Posts Tagged ‘TOR’

Here are the materials required to successfully follow this tutorial:

  • A laptop with an access to the internet
  • A remote website that you own or that you have permission to access. In this tutorial, we will use the publicly available domain example.com 

For this tutorial, I will suppose that you are using a Debian-based distribution, such as the popular ubuntu

Note: Kali Linux comes with all these tools right from the box. So, if you have a working installation of Kali Linux, just skip the installation steps and go to step 4.

1. Install Nmap

Nmap is the tool most hackers use to conduct reconnaissance on a remote target.

So, in this tutorial, we will suppose that you have a minimal knowledge of how to use this tool.

To install Nmap, use the command line below:

sudo apt-get install nmap

2. Install TOR

Tor is the most used software in the world to protect privacy while surfing the internet and sometimes to access the deep/dark web.  So, in order to protect your privacy, you just have to download and install the tor browser from; https://www.torproject.org But, in this tutorial, we are going to use the command line version of TOR.

To install it, just type the following command:

sudo apt-get install tor

3. Install Proxychains

Proxychains is the tool used to send an application’s traffic through the network while staying anonymous. It is used to route all network traffic incoming and outgoing from an application to a local or remote proxy address. We will use it to route all the Nmap traffic through the anonymous network TOR.

To install proxy chains, just type:

sudo apt-get install proxychains

4. Start scanning anonymously

Once all these tools are installed, everything is correctly configured with the default setting, so you can start surfing anonymously without any problem.

sudo proxychains nmap -sT example.com

 

Note: Here we have used Nmap with proxy chains, but you can use any other command line or GUI tool you know with proxy chains and TOR as explained.

tv crime2Internet trolls are using Tor nowadays to avoid bans by IP. However, banning Tor exit nodes is just slightly more complex. The Tor Project provides a regularly updated list of exit nodes that can access your IP here. As there may be many hundreds or even thousands of nodes, adding them to iptables can hurt your server’s network performance. Enter ipset, a user-space hash table for iptables:

# create a new set for individual IP addresses
ipset -N tor iphash
# get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
wget -q https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$YOUR_IP -O -|sed '/^#/d' |while read IP
do
  # add each IP address to the new set, silencing the warnings for IPs that have already been added
  ipset -q -A tor $IP
done
# filter our new set in iptables
iptables -A INPUT -m set --match-set tor src -j DROP