11/14/12

What Are ToR Hidden Service?

gAtO tHiNkInG – anonymity serves different interest for different user groups; To a private citizen it’s privacy, to a business it’s a network security issue. A business needs to keep trade secrets or have IP (knowledge base data-centers), communicate with vendors securely and we all know that business need to keep an eye on there competition – the competition can check your stats

update -11-14-2012 -uscyberlabs.com Tor Hidden Servicehttp://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox / honeypot — cool logs stats -DOWN 4 upgrade – 06-11-2013

(http://www.alexa.com/siteinfo/uscyberlabs.com) and check on how your business is doing, what keywords your using, demographics of users hitting your site—— by the way in the Tor-.onion network a web site/service cannot be monitored unless you want it…

How would a government use a ToR-network I’m asked all the time —

// if I was an (agent/business-person)state actor doing business in China (and other countries too) well I would use a ToR-.onion connection to keep my

business private from a government that is know to snoop a bit on travelers to their country. The fact is governments need anonymity for their security -think about it “What does the CIA Google for?” Maybe they us ToR??? But this is about Hidden services right.

 

What is a hidden service in ToR-.onion network?

SImply put it’s a web site/service, a place in the ToR network were we have a service like:

  • Search Engine
  • Directories
  • web / pop3 email
  • PM Private Messages
  • Drop Box’s
  • Re-mailers
  • Bulletin Boards BBS
  • Image Boards
  • Currency exchange
  • Blog
  • E-Commercce
  • Social Networks
  • Micro-Blog –

Hidden Services are called hidden, because your website’s IP in ToR is hidden- they cannot see the IP of your server — they can’t track you- if they can’t find you how are they gonna hack you???? Sorry I had to say that -((more about that later)). Now how do I keep this secret (my IP) and let you the user use my services. In the normal web if your in uscyberlabs.com your on my site,— my server -you can do a whois and get my IP and geo-location— then you can attack my website with dDoS and other IP attack vectors, you also get my location so you can physically find me- my server/my website – maybe go dumpster diving in the trash and get my company secrets— mAyBe sI – nO,

Well in the ToR-.onion network you the client ask the business website if they can use the websites service / then decide and start a handshake to a rendezvous POINT to meet  —we meet at an OR ((onion relay))-a rendezvous POINT) not at my server/ my IP — so your never ever on the business site/server when your in onionLand, you can’t do a whois and get my IP because we meet at an OR, you cannot find my geo-location…..

We have heard of the killings of Iranians and Syrian rebels being killed in todays news, when an Iranian rebel is fighting for his and his families life if they(the government) finds his IP or the IP of the website he visited // they will hunt that person down and the Iranian police/government will kill the whole family sometimes. So keeping an IP from someone is not an evil act it is an act of privacy for safety on both sides the client and the business.

you need to look at Figure 2 to explains this better:

Now let’s focus on R2 OR the yellow key. That’s the spot were you(your company’s hidden website) and your client meet — I know it’s a sneaky way of doing business but once again if they can’t get to your IP at least that is one attack vector that can’t be used to hack you or ddos you. OK they can still hack you but it’s software then. How it’s all done – the magic —the technical thingy to this is below —/this is just an outline of events of the client /hidden web/service protocol:














I goes something like this —

  • ESTABLISH RENDEZVOUS cell
  • INTRODUCE1
  • INTRODUCE2 cell
  • INTRODUCE ACK cell.
  • INTRODUCE2 cell
  • RENDEZVOUS1 cell
  • sends a RENDEZVOUS2 cell Chat
  • sends a RENDEZVOUS2 cell Blog
  • RENDEZVOUS ESTABLISHED cell

1. Whenever the rendezvous point receives a RELAY_COMMAND_RENDEZVOUS1  with the same cookie as the OR sent in the RELAY_COMMAND_INTRODUCTION1 cell it logs the reception and the IP address of the immediate transmitter of the cell. At the same time, the OR middle node monitors the circuits passing through it. Whenever it receives a DESTROY  cell over a circuit it checks:

1) whether the cell was received just after the rendezvous point received the RELAY_COMMAND_RENDEZVOUS1 cell;

2) if the next node of the circuit at the middle node coincides with the previous node of the circuit at the rendezvous point;

3) whether the number of forwarded cells is exactly 2 cells up the circuit and 52 cells down the circuit.

More Geek network kinda stuff::

1. Jun 03 20:50:02.100 [notice] Tor 0.2.1.0-alpha-dev (r14739) opening new log file.

2. Jun 03 20:50:11.151 [notice] We now have enough directory information to build circuits.

3. Jun 03 20:50:12.697 [info] rend_services_introduce(): Giving up on sabotage as intro point for stuptdu2qait65zm.

4. Jun 03 20:50:18.633 [info] rend_service_intro_established(): Received INTRO_ESTABLISHED cell on circuit 1560 for service stuptdu2qait65zm

5. Jun 03 20:51:18.997 [info] upload_service_descriptor(): Sending publish request for hidden service stuptdu2qait65zm

6. Jun 03 20:51:22.878 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 (“Service descriptor stored”))

People ask me how can these hidden services be attacked???

It’s all the same as in the surface web you find the software the hidden service is using /// let’s say Worpress (or flatPress) if they use an old version with vulnerabilities then, that site can be hacked by traditional hacking attack vectors— gAtO can’t wait till USCyberLabs.com will have a sandbox in the .onion were we can have a honeypot for people to hack and learn from.  (we need Funding for these project donate please – we will share) gAtO has not tried Backtrack 5 on ToR-.onion network – mAyBe sI -nO – uscyberlabs.com has been hacked a few times already and is consistently fighting bot’s and spammer, it goes on and on.everywhere-.-.-.-

Here are some technologies used in the ToR-.onion network:

update -11-14-2012 -uscyberlabs.com Tor Hidden Service = http://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox and it turned into a honeypot — cool logs stats

TorStatusNet – http://lotjbov3gzzf23hc.onion/   is a microblogging service. It runs the StatusNet microblogging software, version 0.9.9, available under the GNU Affero General Public License.

FlatPress is a blogging engine like -Wordpress blog http://flatpress.org/home/   – http://utup22qsb6ebeejs.onion/

Snapp BBS works fine in OnionLand – http://4eiruntyxxbgfv7o.onion/

PHP BBS – http://65bgvta7yos3sce5.onion/

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.  – http://ay5kwknh6znfmcbb.onion/torbook/

Anyway I hope this open up the mystery of a hidden service in ToR – it’s just a website, you go to a rendezvous point and do your business — your IP and the business IP are totally secure. No digital breadcrumbs. Now a word to the wise in the ToR-.onion network you have some very tech savvy people and some are very stupid be a critical-cyber user always -gAtO oUt.

11/13/12

Protocol-Level Hidden Server Discovery -WRONG

sOrRy – AROGANT gAtO – Open letter to:zhenling – jluo -wkui – xinwenfu – at seu.edu.cn cs.uvic.ca cs.uml.edu  – I wrote to you and gave you a chace to reply so her it goes for everyone to see that you rigged your lab in real life it does not work like you claim — gATO OuT – may be wrong mAyBe Si -nO 

zhenling@seu.edu.cn
jluo@seu.edu.cn
wkui@cs.uvic.ca
xinwenfu@cs.uml.edu

Protocol-Level Hidden Server Discovery

Since entry onion router is the only node that may know the real IP address of the hidden service— -note [3] The assumption was made in virtually all attacks towards the Tor network. This is reasonable because onion networks routers are set up by volunteers.

WRONG folks — So criminals work in these sterile structured surrounding – following rules and making assumptions that I’m stupid enough to not know how to control ENTRY and EXIT nodes into my Tor Website— COme on Dudes this is not school it’s the real world… otwxbdvje5ttplpv.onion here is my site now find my IP —

WHo am I – Richard Amores – @gAtOmAlO2 – I run http://uscyberlabs.com – I just finished a boot -“ The Deep Dark Web” Amazon New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU   Print Book – http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598 :- I do a we bit of real life research and I disagree — I go thru a proxie and a VPN in EU… before I go into Tor so the chances that you will find my IP just went up a notch or too. But I’m a legit – Security Researcher – imagine if I run Silk Road — making a bunch of Bitcoins a DAY— how many layers do they have—

how about a basic BRIDGE RELAY — and there it goes – u can’t touch this — how about a simple modification of the torrc file with these
HiddenServiceAuthorizeClient AND – HidServAuth
with these few modification the Tor site is hidden unless you have the key (HiddenServiceAuthorizeClient) in your browser/- that was generated to match the HidServAuth)-of the server– I think that your chances of finding my mean ass hidden service ip address —are ZERO…

I like what you’ll did cool analyst and you explained it great – but this puts fear into people – dissidents will maybe not use Tor because of what you guy’s say and maybe they may get caught and killed… It’s not only CRIMINALS — I know that gets grants money — but Tor is used to communicate and it allows – Freedom of Speech in Cyberspace- I’m gonna write something about this and I want to be nice so please explain why — you can say from an educational place of knowledge and allow this – “in the box” thinking that is being hacked everyday because they say— we did everything they told us to do— this is wrong and not true —

If you could get the IP of Silk Road — or better yet – PEDO BEAR the largest PEDO directory in TOR — tell me the IP and I will take it down myself— but don’t come at me saying we are right and every hacker is wrong  — learn please our world is depending on your great minds —

later,
RickA- @gAtOmAlO2 http://uscyberlabs.com

Here is the original paper —http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo.  Paper is starting to be discussed in the Tor community.  From my perspective, it is a nice attack to reveal the IP address of a hidden service.  It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option.  Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is here.
This stuff reminds me of a statement a professor said to a class I was in once:  “Guns are not good or bad.  It depends on who is holding the gun and which end is pointed at you.”

10/28/12

Cyber-War Digital -vs- Global Currency

gAtO rEaD – in Forbes – “Biitcoin Prevent Monetary Tyranny” -mEoW- Currency tyranny by global bankers and government can be down right ugly. They can shape debt into deliberate inflation, they can enforce persecutory capital control or even pre-arrange default – let’s not forget LIBOR manipulation and austerity against countries after they have ripped out all natural resources, install a puppet king and all that jazz —/ everything controlled by THE BANK CARTEL. On the other side of the coin..//

On Oct. 6 Susanne Posel reported -/ an attempt to hack into the U.S.A executive branch’s computer system through an unclassified network.  That’s the White House kitties with a simple “Spear Phishing” attack. They trolled for names of Top Military and government officials in Google’s Gmail account and got a few hit. Once again “Open Source Intelligence”  

– everything goes somewhere and gAtO (as well as others) goes everywhere.

A few days later the Iranians government blocked Gmail by government officials due to fears that Email can be a point of infection for attacks- I think that’s in the security 101 course

Bruce Schneier one of our cyber gods that knows what he is talking about say’s it best about chicken little screaming “the cyber Sky is falling” – STROKING CYBER FEARS – “Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or — my favorite — “cyber Armageddon.” But Bruce says it best in his own words  “There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.”  -may I add-/ to make lots of MONEY in private-corporation and government contracts worldwide. Fear + Cyber Security = BIG $$$

Fear is what bankers see as Africa is the first country that is being targeted for the BitCoin virtual currency. Imagine the turmoil in Nigeria and other places in Africa it has had a history of unstable governments the idea of a digital currency is appealing… La-Times read –Africa — the next frontier for virtual currency?

BUT the Bitcoin is NOT ready People[1] Satoshi warned us – it’s BETA software – It has only 21 Million bit coins and the last Bitcoin will be mined in 2040 – Governments and corporations have already started the propaganda that Bitcoin’s are EVIL. — 

The most important thing is, we must all be active in out lives to make the new future- They fear us “the people” will wake up and take control of our lives” – the new generation was born with a cell device in their hand and they are using it earlier and earlier to communicate.

The Cyber war that we see is not as bad as the Cyber War that is being fought with fear and propaganda because the bankers will lose control with – One World Currency – One World Government – that is what the hacktivist want, the new kids, the new generation.

Cyberspace is the city of Babel and in this mystical city everyone was able to communicate to anyone and exchange idea, dreams and culture—/ but this cause the priest to lose control so they destroyed it and made it EVIL. It’s only Evil when you lose your power, It is EVIL when you give them control and power — it’s our turn now -gAtO oUt

References:

[1] Satoshi Nakamoto – Bitcoin Creator –https://en.bitcoin.it/wiki/Satoshi_Nakamoto

http://latimesblogs.latimes.com/world_now/2012/04/bitcoin-virtual-money-africa-rudiger-koch.html

http://www.forbes.com/sites/jonmatonis/2012/10/04/bitcoin-prevents-monetary-tyranny/ Bitcoin Prevent Monetary Tyranny

10/25/12

The deep Dark Web -Book Release

gATO hApPy – 

AVAILABLE @ AMAZON – http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  – text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO – was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it Thank you Pierluigi a best friend a security gAtO ever had – gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

10/18/12

Tor hidden service secrets

Tor hidden service secrets

gAtO fRiDaY 10-18-2012 update hay you want to see a secret -hidden service –

Creative Hack – http://2kcreatydoneqybu.onion 

on top of this the name is custom – so that took extra time and efforts and the site is real when you have thier secret token — https://ahmia.fi/pagescreenshots/2kcreatydoneqybu.png

here you can take a look at this site anyway – try to extract any information from this secret Tor Website – you can’t see any source code – so you can’t make it error to extract information. I ask a friend that’s a Penn Tester to check this out – If anyone can extract any information please let me know –gAtOoUt

gAtO fRiDaY – sound off! – As i play with my new Tor hidden service – “Ok just apache website running https: a static site -right now” – What we know is that a Tor hidden service stays hidden until you send someone your .onion URL (example:- otwxbdvje5ttplpv.onion ) now once you know the URL your have access to the site. You may have to log in like on most bb sites but at least you reached the hidden service and now you can do stuff. 

While looking at the torrc file setting I found a little secret that with (server side) HiddenServiceAuthorizeClient-tag and the HidServAuth-tag on the (client) side -// your hidden service is now INVISIBLE to only the people that have a secret key installed in their “torrc” client file. In plain talk –

1. I put a special key on my hidden server – torrc file – HiddenServiceAuthorizeClient
2. generate a new key for client side – “what_ever_bcuuw46b3heyy”
3. send keys to the secret agents that can see or access the site HidServAuth
4. Only the people with my KEY can get to the front door of my hidden service – torrc file HidServAuth

This makes it hard to find the hidden service even if you have the URL ///./. it does nothing, no source code like a normal website. I ran into a few of these and had no clue why these sites behaved the way they did. I can pick apart most websites, at least, basics like html, asp, js, java directory you can gleam all kinds of information. But if you hit one of these site in Tor well it a big 0 -zero -///.

With my TDS project (Tor Directory Scan) I am generating an onion URL A-Za-z 2-7 URL and going out to scrape it and get some basic information about the site with a basic web crawler that grabs METADATA and not just links to other pages. If I hit these sites with my basic program I’ll get a dud -zero -///- but I will have a hit of sort. I hope to catch some of these sites – we all know the rcp command works well in Tor sometimes I found and httrack is another tool for sucking up site // be they hidden service or not – these secret hidden services will be very interesting in the scan -gATO oUt

— Tor Syntax

HiddenServiceAuthorizeClient auth-type client-name,client-name,…
If configured, the hidden service is accessible for authorized clients only. The auth-type can either be ‘basic’ for a general-purpose authorization protocol or ‘stealth’ for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are listed here are authorized to access the hidden service. Valid client names are 1 to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth.


HidServAuth onion-address auth-cookie [service-name]
Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus “.onion”, and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden services can be configured to require authorization using the HiddenServiceAuthorizeClient option

10/13/12

Customized .onion URL Address

gAtO hAs- been looking for this golden grail —how to customize a .onion address  —  but nobody knew how to do it or would never tell. Job security I guess but as I have been in i2p land and not much on Tor but I found this link to Shallot in github.com from and i2p site about Tor and i2p. Well the jig is up. I understand why it may not be a good idea for a custom name – It’s all about math and every custom digit of the 16 digit .onion address takes more time to calculate when your onion ur;l is generated in Tor. I have a new toy for a Saturday night project – Well here it is enjoy it– gAtO out

https://github.com/katmagic/Shallot

Shallot allows you to create customized .onion addresses for Tor’s hidden services. (By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.)

A History of Shallot

Shallot has a long history in Onion Land. In its original incarnation, Shallot was originally written by a mysterious Onion Lander called Bebop, who created its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and Bebop’s New Home in Onionspace mysteriously vanished. At this point, it was picked up by `Orum, who gave Shallot its current name, and went through three versions until `Orum’s site, hangman – hidden (in plain) site, went down. I (katmagic) got Shallot’s sources from Tas’s site and put them into a Git repository. I made a few modifications, wrote a new README, and put the whole thing up on GitHub for all to see.

10/9/12

Tor Hidden Service Setup Headaches

%67%61%74%6f%6d%61%6c%6f

gATO mEsSeD – up with my BT (backTrack5) server I am using for my Tor hidden server — otwxbdvje5ttplpv.onion — To set up a hidden service is simple but you have to have a plan and gAtO did not have one—/ as usual I just go into it AND I wiped out mysql – I mean I wiped out my whole installation – Re-Set – I had to install Windows 7, then download BackTrack5 and re-install that- but once I went back and re-installed everything – my hidden service was getting and ERROR —  NO ACCESS permissions error — This led me down a rabbit hole of things I never wanted to learn about apache2 server and linux commands but it was good at the end of 9 hours to beat the thing. OK end of Story…

LAB stuff.— My test BOX is Windows 7 and BT5 unbuntu-10.04.2 LTS

Files to Modify —

/Data/Tor/torrc

/var/apache2/apache2.conf

/var/apache2/envvars

APACHE_RUN_USER=gato

APACHE_RUN_GROUP=gat0

/var/apache2/ports.conf

/var/apache2/sites-available/default

/etc/hosts

These should be all the files to setup a hidden service in Tor. _BUT_ Tor cannot run as ROOT user so you need to create a normal user – I called it gato—

–/ gato User gets all permission for all Tor files and directories

—/ apache runs as ROOT so i run it as sudo

Apache installs it’s website  in /var/www directory – as gato-user I need access to this and creating ALL TOR directories and files so Tor has the right permissions.

But any files on apache will have to have ROOT permissions:

I had everything set up right – but I was getting permission rights error on the Tor hidden service — after I checked everything I found the error the apache user had an environmental variable set to run as someone else not the / gato-user- and I found it in the apache enviers file..

/var/apache2/envvars

APACHE_RUN_USER=gato

APACHE_RUN_GROUP=gate

This APACHE_RUN_USER was set to wstools because that’s what the BT5 installation installed but never told anyone- so I chased this permission stuff down for 4-8 hours – re-booting and Tor start-up and test every setting – THEY SHOULD TELL SOMEONE BT5

Yeah this build has owner stuff mixed up a bit – I am still working on mysql stuff but it should be up next to install mediawiki – it should be a great learning curve AGAIN – but I am having fun and learning all my unix stuff back – good because  I been working on php for the Tor directory crawler that I will be launching from this server in a few weeks…

below are my lab notes — I hope it helps someone some time —gAtO oUt

check out the site otwxbdvje5ttplpv.onion — it has BeEF and mstool for XXS and SQLi testing online and a cool C&C controller for bots. – I still don’t know why BT5 put this in the distro but I want to play with it…. https://github.com/beefproject/beef/wiki/BeEF-and-Backtrack-5

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-lab notes=-=-=-=-=-=-=-=-=-=-

Start Tor – /home/gato/Desktop/tor

./start-tor-browser 

Start apache2 –> sudo /etc/init.d/apache2 restart

For security, I recommanded to lauch the command as a service

Start Mysql –> service mysqld start

the tool to manager mysql is mysqladmin

check is mysql started

–> ps -ef | grep mysql

Start Apache

–> sudo /etc/init.d/apache2 stop

/Desktop/tor/Data/Tor$ nano torrc

root@bt:/var/www# nano index.html

root@bt:/var/www# cd /etc/apache2

root@bt:/etc/apache2# ls

apache2.conf  envvars     magic           mods-enabled  sites-available

conf.d        httpd.conf  mods-available  ports.conf    sites-enabled

root@bt:/etc/apache2# ls

#!/bin/bash

# Changes to this file will be preserved when updating the Debian package.

source /usr/share/mysql/debian-start.inc.sh

MYSQL=”/usr/bin/mysql –defaults-file=/etc/mysql/debian.cnf”

MYADMIN=”/usr/bin/mysqladmin –defaults-file=/etc/mysql/debian.cnf”

MYUPGRADE=”/usr/bin/mysql_upgrade –defaults-extra-file=/etc/mysql/debian.cnf”

MYCHECK=”/usr/bin/mysqlcheck –defaults-file=/etc/mysql/debian.cnf”

MYCHECK_SUBJECT=”WARNING: mysqlcheck has found corrupt tables”

MYCHECK_PARAMS=”–all-databases –fast –silent”

MYCHECK_RCPT=”root”

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

398  sudo /etc/init.d/apache2 status

399  sudo /etc/init.d/apache2 reload

400  sudo /etc/init.d/apache2 restart

401  sudo /etc/init.d/apache2 reload

402  sudo /etc/init.d/apache2 restart

391  sudo ps aux | grep tor

392  sudo ps aux | grep apache

393  sudo ps aux | grep apache2

394  sudo ps aux | grep mysql

395  sudo ps aux | grep apache

396  sudo ps aux | grep “tor”

397  sudo ps aux | grep “/tor”

398  sudo ps aux | grep /tor/

 

/etc/apache2/apache2.conf

port.conf

/var/www/otwxbdvje5ttplpv.onion#

uscyberlabs

< otwxbdvje5ttplpv.onion

other secret site -not working

3rtiazp6p4t2vxfn.onion

10/1/12

USCyberLabs has a hidden service Tor otwxbdvje5ttplpv.onion

gAtO wAnTeD – to get our USCyberLabs Tor .onion network -hidden service- up and running and after thinking of other future projects we decided to make our Ubuntu -BackTrack 5 machine be our Tor Server running apache2 hidden service  . My BT5 machine is running – Gnone v.2.30.2 Ubuntu build 06/25/2010 ?

Apache/2.2.14 (Ubuntu) Server at otwxbdvje5ttplpv.onion Port 80

1. First problem BT5 is designed to run as root and Tor is not so first thing is to generate a new user:

uscyberlabs - el gatoMalo

gAtO new hidden service otwxbdvje5ttplpv.onion

# adduser gato

# password gato-password

For help go to man adduser for more information

I open up terminal for everything so as SU -(SuperUser)

nano /etc/apache2/apache2.conf > file

nano /etc/apache2/ports.conf > file

nano /lib/tor/torrc -> file

nano /etc/host -> file

2. Before we change users and start to work as gato let’s set up the apache2 service

# apt-get install apache2

whizz, bang ,- wow and it’s installed next we need to modify some configuration files.

The Apache install will install /var/www/index.html <— so modify this file for your web site:

The Apache install will install /etc/apache2 and in it you will find a bunch of the configuration files:

apache2.conf and ports.conf these two files will have to be modified and Tor torrc file.

This is a great guide — from ioerror  —but don’t try the wiki – – https://github.com/ioerror/hs-wiki/tree/master/configs another guide not so good but it helped —http://www.martini.nu/blog/2010/06/tor-vbox.html    —

ports-apache2.conf 

12 NameVirtualHost 127.0.0.1:8080Listen 127.0.0.1:8080

torrc

123

4

5

6

7

8

9

10

11

12

13

14

# some information may be for future projects -# This is a very minimal Tor configuration file to be placed in# /etc/tor/torrc unless you know better.

#

# This configuration file should be used with a wiki Hidden Service on

# 127.0.0.1:8080

#

 

Log notice file /var/log/tor/wiki.log

DataDirectory /var/lib/tor

 

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:8080

Add your hidden Service Tor url to your host file – trust me this really helped during trouble shooting

I added my Hidden service onion ID to the

nano /etc/host -> file

127.0.0.1 otwxbdvje5ttplpv.onion 

I generated a few more hidden service keys to deploy some other sites later -Open up 2 more terminal windows – I can start stuff in background mode but during testing everything has it’s own terminal just in case.

To install Tor on unbuntu linux — https://www.torproject.org/docs/tor-doc-unix.html.en  —

To start Tor

./start-tor-browser

To start Apache web server

sudo /etc/init.d/apache2 start

I’m not going to give you my directory structure but just a heads up :

DataDirectory  /var/lib/tor/

HiddenServiceDir /var/www/web_hidden_service

HiddenServicePort 80:127.0.0.1:8080

Since I’m testing I log to my terminal but a log error file will work better

Log notice stdout

So ok now comes the test – I have a static html website – a hidden service in the Tor .onion network. I did not go to icann for an domain name and pay them- I don’t have to pay InMotion for hosting service – just my cox-internet connection and a spare machine and I have a website in the dark web – This machine will host other websites – hidden services like wordpress, a bb bulletin board- or maybe some other web service – It will host my BotNet for the Tor Directory Project – Oh yeah I want to build a few bot’s for GOOD and map out the Tor Directory and make each Bot an OR (onion Router) so it helps the cause and gives back a bit. I plan to also run OnionOO – Arm – Atlas – mOnionO Compass and Weather.

SO if your out an about in Tor Land come on by and kick the tires and peek and poke my Tor hidden service website – otwxbdvje5ttplpv.onion  if you find any openings let me know.pls As I add new features I will tell you about them -gAtO oUt 

09/24/12

Dark Heart botnet ToR-C2 BULLET proof server collector

gAtO fOuNd – this –// it’s crook selling to crooks take it at face value -/ but it does have some interesting ideas on what is out there in criminals hands and what is going on in the dark web. Now these are 10,000 yes 10k botnets can work in the clearWeb as well as Tor and i2p anonymized networks should cause some concern because normally we don’t monitor them.  Tor Domain-flux for both clearWeb and Tor – ( Tor Domain-flux- this is so easy to do but it’s a big feature) – VPN then Tor that will make this harder to find the botMaster. But the coolest feature is the i2p connection. Sorry boy’s and Ladies but Tor is getting old, i2p is beginning to glow and it’s a little different but very safe. It goes after (scanning)  WiFi and GPS tracking – So people sync your phone data to your computers data please…C&C and // one- BULLET proof server collector –

It not very hard to do this but – C&C and // one- BULLET proof server collector – is the sales pitch anyway I have obfuscated some links and names -find it your self – I know gAtO can build this so anyone can with some light reading – that comes out to .80 cents per bot for 10,000 bots -0ne c&c panel for $8,000 bucks – pretty cheap – oh yeah the readme comes in english too.

This modified Dark Heart bots and c&c in Tor ?12p ? 256-EAS encryption- We already have reports of it by different names but this was posted around Aug 7 2012.   Here is the –/ poor mans —Tor Domain-flux is so easy when you generate a hidden service it produces a key for your address in Tor onion land / just move the key to another directory and generate your new net key and so on and so on… Some of this is really well though out —/ but I don’t trust anyone and it’s so easy to build from scratch– gAtO oUt

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

Dark Heart botnet— NOT – for sale $8000

Run on windows clients – I need 3 C&C server IP addresses to hardcode and obfuscate

bot coded in assembly no dependencies

Each build has maximum of 10k bots to ovoid widespread av detection.

Basic bot uses socks5.

built in ssh client

(fast-flux)

Bot is built with 30k pre generated 256 bit AES keys.

1 256 bit AES key for logs

1 256 bit AES key ssh

1 256 bit AES key socks 5

hwid it selects a pre-generated key 256 bit AES key.

Bot writes encrypted data into common file using stenography process injection

Download/Upload Socks5

Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.

Using ipv6 in ipv4 tunnel.

Collector bot assembly /tor and i2p Plug-ins C++ /Assuming 10k bots

Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.

Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know.

(Domain-flux .onion panel can be easily moved)

Using a Ubuntu Server on bullet proof server.  / Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.  / Server uses a simple .onion panel with php5 and apache2 and mysql. You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors and bot will go to the next one and so forth. A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.

The bot master uses my Dark Umbrella.net panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.

1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)

2.Social network cracker. (Beta)

3.Statics. (Working)

4.Anonymity status. (Working)

5.Decrypt-er. Decryption codes in highly obfuscated.net limiting each build to 10k bots. (Working)

6.Daemon status (Working)

7.logs (Working)

8.Metasploit connects via rpc. (working)

9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.

Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (alpha)

10.Teensy spread. (in development)

11.vnc back connect. (working)

12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)

13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)

14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (Extra- Alpha)

Each Panel is hwid

1 unique build per Copy embedded into panel.

Everything is provided in English only manuals for setup: you need 3 servers for C&C and // one- BULLET proof server collector for -/ everything is working and can be setup within hours: Only serious players –  for sale $8000 -bitcoin – (obfuscated )1A9nBLgdhf4NJadXiBppqqU96AhbMBQrgV –

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

 

09/17/12

Tor setup- torrc file configuration

gAtO bEen- working on Tor stuff and wanted to find the right torrc commands and configuration for Tor. So I started to look around and found these files. I guess if we look at these we could come up with maybe all the configurations keywords for Tor. gAtO is working on Tor and maybe some bot’s woking in Tor-land. The word is out and many are working on Tor botnets the good thing is most all are beginners, but the interest of people not wanting to rent a bot but build a bot is getting stronger. People wanting to learn code. Script kiddies with code this is not going to be pretty folks – hope you enjoy the torrc stuff– gAtO oUt

File 1

## Configuration file for a typical Tor user

## Last updated 17 September 2012 @gAtOmAlO2 .

## (May or may not work for much older or much newer versions of Tor.)

##

## Lines that begin with “## ” try to explain what’s going on. Lines

## that begin with just “#” are disabled commands: you can enable them

## by removing the “#” symbol.

##

## See the man page, or https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in ,

## for more options you can use in this file.

##

## Tor will look for this file in various places based on your platform:

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc

## Replace this with “SocksPort 0” if you plan to run Tor only as a

## server, and not make any local application connections yourself.

SocksPort 9050 # what port to open for local application connections

SocksListenAddress 127.0.0.1 # accept connections only from localhost

#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also

 

## Entry policies to allow/deny SOCKS requests based on IP address.

## First entry that matches wins. If no SocksPolicy is set, we accept

## all (and only) requests from SocksListenAddress.

#SocksPolicy accept 192.168.0.0/16

#SocksPolicy reject *

 

## Logs go to stdout at level “notice” unless redirected by something

## else, like one of the below lines. You can have as many Log lines as

## you want.

##

## We advise using “notice” in most cases, since anything more verbose

## may provide sensitive information to an attacker who obtains the logs.

##

## Send all messages of level ‘notice’ or higher to /var/log/tor/notices.log

#Log notice file /var/log/tor/notices.log

## Send every possible message to /var/log/tor/debug.log

#Log debug file /var/log/tor/debug.log

## Use the system log instead of Tor’s logfiles

#Log notice syslog

## To send all messages to stderr:

#Log debug stderr

 

## Uncomment this to start the process in the background… or use

## –runasdaemon 1 on the command line. This is ignored on Windows;

## see the FAQ entry if you want Tor to run as an NT service.

#RunAsDaemon 1

 

## Tor only trusts directories signed with one of these keys, and

## uses the given addresses to connect to the trusted directory

## servers. If no DirServer lines are specified, Tor uses the built-in

## defaults (moria1, moria2, tor26), so you can leave this alone unless

## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

## The directory for keeping all the keys/etc. By default, we store

## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory /var/lib/tor

 

## The port on which Tor will listen for local connections from Tor

## controller applications, as documented in control-spec.txt.

#ControlPort 9051

 

############### bypass open DNS ###############

##

## ACRYLIC DNS PROXY ==
## http://sourceforge.net/projects/acrylic/
##
## Step 1 INSTALL TOR
## Step 2 INSTALL ACRYLIC DNS PROXY

##

Acrylic is a local DNS proxy which improves the performance of your computer by caching the responses coming from your DNS servers. When you browse a Web page a portion of the loading time is dedicated to name resolution (usually from a few milliseconds to 1 second or even more) while the rest is dedicated to the transfer of the page contents to your browser. What Acrylic does is to reduce the time dedicated to name resolution for frequently visited addresses as close to zero as possible. With Acrylic you can also gracefully overcome short downtimes of your DNS servers without disrupting your work, because in this case you will at least be able to connect to your favourite sites and to your email server. In addition Acrylic can help you to effectively block unwanted ads prior to their download through the use of a custom HOSTS files, optimizing your navigation experience even further.

## Copy the following and paste it in TOR BROWSER\Data\TOR\torrc

## DNSPort 9053
## AutomapHostsOnResolve 1
## AutomapHostsSuffixes .exit,.onion

##

##

##

############### bypass open DNS ###############

############### This section is just for location-hidden services ###

## Look in …/hidden_service/hostname for the address to tell people.

## HiddenServicePort x y:z says to redirect a port x request from the

## client to y:z.

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir @LOCALSTATEDIR@/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

#HiddenServiceNodes moria1,moria2

#HiddenServiceExcludeNodes bad,otherbad

## Once you have configured a hidden service, you can look at the

## contents of the file “…/hidden_service/hostname” for the address

## to tell people.

##

## HiddenServicePort x y:z says to redirect requests on port x to the

## address y:z.

 

#HiddenServiceDir /var/lib/tor/hidden_service/

#HiddenServicePort 80 127.0.0.1:80

 

#HiddenServiceDir /var/lib/tor/other_hidden_service/

#HiddenServicePort 80 127.0.0.1:80

#HiddenServicePort 22 127.0.0.1:22

 

################ This section is just for relays ###################

## See https://www.torproject.org/docs/tor-doc-relay for details.

 

## A unique handle for your server.

 

#Nickname ididnteditheconfig

 

## The IP or FQDN for your server. Leave commented out and Tor will guess.

 

#Address noname.example.com

 

## Define these to limit the bandwidth usage of relayed (server)

## traffic. Your own traffic is still unthrottled.

## Note that RelayBandwidthRate must be at least 20 KB.

 

#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)

#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)

 

## Contact info to be published in the directory, so we can contact you

## if your server is misconfigured or something else goes wrong.

#ContactInfo Random Person <nobody AT example dot com>

## You might also include your PGP or GPG fingerprint if you have one:

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>

 

## Required: what port to advertise for Tor connections.

#ORPort 9001

## If you need to listen on a port other than the one advertised

## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the

## line below too. You’ll need to do ipchains or other port forwarding

## yourself to make this work.

 

#ORListenAddress 0.0.0.0:9090

 

## Uncomment this to mirror directory information for others. Please do

## if you have enough bandwidth.

#DirPort 9030 # what port to advertise for directory connections

## If you need to listen on a port other than the one advertised

## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line

## below too. You’ll need to do ipchains or other port forwarding yourself

## to make this work.

 

#DirListenAddress 0.0.0.0:9091

 

## Uncomment this if you run more than one Tor server, and add the

## nickname of each Tor server you control, even if they’re on different

## networks. You declare it here so Tor clients can avoid using more than

## one of your servers in a single circuit. See

## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers

 

#MyFamily nickname1,nickname2,…

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to _replace_

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re _augmenting_ (prepending to) the

