~ /~ \ \ /** \ //// // // // // ///&// / & /\ \ / & .,, \ /& % : \ /& % : ; `\ /&' &..% !.. `.\ /&' : &''" ! ``. : `.\ /#' % : "" * . : : `.\ I# :& : !" * `. : :: I I &% : : !%.` '. . : : : I I && :%: .&. . . : : : I I %&&&%%: WW. .%. : : I \&&#%%%`W! & ' : ,'/ \####ITO%% W &..' #,'/ \W&#%%&&&## %./ \###j[\##//##}/ ++///~~\//_ \\ \ \ \ \_ / / \ THE ONION ROUTE Hello, today I'm going to talk about tor and the tor browser and how to use them and how to circumvent systems to identify that you're using tor. [0x1] How did it come about? The Onion Route (AKA: Tor) is a routing system created by the US Navy in the mid-1990s, originally created by mathematician Paul Syverson and computer scientists Michael G. Reed and David Goldschlag. Michael G. Reed and David Goldschlag, and was later adopted for development by DARPA. This protocol was created to provide greater anonymity. nor Tor Browser, it was just a network based on 3 relay nodes, which would basically shuffle your source ip using 3 computers. I'll give you a practical example below: Connections are traditionally made like this: ┌────────────────────────────────────┐ |(kitty) ----<Request>----->(Server)| └────────────────────────────────────┘ And tor provides that kind of connection: ┌───────────────────────────────────────────────────────────────────────────────────┐ |(kitty) -[Guardian]---<Request>----->[Midle]----<Request>------[Exit]---> (Server)| └───────────────────────────────────────────────────────────────────────────────────┘ but what does that mean? what are Guardian, Midle, Exit? Well, let's do as jack did, and go by parts The TOR routing system works on the basis of nodes, each of which I'll explain below: Guardian: The node initially knows your IP address, but it only passes your request on to another node. Middle: It's in the middle between the end of the process and the beginning, it doesn't know your ip and only passes the information on to the last Node Exit: The end node, which is responsible for sending your request to the destination server, will appear in the server logs and does not know your ip. You might think that this would be slow, but believe me, it's not that slow. Obviously, you need a very fast connection, so with your 10mb/s wifi it should take a while to complete this cycle, but it's not that slow. This was created at a time when sniffing to obtain military information was very common, as there were no basic encryption methods such as SSL, so it was easier to do all this routing to the server. We're only talking about how it works in theory, because that's just how the protocol should work, and I haven't gotten to the part about links, brigdes and so on, which I'll get to now [0x2] The Tor Project Tor was then passed on to the Civil Domain, and was maintained, and still is today, by the group The Tor Project, founded in 2006 by Roger Dingledine, Nick Mathewson and other contributors. It was this group that created the Tor Browser, the browser that did this routing, and it was the group that originated the .onion DNS and its creation. [0x3] .onion links and creating one .onion dns are sites that are hosted by tor relays, that is, these sites do the same process to send packets, only now, to transmit, it's a bit difficult to talk about so I'll show you again. ┌────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ |(kitty) -[Guardian]---<Request>----->[Midle]----<Request>------[Exit]---<Request>--[Exit]---<Request>----->[Midle]----<Request>------[Guardian]----> (Server)| └────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ The nodes with colors Red represents your machine, and the colorGreen Servers. You realize that now it goes through 6 requests that make it impossible to be traced, by normal requests. making your privacy fortified by 2 times. But how do you get a .onion registry? Well, the .onion registry is generated automatically by the tor tools, you can create a service yourself by modifying the torrc I'll show you an example by modifying it to make your ssh over tor: ┌─────────────────────────────────────────────────────────────────────────────────────────────────────┐ |root@void:~# echo "HiddenServiceDir /var/lib/tor/ssh_secret/" >> /etc/tor/torrc |root@void:~ # echo "HiddenServicePort 22 127.0.0.1:22" >> /etc/tor/torrc |root@void:~ # systemctl restart tor |root@void:~ # cat /var/lib/tor/ssh_secret/hostname |37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion └─────────────────────────────────────────────────────────────────────────────────────────────────────┘ Now we can connect using our tor domain ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ |root@void:~ # torsocks ssh root@37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion |The authenticity of host '37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion (127.42.42.0)' can't be established. |ED25519 key fingerprint is SHA256:LlDh46rFCuRXJ/hME5QbsO6aWB2qL1hVjn+IhuGW//4. |This key is not known by any other names. |Are you sure you want to continue connecting (yes/no/[fingerprint])? yes |Warning: Permanently added '37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion' (ED25519) to the list of known hosts. |root@37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion's password: |// Bla bla bla |root@void:~ # exit |Connection to 37ryqzpb7pr6gpnhjcmn54s677dapbr6szznug65xh2465wp5hk5w6qd.onion closed. └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ [0x4] Personalized domains and how to generate them. If you've seen any .onion sites, you'll have seen that they can take letters from your domain, like twitter, which has a .onion domain like twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion, it's possible and it's free! but you'll need to use your processing to the max to achieve something like this. To generate a personalized .onion domain you'll have to hack the url until you generate a domain you like, and rest assured that no one but you will have this domain, because when you generate a domain it generates a public and private key for it to validate it, making it impossible to have more than 1 existing domain. Okay, so how do we do that? Well, there's a project on github called: mkp224o that it is a program to generate domains for Onion V3 With it you can create a domain. If you want to generate a domain using this, it's easy. Just compile the program on your machine and run the following command: ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ |root@void:~ # ./mkp224o bezu |sorting filters... done. |filters: | bezu |in total, 1 filter |using 12 threads |bezu57ruwyle57tqfp2hbbosj3nvf4c6mtvcuawufuwxqmkyyakxpwad.onion |bezuk2qaghiwftlxtxl5qa6tojcvfaz4lo6bkvhciyjypqyfteglkjqd.onion |bezuglbdmoblax7vyv4f73rov5ceuk47ujgoy2x237jhukw3hpg4hrad.onion |^Cwaiting for threads to finish... done. |root@void:~ # ls | grep bezu |bezu57ruwyle57tqfp2hbbosj3nvf4c6mtvcuawufuwxqmkyyakxpwad.onion |bezuglbdmoblax7vyv4f73rov5ceuk47ujgoy2x237jhukw3hpg4hrad.onion |bezuk2qaghiwftlxtxl5qa6tojcvfaz4lo6bkvhciyjypqyfteglkjqd.onion └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ in each folder that has been generated you will have your public and private keys for the domain, to get it to work just move the contents of the folder to the directory of your hidden service as I will do with ssh_secret ┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐ |root@void:~ # mv bezu57ruwyle57tqfp2hbbosj3nvf4c6mtvcuawufuwxqmkyyakxpwad.onion/* /var/lib/tor/ssh_secret/ └─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘ Now just reset the tor service and you'll see that we can access using that domain. [0x5] How do they know you're using tor and how do you get around it? Have you ever tried to access a tor site at your college or school and noticed that the nodes were blocked? This is common in some places and unfortunately they leave several tor nodes in the firewall to prevent you from seeing things like youtube videos or something like that. To circumvent this type of protection, we can use a brigde in the tor-browser. It's simple and easy, but what is a brigde anyway? a brigde is a bridge to connect to the guardian node The connections look like this: ┌───────────────────────────────────────────────────────────────────────────────────────────────┐ |(kitty) [Brigde]--->[Guardian]---<Request>----->[Midle]----<Request>------[Exit]---> (Server)| └───────────────────────────────────────────────────────────────────────────────────────────────┘ There are several types of Brigde - Obsf4 [Most common] - SnowFlake [Voluntary Proxy] - Meek Azure [Microsoft Dns] Obsf4 is the most common to be taken down because it only obfuscates your traffic, there is still a chance of being blocked and not being able to access it. The SnowFlake Project is totally voluntary, fast and stable, allowing you to use the ip of someone from another part of the world to access the entry node. And Meek Azure uses Microsoft's DNs, but it's too slow to load things like video and video calls, but it's great for lighter browsing. To use a brigde go to your tor-browser settings Go to settings, click on "Set A built-in Brigde..." and select timo. People will hardly know what you're accessing and you'll be free to access your internet without censorship! [Home]