Tor setup- torrc file configuration

gAtO bEen- working on Tor stuff and wanted to find the right torrc commands and configuration for Tor. So I started to look around and found these files. I guess if we look at these we could come up with maybe all the configurations keywords for Tor. gAtO is working on Tor and maybe some bot’s woking in Tor-land. The word is out and many are working on Tor botnets the good thing is most all are beginners, but the interest of people not wanting to rent a bot but build a bot is getting stronger. People wanting to learn code. Script kiddies with code this is not going to be pretty folks – hope you enjoy the torrc stuff– gAtO oUt

File 1

## Configuration file for a typical Tor user

## Last updated 17 September 2012 @gAtOmAlO2 .

## (May or may not work for much older or much newer versions of Tor.)

##

## Lines that begin with “## ” try to explain what’s going on. Lines

## that begin with just “#” are disabled commands: you can enable them

## by removing the “#” symbol.

##

## See the man page, or https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in ,

## for more options you can use in this file.

##

## Tor will look for this file in various places based on your platform:

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc

## Replace this with “SocksPort 0” if you plan to run Tor only as a

## server, and not make any local application connections yourself.

SocksPort 9050 # what port to open for local application connections

SocksListenAddress 127.0.0.1 # accept connections only from localhost

#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also

 

## Entry policies to allow/deny SOCKS requests based on IP address.

## First entry that matches wins. If no SocksPolicy is set, we accept

## all (and only) requests from SocksListenAddress.

#SocksPolicy accept 192.168.0.0/16

#SocksPolicy reject *

 

## Logs go to stdout at level “notice” unless redirected by something

## else, like one of the below lines. You can have as many Log lines as

## you want.

##

## We advise using “notice” in most cases, since anything more verbose

## may provide sensitive information to an attacker who obtains the logs.

##

## Send all messages of level ‘notice’ or higher to /var/log/tor/notices.log

#Log notice file /var/log/tor/notices.log

## Send every possible message to /var/log/tor/debug.log

#Log debug file /var/log/tor/debug.log

## Use the system log instead of Tor’s logfiles

#Log notice syslog

## To send all messages to stderr:

#Log debug stderr

 

## Uncomment this to start the process in the background… or use

## –runasdaemon 1 on the command line. This is ignored on Windows;

## see the FAQ entry if you want Tor to run as an NT service.

#RunAsDaemon 1

 

## Tor only trusts directories signed with one of these keys, and

## uses the given addresses to connect to the trusted directory

## servers. If no DirServer lines are specified, Tor uses the built-in

## defaults (moria1, moria2, tor26), so you can leave this alone unless

## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory /var/lib/tor

 

## The port on which Tor will listen for local connections from Tor

## controller applications, as documented in control-spec.txt.

#ControlPort 9051

 

############### bypass open DNS ###############

##

## ACRYLIC DNS PROXY ==
## http://sourceforge.net/projects/acrylic/
##
## Step 1 INSTALL TOR
## Step 2 INSTALL ACRYLIC DNS PROXY

##

Acrylic is a local DNS proxy which improves the performance of your computer by caching the responses coming from your DNS servers. When you browse a Web page a portion of the loading time is dedicated to name resolution (usually from a few milliseconds to 1 second or even more) while the rest is dedicated to the transfer of the page contents to your browser. What Acrylic does is to reduce the time dedicated to name resolution for frequently visited addresses as close to zero as possible. With Acrylic you can also gracefully overcome short downtimes of your DNS servers without disrupting your work, because in this case you will at least be able to connect to your favourite sites and to your email server. In addition Acrylic can help you to effectively block unwanted ads prior to their download through the use of a custom HOSTS files, optimizing your navigation experience even further.

