Author Topic: Anonymous Tips  (Read 3781 times)

0 Members and 1 Guest are viewing this topic.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Anonymous Tips
« on: April 23, 2012, 10:43:16 am »
I've noticed quite a few recent requests about anonymity while hacking or whatever the new members are asking about.


Quote
Sometimes one approach is not sufficient by itself to both protect your identity and grant you access to all the services you would like. For example, Tor does not carry UDP traffic, nor is it really an all-encompassing VPN solution, which can lead to lots of problems with browser plugins ignoring your proxy settings, spyware, webbugs, etc.
 In some cases, it is also not possible to use Tor to connect to services due to banning. In other cases, it may actually be desirable to conceal the fact that you are exiting from the Tor network to protect it from abuse complaints, which usually have the side effect of forcing Tor nodes to shut down.

 Tor followed by HTTP Proxy

 This is probably the easiest way to conceal the fact that you came from the Tor network.  If you are using Privoxy, you can chain a regular HTTP proxy from a list mentioned above (this one provides IRC capable proxies, while this one automatically builds a list of currently active "high-anonymous" proxies) after the Tor line in your config to bounce off the HTTP proxy before hitting the server you wish to access.
 To connect to fascist.torhater.com through an HTTP proxy at somehost.net:8080, add forward-socks4a fascist.torhater.com localhost:9050 somehost.net:8080 to the end of your privoxy config file. Note that with Privoxy 3.0.3, somehost.net:8080 must be an HTTP proxy and cannot be SOCKS.
 If you are having problems locating a proxy that is not already banned by your desired service, you can attempt to scan for a fresh one using either ScanSSH or YAPH. Once you find a proxy, you can either google for the IP to see if it's in any proxy lists, or if you're ambitious, use a perl script to check to see if it has been listed yet in the DNS RBLs by doing DNS queries for it. (For those writing their own script from scratch, note that the IP must be backwards. So query 5.13.42.23.dnsrbl.org to check 23.42.13.5).

Tor followed by SSH-tunneled SOCKS4 Proxy

 Unfortunately, many IRC servers ban known proxy servers, and some will even scan your source IP for an open proxy before allowing you to connect. However, what you can do is combine the SSH hopping approach with Tor if you need Tor-caliber anonymity. Basically the procedure is to obtain a UNIX shell (using Tor and an anonymous email address), and then use tsocks to connect to it with tsocks ssh -D 4242 user@someshell.net.
 Once this is done, you can add forward-socks4 fascist.torhater.com localhost:4242 . (the dot is not a typo) to your Privoxy config if the service is a website, or otherwise inform your IRC client to use localhost:4242 as a SOCKS4 proxy. In this way, you are connecting to your locally listening ssh client, which routes it through the Tor connection to someshell.net, at which point your traffic exits on to the Internet with the IP address of someshell.net.
 Once again, note that SSH only supports SOCK4, and thus DNS queries will be made locally and thus can be observed. Also, if you are using one of the free UNIX shell accounts, please be courteous and don't make a nuisance of yourself.  These people don't want to and shouldn't have to take time out of their day to answer abuse emails about your account. They do this for free.
 Also, note that Putty can be used with Tor to perform this same technique by setting localhost:9050 as your SOCKS4 proxy. Then you can set up the SSH proxy by going to 'Tunnels', and filling in 4242 as the destination port, and clicking 'Dynamic', with no destination or hostname. When you click 'Add', D4242 should show up. As discussed before, you can save this profile and make a shortcut to 'putty.exe -load myprofile' to quickly establish your tunnel. Once you run putty, you can use localhost:4242 as your SOCKS proxy, or add the above line to your privoxy config.

