|
|
[[TOC(noheading, depth=4)]]
|
|
|
= Misc. Torifying Instructions =
|
|
|
|
|
|
The below section contains instructions on tools and programs commonly used with Tor, but do not have enough required information to warrant their own individual pages.
|
|
|
|
|
|
=== Filesharing / Bittorrent ===
|
|
|
It is '''highly advised''' against torrenting over Tor. Not only is it unsecured and prone to leakage, it creates a significant load on the network that it is not designed to manage. This harms every other person using it.
|
|
|
|
|
|
=== SSH ===
|
|
|
|
|
|
More recent dedicated article [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh SSH].[[BR]]
|
|
|
The information originally found under the [#ssh_2 SSH] section has been merged to that page as well.
|
|
|
|
|
|
=== youtube-dl ===
|
|
|
|
|
|
Use [https://youtube-dl.org/ youtube-dl]'s `--proxy` option to use it through Tor.
|
|
|
with a system Tor::
|
|
|
{{{
|
|
|
youtube-dl --proxy socks5://127.0.0.1:9050/ https://www.youtube.com/watch?v=<id>
|
|
|
}}}
|
|
|
with Tor Browser::
|
|
|
{{{
|
|
|
youtube-dl --proxy socks5://127.0.0.1:9150/ https://www.youtube.com/watch?v=<id>
|
|
|
}}}
|
|
|
|
|
|
Often, the YouTube server will be blocking the exit relay and you will get an error like one of these:
|
|
|
{{{
|
|
|
ERROR: Unable to download webpage: HTTP Error 429: Too Many Requests
|
|
|
ERROR: Unable to download webpage: No status line received - the server has closed the connection
|
|
|
}}}
|
|
|
|
|
|
If you keep running the same youtube-dl command, you will keep getting the same exit relay, and keep getting the same error message. You can work around the block using Tor's [https://2019.www.torproject.org/docs/tor-manual.html.en#SocksPort circuit isolation]. If you provide a different username and password to the SOCKS port, it will cause Tor to use a different circuit and exit relay. In the Unix shell, `$RANDOM` is a convenient way to get a random string. Keep trying the command until you get an exit relay that works.
|
|
|
{{{
|
|
|
youtube-dl --proxy socks5://$RANDOM:$RANDOM@127.0.0.1:9050/ https://www.youtube.com/watch?v=<id>
|
|
|
}}}
|
|
|
|
|
|
By default, youtube-dl will download the video in a high-resolution format. If you prefer a smaller video file, use the `-F` option to list the available formats and `-f` to choose a lower resolution. See [https://github.com/ytdl-org/youtube-dl/blob/master/README.md#format-selection FORMAT SELECTION]. The [https://archiveteam.org/index.php?title=YouTube#.28Manual.29_Recommended_way_to_archive_YouTube_videos Archive Team wiki] has other tips on getting the most from youtube-dl.
|
|
|
{{{
|
|
|
youtube-dl -f 43/18 --proxy socks5://$RANDOM:$RANDOM@127.0.0.1:9050/ https://www.youtube.com/watch?v=<id>
|
|
|
}}}
|
|
|
|
|
|
=== Video streams ===
|
|
|
|
|
|
You can use [https://github.com/streamlink/streamlink streamlink] with proxy settings.
|
|
|
{{{
|
|
|
streamlink --http-proxy socks5h://127.0.0.1:9050/ --https-proxy socks5h://127.0.0.1:9050/ --rtmp-proxy socks5h://127.0.0.1:9050/ https://www.twitch.tv/<yourstream> 480p
|
|
|
}}}
|
|
|
In place of `480p` you can use e.g. `720p`, `best`. By default it will try to run `vlc` or another player that it finds; use the `--player=<command>` option to customize. Notice the `socks5h` scheme on the proxy URLs. [https://github.com/shazow/urllib3/issues/1035 The `h` means to do DNS lookups through the proxy]; this is an artifact of the urllib3 library that streamlink uses underneath. If you use just plain `socks5` instead of `socks5h`, you will definitely leak DNS requests.
|
|
|
|
|
|
=== TLS / SSL / HTTPS ===
|
|
|
|
|
|
Tor Browser uses HTTPS Everywhere to make preference for TLS connections.
|
|
|
|
|
|
Tor Browser also pins the https://check.torproject.org SSL certificate, see [https://trac.torproject.org/projects/tor/ticket/3555 TBB: hardcode SSL cert check to prevent MITM].
|
|
|
|
|
|
To enhance the situation there are several ways:
|
|
|
* Pin the [https://en.wikipedia.org/wiki/Certificate_authority SSL CA]. This assumes, that the issuing SSL CA must be compromised. Therefore not any SSL CA can issue a fraudulent certificate. It's more secure, but not perfect.
|
|
|
* (For your own servers:) Use self-signed certificates and check the fingerprint or save the public key in your keyring. The fingerprints must be shared over a pre-shared secure channel, such as a meeting (where you do not need to stay anonymous) or GPG encrypted.
|
|
|
|
|
|
=== Wget (HTTP) ===
|
|
|
'''Quick note:''' wget sends a User-Agent that often provides both a wget version number and the originating platform. For example, Tails 2.5 provides {{{wget/1.16 (linux-gnu)}}} as its User-Agent. Every operating system will provide different versions of wget in their repositories at any given time, thus allowing a hypothetical observer to make an educated guess at your current operating system. It's advisable to either fake your User-Agent (you can find the one Tor Browser is using by searching {{{general.useragent.override}}} in {{{about:config}}}), use a common operating system like Ubuntu or Debian, or simply by using a distribution like Tails that is designed to create a consistent anonymous set for all of its users.
|
|
|
|
|
|
In wget, spoofing the User Agent can be done with the {{{-U}}} or {{{--user-agent}}} option. An example:
|
|
|
|
|
|
{{{
|
|
|
wget -U "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" [urlhere]
|
|
|
}}}
|
|
|
|
|
|
==== Method 1: Torsocks ====
|
|
|
Wget can be torified by using [https://trac.torproject.org/projects/tor/wiki/doc/torsocks Torsocks]. This can be accomplished simply by invoking:
|
|
|
|
|
|
{{{
|
|
|
torsocks wget [fileaddress]
|
|
|
}}}
|
|
|
|
|
|
==== Method 2: Proxy / Modifying wgetrc ====
|
|
|
Wget will also respect the http_proxy enviroment variable, however you can simplify the process by editing {{{/etc/wgetrc}}} after installing Privoxy or similar:
|
|
|
|
|
|
{{{
|
|
|
...
|
|
|
http_proxy = http://localhost:8118
|
|
|
use_proxy = on
|
|
|
...
|
|
|
}}}
|
|
|
|
|
|
Please note port 8118 is simply the default port of Privoxy, and should be adjusted as per your local setup / software.
|
|
|
|
|
|
=== cURL ===
|
|
|
'''Notice''': Like for wget above, you must spoof your User Agent. Replace the {{{--user-agent}}} option in the below example with the relevant one from the {{{general.useragent.override}}} field in your Tor Browser's {{{about:config}}}.
|
|
|
|
|
|
==== Method 1: Proxy Settings
|
|
|
cURL can be torified by simply using its {{{--proxy}}} argument. An example:
|
|
|
|
|
|
{{{
|
|
|
curl --proxy "socks5h://localhost:9050" --tlsv1.2 --compressed --user-agent "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H 'DNT: 1' [urlhere]
|
|
|
}}}
|
|
|
|
|
|
==== Method 2: Torsocks ====
|
|
|
Using [https://trac.torproject.org/projects/tor/wiki/doc/torsocks Torsocks]. |