Setup your own proxy with squid+privoxy+tor on debian like distros [Tutorial]

[RedBullAddicted]

Hi,

first of all most of this tutorial is from
http://www.mightycomputers.com/2012/02/04/how-to-create-an-advanced-proxy-server-using-tor-privoxy-and-squid/

On the above website is also an Image about how the setup looks like. I tried this on Ubuntu Server 12.04 and had some Problems. So I just edited the things which weren't working for me and added a short part for using all tor instances in round robing load sharing with haproxy to use in proxychains.

Note: as you can read very often on this forum you should not trust so much in tor. I don't want to start a new discussion about tor. You can consider on your own if and how you want to use this. I only use this setup for a little nmap scanning and browsing bad websites.

We use 8 tor processes, each using separate spool directory and 8 privoxy processes, each configured to talk to separate tor (so calculating the route your requests takes is much more difficult)

Something about using this:
All configuration parts in [] need to be replaced with your own Information.
[YOURIPADDRESS] = 192.168.10.254
For Ubuntu you need to use sudo for most of the commands (or you do sudo -s at start)

1. After you installed your distribution do a update

Code: [Select]

apt-get update
apt-get upgrade && apt-get dist-upgrade
2. Install the needed software (Squid, Privoxy, Tor, Haproxy)

Code: [Select]

apt-get install tor privoxy squid haproxy
3. Stop all processes before you start editing configuration files

Code: [Select]

service squid3 stop
service privoxy stop
service tor stop
4. Now do the different Tor configuration files (/etc/tor/torrc-1 to /etc/tor/torrc-8) This is very basic and can be adjusted as you need

torrc-1

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9050 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9050 # what port to open for local application connections
DataDirectory /var/lib/tor1
PidFile /var/run/tor/tor-1.pid
torrc-2

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9150 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9150
ControlPort 9151
DataDirectory /var/lib/tor2
PidFile /var/run/tor/tor-2.pid
torrc-3

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9250 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9250
ControlPort 9251
DataDirectory /var/lib/tor3
PidFile /var/run/tor/tor-3.pid
torrc-4

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9350 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9350
ControlPort 9351
DataDirectory /var/lib/tor4
PidFile /var/run/tor/tor-4.pid
torrc-5

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9450 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9450
ControlPort 9451
DataDirectory /var/lib/tor5
PidFile /var/run/tor/tor-5.pid
torrc-6

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9550 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9550
ControlPort 9551
DataDirectory /var/lib/tor6
PidFile /var/run/tor/tor-6.pid
torrc-7

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9650 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9650
ControlPort 9651
DataDirectory /var/lib/tor7
PidFile /var/run/tor/tor-7.pid
torrc-8

Code: [Select]

SocksBindAddress 127.0.0.1 # accept connections only from localhost
SocksBindAddress [YOURIPADDRESS]:9750 #This is needed for proxychains
SocksPolicy accept * # you can make this a bit more restrictive
AllowUnverifiedNodes middle,rendezvous
Log notice syslog
RunAsDaemon 1
User debian-tor
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
SocksPort 9750
ControlPort 9751
DataDirectory /var/lib/tor8
PidFile /var/run/tor/tor-8.pid
5. Create tor lib directories /var/lib/tor1 to /var/lib/tor8

Code: [Select]

install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor1
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor2
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor3
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor4
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor5
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor6
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor7
install -o debian-tor -g debian-tor -m 700 -d /var/lib/tor8
6. replace /etc/init.d/tor with this

Code: [Select]

cp /etc/init.d/tor /etc/init.d/tor.orig
rm /etc/init.d/tor
nano /etc/init.d/tor
chmod +x /etc/init.d/tor

Code: [Select]

#! /bin/bash
 
### BEGIN INIT INFO
# Provides:          tor
# Required-Start:    $local_fs $remote_fs $network $named $time
# Required-Stop:     $local_fs $remote_fs $network $named $time
# Should-Start:      $syslog
# Should-Stop:       $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts The Onion Router daemon processes
# Description:       Start The Onion Router, a TCP overlay
#                    network client that provides anonymous
#                    transport.
### END INIT INFO
 
set -e
 
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/tor
NAME=tor
DESC="tor daemon"
CONFDIR=/etc/tor
TORPIDDIR=/var/run/tor
TORPID=$TORPIDDIR/tor
DEFAULTSFILE=/etc/default/$NAME
WAITFORDAEMON=60
ARGS="--quiet -f "$CONFDIR/torrc
# Let's try to figure our some sane defaults:
if [ -r /proc/sys/fs/file-max ]; then
    system_max=`cat /proc/sys/fs/file-max`
    if [ "$system_max" -gt "80000" ] ; then
        MAX_FILEDESCRIPTORS=32768
    elif [ "$system_max" -gt "40000" ] ; then
        MAX_FILEDESCRIPTORS=16384
    elif [ "$system_max" -gt "10000" ] ; then
        MAX_FILEDESCRIPTORS=8192
    else
        MAX_FILEDESCRIPTORS=1024
        cat << EOF
 
Warning: Your system has very few filedescriptors available in total.
 
Maybe you should try raising that by adding 'fs.file-max=100000' to your
/etc/sysctl.conf file.  Feel free to pick any number that you deem appropriate.
Then run 'sysctl -p'.  See /proc/sys/fs/file-max for the current value, and
file-nr in the same directory for how many of those are used at the moment.
 
EOF
    fi
else
    MAX_FILEDESCRIPTORS=8192
fi
 
NICE=""
 
test -x $DAEMON || exit 0
 
# Include tor defaults if available
if [ -f $DEFAULTSFILE ] ; then
    . $DEFAULTSFILE
fi
 
wait_for_deaddaemon () {
    pid=$1
    sleep 1
    if test -n "$pid"
    then
        if kill -0 $pid 2>/dev/null
        then
            echo -n "."
            cnt=0
            while kill -0 $pid 2>/dev/null
            do
                cnt=`expr $cnt + 1`
                if [ $cnt -gt $WAITFORDAEMON ]
                then
                    echo " FAILED."
                    return 1
                fi
                sleep 1
                echo -n "."
            done
        fi
    fi
    return 0
}
 
 
check_torpiddir () {
    if test ! -d $TORPIDDIR; then
        #echo "There is no $TORPIDDIR directory.  Creating one for you."
        mkdir -m 02750 "$TORPIDDIR"
        chown debian-tor:debian-tor "$TORPIDDIR"
    fi
 
    if test ! -x $TORPIDDIR; then
        echo "Cannot access $TORPIDDIR directory, are you root?" >&2
        exit 1
    fi
}
 
check_config () {
    if ! $DAEMON --verify-config > /dev/null; then
        echo "ABORTED: Tor configuration invalid:" >&2
        $DAEMON --verify-config >&2
        exit 1
    fi
}
 
 
case "$1" in
  start)
    if [ "$RUN_DAEMON" != "yes" ]; then
        echo "Not starting $DESC (Disabled in $DEFAULTSFILE)."
        exit 0
    fi
 
    if [ -n "$MAX_FILEDESCRIPTORS" ]; then
        echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS"
        if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
            echo "."
        else
            echo ": FAILED."
        fi
    fi
 
    check_torpiddir
 
    echo "Starting $DESC: $NAME..."
    check_config
         for c in {1..8}
                do
    start-stop-daemon --start --quiet --oknodo \
        --pidfile $TORPID-$c.pid \
        $NICE \
        --exec $DAEMON -- $ARGS-$c
    echo "$NAME $c done."
              done
    ;;
  stop)
    echo -n "Stopping $DESC: "
        for c in {1..8}
        do
    pid=`cat $TORPID-$c.pid 2>/dev/null` || true
 
    if test ! -f $TORPID-$c.pid -o -z "$pid"; then
        echo "not running (there is no $TORPID-$c.pid)."
        exit 0
    fi
 
    if start-stop-daemon --stop --signal INT --quiet --pidfile $TORPID-$c.pid --exec $DAEMON; then
        wait_for_deaddaemon $pid
        echo "$NAME $c stopped."
    elif kill -0 $pid 2>/dev/null
    then
        echo "FAILED (Is $pid not $NAME?  Is $DAEMON a different binary now?)."
    else
        echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
    fi
    done
    ;;
  reload|force-reload)
    for c in {1..8}
    do
    echo -n "Reloading $DESC configuration: "
    pid=`cat $TORPID-$c.pid 2>/dev/null` || true
 
    if test ! -f $TORPID-$c.pid -o -z "$pid"; then
        echo "not running (there is no $TORPID-$c.pid)."
        exit 0
    fi
 
    check_config
 
    if start-stop-daemon --stop --signal 1 --quiet --pidfile $TORPID-$c.pid --exec $DAEMON
    then
        echo "$NAME $c."
    elif kill -0 $pid 2>/dev/null
    then
        echo "FAILED (Is $pid not $NAME?  Is $DAEMON a different binary now?)."
    else
        echo "FAILED ($DAEMON died: process $pid not running; or permission denied)."
    fi
    done
    ;;
  restart)
    check_config
 
