Tor
De Linuxmemo.
Sommaire |
[modifier] Tor ports
OR(Onion Router) port = 9001 --> no auth Tor-Sock (proxy socks5) = 9050 --> acl ip via config file Control/monitor = 127.0.0.1:9051 --> auth pass/hash or cookies
Attention Tor-Sock n'est pas un proxy http, il faut le chaîner avec Privoxy pas exemple.
[modifier] Install (Ubuntu)
vim /etc/apt/sources.list deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main :wq gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - apt-get update apt-get install deb.torproject.org-keyring apt-get install tor
apt-get install privoxy vim /etc/privoxy/config dé-commenter la ligne pour le chaînage: # forward-socks5 / 127.0.0.1:9050 . commenter #logfile logfile , jarfile jarfile , debug xxx service privoxy reload
[modifier]
Provoxy localhost:8118 pour HTTP/HTTPS/FTP Socks v5 Pas pour localhost, 127.0.0.1
[modifier] Utilisation du proxy socks 5
torify apps & curl --socks5-hostname 192.168.0.30:9050 www.facebook.com
[modifier] Devenir un noeuds Tor (développer le réseau Tor)
Deux type: les noeuds relai (sans sortie vers internet, qui permettent de transmettre les paquets pour brouiller les pistes) et les noeuds de sortie.
vim /etc/tor/torrc #les noeuds relai SocksPort 9050 DataDirectory /var/lib/tor Nickname monserveurtor Address 123.456.789.123 ContactInfo tor@xxxx.org ORPort 9001 RelayBandwidthRate 200 KB ExitPolicy reject *:*
ou bien
vim /etc/tor/torrc #les noeuds de sortie SocksPort 9050 DataDirectory /var/lib/tor Nickname monserveurtor Address 123.456.789.123 ContactInfo tor@xxxx.org ORPort 9001 RelayBandwidthRate 200 KB ExitPolicy reject *:25 ExitPolicy reject *:119 ExitPolicy reject *:135-139 ExitPolicy accept *:*
[modifier] Monitoring
Terminal (command line) application for monitoring and configuring Tor: https://www.atagar.com/arm/
apt-get install tor-arm
Créer un hash pour le mot de pass
tor --hash-password monmotdepasse 16:9D8E8E2CDBEAF5A160FC599C53A78686E8346A057A7EA8EFE9C7863B38
Configuration de Tor:
ControlPort 9051 HashedControlPassword 16:9D8E8E2CDBEAF5A160FC599C53A78686E8346A057A7EA8EFE9C7863B38
Utilisation (ne pas utiliser sous le compte root)
sudo -u debian-tor arm
[modifier] Flags
- Authority
A router is called an ‘Authority’ if the authority generating the network-status document believes it is an authority
- Exit
A router is called an 'Exit’ iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space.
- Fast
A router is 'Fast’ if it is active, and its bandwidth is either in the top 7/8ths for known active routers or at least some minimum (20KB/s until 0.2.3.7-alpha, and 100KB/s after that).
- Guard
A router is a possible 'Guard’ if its Weighted Fractional Uptime is at least the median for “familiar” active routers, and if its bandwidth is at least median or at least 250KB/s. To calculate weighted fractional uptime, compute the fraction of time that the router is up in any given day, weighting so that downtime and uptime in the past counts less. A node is 'familiar’ if 1/8 of all active nodes have appeared more recently than it, OR it has been around for a few weeks.
- HSDir
A router is a v2 hidden service directory if it stores and serves v2 hidden service descriptors, and the authority believes that it’s been up for at least 25 hours (or the current value of MinUptimeHidServDirectoryV2).
- Named
Directory authority administrators may decide to support name binding. If they do, then they must maintain a file of nickname-to-identity-key mappings, and try to keep this file consistent with other directory authorities. If they don’t, they act as clients, and report bindings made by other directory authorities (name X is bound to identity Y if at least one binding directory lists it, and no directory binds X to some other Y’.) A router is called 'Named’ if the router believes the given name should be bound to the given key. Two strategies exist on the current network for deciding on values for the Named flag. In the original version, relay operators were asked to send nickname-identity pairs to a mailing list of Naming directory authorities’ operators. The operators were then supposed to add the pairs to their mapping files; in practice, they didn’t get to this often. Newer Naming authorities run a script that registers routers in their mapping files once the routers have been online at least two weeks, no other router has that nickname, and no other router has wanted the nickname for a month. If a router has not been online for six months, the router is removed.
- Running
A router is 'Running’ if the authority managed to connect to it successfully within the last 45 minutes.
- Stable
A router is 'Stable’ if it is active, and either its Weighted MTBF is at least the median for known active routers or its Weighted MTBF corresponds to at least 7 days. Routers are never called Stable if they are running a version of Tor known to drop circuits stupidly. (0.1.1.10-alpha through 0.1.1.16-rc are stupid this way.) To calculate weighted MTBF, compute the weighted mean of the lengths of all intervals when the router was observed to be up, weighting intervals by $\alpha^n$, where $n$ is the amount of time that has passed since the interval ended, and $\alpha$ is chosen so that measurements over approximately one month old no longer influence the weighted MTBF much. [XXXX what happens when we have less than 4 days of MTBF info.]
- Unnamed
Directory authorities that support naming should vote for a router to be 'Unnamed’ if its given nickname is mapped to a different identity.
- Valid
a router is 'Valid’ if it is running a version of Tor not known to be broken, and the directory authority has not blacklisted it as suspicious.
- V2Dir
A router supports the v2 directory protocol if it has an open directory port, and it is running a version of the directory protocol that supports the functionality clients need. (Currently, this is 0.1.1.9-alpha or later.)
[modifier] Bug systemd
vim lib/systemd/system/tor@default.service change TimeoutStartSec=300 to TimeoutStartSec=600
[modifier] Types of relays
Guard and middle relay (also known as non-exit relays) - A guard relay is the first relay in the chain of 3 relays building a Tor circuit. A middle relay is neither a guard nor an exit, but acts as the second hop between the two.
Exit relay - The exit relay is the final relay in a Tor circuit, the one that sends traffic out its destination.
