Results 1 to 7 of 7

Thread: Torify Terminal

  1. #1
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    2

    Question Torify Terminal

    I was playing with the tor tool provided in backtrack2 and wanted to know how i can torify all the tranfers that happen through the terminal? i mean how can send all data through a onion network while using commands like telnet,scanning,etc

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Use any anonymizer. Understand however, that this is not foolproof. Many anonymizers have been forced by courts to will reveal IP address if a client's actions breaks any criminal laws.

    In other words, if you're even thinking of doing something stupid, don't do it. You will be caught.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Personally, I've always just preferred to use Proxy Judges to determine if the proxies I plan on using are....... High Anonymous Proxies (Level 1), or...... Anonymous Proxies (Level 2) instead of using TOR or any "software" type anonymizers.
    • High Anonymous Proxy (Level 1): The web server can't detect whether you are using a proxy by the information your browser sent.
    • Anonymous Proxy (Level 2): The web server knows that you are probably using a proxy, but it can't detect your real IP.
    • Transparent Proxy (Level 3): The web server knows that you are using a proxy and it can also detect your real IP address.

    Anything above a level 2 proxy and your IP address will be reviled. There are also level 4 and Level 5 proxies and they both spill your IP.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Just burned his ISO
    Join Date
    Feb 2008
    Posts
    2

    Question

    Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by scaraffe View Post
    Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?
    Take a look here at some Firefox proxy extensions>>>


    Code:
    https://addons.mozilla.org/en-US/firefox/search?q=proxy&status=4



    Ohh wait..you said through the terminal shell right??

    Here are a few found on our wiki>>>

    But I bet what your looking for is probably privoxy.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by scaraffe View Post
    Thanks a lot for that info. but again all the anonymizers i found let me just browse anonymously but i wanted use the connections from the terminal (the low level tcp connections) through a proxy. how is that done?
    Open a shell.
    Make the connection to the anonymizrer
    Open a shell
    Make the connection to the target.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    toruser
    Guest

    Default

    Quote Originally Posted by scaraffe View Post
    I was playing with the tor tool provided in backtrack2 and wanted to know how i can torify all the tranfers that happen through the terminal? i mean how can send all data through a onion network while using commands like telnet,scanning,etc
    use socat or torify. I recommend using them within a chroot environment to prevent DNS lookups of the destination address. I'm not positive this is necessary. I don't exactly know how to use torify, but it appears to do the same basic thing as socat, just as a single command.

    Here's what I do, for example, for rsync. Rsync uses port 873, and the tor proxy on my computer accepts connections on 9050. I'm connecting to hiddenservice.onion to rsync files.

    In one terminal, start a proxy session to your destination. Obviously, if your not accessing a hidden service, replace that with REMOTESERVER.COM:PORT. If you want to view the data socat is transmitting, to ensure it's not sending any private data, add a "-v " before TCP4-LISTEN:
    Code:
    socat TCP4-LISTEN:4141,fork SOCKS4A:localhost:HIDDENSERVICE.ONION:873,socksport=9050
    socat is now listening on tcp port 4141 on the localhost, so connect to that with your terminal command. Eg:
    Code:
    rsync -Pav rsync://localhost:4242/SOME/PATH /MIRROR/PATH
    This will work with cmdline irc clients and everything else. It will not work with ICMP based traffic like ping, but for UDP and TCP you're fine (with slight modification to your socat command).


    =============================
    Edit The below is not needed for recent versions of socat, unless you are paranoid. According to the torwiki (wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO), "socat versions up to and including 1.3.2.2 had a bug that would use SOCKS4A only when a direct DNS resolution attempt failed, thus possibly revealing which DNS names you accessed through socat." So if you have a newer version (current is 1.6). Older versions that leak DNS need to be used in the chroot, as described below
    =============================
    Now, one problem with this is that (I believe) your computer will do a DNS lookup on HIDDENSERVICE.onion to try and send an IP address to the proxy. This is can be avoided through a proper chroot.

    Code:
    $ mkdir -p chroot/{bin,lib,dev,etc,usr/lib}
    $ ln -s lib chroot/lib32
    $ ln -s lib chroot/lib64
    $ for i in cp mkdir mv rm rmdir rsync bash socat; do cp $(which $i) chroot/bin/; done
    --copy libs manually, see note--
    $ su / sudo -s
    # chroot chroot /bin/bash
    # socat .... (same command from above)
    Libraries: none of your binaries will run without their libs. Find out and copy each library. I don't have a nice one liner for this. Here's an example output
    Code:
    $ ldd $(which bash)
    	linux-vdso.so.1 =>  (0x00007fffceffe000)
    	libncurses.so.5 => /lib/libncurses.so.5 (0x00007f0cc69e4000)
    	libdl.so.2 => /lib/libdl.so.2 (0x00007f0cc67e0000)
    	libc.so.6 => /lib/libc.so.6 (0x00007f0cc646e000)
    	/lib64/ld-linux-x86-64.so.2 (0x00007f0cc6c1f000)
    The first lib (linux-vdso.so.1) is statically linked, that is, a part of the bash binary. The others need to be copied, so /lib/libncurses.so.5 etc go in chroot/lib and /lib64/ld-linux-x86-64.so.2 goes in chroot/lib64. You will need to repeat for each binary. For a somewhat messy oneliner, user:

    Code:
    for j in socat bash cp mkdir mv rm rmdir rsync bash socat; do for i in $(ldd $(which socat) | cut -d\( -f1 | cut -d\> -f2); done; done
    The most important in creating your DNS shielding chroot is that you DO NOT copy /etc/resolve.conf into chroot/etc/. If you do this, your chroot will known how to resolve DNS! You want it to NOT know so it has to send the unresolved address down the proxy. Also note, you really only need to run the socat within the chroot, as it presents a TCP socket to the whole computer, so you can run rsync, telnet, etc from a normal shell (or even if iptables isn't configured. As a second note, your chroot won't be able to resolve anything, even localhost, so replace that with 127.0.0.1. The destination address REMOTESERVER.COM or HIDDENSERVICE.ONION will be resolved through the proxy once it fails to resolve locally.

    Have fun.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •