Tor Stack Exchange
Q&A for researchers, developers, and users of Tor| Tor Stack Exchange
If a host blacklists an entire country so that none of its IPs can reach IPs allocated to that country, is there a way to indicate that they are unreachable, using ExitPolicy or something similar? I tried the following, with this example being a relay that cannot exit to any Swiss IPs: user@host:~$ cat /etc/cron.weekly/blacklist-ch #!/bin/sh ZONE=https://ipv4.fetus.jp/ch.txt curl ${ZONE} | sed -r '/^[0-9\.\/]+$/!d;s/.*/ExitPolicy reject &:*/g' > /etc/tor/ch-ips user@host:~$ grep include /etc/...| Recent Questions - Tor Stack Exchange
https://docs.clamav.net/manual/Usage/SignatureManagement.html Command freshclam will update the signatures. The computer in question runs clamav on debian 12 and torbrowser also runs on the computer. Can you run a command or configure clamav such that updating signatures will go over tor? Thank you.| Recent Questions - Tor Stack Exchange
I want to bring up a new Tor relay and ensure it runs only as a middle relay. Is there anything I should configure (or avoid configuring) to make sure the relay is will be used for middle position after its lifetime and avoiding Guard role: Is there any supported way to prevent (or at least reduce the chance) of receiving the Guard flag so the relay functions strictly as a middle hop with increase selection probability or anything that could increase the chances? Or is the correct answer simp...| Recent Questions - Tor Stack Exchange
I am looking for guidance on how to effectively isolate the Tor process through hardware isolation to enhance security against sophisticated attacks, including those at the hardware and firmware levels. As we know, the Tor Browser has vulnerabilities inherited from Firefox, which can be exploited by hackers to reveal a user's real IP address. While Whonix provides a solution by isolating the Tor process using virtual machine technology, advanced attackers can still exploit vulnerabilities in ...| Recent Questions - Tor Stack Exchange
on router gl-ar300m16 ext you can install librecmc. I have heard about the term transparent proxy. And how you can combine a transparent proxy and tor. My question is can you modify librecmc on the router such that the router connects to the internet over tor? And any device which connects to the router will have its internet traffic go over tor. Preferable such that the router connects to the internet by wifi. And devices connect to the router by wifi. Much like the idea behind torbox.ch. Th...| Recent Questions - Tor Stack Exchange
I have been writing a tor implementation (using v3 addresses) and have gotten stuck on how the client is supposed to retrieve the introduction point(s) of the hidden service from the EdDSA public key. So how exactly is the HSDir selected based on the public key, and what data does the client send to that HSDir (or whatever place stores the introduction points) to retrieve the introduction points, and what data does the node send back? If possible, could you also link the tor reference section...| Recent Questions - Tor Stack Exchange
Of course, I would a little bit different rules for that. But, what I have, that is a tord, connecting in and out everywhere. How to know, when it is connecting another tor node, and when is it working as an exit node, and connecting out from the network? My current best idea: download a list of IP:Port addresses of all the nodes, if it exists. Then: Incoming connections to my node ports are internal traffic Outgoing connections from my tor nodes are either going to an ip:port in the list, or...| Recent Questions - Tor Stack Exchange
As this question details, it is possible to limit the exit nodes into a specific country. What I would yet more happily do, is to have some more narrow limitation. For example, to specific subnets (ISPs) or even to a list of hand-defined hosts. Is it possible, can it happen?| Recent Questions - Tor Stack Exchange
I would happily serve a tor exit point. However, while I think I can trust the intra-tor traffic, I think an exit node needs some... precaution. My precaution is that I would "teleport" it, more clearly I would route it to a vpn channel and masquerade on the VPN endpoint. The result would be that the outgoing connection from my exit node would come virtually from another IP, not from where the bridge nodes connected originally. Can it happen? Is it allowed? In the public list of the tor exit ...| Recent Questions - Tor Stack Exchange
I would be more happy if my tor node would not be so very obviously visible. My current best idea is, if also the tor protocol is being ssl/tls-based, then it could be put and be multiplexed with ordinary https traffic on tcp port 443. My idea is to have some multiplexer tool which decides about all incoming connections, if it is coming to the tor service or to the ordinary webserver (that is probably simple, for example using SNI), and then proxies, where it has to be. Can it work? What is t...| Recent Questions - Tor Stack Exchange
I'm using tor browser bunlde from Debian's repo: https://packages.debian.org/bookworm/torbrowser-launcher torbrowser-launcher package install the browser as well as tor system service: https://packages.debian.org/bookworm/tor I can disable tor system service with sudo systemctl stop tor and sudo systemctl disable tor And after that I'm still able to use the browser just fine to browse. Questions: Do I need the tor service enabled and why? What's the purpose of tor service`? What do I miss if ...| Recent Questions - Tor Stack Exchange
I am trying to set up a Tor bridge relay on a computer which uses Ubuntu 24.0 I have hashed the password in torrc as shown --- ControlPort 9051 #HashedControlPassword 16:323634568C5955F60366D932009E197BE0A22ETC HashedControlPassword 16:123634C5955F6036609E197BE0A11EEC22241644E444A4CD3255D305C8 --- I used the command in Terminal tor --hash-password 16:323634568C5955F60366D932009E197BE0A22ETC to produce the HashedControlPassword shown above, which I copied into the torrc file before starting th...| Recent Questions - Tor Stack Exchange
If selecting a trusted entry (guard) node is crucial, why not self-host a bridge at home? Is it important to use 3 external relays or can one relay be selfhosted at your origin address leaving only two "external hops"? In other words would 1 relay that you own and that uses your own private IP + 2 external tor relays be a less or more secure setup than using the default 3 external tor relays? I am also weighing this against using an external webtunnel bridge to hide your first hop, which I as...| Recent Questions - Tor Stack Exchange
How can I check to see if a given Onion Service is still in-use? To be clear: I'm not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won't tell me if the Onion Service is running something on another port. I'm trying to find an XMPP server that uses an Onion Service. I found several lists of XMPP servers and their .onion names, but I expect most of these services are offline. 2n3tvihf4n27pqyqdtcqywl33kbjuv2kj3eeq6qvbtud57jwiaextmid.onion 32qywqnlnqzb...| Recent Questions - Tor Stack Exchange
This config has previously worked fine with nginx, but using HAProxy UNIX socket listener bind unix@/var/run/tor/onionlinkhere.sock, it returns "Unable to connect" in Tor Browser. However, using localhost TCP port binding does work. Does anyone know why using UNIX socket to bind does not work? Below are the config files, with the alternative localhost port solution commented out. torrc: HiddenServiceDir /var/lib/tor/onionlinkhere.onion/ HiddenServicePort 80 unix:/var/run/tor/onionlinkhere.soc...| Recent Questions - Tor Stack Exchange
Just like in any browser, in Tor browser it is also possible to have bookmarks toolbar visible (by default that's off), this makes web page height reduced by the height of bookmarks toolbar. For Tor browser users it's well known that we should not maximize Tor to cover entire screen but keep it at default width and height to prevent width and height of the browser (or web page?) being detected and this way standing out of the crowd. However, even if using default width and height of the brows...| Recent Questions - Tor Stack Exchange
The result of the verifying_key() method is VerifyingKey (PublicKey) that is not the same as the true PublicKey in the hs_ed25519_public_key file. I’ve been trying to solve this for a few days now and searching for information, but I haven’t found anything relevant. I’m using the public and private keys of the respective hidden service, but I get a completely different onion domain. The key pair is correct. I think the problem has to do something related with the private key since the o...| Recent Questions - Tor Stack Exchange
I am deploying a docker image of Tor Bridge OBFS4. I use the standard docker-compose.yml and .env file with my edits. Nothing fancy, really. After seeing that my Tor Bridge Version 4.7.10 was flagged as not recommended I downed the container, pulled the new version and then trouble started. After docker compose pull && docker compose up -d I see the following errors when I inspect the logs: Jan 30 21:29:42.972 [notice] Tor 0.4.8.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 3.0.11,...| Recent Questions - Tor Stack Exchange
I'm trying to install Tor browser from this article over here. I'm using method no. 2: Install Tor browser launcher using APT (Alternate Method). I'm using Ubuntu 22.04 LTS, so I've made sure the Universe repository is enabled. sudo add-apt-repository universe && sudo apt update After that, I've installed the Tor browser launcher like this: sudo apt install torbrowser-launcher It was all fine. No hurdles on the way. I understand that this is not the browser itself. Tor browser launcher is jus...| Recent Questions - Tor Stack Exchange
How do I run an exit node anonymously? By anonymously, I mean that nobody can identify who created or runs the exit node. I know that the IP addresses of exit nodes will be publicly available, so I am assuming that I will have to run the exit node somewhere far away from my location. But I need more clarification on how to exactly do this.| Recent Questions - Tor Stack Exchange
I accidentally resized tor browser. How to change back to default size without restart?| Recent Questions - Tor Stack Exchange
12/29/18, 17:21:54.324 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/29/18, 17:21:54.325 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/29/18, 17:21:54.325 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/29/18, 17:21:54.325 [NOTIC...| Recent Questions - Tor Stack Exchange
The tor browser launches & loads fine, but when I attempt to load a page/site I get the following warning : Secure Connection Failed The connection to the server was reset while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Learn more…| Recent Questions - Tor Stack Exchange
I'm trying to connect to an OpenVPN server through Tor Socks Proxy. When I try to connect to the VPN sometimes I receive this error message "Recv_socks_reply: TCP Port Read Timeout expired" and OpenVPN tries to re-establish the connection. Other times instead the connection to the VPN happens successfully, but as soon as I try to connect to a website the connection falls by giving me "Inactivity timeout (--ping-restart), restarting". Using the same .ovpn and the same torrc on Windows everythi...| Recent Questions - Tor Stack Exchange
Is it technically possible to SSH into a Whonix workstation locally? So if I'm on the same local network as the device running the workstation. For example, my laptop is on 192.168.0.2, the device running the gateway is on 192.168.0.3 and the workstation on 10.152.152.22. Perhaps SSH into the Whonix Gateway first, then SSH into the workstation? Or maybe some port-forwarding somehow? Can someone assist with this?| Recent Questions - Tor Stack Exchange
I am connected to my university's WiFi running on OS X Yosemite 10.10.2 and have downloaded Tor, but it has a difficulty connecting to a relay directory. Does this process take a long time or is it possible that I need a bridge to access Tor?| Recent Questions - Tor Stack Exchange
I'm having problems with captcha in TOR. A website I am trying to register on has an 'I am not a robot button', which when I click it comes up with a message saying: Your computer or network may...| Tor Stack Exchange