    $0 stop
    sleep 1
    $0 start
    ;;
  status)
        for c in {1..8}
    do
    if test ! -r $(dirname $TORPID-$c.pid); then
        echo "cannot read tor PID file"
        exit 4
    fi
    pid=`cat $TORPID-$c.pid 2>/dev/null` || true
    if test ! -f $TORPID-$c.pid -o -z "$pid"; then
        echo "tor is not running"
        exit 3
    fi
    if ps "$pid" >/dev/null 2>&1; then
        echo "tor $c is running"
    else
        echo "tor is not running"
        exit 1
    fi
    done
        exit 0
    ;;
  *)
    echo "Usage: $0 {start|stop|restart|reload|force-reload|status}" >&2
    exit 1
    ;;
esac
 
exit 0
Now you can start tor with service tor start to see if 8 tor instances are starting

7. Do the privoxy configuration /etc/privoxy/config-1 through /etc/privoxy/config-8

config-1

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy1
listen-address localhost:8118
forward-socks5 / 127.0.0.1:9050 .
config-2

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy2
listen-address localhost:8129
forward-socks5 / 127.0.0.1:9150 .
config-3

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy3
listen-address localhost:8230
forward-socks5 / 127.0.0.1:9250 .
config-4

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy4
listen-address localhost:8321
forward-socks5 / 127.0.0.1:9350 .
config-5

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy5
listen-address localhost:8421
forward-socks5 / 127.0.0.1:9450 .
config-6

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy6
listen-address localhost:8522
forward-socks5 / 127.0.0.1:9550 .
config-7

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy7
listen-address localhost:8623
forward-socks5 / 127.0.0.1:9650 .
config-8

Code: [Select]

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
actionsfile match-all.action # Actions that are applied to all sites and maybe overruled later on.
actionsfile default.action # Main actions file
actionsfile user.action # User customizations
filterfile default.filter
logfile logfile
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096
forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0
split-large-forms 0
keep-alive-timeout 5
socket-timeout 300
handle-as-empty-doc-returns-ok 1
logdir /var/log/privoxy8
listen-address localhost:8724
forward-socks5 / 127.0.0.1:9750 .
8. Create privoxy log directories /var/log/privoxy1 to /var/log/privoxy8

Code: [Select]

install -o privoxy -g nogroup -m 750 -d /var/log/privoxy1
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy2
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy3
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy4
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy5
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy6
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy7
install -o privoxy -g nogroup -m 750 -d /var/log/privoxy8
9. Replace /etc/init.d/privoxy with this

Code: [Select]

cp /etc/init.d/privoxy /etc/init.d/privoxy.orig
rm /etc/init.d/privoxy
nano /etc/init.d/privoxy
chmod +x /etc/init.d/privoxy

Code: [Select]

#! /bin/bash
### BEGIN INIT INFO
# Provides:          privoxy
# Required-Start:    $local_fs $remote_fs $network $time
# Required-Stop:     $local_fs $remote_fs $network $time
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Privacy enhancing HTTP Proxy
# Description:       Privoxy is a web proxy with advanced filtering
#                    capabilities for protecting privacy, filtering
#                    web page content, managing cookies, controlling
#                    access, and removing ads, banners, pop-ups and
#                    other obnoxious Internet junk.
### END INIT INFO
 
# Author: Roland Rosenfeld <roland@debian.org>
 
# Do NOT "set -e"
 
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="filtering proxy server"
NAME=privoxy
DAEMON=/usr/sbin/$NAME
PIDFILE=/var/run/$NAME
OWNER=privoxy
CONFIGFILE=/etc/privoxy/config
SCRIPTNAME=/etc/init.d/$NAME
LOGDIR=/var/log/privoxy
DEFAULTSFILE=/etc/default/$NAME
 
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
 
# Read configuration variable file if it is present
[ -r $DEFAULTSFILE ] && . $DEFAULTSFILE
 
# Create log directory if it does not exist
if [ ! -d "$LOGDIR" ]; then
    mkdir -m 750 $LOGDIR
    chown $OWNER:adm $LOGDIR
fi
 
