow connections to custom local addresses closed Medium dgoulet
#15497 torsock's getpeername() implementation is broken. closed Medium dgoulet
#15504 torsocks's getaddrinfo() is broken. closed Medium dgoulet
#15584 Linking libtorsocks with libtcmalloc results in SIGSEGV closed Medium sigsegv libtcmalloc libtorsocks torsocks ld_preload dgoulet
#16006 torsocks should support isolating on a per process basis. closed Medium isolation dgoulet
#16183 torsocks upgrade broke OpenSSH connection sharing closed Medium ssh dgoulet
#16223 Torsocks v2.1.0 fails to build on RHEL/CentOS 5.x closed Medium prehistoric, glibc, centos dgoulet
#16308 Attempts to resolve local hostname using tor closed Medium dgoulet
#16349 Need to merge GigHub pull requests closed Medium dgoulet
#16355 [PATCH] Add usleep to data_impl functions closed Very Low torsocks cpu spike hang dgoulet
#16432 patches for NetBSD closed Medium netbsd dgoulet
#16433 infinite recursion in torsocks log timestamps closed Medium netbsd dgoulet
#16434 fix miscellaneous compiler warnings closed Medium dgoulet
#16435 torsocks needlessly depends on perl for test suite closed Medium dgoulet
#16627 torsocks 2.1 doesn't work with Oracle Java 8 (Mac OS X 10.9.5) closed Medium dgoulet
#16628 tordns_enable option to disable dns resolving via tor closed Medium dgoulet
#16765 torsocks should allow UDP connections to localhost when AllowOutboundLocalhost is set closed Medium dgoulet
#16991 I think I've figured out why torsocks-ci-linux is failing on Jenkins! closed Medium dgoulet
#17340 Add support for specifying Tor address and port from the command line closed Medium dgoulet
#17475 Overflow when parsing config lines with many arguments closed Medium dgoulet
#17478 Fix typos in comments closed Very Low dgoulet
#17479 Allow port 65535 closed Low dgoulet
#17743 [torsocks] Detect elevated capability executables closed Medium dgoulet
#17760 Torsocks doesn't quote variables, will choke on spaces and special characters in paths closed Medium easy dgoulet
#17936 torsocks fails open on Mac OS X 10.11 closed Medium dgoulet
#17980 Torify/Torsocks - Possible bug with OSX's default curl binary closed High dgoulet
#19376 Fix a few torsocks bugs caused by unquoted variables closed Medium dgoulet
#20871 Regression in Torsocks 2.2.0 breaks wget, among others closed High dgoulet
#21022 Add several syscalls to src/lib/syscall.c (Torsocks breaks seccomp) closed High dgoulet
#21088 Hide getcap error message in torsocks closed Low AffectsTails dgoulet
#21626 Make error: undefined reference to 'helper_is_default_tor_running' closed Medium dgoulet
#17618 Segfault in tsocks_accept4() if called through syscall() needs_information Medium dgoulet
#19700 torsocks does not work with "connectx" (in netcat / nc) needs_information High dgoulet
#3711 Application support for optimistic data: Torsocks needs_revision Medium performance roundtrip sysrqb
#6228 NSS module for .onion DNS name resolution new Low nss dns usability onion tor-hs dgoulet
#21227 Ship a git-remote-tor helper new Medium dgoulet

Torify

adrelanos comment: the Torify component should probable be merged with the Torsocks component.

Ticket Summary Status Priority Keywords Owner
#99 connect.c "let's try to resolve it anyway, why not" bug closed Very Low
#1056 "torify" command leaks DNS on "master" 2.2 alpha branch closed High
#1204 Case when check.torproject.org does not show if Tor is used closed Very High
#1230 Scope Of Content Writing As A Career Option closed Low
#2333 net-proxy/tsocks-1.8_beta5-r5 segfaults if tor patch is used closed Medium
#2364 tor-resolve man page doesn't list its defaults closed Medium easy
#3498 tor accept tcp not udp traffic closed Medium tbb windows
#3530 torify script may use tsocks closed Medium
#5180 torify uses tsocks when torsocks is unavailable closed Very High

History

Moved to torsocks/History.

Last modified 14 months ago Last modified on Aug 1, 2016, 12:44:28 AM