logs archiveIRC Archive / Oftc / #tor / 2015 / August / 23 / 1
avey
WWW.JOYOFSATAN.ORG
kernelcorn
scinawa: shame that Runner1 left, but Ricochet is one such chat system
scinawa
yeah i've heard about it at ccc
ntz
Hello, I can't help myself but i've spend with that almost all day long ...
I'm unable to configure the latest (5.0.1) tor browser to just use a different tor service than one bundled with it ...
on the firefox level I have set to use a proper socks address and port but the tor icon is always unhappy telling, that tor ain't used
my setup is: latest tor (not browser) running on remote server, remote 9050 forwarded using ssh to my local workstation ... I'm trying to convince local tor browser (firefox) to use this forwarded socks without running his own tor session
s7r
why would you want to do that?
ntz
s7r: good question and very easy explanation, lemme tell ya
1) I have a remote VPS with the ISP I trust to and also with the provider of VPS
2) I don't want from any random public access point to uncover, that I'm using tor, so I have communication between me and my VPS encapsulated to my superstrong ssh tunnel
3) I can have on server tor running 24/7
s7r: so if I want to use my tor browser, I need to do before that ssh -L 65534:127.0.0.1:9050 $myserver
^^ and that perfectly fits to my needs because me using tor can't be tracked on current ISP level
s7r
ok, makes sense
but Tor browser also needs access to controlport
ntz
it's laptop ... I'm connecting from various places
seems like that's only solution, because tor browser works .. firefox uses as a proxy 127.0.0.1:65534 but only damned tor button is unhappy
s7r
go to your Tor browser folder data/Tor/torrc and substitute SocksPort 9150 with 65534, then open the SSH tunnel and proceed
         

Stevko
Maybe if you also forward control port and se that somehow in tor browser&
ntz
claiming no tor around no matter what I do
Stevko
that ‘
cacahuatl
Because there is no control port :( we covered this earlier
Make Tor use the SSH proxy, not Firefox.
Same protection from local attackers, better protection all round.
ntz
Stevko: btw, it's weird, I ran the tor browser with its bundled tor and checked with lsof/netstat but there ain't any additional port open so not really clue what his control port is
s7r
it's 9051
most probably
but then it's cookie authentication.
it's too complicated.
may I suggest a good, qucik fix?
which will be less painfull and more secure as you won't toy with Tor Browser that much
ntz
I'm one big ear
s7r
configure a bridge on your vps which listens ORPort 127.0.0.1:8080 for example. not pluggable transports or antyhing. add PublishServerDescritptor 0 to its torrc line
ntz
cacahuatl: servus ... I have even latest tor now and I didn't give up :)
s7r
do a ssh tunnel, ssh -L 8080 127.0.0.1:8080 $yourserver
go to your Tor browser, don't touch anything
just tell it to use bridges
ntz
kk
s7r
and enter bridge 127.0.0.1:8080 <fingereprint>
this is less painfull and everything will work
ntz: makes sense?
ntz
not yet but I'll reread that few times
s7r
so you will have the security and functionality of Tor browser and also of your ssh tunnel and your vps
ntz
s7r: with bridge you mean thing that I'll create using ifcfg-torbr0 but without attaching ifaces into it ?
^^ eg that I'll create a bridge on OS level ?
s7r
you have Tor installed on your vps, right?
ntz
only the core and running
and using it right now from remote via that tunneled ssh 9050
s7r
ntz: go to your vps, in /etc/tor/torrc and replace wit hthis
ntz
s7r & cacahuatl and btw, it's no longer VPS, I even moved it already to my physical server (but it doesn't matter from the POV of tor)
s7r
https://paste.debian.net/302935/
         

ntz
s7r: ok
s7r
after that restart tor
service tor restart
go to /var/lib/tor/fingerprint and copy/paste the fingerprint
ntz
btw, my torrc is now *empty* .. I'm using defaults ... torrc is only full of commented out lines
s7r
delete the old torrc
and create a file with the contents of that pastebin
ntz
sure
s7r
restart tor and get the bridges's fingerprint
then start Tor browser
click on Tor button -> Tor network settings -> My internet service provider blocks connection to the Tor network -> enable enter custom bridges
add 127.0.0.1:8080 <fingerprint you previously copied from your server>
oh, and create the ssh tunnel with -L 8080 127.0.0.1:8080 $yourserver
ntz
s7r: one question ... I don't have on server /var/lib/tor ... I build tor with some --prefix and it ain't even in prefix
s7r
well this is something you should know
where your Tor's datadirectory is
ntz
I run it on server under my user account and prefix was $HOME/chroot
s7r
remember to connect to the ssh tunnel before starting Tor Browser, it won't work otherwise
ntz
so everything is in ~/chroot ... and it runs fine
s7r
ok get the fingerprint from there then
ntz
s7r: http://susepaste.org/view/raw/72226288
o.O not sure where I should find it
oh .. ~/.tor
s7r
home/dpecka/.tor/fingerprint
i think
ntz
http://susepaste.org/view/raw/86928826
^^ nothing like that .. I even added the output from tor app
s7r
did you restart Tor after modifying the torrc?
ntz
not yet .. okay, doing that
s7r: wow .. it does something o.O
it says now: Aug 23 01:15:11.000 [notice] Now checking whether ORPort 84.42.228.122:8080 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
s7r: okay, fingerprint file is here
s7r
ok copy the fingerprint without the nick, just the fp
and paste it where i told you above
re-read the instructions
ntz
sure, doing it
Guest3203
samebody speak spanish
ntz
s7r: content of figerprint file is: mybridge $hash
in the tor network settings I hould fill: 127.0.0.1:8080 $hash
??
s7r
yes
Guest3203
alguien habla espa;ol
ntz
s7r: http://susepaste.org/view/raw/73661118
ok
Guest3203
alguien me puede ayudar
ntz
s7r: does my computer needs a local proxy ? I don't guess so if the remote 9050 is now local 65534 ...
^^ it's next question
s7r
yes, what OS are you on?
« prev 1 2 3 4 5 next »