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
 
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
 
#
# Function that starts the daemon/service
#
do_start()
{
    # Return
    #   0 if daemon has been started
    #   1 if daemon was already running
    #   2 if daemon could not be started
 
    stats=0
    for c in {1..8}
    do
    DAEMON_ARGS="--pidfile $PIDFILE-$c.pid $CONFIGFILE-$c"
    start-stop-daemon --start --quiet --pidfile $PIDFILE-$c.pid --exec $DAEMON --test > /dev/null \
        || stats=1
    start-stop-daemon --start --quiet --pidfile $PIDFILE-$c.pid --exec $DAEMON -- \
        $DAEMON_ARGS \
        || stats=2
    done
    return "$stats"
    # Add code here, if necessary, that waits for the process to be ready
    # to handle requests from services started subsequently which depend
    # on this one.  As a last resort, sleep for some time.
}
 
#
# Function that stops the daemon/service
#
do_stop()
{
    for c in {1..8}
    do
    # Return
    #   0 if daemon has been stopped
    #   1 if daemon was already stopped
    #   2 if daemon could not be stopped
    #   other if a failure occurred
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE-$c.pid --name $NAME
    RETVAL="$?"
    [ "$RETVAL" = 2 ] && return 2
    # Wait for children to finish too if this is a daemon that forks
    # and if the daemon is only ever run from this initscript.
    # If the above conditions are not satisfied then add some other code
    # that waits for the process to drop all resources that could be
    # needed by services started subsequently.  A last resort is to
    # sleep for some time.
    start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
    [ "$?" = 2 ] && return 2
    # Many daemons don't delete their pidfiles when they exit.
    rm -f $PIDFILE-$c.pid
    done
    return "$RETVAL"
}
 
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
    #
    # If the daemon can reload its configuration without
    # restarting (for example, when it is sent a SIGHUP),
    # then implement that here.
    #
    start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
    return 0
}
 
 
case "$1" in
  start)
    if [ "$RUN_DAEMON" = "no" ]; then
            [ "$VERBOSE" != no ] && log_warning_msg "Not starting $DESC (disabled in $DEFAULTSFILE)."
            exit 0
    fi
 
    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
    do_start
    case "$?" in
        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
        2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    esac
    ;;
  stop)
    [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
    do_stop
    case "$?" in
        0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
        2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    esac
    ;;
  #reload|force-reload)
    #
    # If do_reload() is not implemented then leave this commented out
    # and leave 'force-reload' as an alias for 'restart'.
    #
    #log_daemon_msg "Reloading $DESC" "$NAME"
    #do_reload
    #log_end_msg $?
    #;;
  restart|force-reload)
    #
    # If the "reload" option is implemented then remove the
    # 'force-reload' alias
    #
    if [ "$RUN_DAEMON" = "no" ]; then
            [ "$VERBOSE" != no ] && log_warning_msg "Not restarting $DESC (disabled in $DEFAULTSFILE)."
            exit 0
    fi
 
    log_daemon_msg "Restarting $DESC" "$NAME"
    do_stop
    case "$?" in
      0|1)
        do_start
        case "$?" in
            0) log_end_msg 0 ;;
            1) log_end_msg 1 ;; # Old process is still running
            *) log_end_msg 1 ;; # Failed to start
        esac
        ;;
      *)
          # Failed to stop
        log_end_msg 1
        ;;
    esac
    ;;
  status)
        status_of_proc "$DAEMON" "$NAME"
        exit $?
        ;;
 
  *)
    #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
    echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2
    exit 3
    ;;
esac
 
:
Now you can start privoxy with service privoxy start and have a look at it with netstat --listening

10. Edit your squid configuration file /etc/squid/squid.conf

Code: [Select]

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl home_network src [YOURNETWORK/CIDRSUBNETNOTATION]
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow noAuth
http_access allow home_network
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access deny all
http_port 3400
icp_port 0
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_peer localhost parent 8118 0 round-robin no-query
cache_peer localhost2 parent 8129 0 round-robin no-query
cache_peer localhost3 parent 8230 0 round-robin no-query
cache_peer localhost4 parent 8321 0 round-robin no-query
cache_peer localhost5 parent 8421 0 round-robin no-query
cache_peer localhost6 parent 8522 0 round-robin no-query
cache_peer localhost7 parent 8623 0 round-robin no-query
cache_peer localhost8 parent 8724 0 round-robin no-query
never_direct allow all
always_direct deny all
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
forwarded_for off
coredump_dir /home/squid-cache # where squid stores the cache
pid_filename /var/run/squid-in.pid
access_log /var/log/squid3/access.squid-in.log
cache_store_log /var/log/squid3/store.squid-in.log
cache_log /var/log/squid3/cache.squid-in.log
to start squid for the first time use squid3 -z

11. Edit your host configuration file /etc/hosts

Code: [Select]

