First things first, if you don't have Homebrew installed, do so. It's super easy to do, go here and run the command they say. if you don't want to read it, here it is:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"Now you magically have Homebrew installed into your /usr/local tree. After that run the command 'brew install tor' and you'll get these files installed:
/usr/local/Cellar/tor/0.3.2.10/.bottle/etc/tor/torrc.sample
/usr/local/Cellar/tor/0.3.2.10/bin/tor
/usr/local/Cellar/tor/0.3.2.10/bin/tor-gencert
/usr/local/Cellar/tor/0.3.2.10/bin/tor-resolve
/usr/local/Cellar/tor/0.3.2.10/bin/torify
/usr/local/Cellar/tor/0.3.2.10/homebrew.mxcl.tor.plist
/usr/local/Cellar/tor/0.3.2.10/share/doc/ (4 files)
/usr/local/Cellar/tor/0.3.2.10/share/man/ (4 files)
/usr/local/Cellar/tor/0.3.2.10/share/tor/ (2 files)
- cd to /usr/local/etc/tor and copy the file torrc.sample to torrc
- Uncomment the line 'SOCKSPort 9050'
- Uncomment the line 'Log notice file /usr/local/var/log/tor/notices.log'
- Uncomment the line 'DataDirectory /usr/local/var/lib/tor'
- At the end add the following lines:
- AutomapHostsOnResolve
- DNSPort 53530
- Save it and quit
So at this point we can start up Tor on the local machine and proxy traffic through it. So, start it up:
dy-mac:~ dyoung2$ tor
Dec 15 00:48:26.770 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) running on Darwin with Libevent 2.1.8-stable, OpenSSL 1.0.2q, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 15 00:48:26.770 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 15 00:48:26.770 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Dec 15 00:48:26.774 [notice] Scheduler type KISTLite has been enabled.
Dec 15 00:48:26.774 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 15 00:48:26.774 [notice] Opening DNS listener on 127.0.0.1:53530
And if you tail the log file:
Dec 15 00:49:04.000 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) opening log file.
Dec 15 00:49:04.885 [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 100020ef: OpenSSL 1.0.2n 7 Dec 2017; running with 1000211f: OpenSSL 1.0.2q 20 Nov 2018).
Dec 15 00:49:04.904 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) running on Darwin with Libevent 2.1.8-stable, OpenSSL 1.0.2q, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 15 00:49:04.904 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 15 00:49:04.904 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Dec 15 00:49:04.909 [notice] Scheduler type KISTLite has been enabled.
Dec 15 00:49:04.909 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 15 00:49:04.909 [notice] Opening DNS listener on 127.0.0.1:53530
Dec 15 00:49:04.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.3.2.10/share/tor/geoip.
Dec 15 00:49:05.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.3.2.10/share/tor/geoip6.
Dec 15 00:49:05.000 [notice] Bootstrapped 0%: Starting
Dec 15 00:49:05.000 [notice] Starting with guard context "default"
Dec 15 00:49:05.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 15 00:49:06.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Dec 15 00:49:07.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 15 00:49:07.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 15 00:49:07.000 [notice] Bootstrapped 100%: Done
As you can see we now have a Tor circuit established so if we connect to local port 9050 we're going over the Tor network. The first step there is to install the torsocks brew (as in brew install torsocks).
Now, to get things out over Tor you have several options, the first of which is this script called torify. I really don't remember where I picked it up at but it goes as follows (it's a wrapper around torsocks):
#!/bin/sh
# This script used to call (the now deprecated) tsocks as a fallback in case
# torsocks wasn't installed.
# Now, it's just a backwards compatible shim around torsocks with reasonable
# behavior if -v/--verbose or -h/--help arguments are passed.
#
# Copyright (c) 2004, 2006, 2009 Peter Palfrader
# Modified by Jacob Appelbaum <jacob@appelbaum.net> April 16th 2006
# Stripped of all the tsocks cruft by ugh on February 22nd 2012
# May be distributed under the same terms as Tor itself
compat() {
echo "torify is now just a wrapper around torsocks(1) for backwards compatibility."
}
usage() {
compat
echo "Usage: $0 [-hv] <command> [<options>...]"
}
case $# in 0)
usage >&2
exit 1
esac
case $# in 1)
case $1 in -h|--help)
usage
exit 0
esac
esac
case $1 in -v|--verbose)
compat >&2
shift
esac
# taken from Debian's Developer's Reference, 6.4
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
if pathfind torsocks; then
exec torsocks "$@"
echo "$0: Failed to exec torsocks $@" >&2
exit 1
else
echo "$0: torsocks not found in your PATH. Perhaps it isn't installed? (tsocks is no longer supported, for security reasons.)" >&2
fi
I save that either in $HOME/bin or in /usr/local/bin, it's entirely up to you.
