This is the best tutorial on how to secure a TOR connection to the net with the best chances of remaining totally anonymous. This tutorial was originally posted over at milw0rm forums, at my request, by .deus_eX_machina. That’s his purdy little tag on your left. I also asked him to make it easy to understand for the most n00biest of n00bs, which he kinldy did.
He knows his shit. So read on and learn. I know I will.
Here’s the Intro:
“The user’s software or client incrementally builds a circuit of encrypted connections through servers on the network. The circuit is extended one hop at a time, and each server along the way knows only which server gave it data and which server it is giving data to. No individual server ever knows the complete path that a data packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to ensure that each hop can’t trace these connections as they pass through.”
What you will need:
-Tor (Install the Package)
-TorDNS Localhost 1.7 (Not essential)
-Shell account (This isn’t essential either, but will be used to demonstrate this concept)
And that’s just the intro, so be prepared to ACTUALLY read every word of this tutorial or I can guarantee that you will miss some important detail. I had to read it like three times before I caught everything. 🙂
The tut is long so I will place the rest after the “read more” link below –>
Step 1 – Getting Prepared
Get you self a copy of the above programs and install them all, TorDNS is just a standalone application just leave it be for a minute. What we are going to do now is set up FreeCap to use Tor as its proxy enter FreeCap, go to settings like so, and enter this data;
OK now make sure Tor is active, see that little black thing with a red cross over it in the system tray (LOL), click on it and click start, it should turn into a little green onion. Now what we can do is add some programs to FreeCap, you can either drag a short cut into the window, or add the program directly by browsing for it.
As a proof of concept add you browser to FreeCap, this is not a good idea for web browsing though – “using Privoxy is necessary because browsers leak your DNS requests when they use a SOCKS proxy directly, which is bad for your anonymity. Privoxy also removes certain dangerous headers from your web requests, and blocks obnoxious ad sites like Doubleclick.”
..do it anyway, if your using Firefox you may need to clear your cache and cookie’s first, and close all other instances. Now if you browse to google or a site like http://ip-adress.com/ it should be fairly clear whether your using SOCKS or not. Now I believe the most important addition to FreeCap is “cmd.exe”, browse to system32 and add it. When you then load it up via FreeCap, ping 127.0.0.1, and you should see at the top of the window “cmd.exe -ping 127.0.0.1 via FreeCap”. So we know its working right, at this stage anything you do via the command line is pretty much completely anonymous, and as we all know nearly is not not good enough.
Step 2 – DNS requests and Leaks
Now TorDNS can be a real bitch, so just load it up and should be found down in the system tray. Then go into you network connections (or maybe even your router) and change the Primary DNS server to 127.0.0.1, and delete the secondary one. Now go into FreeCap, Settings, Program & where it says “DNS name resolving” choose local. Again open up TorDNS and your command prompt via FreeCap. Here I have shown you two methods to resolve DNS through TOR, handy if your ISP is watching you, or if your target is even remotely clever. I would also recommend going into “services.msc” via run, switching
“DNS Client” to manual, and then turning it off.
So this is handy for a lot of those applications that do not directly support the use of SOCKS, as you can imagine there is a lot crazy stuff you can do up to this point. But I’m afraid it ignores the point I made earlier about this new program Torment. In the next step I will show you a new level of anonymity, we will be disregarding a few of the things I have taught you so far, anyway, read on to find out!
Step 3 – SSH
At this point it would be nice to understand exactly what SOCKS is, and what it does.
“SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network. SOCKS is an abbreviation for “SOCKetS”.
Clients behind a firewall, needing to access exterior servers, may connect to a SOCKS proxy server instead. Such proxy server controls the eligibility of the client to access the external server and passes the request on to the server. SOCKS can also be used in the opposite way, allowing the clients outside the firewall (“exterior clients”) to connect to servers inside the firewall (internal servers).
Unofficial SOCKS 4a extensions add support for DNS names to resolve names with SOCKS server. The current version 5 of the protocol, RFC 1928 or authenticated firewall traversal, extends the previous version by supporting UDP, authentication, letting the SOCKS server resolve hostnames for the SOCKS client, and IPv6.
The SOCKS reference architecture and client are owned by Permeo Technologies, a spin-off from NEC.
According to the OSI model it is an intermediate layer between the application layer and the transport layer.”
Ok, Tor supports the SOCKS4, SOCKS4A, and SOCKS5 standards. Also remember that when you data leaves the final Tor exit node that it no longer is encrypted.
I will now show you how to configure Putty to get your DNS information via TorDNS, and then set up a SSH tunnel to a remote shell account. I will be using a shell account at http://sdf.lonestar.org/ which could be a shell anywhere right? maybe its a machine of your own, maybe that machine also runs Tor, or maybe its a compromised machine, just maybe.
Open up Putty, go to connection, SSH, Tunnels, enter the source port as 9050, and the destination as 127.0.0.1:9050, now click add. Obviously thats our SSH tunnel. Then go to Connection, Proxy, where it says “Do DNS lookup at DNS end” choose no (oh and remember to save this profile).
Hack On Bored Peeps!!