127.0.0.1 localhost
127.0.0.1 localhost2
127.0.0.1 localhost3
127.0.0.1 localhost4
127.0.0.1 localhost5
127.0.0.1 localhost6
127.0.0.1 localhost7
127.0.0.1 localhost8
12. Edit the haproxy configuration file /etc/haproxy/haproxy.cfg

Code: [Select]

# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

listen socks 192.168.222.134:9058
    mode tcp
    balance roundrobin

    server tor0 127.0.0.1:9050
    server tor1 127.0.0.1:9150
    server tor2 127.0.0.1:9250
    server tor3 127.0.0.1:9350
    server tor4 127.0.0.1:9450
    server tor5 127.0.0.1:9550
    server tor6 127.0.0.1:9650
    server tor7 127.0.0.1:9750
13. Allow the init script to start haproxy
 

Code: [Select]

# Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
now you can start haproxy with service haproxy start

14. Using haproxy/tor with proxychains

on your client computer install proxychains and edit /etc/proxychains.conf
 

Code: [Select]

apt-get install proxychains
nano /etc/proxychains.conf
make the following entry at the bottom

Code: [Select]

socks4 [PROXYIPADDRESS] 9058
now you can run something like

Code: [Select]

proxychains nmap -P0 -sS -sV -v  [TARGETADDRESS]
15. Using your proxy in a browser

In your browser you need to set the proxyserver with the following values

IP: [PROXYIPADDRESS] Port: 3400

16. Some final thoughts

As I wrote in another post I would consider using a hardware, perimeter firewall to make sure that only your proxyserver has direct access to the internet. so everything from your client pc to the internet must pass the proxy or the firewall would drop the requests.

This is the link to the thread were I posted a short explanation on how you can get a hardware firewall

http://evilzone.org/anonymity/first-steps-net/msg26512

If you have any questions regarding this please contact me!

If somebody has a idea to make this tutorial better do not hesitate to contact me! 

Regards,
8xsde9ed

[G Man]

This was difficult for me to understand. However, its not you --- it's me because im new to this world.

[Daemon]

Another RedbullAddicted quality post. Thank you for this! I'll be looking into doing this on my debian machine in the near future

[RedBullAddicted]

Hi,

wow... this has been one of my first posts on this forum. Nice to see that finally someone is interested
G Man:  If something is not understandable feel free to ask.

[G Man]

Is this something that you have to do to ensure anonymity or only if you plan to hack a governmental site? Lol And thanks  for being helpful.

[RedBullAddicted]

As this is using the tor service you should not use it to hack a governmental site. You can find many posts on EZ about tor and that it was implemented first by the US Navy research. In my opinion that is not very trustable. I don't want to start a discussion about tor and how anonymous you can go with it.

Example:
If you are using tor as proxy to visit websites your request to the website is routed through the tor network.
That means a normal guy is not able to trace you. It is easy to discover if your request is coming from a tor endpoint and it is possible to calculate the route your next request will take. Tor is able to provide you with a higher anonymity as you will have without anything But there are better ways to do it. As I said in the intro I only use my tor proxy vm for browsing some "bad" websites and for doing random scanning through the internet. I dont use t to do anything illegal. Btw. I dont do illegal stuff at all

Hope this is helping you.

[G Man]

Best alternative to Tor?

---And yes your are very helpful 

[RedBullAddicted]

Best alternative for staying really anonymous root a server and install your own proxy or vpn service on it. I know this is not what you expected but this would be the best way. An easier way is to use a vpn service. Maybe this article could be interesting

http://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/

I am not so much into that stuff as I dont really need to stay anonymous. If you go through the anonymity board you will find answers. I am sure here are some guys who can give some better advices as I can.

[G Man]

Could you pm me and explain how to root a server / install proxy/vpn on it.

[RedBullAddicted]

I am afraid I cant really help you with that. Maybe someone else can? But I wrote you a pm anyway

[rtzir]

does it work on Windows XP OS?

[RedBullAddicted]

I am not quite sure what you mean??? The "how to" shows the installation on a debian based linux distribution.
As far as I know there is a squid version available for windows. Not sure if there is tor and privoxy available and I am sure haproxy is only available for *nix. You can set this up as a virtual machine and use it as proxy in your browser on windows XP.

BTW. Would be nice if you could post a short introduction in our "member introduction" board

[noob]

You can add 'transparent' after port number in suqid.conf file,disable DHCP on router,and add IPTABLE rulel like:
 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
and after that you have all client forced to use your proxy

But you cannot redirect 443 port,you cannot use squid as a man in the middle