## Copy the following and paste it in TOR BROWSER\Data\TOR\torrc

## DNSPort 9053
## AutomapHostsOnResolve 1
## AutomapHostsSuffixes .exit,.onion

##

##

##

############### bypass open DNS ###############

############### This section is just for location-hidden services ###

## Look in …/hidden_service/hostname for the address to tell people.

## HiddenServicePort x y:z says to redirect a port x request from the

## client to y:z.

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

#HiddenServiceNodes moria1,moria2

#HiddenServiceExcludeNodes bad,otherbad

## Once you have configured a hidden service, you can look at the

## contents of the file “…/hidden_service/hostname” for the address

## to tell people.

##

## HiddenServicePort x y:z says to redirect requests on port x to the

## address y:z.

 

#HiddenServiceDir /var/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir /var/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

 

################ This section is just for relays ###################

## See https://www.torproject.org/docs/tor-doc-relay for details.

 

## A unique handle for your server.

 

#Nickname ididnteditheconfig

 

## The IP or FQDN for your server. Leave commented out and Tor will guess.

 

#Address noname.example.com

 

## Define these to limit the bandwidth usage of relayed (server)

## traffic. Your own traffic is still unthrottled.

## Note that RelayBandwidthRate must be at least 20 KB.

 

#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)

#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

 

## Contact info to be published in the directory, so we can contact you

## if your server is misconfigured or something else goes wrong.

#ContactInfo Random Person <nobody AT example dot com>

## You might also include your PGP or GPG fingerprint if you have one:

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

 

## Required: what port to advertise for Tor connections.

#ORPort 9001

## If you need to listen on a port other than the one advertised

## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the

## line below too. You’ll need to do ipchains or other port forwarding

## yourself to make this work.

 

#ORListenAddress 0.0.0.0:9090

 

## Uncomment this to mirror directory information for others. Please do

## if you have enough bandwidth.

#DirPort 9030 # what port to advertise for directory connections

## If you need to listen on a port other than the one advertised

## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line

## below too. You’ll need to do ipchains or other port forwarding yourself

## to make this work.

 

#DirListenAddress 0.0.0.0:9091

 

## Uncomment this if you run more than one Tor server, and add the

## nickname of each Tor server you control, even if they’re on different

## networks. You declare it here so Tor clients can avoid using more than

## one of your servers in a single circuit. See

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers

 

#MyFamily nickname1,nickname2,…

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to _replace_

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re _augmenting_ (prepending to) the

## default exit policy. Leave commented to just use the default, which is

## available in the man page or at https://www.torproject.org/documentation.html

##

## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses

## for issues you might encounter if you use the default exit policy.

##

## If certain IPs and ports are blocked externally, e.g. by your firewall,

## you should update your exit policy to reflect this — otherwise Tor

## users will be told that those destinations are down.

##

#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more

#ExitPolicy accept *:119 # accept nntp as well as default exit policy

#ExitPolicy reject *:* # no exits allowed

#

################ This section is just for bridge relays ##############

#

## Bridge relays (or “bridges” ) are Tor relays that aren’t listed in the

## main directory. Since there is no complete public list of them, even if an

## ISP is filtering connections to all the known Tor relays, they probably

## won’t be able to block all the bridges. Unlike running an exit relay,

## running a bridge relay just passes data to and from the Tor network —

## so it shouldn’t expose the operator to abuse complaints.

 

#ORPort 443

#BridgeRelay 1

#RelayBandwidthRate 50KBytes

#ExitPolicy reject *:*

 

File 2

################ This section is just for servers #####################

 

## NOTE: If you enable these, you should consider mailing your identity

## key fingerprint to the tor-ops, so we can add you to the list of

## servers that clients will trust. See the README for details.

 

## Required: A unique handle for this server

#Nickname ididnteditheconfig

 

## The IP or fqdn for this server. Leave blank and Tor will guess.

#Address noname.example.com

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

## Required: what port to advertise for tor connections

#ORPort 9001

## If you want to listen on a port other than the one advertised

## in ORPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

 

## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

## If you want to listen on a port other than the one advertised

## in DirPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to *replace*

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re *augmenting* (prepending to) the

## default exit policy. Leave commented to just use the default.

#ExitPolicy accept *:6660-6667

#ExitPolicy reject 192.168.0.1:*

#ExitPolicy reject *:*

 

#BridgeRelay 1

#ExitPolicy reject *:*

 

File 3

Index: torrc.sample.in

===================================================================

RCS file: /home/or/cvsroot/src/config/torrc.sample.in,v

retrieving revision 1.31

retrieving revision 1.32

diff -u -d -r1.31 -r1.32

— torrc.sample.in 10 Nov 2004 00:14:02 -0000 1.31

+++ torrc.sample.in 12 Nov 2004 04:00:07 -0000 1.32

@@ -1,73 +1,76 @@

-# Configuration file for a typical tor user

+## Configuration file for a typical tor user

 

-# Replace this with “SocksPort 0” if you don’t want clients to connect.

+## Replace this with “SocksPort 0” if you don’t want clients to connect.

SocksPort 9050 # what port to advertise for application connections

SocksBindAddress 127.0.0.1 # accept connections only from localhost

#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port

 

-# Entry policies to allow/deny SOCKS requests based on IP address.

-# First entry that matches wins. If no SocksPolicy is set, we accept

-# all (and only) requests from SocksBindAddress.

-#

+## Entry policies to allow/deny SOCKS requests based on IP address.

+## First entry that matches wins. If no SocksPolicy is set, we accept

+## all (and only) requests from SocksBindAddress.

#SocksPolicy accept 192.168.0.1/16

#SocksPolicy reject *

 

-# Allow no-name routers (ones that the dirserver operators don’t

-# know anything about) in only these positions in your circuits.

-# Other choices (not advised) are entry,exit,introduction.

+## Allow no-name routers (ones that the dirserver operators don’t

+## know anything about) in only these positions in your circuits.

+## Other choices (not advised) are entry,exit,introduction.

AllowUnverifiedNodes middle,rendezvous

 

-# Logs go to stdout unless redirected by something else, like one of

-# the below lines, or –logfile on the command line.

-### Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

-#Log warn file @LOCALSTATEDIR@/log/tor/warnings

-### Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-info file @LOCALSTATEDIR@/log/tor/debug

-### Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug

-### To use the system log instead of Tor’s logfiles, uncomment these lines:

+## Logs go to stdout unless redirected by something else, like one of

+## the below lines.

+## Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

+#Log warn file @LOCALSTATEDIR@/log/tor/warnings.log

+## Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-info file @LOCALSTATEDIR@/log/tor/debug.log

+## Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug.log

+## To use the system log instead of Tor’s logfiles, uncomment these lines:

#Log notice syslog

-### To send all messages to stderr:

+## To send all messages to stderr:

#Log debug-err stderr

 

-# Uncomment this to start the process in the background… or use

-# –runasdaemon 1 on the command line.

+## Uncomment this to start the process in the background… or use

+## –runasdaemon 1 on the command line.

#RunAsDaemon 1

 

-# Tor only trusts directories signed with one of these keys, and

-# uses the given addresses to connect to the trusted directory

-# servers. If no DirServer lines are specified, Tor uses the built-in

-# defaults (moria1, moria2, tor26), so you can leave this alone unless

-# you need to change it.

+## Tor only trusts directories signed with one of these keys, and

+## uses the given addresses to connect to the trusted directory

+## servers. If no DirServer lines are specified, Tor uses the built-in

+## defaults (moria1, moria2, tor26), so you can leave this alone unless

+## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

-# The directory for keeping all the keys/etc. By default, we store

-# things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

+## The directory for keeping all the keys/etc. By default, we store

+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

##################### Below is just for servers #####################

 

-## NOTE: If you enable these, you should consider mailing your

-## identity key fingerprint to the tor-ops, so we can verify

-## your configuration. See the README for details.

+## NOTE: If you enable these, you should consider mailing your identity

+## key fingerprint to the tor-ops, so we can add you to the list of

+## servers that clients will trust. See the README for details.

+

+## A unique handle for this server

+#Nickname ididnteditheconfig

+

+## The IP or fqdn for this server. Leave blank and Tor will guess.

+#Address noname.example.com

 

-#Nickname ididnteditheconfig       # A unique handle for this server

-#Address noname.example.com        # The IP or fqdn for this server

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

#ORPort 9001 # what port to advertise for tor connections

-# If you want to listen on a port other than the one advertised

-# in ORPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in ORPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

-# Uncomment this to mirror the directory for others (please do)

+## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

-# If you want to listen on a port other than the one advertised

-# in DirPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in DirPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

## A comma-separated list of exit policies. They’re considered first

File 4

############### This section is just for location-hidden services ###
64
65 ## Look in …/hidden_service/hostname for the address to tell people.
66 ## HiddenServicePort x y:z says to redirect a port x request from the
67 ## client to y:z.
68
69 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/hidden_service/
70 #HiddenServicePort 80 127.0.0.1:80
71
72 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/other_hidden_service/
73 #HiddenServicePort 80 127.0.0.1:80
74 #HiddenServicePort 22 127.0.0.1:22
75 #HiddenServiceNodes moria1,moria2
76 #HiddenServiceExcludeNodes bad,otherbad
77

File 5

— src/config/torrc.sample.in.orig 2007-01-27 23:41:23.000000000 +0000
+++ src/config/torrc.sample.in 2007-01-27 23:43:47.000000000 +0000
@@ -18,6 +18,11 @@
 ## With the default Mac OS X installer, Tor will look in ~/.tor/torrc or
 ## /Library/Tor/torrc
+## Default username and group the server will run as
+User tor
+Group tor
+
+PIDFile /var/run/tor/tor.pid
 ## Replace this with “SocksPort 0” if you plan to run Tor only as a
 ## server, and not make any local application connections yourself.
@@ -46,6 +51,7 @@
 #Log notice syslog
 ## To send all messages to stderr:
 #Log debug stderr
+Log notice file /var/log/tor/tor.log
 ## Uncomment this to start the process in the background… or use
 ## –runasdaemon 1 on the command line. This is ignored on Windows;
@@ -55,6 +61,7 @@
 ## The directory for keeping all the keys/etc. By default, we store
 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 #DataDirectory @LOCALSTATEDIR@/lib/tor
+DataDirectory   /var/lib/tor/data
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.

 

— a/src/config/torrc.sample.in
2 +++ b/src/config/torrc.sample.in
3 @@ -44,11 +44,11 @@ SocksListenAddress 127.0.0.1 # accept co
4  ## Uncomment this to start the process in the background… or use
5  ## –runasdaemon 1 on the command line. This is ignored on Windows;
6  ## see the FAQ entry if you want Tor to run as an NT service.
7 -#RunAsDaemon 1
8 +RunAsDaemon 1
9
10  ## The directory for keeping all the keys/etc. By default, we store
11  ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
12 -#DataDirectory @LOCALSTATEDIR@/lib/tor
13 +DataDirectory @LOCALSTATEDIR@/lib/tor
14
15  ## The port on which Tor will listen for local connections from Tor
16  ## controller applications, as documented in control-spec.txt.
17 @@ -168,3 +168,5 @@ SocksListenAddress 127.0.0.1 # accept co
18  #BridgeRelay 1
19  #ExitPolicy reject *:*
20
21 +User tor
22 +PidFile @LOCALSTATEDIR@/run/tor/tor.pid

File 6

Configuration tips

Using the same exit for persistant connections

Some websites will log you out if you re-visit (while loggined in using a cookie to identify you) from a different IP. Tor has a feature called long lived ports. You could add the following to torrc to make connections to given ports use the same circut for a long period of time:

LongLivedPorts 80,23,21,22,706,1863,5050,5190,5222,5223,6667,8300,8888

A good alternative to LongLivedPorts is to use MapAddress for given sites. It allows you to make sure every connection to a given site goes through the same connection. This is also a good option if you need given sites to be visited from a given country.

For example,

MapAddress www.nsa.gov www.nsa.gov.nadia.exit

will make all visits to www.nsa.gov always use the edit node nadia, which is located in the US. There are anonymity issues with this; if you’re the only one using it then www.nsa.gov can at least figure out that it’s the same guy who’s visiting when connections are coming from that exit node.

=== Make Tor act faster ====

It is also possible to make Tor connections seem faster by setting CircuitBuildTimeout. Setting this number lower than the default (60 seconds) makes Tor give up and try other paths if it takes longer than the limit to build a circut. A circut which takes 50 seconds to build will be slower than a circut that takes 15 seconds to build. For example, you could set:

CircuitBuildTimeout 10

However, it must be mentioned that you will be using a whole lot more different servers if you allow circuts who take 50 seconds to build than if you set the limit to 10 seconds. There isn’t much solid research on exactly how this impacts traffic analysis resistance, but you’re – generally speaking – better off using a lot of slow servers than a few fast ones.

File 7

https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in