Ready to Start Your Career?

By: toxicptr
November 15, 2016
Boost Tor Privacy: Isolating Proxy
By: toxicptr
November 15, 2016

By: toxicptr
November 15, 2016

SocksPort
.An Isolating Proxy requires at least two machines. Those machines can be either virtual machines or two physically isolated machines. Both machines are connected through an isolated LAN. The machine where Tor is running is called Gateway. The machine with the client applications is the Workstation.
Gateway
The Gateway can be a virtual machine with two network interfaces.The first network interface is used to connect to the Tor network (for example,eth0
). Tor opens the SocksPort
on the second network interface, in an isolated network (for example, eth1
). The isolated network can be Host-only or any other configured in the virtualization software. The key point is that it has to be used only by the Gateway and the Workstation.If the Gateway has the IP address 192.168.1.1
, open the SocksPort
in torrc
with:SocksPort 192.168.1.1:9050#DNSPort 53 # Optional, for DNS resolving
The DNSPort
option is to do DNS lookups with Tor when the client applications cannot resolve domain names via SOCKS. When possible, it is preferable to use only the SocksPort
.The Gateway never forward IP packets, otherwise, the client applications from the Workstation would easily skip the Tor Proxy. Edit /etc/sysctl.conf
to disable it:On FreeBSD:net.inet.ip.forwarding=0net.inet.ip.fastforwarding=0
On GNU/Linux:net.ipv4.ip_forward=0net.ipv6.conf.all.forwarding=0
Reload changes:On FreeBSD:$ sudo /etc/rc.d/sysctl reload
On GNU/Linux:$ sudo sysctl -p /etc/sysctl.conf
Workstation
The Workstation uses Tor Gateway as the default gateway and DNS server. But this is not really necessary, as the Gateway does not forward packets. The Gateway is used as DNS server if theDNSPort
is enabled.As the Workstation is on an isolated network without clearnet access, all the client applications (Firefox, Tor Browser, nmap, etc.) must be configured to use the SocksPort
, otherwise, they will be unable to connect.Client examples
Below are a couple, of examples of how to configure, client applications to work with SOCKS proxies.FirefoxFirefox can connect via SOCKS proxies. Go intoTools
, Options:
Under the Advanced
area, go to the Network
tab and in the Connection
area click the Settings
button.Choose Manual proxy configuration
. Under SOCKS Host enter the Gateway IP address and the SocksPort (9050). Select SOCKS v5 and Remote DNS
.nmapThe nmap
tool does not natively SOCKS support, so we need to use a proxifier like proxychains
, or tsocks
. We choose tsocks
in this example.First, enable DNSPort
in Gateway. Then modify /etc/tsocks.conf
as below, assuming the Gateway IP address is 192.168.1.1
:local = 192.168.1.0/255.255.255.0server = 192.168.1.1server_type = 5server_port = 9050
Now launch nmap
for example with:$ tsocks nmap -sT -Pn -p80 -v www.google.com
Please note that nmap
gets better results in TCP Connect
mode when proxified.Final thoughts
This guide explains how to quickly setup Tor as an Isolating Proxy. A more comprehensive and robust solution is Whonix. It uses an Isolating Proxy with an additional Transparent Proxy, which can be optionally disabled.Keep into account that an Isolating Proxy will not protect against fingerprinting attacks on its own. It is recommended to use it in conjunction with the Tor Browser or with a distribution like Tails.Although this configuration provides better anonymity, it does not protect against malware or software with serious security vulnerabilities.If you combine this Tor deployment with a laptop, a mobile network connection, and a secure VPN, you will end having an advanced solution for anonymous tasks.Build your Cybersecurity or IT Career
Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry