Tor (‘The Onion Router’) is by far the most popular solution for anonymous browsing, with over 6000 relays and 2.5 million active users. I’m going to look at how to configure Tor on your network, in a variety of ways. The so called ‘Dark Web’ seems to get a bad press, maybe because of illegal sites like Silkroad, but it’s actually an invaluable resource for citizens or visitors to countries who have severe Internet censorship (including the UK!). Even Facebook has a .onion address, as does the DuckDuckGo search engine and Aphex Twin’s ‘Syro’ album.
By far the simplest and most secure way of using Tor is to install the Tor Browser. It’s dead simple and takes literally a few minutes. However, depending on your goal, there are other ways to use Tor. I’m going to look at a few ways to deploy Tor, including the pros and cons of each. These are:
- Using the Tor Browser Bundle
- Configuring a Tor SOCKS proxy
- Creating a transparent Tor network
For a casual bit of weekend fun I thought I’d share a potential method for obtaining your neighbour’s Facebook password. This is purely educational and I used my own systems to do this but it highlights how potentially easy it can be to obtain someone’s login credentials to any website.
We are going to utilise various attack vectors to demonstrate the methodology of the process. The story starts with a hypothetical situation.
After posting how great Tarsnap is I thought it only fair to write a ‘how to install Tarnsap on Linux’ article, so here goes.
Sign up for an account
This is the easiest part, simply create an account at Tarsnap.com and verify your e-mail address. You will need to ‘top up’ your account with at least 5 American Pasos to actually get started so may as well do that right away. I used Paypal as it makes me feel safe and when I feel safe I sleep better at night.
Once you have an account balance there’s actually not much else to do via the website; the rest is all command line goodness.
Download and Compile the Source Code
I’m going to do the rest as the ‘root’ user. If you’re not feeling as brave you may wish to prefix every command with ‘sudo’ as your normal user – for some reason Ubuntu et al seem to love doing this.
At the time of writing version 220.127.116.11 was the latest.
First up lets get root and change to /tmp and then download the tarball:
sudo -i cd /tmp/ wget https://www.tarsnap.com/download/tarsnap-autoconf-18.104.22.168.tgz
Tarsnap is a no nonsense backup service for Unix (Linux, Mac etc) and is very nice indeed from a sysadmin’s point of view. It is inherently uber secure by design. It somewhat lacks being end-user friendly though – for example it doesn’t handle expiry of archives out-the-box. Therefore if you wanted GFS style rotation you need to wrap it in something which handles deleting old archives according to whatever deltas.
Their payment model is a bit strange in that it is prepay so you get a warning email when running low on credit or risk having your backups deleted for good. The cost of a particular backup run can more »
SSL certificates are an aggressive market. SSLs.com, for example, provide 3-year domain verified certificates for £8.50. Pretty good I thought but not as good as free.
Welcome to StartSSL PKI, the masters of Public Key Infrastructure and free SSL certificates.
Their website is just to my liking too; simple and effective. In fact more »