|
|
[[TOC(noheading, depth=3)]]
|
|
|
'''Written:''' 30-03-2018 (Jaruga)
|
|
|
**Written:** 30-03-2018 (Jaruga)
|
|
|
|
|
|
= Torifying HexChat =
|
|
|
|
|
|
HexChat (originally forked from [https://en.wikipedia.org/wiki/XChat XChat]) is an open-source, cross-platform internet relay chat client that grew in popularity shortly after the discontinuation of XChat in 2013. It has several security-oriented features such as OTR, an easy-to-use graphical interface, a simplistic window layout and includes all the basic functions of most popular IRC clients. HexChat also has a plugin system with support for various languages that allows for dynamic modifications and extensions.
|
|
|
HexChat (originally forked from [XChat](https://en.wikipedia.org/wiki/XChat)) is an open-source, cross-platform internet relay chat client that grew in popularity shortly after the discontinuation of XChat in 2013. It has several security-oriented features such as OTR, an easy-to-use graphical interface, a simplistic window layout and includes all the basic functions of most popular IRC clients. HexChat also has a plugin system with support for various languages that allows for dynamic modifications and extensions.
|
|
|
|
|
|
|
|
|
== Starting up HexChat ==
|
|
|
## Starting up HexChat
|
|
|
|
|
|
By default, HexChat automatically loads the "Network List" window on the first launch after installation. To modify your internal proxy settings, HexChat must first attempt to make a connection. You may avoid connecting to a server before configuring Tor by simply clicking the 'Add' button which creates a new, blank network entry. Then click 'Connect'. This will of course fail, and will open the chat window to allow entry to the settings menu.
|
|
|
|
|
|
Example output:
|
|
|
|
|
|
[[Image(https://tor.dial.ga/m/hc/hc1.png)]]
|
|
|
![https://tor.dial.ga/m/hc/hc1.png](https://tor.dial.ga/m/hc/hc1.png)
|
|
|
|
|
|
== Adding Internal Proxy Settings ==
|
|
|
## Adding Internal Proxy Settings
|
|
|
|
|
|
1. When the chat window opens, click the 'Settings' drop-down menu on the toolbar and select 'Preferences'.
|
|
|
|
|
|
[[Image(https://tor.dial.ga/m/hc/hc2.png)]]
|
|
|
![https://tor.dial.ga/m/hc/hc2.png](https://tor.dial.ga/m/hc/hc2.png)
|
|
|
|
|
|
2. When the Preferences window opens, select 'Network Setup' from the leftside menu.
|
|
|
|
|
|
3. Fill the fields under the 'Proxy Server' header like so:
|
|
|
|
|
|
[[Image(https://tor.dial.ga/m/hc/hc3.png)]]
|
|
|
![https://tor.dial.ga/m/hc/hc3.png](https://tor.dial.ga/m/hc/hc3.png)
|
|
|
|
|
|
4. Click OK.
|
|
|
|
|
|
All of HexChats connections will now be routed via Tor. To connect to a specific server without using Tor (due to IP bans or various other reasons), you can simply check the 'Bypass Proxy Server' option under that servers 'Edit' menu.
|
|
|
|
|
|
== Using HexChat with TLS / SSL ==
|
|
|
## Using HexChat with TLS / SSL
|
|
|
|
|
|
Many IRC networks (IRC servers) support SSL/TLS/encrypted connections and it is highly advisable to utilize it - but depending on the specific configuration of an IRC server, some small setting changes may have to occur first.
|
|
|
|
|
|
=== Enabling SSL ===
|
|
|
### Enabling SSL
|
|
|
|
|
|
If the destination IRC network uses a certificate from a major or paid CA (Certificate Authority) as many popular ones do, these modifications can be made under the servers 'Edit' menu:
|
|
|
|
|
|
1. Select "Use SSL for all the servers on this connection" option in the desired networks Edit/Configuration window. This will ensure your client does not make any connections outside of the encrypted stream.
|
|
|
|
|
|
2. '''IMPORTANT:''' Avoid selecting the option "Accept invalid SSL certificate".
|
|
|
2. **IMPORTANT:** Avoid selecting the option "Accept invalid SSL certificate".
|
|
|
|
|
|
=== Enabling SSL for Self-Signed Certificates ===
|
|
|
'''NOTICE:''' It is currently not possible to properly trust self-signed certificates in HexChat. The cause of this is outlined [https://github.com/hexchat/hexchat/issues/261 here].
|
|
|
### Enabling SSL for Self-Signed Certificates
|
|
|
**NOTICE:** It is currently not possible to properly trust self-signed certificates in HexChat. The cause of this is outlined [here](https://github.com/hexchat/hexchat/issues/261).
|
|
|
|
|
|
Some servers (including virtually all onion-based IRC servers which offer SSL) use self-signed certificates which are not listed in any CA and therefore are recognized as invalid by HexChat. In order to connect to a server which uses a self-signed cert, you may simply:
|
|
|
|
... | ... | @@ -51,18 +51,18 @@ Some servers (including virtually all onion-based IRC servers which offer SSL) u |
|
|
|
|
|
2. Select the 'Accept invalid SSL certificates' option. This will force HexChat to bypass its CA check.
|
|
|
|
|
|
=== SSL port ===
|
|
|
### SSL port
|
|
|
|
|
|
If an IRC servers SSL supported port is the default 6697, then its entry in the menu will look like this:
|
|
|
{{{
|
|
|
```
|
|
|
irc.server.net/6697
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== OTR ("Off-the-Record") ==
|
|
|
|
|
|
For even stronger privacy, it is advisable to use the [https://en.wikipedia.org/wiki/Off-the-Record_Messaging OTR] protocol. This can be accomplished by using the '''hexchat-otr''' package / plugin.
|
|
|
For even stronger privacy, it is advisable to use the [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging) protocol. This can be accomplished by using the **hexchat-otr** package / plugin.
|
|
|
|
|
|
== SASL Authentication ==
|
|
|
## SASL Authentication
|
|
|
|
|
|
SASL is a type of user login and authentication method that allows identification to services such as NickServ during the connection process, before anything else occurs.
|
|
|
|
... | ... | @@ -73,5 +73,5 @@ Some IRC networks / servers also provide an onion service. They often require th |
|
|
3. Select SASL (username + password) for the "Login method" field
|
|
|
4. In the "Password" field, enter your NickServ password
|
|
|
|
|
|
== See also ==
|
|
|
[wiki:doc/TorifyHOWTO/IRC Internet Relay Chat - General security and anonymity] |
|
|
\ No newline at end of file |
|
|
## See also
|
|
|
[Internet Relay Chat - General security and anonymity](./doc/TorifyHOWTO/IRC) |
|
|
\ No newline at end of file |