## default exit policy. Leave commented to just use the default, which is

## available in the man page or at https://www.torproject.org/documentation.html

##

## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses

## for issues you might encounter if you use the default exit policy.

##

## If certain IPs and ports are blocked externally, e.g. by your firewall,

## you should update your exit policy to reflect this — otherwise Tor

## users will be told that those destinations are down.

##

#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more

#ExitPolicy accept *:119 # accept nntp as well as default exit policy

#ExitPolicy reject *:* # no exits allowed

#

################ This section is just for bridge relays ##############

#

## Bridge relays (or “bridges” ) are Tor relays that aren’t listed in the

## main directory. Since there is no complete public list of them, even if an

## ISP is filtering connections to all the known Tor relays, they probably

## won’t be able to block all the bridges. Unlike running an exit relay,

## running a bridge relay just passes data to and from the Tor network —

## so it shouldn’t expose the operator to abuse complaints.

 

#ORPort 443

#BridgeRelay 1

#RelayBandwidthRate 50KBytes

#ExitPolicy reject *:*

 

File 2

################ This section is just for servers #####################

 

## NOTE: If you enable these, you should consider mailing your identity

## key fingerprint to the tor-ops, so we can add you to the list of

## servers that clients will trust. See the README for details.

 

## Required: A unique handle for this server

#Nickname ididnteditheconfig

 

## The IP or fqdn for this server. Leave blank and Tor will guess.

#Address noname.example.com

 

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

## Required: what port to advertise for tor connections

#ORPort 9001

## If you want to listen on a port other than the one advertised

## in ORPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

 

## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

## If you want to listen on a port other than the one advertised

## in DirPort, uncomment the line below. You’ll need to do ipchains

## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

 

## A comma-separated list of exit policies. They’re considered first

## to last, and the first match wins. If you want to *replace*

## the default exit policy, end this with either a reject *:* or an

## accept *:*. Otherwise, you’re *augmenting* (prepending to) the

## default exit policy. Leave commented to just use the default.

#ExitPolicy accept *:6660-6667

#ExitPolicy reject 192.168.0.1:*

#ExitPolicy reject *:*

 

#BridgeRelay 1

#ExitPolicy reject *:*

 

File 3

Index: torrc.sample.in

===================================================================

RCS file: /home/or/cvsroot/src/config/torrc.sample.in,v

retrieving revision 1.31

retrieving revision 1.32

diff -u -d -r1.31 -r1.32

— torrc.sample.in 10 Nov 2004 00:14:02 -0000 1.31

+++ torrc.sample.in 12 Nov 2004 04:00:07 -0000 1.32

@@ -1,73 +1,76 @@

-# Configuration file for a typical tor user

+## Configuration file for a typical tor user

 

-# Replace this with “SocksPort 0” if you don’t want clients to connect.

+## Replace this with “SocksPort 0” if you don’t want clients to connect.

SocksPort 9050 # what port to advertise for application connections

SocksBindAddress 127.0.0.1 # accept connections only from localhost

#SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port

 

-# Entry policies to allow/deny SOCKS requests based on IP address.

-# First entry that matches wins. If no SocksPolicy is set, we accept

-# all (and only) requests from SocksBindAddress.

-#

+## Entry policies to allow/deny SOCKS requests based on IP address.

+## First entry that matches wins. If no SocksPolicy is set, we accept

+## all (and only) requests from SocksBindAddress.

#SocksPolicy accept 192.168.0.1/16

#SocksPolicy reject *

 

-# Allow no-name routers (ones that the dirserver operators don’t

-# know anything about) in only these positions in your circuits.

-# Other choices (not advised) are entry,exit,introduction.

+## Allow no-name routers (ones that the dirserver operators don’t

+## know anything about) in only these positions in your circuits.

+## Other choices (not advised) are entry,exit,introduction.

AllowUnverifiedNodes middle,rendezvous

 

-# Logs go to stdout unless redirected by something else, like one of

-# the below lines, or –logfile on the command line.

-### Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

-#Log warn file @LOCALSTATEDIR@/log/tor/warnings

-### Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-info file @LOCALSTATEDIR@/log/tor/debug

-### Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

-#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug

-### To use the system log instead of Tor’s logfiles, uncomment these lines:

+## Logs go to stdout unless redirected by something else, like one of

+## the below lines.

+## Send all messages of level ‘warn’ or higher to @LOCALSTATEDIR@/log/tor/warnings

+#Log warn file @LOCALSTATEDIR@/log/tor/warnings.log

+## Send all debug and info messages to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-info file @LOCALSTATEDIR@/log/tor/debug.log

+## Send all debug messages ONLY to @LOCALSTATEDIR@/log/tor/debug

+#Log debug-debug file @LOCALSTATEDIR@/log/tor/debug.log

+## To use the system log instead of Tor’s logfiles, uncomment these lines:

#Log notice syslog

-### To send all messages to stderr:

+## To send all messages to stderr:

#Log debug-err stderr

 

-# Uncomment this to start the process in the background… or use

-# –runasdaemon 1 on the command line.

+## Uncomment this to start the process in the background… or use

+## –runasdaemon 1 on the command line.

#RunAsDaemon 1

 

-# Tor only trusts directories signed with one of these keys, and

-# uses the given addresses to connect to the trusted directory

-# servers. If no DirServer lines are specified, Tor uses the built-in

-# defaults (moria1, moria2, tor26), so you can leave this alone unless

-# you need to change it.

+## Tor only trusts directories signed with one of these keys, and

+## uses the given addresses to connect to the trusted directory

+## servers. If no DirServer lines are specified, Tor uses the built-in

+## defaults (moria1, moria2, tor26), so you can leave this alone unless

+## you need to change it.

#DirServer 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441

#DirServer 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF

#DirServer 62.116.124.106:9030 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D

 

-# The directory for keeping all the keys/etc. By default, we store

-# things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

+## The directory for keeping all the keys/etc. By default, we store

+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.

#DataDirectory @LOCALSTATEDIR@/lib/tor

 

##################### Below is just for servers #####################

 

-## NOTE: If you enable these, you should consider mailing your

-## identity key fingerprint to the tor-ops, so we can verify

-## your configuration. See the README for details.

+## NOTE: If you enable these, you should consider mailing your identity

+## key fingerprint to the tor-ops, so we can add you to the list of

+## servers that clients will trust. See the README for details.

+

+## A unique handle for this server

+#Nickname ididnteditheconfig

+

+## The IP or fqdn for this server. Leave blank and Tor will guess.

+#Address noname.example.com

 

-#Nickname ididnteditheconfig       # A unique handle for this server

-#Address noname.example.com        # The IP or fqdn for this server

#ContactInfo 1234D/FFFFFFFF Random Person <nobody@example.com>

 

#ORPort 9001 # what port to advertise for tor connections

-# If you want to listen on a port other than the one advertised

-# in ORPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in ORPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#ORBindAddress 0.0.0.0:9090

-# Uncomment this to mirror the directory for others (please do)

+## Uncomment this to mirror the directory for others (please do)

#DirPort 9030 # what port to advertise for directory connections

-# If you want to listen on a port other than the one advertised

-# in DirPort, uncomment the line below. You’ll need to do ipchains

-# or other port forwarding yourself to make this work.

+## If you want to listen on a port other than the one advertised

+## in DirPort, uncomment the line below. You’ll need to do ipchains

+## or other port forwarding yourself to make this work.

#DirBindAddress 0.0.0.0:9091

## A comma-separated list of exit policies. They’re considered first

File 4

############### This section is just for location-hidden services ###
64
65 ## Look in …/hidden_service/hostname for the address to tell people.
66 ## HiddenServicePort x y:z says to redirect a port x request from the
67 ## client to y:z.
68
69 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/hidden_service/
70 #HiddenServicePort 80 127.0.0.1:80
71
72 #HiddenServiceDir /data/Data/projekte/DilloTor/tor-0.1.1.23/binary/var/lib/tor/other_hidden_service/
73 #HiddenServicePort 80 127.0.0.1:80
74 #HiddenServicePort 22 127.0.0.1:22
75 #HiddenServiceNodes moria1,moria2
76 #HiddenServiceExcludeNodes bad,otherbad
77

File 5

— src/config/torrc.sample.in.orig 2007-01-27 23:41:23.000000000 +0000
+++ src/config/torrc.sample.in 2007-01-27 23:43:47.000000000 +0000
@@ -18,6 +18,11 @@
 ## With the default Mac OS X installer, Tor will look in ~/.tor/torrc or
 ## /Library/Tor/torrc
+## Default username and group the server will run as
+User tor
+Group tor
+
+PIDFile /var/run/tor/tor.pid
 ## Replace this with “SocksPort 0” if you plan to run Tor only as a
 ## server, and not make any local application connections yourself.
@@ -46,6 +51,7 @@
 #Log notice syslog
 ## To send all messages to stderr:
 #Log debug stderr
+Log notice file /var/log/tor/tor.log
 ## Uncomment this to start the process in the background… or use
 ## –runasdaemon 1 on the command line. This is ignored on Windows;
@@ -55,6 +61,7 @@
 ## The directory for keeping all the keys/etc. By default, we store
 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 #DataDirectory @LOCALSTATEDIR@/lib/tor
+DataDirectory   /var/lib/tor/data
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.

 

— a/src/config/torrc.sample.in
2 +++ b/src/config/torrc.sample.in
3 @@ -44,11 +44,11 @@ SocksListenAddress 127.0.0.1 # accept co
4  ## Uncomment this to start the process in the background… or use
5  ## –runasdaemon 1 on the command line. This is ignored on Windows;
6  ## see the FAQ entry if you want Tor to run as an NT service.
7 -#RunAsDaemon 1
8 +RunAsDaemon 1
9
10  ## The directory for keeping all the keys/etc. By default, we store
11  ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
12 -#DataDirectory @LOCALSTATEDIR@/lib/tor
13 +DataDirectory @LOCALSTATEDIR@/lib/tor
14
15  ## The port on which Tor will listen for local connections from Tor
16  ## controller applications, as documented in control-spec.txt.
17 @@ -168,3 +168,5 @@ SocksListenAddress 127.0.0.1 # accept co
18  #BridgeRelay 1
19  #ExitPolicy reject *:*
20
21 +User tor
22 +PidFile @LOCALSTATEDIR@/run/tor/tor.pid

File 6

Configuration tips

Using the same exit for persistant connections

Some websites will log you out if you re-visit (while loggined in using a cookie to identify you) from a different IP. Tor has a feature called long lived ports. You could add the following to torrc to make connections to given ports use the same circut for a long period of time:

LongLivedPorts 80,23,21,22,706,1863,5050,5190,5222,5223,6667,8300,8888

A good alternative to LongLivedPorts is to use MapAddress for given sites. It allows you to make sure every connection to a given site goes through the same connection. This is also a good option if you need given sites to be visited from a given country.

For example,

MapAddress www.nsa.gov www.nsa.gov.nadia.exit

will make all visits to www.nsa.gov always use the edit node nadia, which is located in the US. There are anonymity issues with this; if you’re the only one using it then www.nsa.gov can at least figure out that it’s the same guy who’s visiting when connections are coming from that exit node.

=== Make Tor act faster ====

It is also possible to make Tor connections seem faster by setting CircuitBuildTimeout. Setting this number lower than the default (60 seconds) makes Tor give up and try other paths if it takes longer than the limit to build a circut. A circut which takes 50 seconds to build will be slower than a circut that takes 15 seconds to build. For example, you could set:

CircuitBuildTimeout 10

However, it must be mentioned that you will be using a whole lot more different servers if you allow circuts who take 50 seconds to build than if you set the limit to 10 seconds. There isn’t much solid research on exactly how this impacts traffic analysis resistance, but you’re – generally speaking – better off using a lot of slow servers than a few fast ones.

File 7

https://svn.torproject.org/svn/tor/tags/tor-0_0_9_5/src/config/torrc.sample.in