Many companies on the Internet allow to access their services from certain countries only.
If you need to access a website that is blocked from your country – you can use a Tor Browser.
By default, the Tor Browser picks random exit nodes from any country, but it can be configured to use the exit nodes with IP addresses from a particular country only. (more…)
Tor Browser is widely used for anonymous web-surfing and protection against traffic analysis.
It is also can help to bypass Internet filters and access blocked websites.
This is a simple step by step guide that covers the installation process of the Tor Browser on such Linux systems as Ubuntu, Kali Linux, Debian, Linux Mint, Fedora etc.
Frankly speaking, there is no need to perform the classical installation, as it is just enough to download an archive with the latest stable version of the Tor Browser for Linux, unpack it and start the launcher. (more…)
In this article i will explain how to stay anonymous during port scanning with Nmap (utility for network discovery and security auditing).
I’ll show how to perform an anonymous port scanning through the Tor network, using ProxyChains utility.
I’ll also show how to get round a situation where scan fails, because Tor endpoints are blocked.
To perform an anonymous port scanning, we need to install the following tools:
| Package | Description |
|---|---|
| tor | Anonymizing overlay network for TCP |
| nmap | Network port scanner |
| proxychains | Redirect connections through proxy servers |
Install Tor from the standard repositories:
$ sudo apt-get install tor
$ sudo apt-get install nmap
$ sudo apt-get install proxychains
ProxyChains is already configured to use Tor by default.
You can verify this by looking up /etc/proxychains.conf.
The last lines should be like these:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
Run the following command to perform an anonymous Nmap scanning through Tor network:
$ proxychains nmap -sT -PN -n -sV -p 80,443,21,22 217.xx.xx.xx ProxyChains-3.1 (http://proxychains.sf.net) Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-24 17:34 EET |S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:443-<><>-OK |S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:21-<><>-OK |S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:80-<><>-OK |S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:22-<--denied Nmap scan report for 217.xx.xx.xx Host is up (0.14s latency). PORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd 22/tcp closed ssh 80/tcp open http Apache httpd 2.2.26 ((CentOS)) 443/tcp open ssl/http Apache httpd 2.2.26 ((CentOS))
In the scan log we can see the ‘chain’ that goes from Tor-proxy (127.0.0.1:9050) to our scanned host (217.xx.xx.xx).
It is possible that we will encounter a situation where scan fails, because Tor endpoints are blocked.
The solution may be in adding common public proxy server to the ‘chain’.
We can do that by simply editing the /etc/proxychains.conf and adding a new entry at the end of the [ProxyList] (be sure that random_chain option is disabled).
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050 socks4 115.71.237.212 1080
The new ‘chain’ goes through the Tor-proxy (127.0.0.1:9050) to some public proxy server (115.71.237.212:1080) and then to our scanned host (217.xx.xx.xx).
$ proxychains nmap -sT -PN -n -sV -p 21 217.xx.xx.xx ProxyChains-3.1 (http://proxychains.sf.net) Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-25 11:05 EET |S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK |S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK Nmap scan report for 217.xx.xx.xx Host is up (1.2s latency). PORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd
In the examples above, i run Nmap with the following options:
| Option | Description |
|---|---|
| -sT | full TCP connection scan |
| -PN | do not perform host discovery |
| -n | never perform DNS resolution (to prevent DNS leaks) |
| -sV | determine service version/info |
| -p | ports to scan |
Scanning through Tor is very slow. That is why, i’ve scanned only several specified ports in the examples above.
Even if you are using proxy, all your DNS queries still go to the DNS server of your ISP.
To prevent DNS leaks, use tor-resolve command to resolve a hostname to an IP address via Tor network:
$ tor-resolve google.com 173.194.34.174
This guide describes how to install Tor Client on the Debian based systems like Linux Mint, Ubuntu etc.
Tor or The Onion Router – is an encrypted network that can route your traffic through relays, making the traffic appear to come from exit nodes.
Unlike with proxies, the exit node itself doesn’t know your IP address or where you are.
To redirect connections through the Tor network we will use ProxyChains utility.
Edit /etc/apt/sources.list file.
$ sudo vi /etc/apt/sources.list
Append the following line:
deb http://deb.torproject.org/torproject.org <RELEASE NAME> main
e.g.
deb http://deb.torproject.org/torproject.org jessie main
If you don’t know the release name of your distribution, you can find it out by running the following command:
$ cat /etc/*[-_]{release,version}
e.g.
$ cat /etc/*[-_]{release,version}
DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=17.1
DISTRIB_CODENAME=rebecca
DISTRIB_DESCRIPTION="Linux Mint 17.1 Rebecca"
NAME="Ubuntu"
VERSION="14.04.1 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.1 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
jessie/sid
Add the GPG key used to sign the packages by running the following commands:
$ gpg --keyserver keys.gnupg.net --recv 886DDD89 $ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89|sudo apt-key add -
Refresh your sources:
$ sudo apt-get update
Install the following package to keep the signing key up to date:
$ sudo apt-get install deb.torproject.org-keyring
Install the Tor and ProxyChains by running the following command:
$ sudo apt-get install tor proxychains
The following basic packages will be installed:
| Package | Description |
|---|---|
| tor | Anonymizing overlay network for TCP |
| proxychains | Redirect connections through proxy servers |
The ProxyChains is already configured to use Tor by default.
You can verify this by looking up /etc/proxychains.conf.
The last lines should be like these:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
You can test the Tor by checking your public IP address from the command line.
$ wget -q -O - ip.appspot.com 83.***.***.*** $ proxychains wget -q -O - ip.appspot.com ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| ip.appspot.com |S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK |DNS-response| ip.appspot.com is 74.125.193.141 |S-chain|-<>-127.0.0.1:9050-<><>-74.125.193.141:80-<><>-OK 154.35.132.83