So now how about we just torify a bash session?
dy-mac:bin dyoung2$ torify /bin/bash
ERROR: /bin/bash is located in a directory protected by Apple's System Integrity Protection.
Ugh. I've looked around and there's no way around that one with torify so how about we just toryify an ssh session?
dy-mac:bin dyoung2$ torify ssh dyvpn01
ERROR: /usr/bin/ssh is located in a directory protected by Apple's System Integrity Protection.
The answer is here, just copy /usr/bin/ssh over to /usr/local/bin/ssh. Done:
Before Tor:
dy-mac:bin dyoung2$ ssh dyvpn01
[centos@dyvpn01 ~]$ set | grep SSH
SSH_CLIENT='SOME.COMCAST.IP 59649 22'
With Torify:
dy-mac:bin dyoung2$ torify /usr/local/bin/ssh dyvpn01
[centos@dyvpn01 ~]$ set | grep SSH
SSH_CLIENT='185.220.101.13 34123 22'
So now I'm in over Tor for an ssh session.
I've tried to install the Bash Brew and torify that, it works but things inside still use the OS IP path, not the Tor proxy. I'd love to know how to have an entire shell session "protected" by a torify'd proxy.
Now, you have to be careful because ALL of the other traffic on the Mac is going over the clear, NOT over Tor, to take care of that add this script (torme.sh) somewhere. You'll have to adjust for the network adapter you're using, I'm on WiFi here.
#!/usr/bin/env bash
# 'Wi-Fi' or 'Ethernet' or 'Display Ethernet'
INTERFACE=Wi-Fi
# Ask for the administrator password upfront
sudo -v
# Keep-alive: update existing `sudo` time stamp until finished
while true; do sudo -n true; sleep 60; kill -0 "$$" || exit; done 2>/dev/null &
# trap ctrl-c and call disable_proxy()
function disable_proxy() {
sudo networksetup -setsocksfirewallproxystate $INTERFACE off
echo "$(tput setaf 64)" #green
echo "SOCKS proxy disabled."
echo "$(tput sgr0)" # color reset
}
trap disable_proxy INT
# Let's roll
sudo networksetup -setsocksfirewallproxy $INTERFACE 127.0.0.1 9050 off
sudo networksetup -setsocksfirewallproxystate $INTERFACE on
echo "$(tput setaf 64)" # green
echo "SOCKS proxy 127.0.0.1:9050 enabled."
echo "$(tput setaf 136)" # orange
echo "Starting Tor..."
echo "$(tput sgr0)" # color reset
tor
Note at the very end it starts up the Tor daemon so what we did previously to start it up isn't needed, use this script when you want MOST traffic routed over Tor on the machine.
It handles all the startup and teardown on ctrl-c so when you stop it the script "undoes" the network settings.
dy-mac:bin dyoung2$ ./torme.sh
Password:
SOCKS proxy 127.0.0.1:9050 enabled.
Starting Tor...
Dec 15 01:04:25.734 [notice] Tor 0.3.2.10 (git-31cc63deb69db819) running on Darwin with Libevent 2.1.8-stable, OpenSSL 1.0.2q, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Dec 15 01:04:25.734 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 15 01:04:25.734 [notice] Read configuration file "/usr/local/etc/tor/torrc".
Dec 15 01:04:25.739 [notice] Scheduler type KISTLite has been enabled.
Dec 15 01:04:25.739 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 15 01:04:25.739 [notice] Opening DNS listener on 127.0.0.1:53530
^C
SOCKS proxy disabled.
And in the log file:
Dec 15 01:04:25.739 [notice] Opening DNS listener on 127.0.0.1:53530
Dec 15 01:04:25.000 [notice] Parsing GEOIP IPv4 file /usr/local/Cellar/tor/0.3.2.10/share/tor/geoip.
Dec 15 01:04:25.000 [notice] Parsing GEOIP IPv6 file /usr/local/Cellar/tor/0.3.2.10/share/tor/geoip6.
Dec 15 01:04:25.000 [notice] Bootstrapped 0%: Starting
Dec 15 01:04:26.000 [notice] Starting with guard context "default"
Dec 15 01:04:26.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 15 01:04:26.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Dec 15 01:04:27.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 15 01:04:27.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 15 01:04:27.000 [notice] Bootstrapped 100%: Done
Dec 15 01:04:29.000 [notice] Interrupt: exiting cleanly.
At this point the browser is going over Tor, which we can verify by going to Tor Check:
I haven't come up with a way to ensure ALL the traffic on the machine goes over Tor, I use a combination of torify, torsocks and torme.sh to handle things. For example, if you want to use Weechat over Tor just use this: torify weechat and away you go.
Go Tor it up.
No comments:
Post a Comment