Anonymizing your connection is one the main requirements you need to do when you want to do bad things. When you going to scan a website or target host for vulnerabilities undetected so that Interpol won’t come knocking at your door with the Female Body Inspectors. For this purpose we are going to use TOR.
“Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis”. Tor network is an onion routing project that allows users to send traffic through the network, thus making your Internet traffic appear to come from the Tor exit node, not your real IP.
Tor runs your traffic through 3 hops and multiple nodes to mask your IP via their onion-routing system. But, let’s face it, Tor is slow. Having that many hops makes our ping delay increase dramatically. Moxie Marlinspike has created a nifty little tool that can send your traffic through a single Tor exit node called Tortunnel. Tortunnel is a partial onion proxy implementation that’s designed to build single-hop circuits through Tor exit nodes. This is useful in cases where you might want a very low level of anonymity, and don’t want to deal with the performance implications of using Tor’s full three-hop circuits.
This article will show you how to use Tortunnel to push our traffic through Tor exit node, bypassing the rest of the slow Tor network, and then use proxychains so that your applications can use this tunnel, and your public IP will appear to be that of the Tor exit node with light layer of anonymity and protection.
Packages going to install:
- Tortunnel (contains torproxy, requires boost libraries)
- Boost C++ Libraries
#apt-get install tor vidalia proxychains privoxy tor-geoipdb nmap libboost-system1.49.0
Now that everything is installed, we need to configure privoxy and proxychains so that they work with torproxy.
proxychains – a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.Supported auth-types: “user/pass” for SOCKS4/5, “basic” for HTTP.
Comment out the last line with a # and add the line below:
#socks4 127.0.0.1 9050
socks5 127.0.0.1 9050
The biggest problem with many applications is that they leak DNS requests. That is, although they use Tor to anonymize the traffic, they first send a DNS request untorified in order to get the IP address of the target system. Then they communicate “anonymously” with that target. The problem: any eavesdropper with more stuff can conclude what website you visited, if they see that you sent a DNS request for sathish.com, followed by some “anonymous” Tor traffic.
Fot that we use Tor together with Privoxy, that prevents DNS leaks. Many non-HTTP-based applications are usually torified using a small tool called torify, but often this approach has DNS leaking problems.
Note: For Firefor Browser type about:config in the Firefox URL dialog, find the item network.proxy.socks_remote_dns and set it to true, also find browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled and set it to disable.
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.
#Find the line that says “forward-socks5″ and change it to look like this:
forward-socks5 / 127.0.0.1:9050 .
Tortunnel is a partial Onion Proxy implementation that’s designed to build single-hop circuits through Tor exit nodes. This is useful in cases where you might want some very low level of anonymity and don’t want to deal with the performance implications of using Tor’s full three-hop circuits.
We need download it tortunnel-master.zip form here
#make && make install
To connect to an exit node we first need to find exit node IP. For that open your vidalia and open the network option and choose nodes with ipaddress in the rightside of the panel.
Once you find an exit node IP, run torproxy using that IP, and put an & at the end of the command to start it as a backround job.
Now let’s set up our Tortunnel to be ready to have traffic run through it.
Let’s put a SOCKS interface on localhost port 9050:
#torproxy -p 9050 -r
That’s all you need to do, but if you have a specific exit node you want to tunnel through, use this:
#torproxy -p 9050 -n <ip of exit node>
Open your browser (or another internet program) and change your network/proxy settings to 127.0.0.1:9050
In addition, there is the little issue that you are not completely anonymous in your scanning. I have seen a few sites that reference the exact same scan I just ran above and say it is “safe”. Not true! Nmap by default “pings” the remote host as part of its detection of which host are alive and which are not by sending ICMP packets to the target systems.
Lets fix this by iptables rule will cause packets sent to the target environment that are not going through the Tor network to be dropped.
#iptables -A OUTPUT –dest [TargetIP] -j DROP
Speeding up NMAP with TorTunnel (Torproxy).
Lets address the issue of speed with tortunnel by Moxie Marlinspike. Moxie wrote this program so your Tor activity goes directly to an exit node. This bypasses two of the three hops, thereby greatly improving the overall speed of your scans. For that we need to edit the /etc/tor/torrc file.
Checking the IP address of the host machine
#apt-get install lynx
#proxychains lynx http://www.whatismyip.com
Now start scan the target with Nmap anonymously.
#proxychains nmap -Pn -sT -p 80,443,21,22,23 126.96.36.199