 OpenVPN over Tor or HTTP Proxy

 A few people have mailed me asking about using OpenVPN over Tor.  It turns out this is not as hard as I originally thought. There are several reasons you might want to do this. In my opinion, the main one would be to obtain protection against plugins/non-SOCKSified applications making connections that reveal your address. If you are running OpenVPN, all of these applications will go through the VPN.
 Essentially the main problem is that you want your normal Internet traffic to go over the OpenVPN interface, but you need your Tor traffic to travel over your regular Internet interface. Essentially this involves setting up routes for every Tor server you intend to use as an entrance point. This can be very problematic, because there are many Tor servers. However, you can limit Tor's choice of entrance servers with the torrc config options EntryNodes nick1,nick2,nick3 and StrictEntryNodes 1. I would recommend picking a couple high bandwidth servers off of the Tor Network Status page. If you are running Tor 0.1.1.x or greater, you should also use LongLivedPorts and add your VPN server port to the list (or just run the VPN server port on one of the ports mentioned in the manpage, such as 5190, 5050 or 6667). Remember that Tor exit servers block most ports below 1024, and also common P2P ports. Be careful not to choose one of these as your OpenVPN server port, or you will be unable to connect.
 Once you have selected a few nodes and edited your torrc accordingly, you basically can follow the OpenVPN instructions exactly, except for 3 differences:
  • You need to edit the server.conf (Linux, Mac OS, Windows) to have the line proto tcp-server instead of proto udp.
  • You need to edit the client.conf (Linux, Mac OS, Windows) to have the lines proto tcp-client, socks-proxy 127.0.0.1 9050, and socks-proxy-retry.
  • You need to modify the client-up script (Linux, Windows, Mac OS) and instead of just one route line with your VPN_SERVER_IP, you need a route line for the IP of each node you chose for EntryNodes.
After that, you're pretty much good to go. Doing this over HTTP proxy is essentially the same as Tor, except you only need one route, and the config options are http-proxy and http-proxy-retry instead of socks. Note Using OpenVPN over Tor can be considerably weaker than simply using only Tor. On the one hand, you don't have to worry as much about applications/plugins not using Tor, but on the other hand, you do have to worry about OS-level leaks through the VPN interface, and also the fact that there is a fixed endpoint to correlate traffic through. If you use OpenVPN for more than just one-hop encryption, I would recommend only using it over a throwaway computing setup, to avoid risks of attacks, trojans, and other leaks through the interface.

 SLiRP over Tor or HTTP Proxy

 Running SLiRP over Tor is desirable for similar reasons as running OpenVPN over Tor, but has the benefit that you only need a shell account on some UNIX machine. Unfortunately, it has the disadvantage that it is only possible under Linux and Mac OS. As far as I can tell, Windows cannot use an arbitrary terminal to run PPP over. However, it is still possible to set up a Linux box doing SLiRP over Tor, and have it NAT for your windows desktop, if you were so inclined.
 But I digress. Again, like OpenVPN over Tor, you have to choose a few high-bandwidth, reliable and trustworthy entrance nodes from off of the Tor Network Status page. Then you have to add these servers to your torrc with EntryNodes nick1,nick2, and also set StrictEntryNodes 1.
 Then, follow the instructions for SLIRP setup, but instead use a different client script: Linux version, MacOS version (FIXME: again, MacOS version has bugs.. See SLIRP for details). The script needs the variables at the top to be filled in, as well as the routes that are added for FIRST_TOR_IP, SECOND_TOR_IP and so on. These must be replaced with the numerical IP addresses for the Tor nodes you added in your EntryNodes list.
 Remember that pings will not work, so test this with telnet or something, rather than ping.

SLiRP over SSH hopping [and Tor]

 An alternative approach is to ssh hop to one shell, and then use tsocks to ssh to the next shell where you either are using -L to forward to an OpenVPN server, or where you are running a SLIRP host. You then tell the OpenVPN/SLIRP client side that localhost:4242 (or whatever) is your server and adjust the routes accordingly.
 Here is how to accomplish this for SLIRP, which I expect to be the more common use case. If anyone does this for OpenVPN, please send me your scripts and I will post them. I imagine it should be pretty similar. You start by constructing the typical SSH hop chain:
  [you@home ~]$ ssh -L 4242:127.0.0.1:4242 user1@machine1 [user1@machine1 ~]$ [tsocks] ssh -L 4242:127.0.0.1:4242 user2@machine2 ... [userN-1@machineN-1 ~]$ ssh -L 4242:127.0.0.1:22 userN@machineN 
You then can use this script (Mac OS) to launch SLIRP across the SSH hopped link. Notice that the parameters are a bit different than with the vanilla SLIRP setup. FIRST_IP is the IP of your first SSH hop (machine1). The rest of the hosts do not matter. The rest of the options are the same as above.
 One thing that may improve your security is to make the first SSH hop to a box you control. From there, you can install tor and use tsocks for the SSH connection to the host that will be running SLIRP. This is a good way to get Tor-level security for UDP applications and apps that don't support SOCKS. Technically the first hop doesn't have to be your box, since you don't need root to install Tor as a client, but the first node might be able to reveal who you are if they decide to cooperate with the destination host of your tsocks connection for some reason (which they may do, if they believe you compromised them or something).
« Last Edit: April 23, 2012, 10:46:25 am by LuciD »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python