Tutorial: On Secure Anonymity With Tor – SSH, and SOCKS (n00b approved)

25 04 2007

This is the best tutorial on how to secure a TOR connection to the net with the best chances of remaining totally anonymous. This tutorial was originally posted over at milw0rm forums, at my request, by .deus_eX_machina. That’s his purdy little tag on your left. I also asked him to make it easy to understand for the most n00biest of n00bs, which he kinldy did.
He knows his shit. So read on and learn. I know I will.

Here’s the Intro:

Introduction

On-line privacy is very important, for the vast majority of people Tor provided this privacy, but even now this is in danger. The author of Metasploit HD Moore has apparently developed a tool to link content handled by the exit servers, thus being able to discover the data source, however this technique does require the targeted user to take risky actions; such as allowing Javascript in his/her browser, his tool has been dubbed Torment. Not only this but any one who actually owned two nodes, and they became two exit nodes in the route, he can use statistical analysis to discover that they are part of the same circuit. Once the data leaves the onion route there is no longer any encryption on it this is what I will be looking at soon. First a brief explanation on the way Tor works:

“The user’s software or client incrementally builds a circuit of encrypted connections through servers on the network. The circuit is extended one hop at a time, and each server along the way knows only which server gave it data and which server it is giving data to. No individual server ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can’t trace these connections as they pass through.”

http://tor.eff.org/images/htw2.png

What you will need:

-Tor (Install the Package)
-Putty
-TorDNS Localhost 1.7 (Not essential)
-Freecap
-Shell account (This isn’t essential either, but will be used to demonstrate this concept)

And that’s just the intro, so be prepared to ACTUALLY read every word of this tutorial or I can guarantee that you will miss some important detail. I had to read it like three times before I caught everything. :)

The tut is long so I will place the rest after the “read more” link below –>

Step 1 – Getting Prepared

Get you self a copy of the above programs and install them all, TorDNS is just a standalone application just leave it be for a minute. What we are going to do now is set up FreeCap to use Tor as its proxy enter FreeCap, go to settings like so, and enter this data;

OK now make sure Tor is active, see that little black thing with a red cross over it in the system tray (LOL), click on it and click start, it should turn into a little green onion. Now what we can do is add some programs to FreeCap, you can either drag a short cut into the window, or add the program directly by browsing for it.

As a proof of concept add you browser to FreeCap, this is not a good idea for web browsing though – “using Privoxy is necessary because browsers leak your DNS requests when they use a SOCKS proxy directly, which is bad for your anonymity. Privoxy also removes certain dangerous headers from your web requests, and blocks obnoxious ad sites like Doubleclick.”

..do it anyway, if your using Firefox you may need to clear your cache and cookie’s first, and close all other instances. Now if you browse to google or a site like http://ip-adress.com/ it should be fairly clear whether your using SOCKS or not. Now I believe the most important addition to FreeCap is “cmd.exe”, browse to system32 and add it. When you then load it up via FreeCap, ping 127.0.0.1, and you should see at the top of the window “cmd.exe -ping 127.0.0.1 via FreeCap”. So we know its working right, at this stage anything you do via the command line is pretty much completely anonymous, and as we all know nearly is not not good enough.

Step 2 – DNS requests and Leaks

Now TorDNS can be a real bitch, so just load it up and should be found down in the system tray. Then go into you network connections (or maybe even your router) and change the Primary DNS server to 127.0.0.1, and delete the secondary one. Now go into FreeCap, Settings, Program & where it says “DNS name resolving” choose local. Again open up TorDNS and your command prompt via FreeCap. Here I have shown you two methods to resolve DNS through TOR, handy if your ISP is watching you, or if your target is even remotely clever. I would also recommend going into “services.msc” via run, switching
“DNS Client” to manual, and then turning it off.

So this is handy for a lot of those applications that do not directly support the use of SOCKS, as you can imagine there is a lot crazy stuff you can do up to this point. But I’m afraid it ignores the point I made earlier about this new program Torment. In the next step I will show you a new level of anonymity, we will be disregarding a few of the things I have taught you so far, anyway, read on to find out!

Step 3 – SSH

At this point it would be nice to understand exactly what SOCKS is, and what it does.

“SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network. SOCKS is an abbreviation for “SOCKetS”.

Clients behind a firewall, needing to access exterior servers, may connect to a SOCKS proxy server instead. Such proxy server controls the eligibility of the client to access the external server and passes the request on to the server. SOCKS can also be used in the opposite way, allowing the clients outside the firewall (“exterior clients”) to connect to servers inside the firewall (internal servers).

Unofficial SOCKS 4a extensions add support for DNS names to resolve names with SOCKS server. The current version 5 of the protocol, RFC 1928 or authenticated firewall traversal, extends the previous version by supporting UDP, authentication, letting the SOCKS server resolve hostnames for the SOCKS client, and IPv6.

The SOCKS reference architecture and client are owned by Permeo Technologies, a spin-off from NEC.

According to the OSI model it is an intermediate layer between the application layer and the transport layer.”

Ok, Tor supports the SOCKS4, SOCKS4A, and SOCKS5 standards. Also remember that when you data leaves the final Tor exit node that it no longer is encrypted.

I will now show you how to configure Putty to get your DNS information via TorDNS, and then set up a SSH tunnel to a remote shell account. I will be using a shell account at http://sdf.lonestar.org/ which could be a shell anywhere right? maybe its a machine of your own, maybe that machine also runs Tor, or maybe its a compromised machine, just maybe.

Open up Putty, go to connection, SSH, Tunnels, enter the source port as 9050, and the destination as 127.0.0.1:9050, now click add. Obviously thats our SSH tunnel. Then go to Connection, Proxy, where it says “Do DNS lookup at DNS end” choose no (oh and remember to save this profile).

Big up to deus, cause that was fuxing sweet. Don’t forget to visit cause its the shizzle.

Hack On Bored Peeps!!


Actions

Information

6 responses

27 04 2007
.:: ju ::. » links for 2007-04-27

[...] Tutorial: On Secure Anonymity With Tor – SSH, and SOCKS (n00b approved) « TheMostBoringBlogInTheWor… (tags: tor) [...]

4 05 2007
TMBBITW

[...] BTW – I gave it a check and using TOR does seem to really confuse the heck out of mail servers so the IP isn’t anywhere in plain site. For more info on how to use TOR see our previous post: Tutorial: On Secure Anonymity With Tor – SSH, and SOCKS (n00b approved) [...]

12 10 2007
How To: Avoid Being “Tracked 100% of The Time” When Using P2P and Bittorent (Noob Friendly) « TheMostBoringBlogInTheWorld

[...] NOTE: Using Putty and Tor together is a pretty complicated process, so you may want to skip this. If you’re up to it, read this tutorial. [...]

13 10 2007
dblackshell

more shit on proxies :
one
two ->

13 10 2007
therealdonquixote

Tanx dBlackshell!! I’ll add the links to the latest tut/resource list for P2P safety.

7 04 2008
Taufiq

Great tutorial. Hats off for it. I want to go a step further and leech proxies with Tor. Can you pls. help me?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




Follow

Get every new post delivered to your Inbox.

Join 54 other followers

%d bloggers like this: