|
|
[[TOC(noheading, depth=0)]]
|
|
|
|
|
|
= ''' [[span(style=color: #FF0000, DO NOT USE THIS PAGE! IT IS MANY YEARS OUTDATED. SEE:)]] [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/HexChat HexChat] ''' =
|
|
|
# ** [[span(style=color: #FF0000, DO NOT USE THIS PAGE! IT IS MANY YEARS OUTDATED. SEE:)]] [HexChat](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/HexChat) **
|
|
|
|
|
|
'''[https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO Read first!!!]''' [[BR]]
|
|
|
**[Read first!!!](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO)**
|
|
|
|
|
|
'''Also read [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc General Instructions for IRC] first!!!
|
|
|
|
|
|
= Introduction =
|
|
|
XChat base code is modified to run on different Operating Systems, and different Hardware architectures. Such XChat based IRC clients are listed below.[[BR]]
|
|
|
A comparison on various XChat based IRC clients is on [http://xchatdata.net/Using/BuildLineup XChatData] site. A comparison of all types of IRC client/software is here in [https://en.wikipedia.org/wiki/Comparison_of_IRC_clients Wikipedia].
|
|
|
'''Also read [General Instructions for IRC](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc) first!!!
|
|
|
|
|
|
# Introduction
|
|
|
XChat base code is modified to run on different Operating Systems, and different Hardware architectures. Such XChat based IRC clients are listed below.
|
|
|
|
|
|
A comparison on various XChat based IRC clients is on [XChatData](http://xchatdata.net/Using/BuildLineup) site. A comparison of all types of IRC client/software is here in [Wikipedia](https://en.wikipedia.org/wiki/Comparison_of_IRC_clients).
|
|
|
|
|
|
You will have to choose a version/build/brand of XChat (see the table of content for the available options) Follow the links and instructions given in that section. Afterwards you can look into other chapters, such as setting up SASL and importing SSL certificates. Don't forget to read and apply if necessary: [[#XChat_FirstTime Start XChat First Time]]
|
|
|
|
|
|
'''Doing ANY ONE of them is enough''', either:
|
|
|
**Doing ANY ONE of them is enough**, either:
|
|
|
|
|
|
* A) Replace your all .conf files with the files listed [[#Config_Files_Manually Configure All .conf Files Manually]] section, (on next startup, XChat will set the default values, for everything not explicitly set). And then start to follow [[#Adding_Server_Host Adding Different Type of Server Hosts]] section.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Commands_HowToTorify"></a>
|
|
|
}}}
|
|
|
```
|
|
|
* B) Manually execute commands one by one inside IRC client. Also applicable, if you have already installed & used XChat and now want to Torify it, then follow:
|
|
|
* Configure and set these internal variables into the values mentioned next to them.
|
|
|
* First type the "/set" command (without the double quote symbols) to view all the internal variable list.
|
|
|
* Also see [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
|
|
* Those commands (which start with "/" forward-slash character) can be manually entered one by one in XChat.
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="ConnectionCommandsScript"></a>
|
|
|
}}}
|
|
|
* '''Connection Time Commands Script''': To make sure these options are always applied on your XChat, a connection time commands script file can be used, and also as a failsafe to encounter accidental change or reset. For example, a script file "irc_oftc_net.txt" for "OFTC" IRC network, containing above commands set can be used. Place such script file inside your XChat based software's installed folder if you're using Windows/Linux/Unix, and to execute it automatically on every connections, use this command "'''LOAD -e''' ./irc_oftc_net.txt" in the "Connect Command:" text-field, in "XChat: Edit OFTC" window. (Do not use those double quote symbols inside that text-field). For XChat based software in MacOSX, place such scripts next to other .conf files, please see [[#Conf_File_Locations XChat .conf Files Locations]] section. Then in MacOSX it can be used with "LOAD -e ~/Library/Application Support/<XChatSoftwareDirectory>/irc_oftc_net.txt" connect command. If a command-line in script is needed to be delayed by few seconds, a "'''TIMER''' NN" command can be used as beginning words in that line, where NN is a decimal number, indicating 'seconds' of time delay.
|
|
|
```
|
|
|
* **Connection Time Commands Script**: To make sure these options are always applied on your XChat, a connection time commands script file can be used, and also as a failsafe to encounter accidental change or reset. For example, a script file "irc_oftc_net.txt" for "OFTC" IRC network, containing above commands set can be used. Place such script file inside your XChat based software's installed folder if you're using Windows/Linux/Unix, and to execute it automatically on every connections, use this command "**LOAD -e** ./irc_oftc_net.txt" in the "Connect Command:" text-field, in "XChat: Edit OFTC" window. (Do not use those double quote symbols inside that text-field). For XChat based software in MacOSX, place such scripts next to other .conf files, please see [[#Conf_File_Locations XChat .conf Files Locations]] section. Then in MacOSX it can be used with "LOAD -e ~/Library/Application Support/<XChatSoftwareDirectory>/irc_oftc_net.txt" connect command. If a command-line in script is needed to be delayed by few seconds, a "**TIMER** NN" command can be used as beginning words in that line, where NN is a decimal number, indicating 'seconds' of time delay.
|
|
|
|
|
|
* C) If you have already configured XChat to your likening, replace just those settings manually that get set in our config files. You should see all below sections one by one and apply which is appropriate for you.
|
|
|
|
|
|
* D) Use in [https://www.whonix.org Whonix] 0.2.1 or later, it comes with XChat preconfigured. Optional settings (like using SASL) still need to be done manually.
|
|
|
* D) Use in [Whonix](https://www.whonix.org) 0.2.1 or later, it comes with XChat preconfigured. Optional settings (like using SASL) still need to be done manually.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_FirstTime"></a>
|
|
|
}}}
|
|
|
== XChat First Time Start issue [IMPORTANT!] ==
|
|
|
By default, XChat based IRC software automatically loads the "'''Network List'''" window (in Windows/Linux, and loads the "'''Server List'''" or "Network List" window in MacOS) with list of all IRC networks/servers when it is run (or started up) for first time right after installation. And forces you to choose at-least one Network from the list. And at first time startup, XChat by default tries to connect outside servers using your local internet connection. To prevent these from happening:
|
|
|
* Select the "'''Skip network list on startup'''" option (in Windows/Linux, and select "Skip server list on startup" option in MacOS), so that this window does not appear from next time. Recommended and best way is to add below code line in 'xchat.conf' file before starting XChat:
|
|
|
{{{
|
|
|
```
|
|
|
## XChat First Time Start issue [IMPORTANT!]
|
|
|
By default, XChat based IRC software automatically loads the "**Network List**" window (in Windows/Linux, and loads the "**Server List**" or "Network List" window in MacOS) with list of all IRC networks/servers when it is run (or started up) for first time right after installation. And forces you to choose at-least one Network from the list. And at first time startup, XChat by default tries to connect outside servers using your local internet connection. To prevent these from happening:
|
|
|
* Select the "**Skip network list on startup**" option (in Windows/Linux, and select "Skip server list on startup" option in MacOS), so that this window does not appear from next time. Recommended and best way is to add below code line in 'xchat.conf' file before starting XChat:
|
|
|
```
|
|
|
gui_slist_skip = 1
|
|
|
}}}
|
|
|
```
|
|
|
* Unless you connect with at-least one IRC destination, XChat will quit running. So you may either 'Add' a new Network entry with 127.0.0.1 as an IRC server (which will fail to connect, but you stay safe), or, use any one of existing IRC Network entries and then add 127.0.0.1 inside as another IRC server and force XChat to use that 127.0.0.1 IRC server only. Recommended & best way is to add below commands inside 'servlist_.conf' file, before you start XChat for first-time.
|
|
|
{{{
|
|
|
```
|
|
|
N=LocalComputer
|
|
|
E=IRC (Latin/Unicode Hybrid)
|
|
|
F=10
|
|
|
D=0
|
|
|
S=127.0.0.1/6667
|
|
|
}}}
|
|
|
```
|
|
|
* If your computer also has an IRC server/daemon software running, then use any other port not in used by any other software, or use '/0' instead of '/6667' mentioned in above code.
|
|
|
* By default, XChat based IRC client software tries to reach internet servers via your local network, instead of going through Tor proxy. To prevent that, use above mentioned technique, and, add special commands in 'xchat.conf' file, you must see [[#xchat.conf xchat.conf]] file section.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Torify"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
= XChat Configuration =
|
|
|
# XChat Configuration
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Official"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## XChat (Official) (Unix/Linux/Windows/MacOS)
|
|
|
**XChat (Official)**: This portion is specific to the official release of XChat. [XChat](http://www.xchat.org/) supports SOCKS5, SSL and does not leak DNS requests. Does not support SASL out of the box, needs CAP_SASL script.
|
|
|
|
|
|
== XChat (Official) (Unix/Linux/Windows/MacOS) ==
|
|
|
'''XChat (Official)''': This portion is specific to the official release of XChat. [http://www.xchat.org/ XChat] supports SOCKS5, SSL and does not leak DNS requests. Does not support SASL out of the box, needs CAP_SASL script.[[BR]]
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure XChat with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
|
|
* If you are already using XChat or started it for first time, then configure XChat by manually entering commands one by one, by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
|
|
* Follow instruction steps in [[#Adding_Server_Host Adding Different Server Host]] section.
|
|
|
* Plugins, Scripts needs to be placed inside ~/.xchat2/ in Linux/Unix, and place inside C:\Program Files\X-Chat 2\plugins\ folder in Windows. In MacOSX, place plugins inside /Users/<YourMacUserName>/X-Chat 2/plugins/ directory where you've installed XChat. Disable [[#plugins plugins]] to harden your client.
|
|
|
* Perl runtime usually exist in Linux/Unix. In Windows, Perl runtime is required only if you will use perl based plugin, script, and only then follow instructions inside section [[#Load_Verify_Perl Load & Verify Perl]].
|
|
|
* [http://b0at.tx0.org/xchat/ Unofficial builds] of XChat for Windows are free.
|
|
|
* [Unofficial builds](http://b0at.tx0.org/xchat/) of XChat for Windows are free.
|
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Unix_Linux"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== XChat (Unix/Linux) ==
|
|
|
'''XChat (Unix/Linux)''': Unofficial builds of [http://www.xchat.org/ XChat] supports SOCKS5, SSL and does not leak DNS requests. Does not support SASL out of the box, needs CAP_SASL script. Based on XChat.[[BR]]
|
|
|
## XChat (Unix/Linux)
|
|
|
**XChat (Unix/Linux)**: Unofficial builds of [XChat](http://www.xchat.org/) supports SOCKS5, SSL and does not leak DNS requests. Does not support SASL out of the box, needs CAP_SASL script. Based on XChat.
|
|
|
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure XChat with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
|
|
* If you are already using XChat or started it for first time, then configure XChat by manually entering commands one by one, by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
... | ... | @@ -96,13 +94,13 @@ You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XC |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Aqua"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## X-Chat Aqua (MacOS)
|
|
|
**X-Chat Aqua**: [X-Chat Aqua](https://github.com/xchataqua/xchataqua/downloads) (at GitHub site) (version 0.17.10 and above) supports SOCKS5, SSL, and does not leak DNS. Does not support SASL out of the box, but using the CAP_SASL perl script allows to use SASL. [X-Chat Aqua](http://sourceforge.net/projects/xchataqua/) (at SourceForge site) (up to version 0.16) supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box. And CAP_SASL script does not work without lot of tweaking. X-Chat Aqua is based on XChat engine.
|
|
|
|
|
|
== X-Chat Aqua (MacOS) ==
|
|
|
'''X-Chat Aqua''': [https://github.com/xchataqua/xchataqua/downloads X-Chat Aqua] (at GitHub site) (version 0.17.10 and above) supports SOCKS5, SSL, and does not leak DNS. Does not support SASL out of the box, but using the CAP_SASL perl script allows to use SASL. [http://sourceforge.net/projects/xchataqua/ X-Chat Aqua] (at SourceForge site) (up to version 0.16) supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box. And CAP_SASL script does not work without lot of tweaking. X-Chat Aqua is based on XChat engine.[[BR]]
|
|
|
* X-Chat Aqua greater than or equal to v0.17.10 works on Lion (10.7.X), Snow Leopard (10.6.X). X-Chat Aqua older than or equal to v0.16 works in Leopard (10.5.X), Tiger (10.4.X).
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure X-Chat Aqua with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
... | ... | @@ -115,13 +113,13 @@ You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XC |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Azure"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## XChat Azure (MacOS)
|
|
|
**XChat Azure**: [XChat Azure](https://github.com/xchataqua/xchataqua) supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. Based on X-Chat Aqua (MacOSX). X-Chat Aqua is based on XChat.
|
|
|
|
|
|
== XChat Azure (MacOS) ==
|
|
|
'''XChat Azure''': [https://github.com/xchataqua/xchataqua XChat Azure] supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. Based on X-Chat Aqua (MacOSX). X-Chat Aqua is based on XChat.[[BR]]
|
|
|
* Works in Lion, and most Snow Leopard. (It might not work in all Snow Leopard Mac OS X).
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure XChat Azure with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
... | ... | @@ -132,13 +130,13 @@ You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XC |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="HexChat"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## HexChat (Windows/Unix)
|
|
|
**HexChat**: [HexChat](http://hexchat.github.io/) supports Socks5, SASL (AES, BLOWFISH, EXTERNAL, PLAIN), SSL, and does not leak DNS for IRC server hostnames. Fork based on XChat.
|
|
|
|
|
|
== HexChat (Windows/Unix) ==
|
|
|
'''HexChat''': [http://hexchat.github.io/ HexChat] supports Socks5, SASL (AES, BLOWFISH, EXTERNAL, PLAIN), SSL, and does not leak DNS for IRC server hostnames. Fork based on XChat.[[BR]]
|
|
|
Latest HexChat supports SASL auth out of the box right after installation found in the Network List (ctrl+s)
|
|
|
* Get most recent version.
|
|
|
* Do not install the "Update Checker" Plugin, during installation unselect it. That connects to internet via using your computer's local internet, not via Tor proxy, even when appropriate net proxy settings specified!
|
... | ... | @@ -150,13 +148,13 @@ Latest HexChat supports SASL auth out of the box right after installation found |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="PChat_Windows_Linux"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## PChat (Windows/Linux)
|
|
|
**PChat (Windows Linux)**: [PChat](http://code.google.com/p/pchat-irc/) supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. It is based on XChat, and XChat-WDK.
|
|
|
|
|
|
== PChat (Windows/Linux) ==
|
|
|
'''PChat (Windows Linux)''': [http://code.google.com/p/pchat-irc/ PChat] supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. It is based on XChat, and XChat-WDK.[[BR]]
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure PChat with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
|
|
* If you are already using PChat or started it for first time, then configure PChat by manually entering commands one by one, by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
... | ... | @@ -166,13 +164,13 @@ You can now configure optional features and settings: [[#XChat_SSL SSL]] |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="PChat_Portable_Windows"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
## PChat Portable (Windows)
|
|
|
**[PChat Portable Window]**: [PChat Portable](http://portableapps.com/apps/internet/pchat_portable) supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. Based on PChat (Windows). PChat is based on XChat.
|
|
|
|
|
|
== PChat Portable (Windows) ==
|
|
|
'''[PChat Portable Window]''': [http://portableapps.com/apps/internet/pchat_portable PChat Portable] supports Socks5, SSL, and does not leak DNS. Does not support SASL out of the box, needs CAP_SASL script. Based on PChat (Windows). PChat is based on XChat.[[BR]]
|
|
|
* Currently PChat Portable's last version when installed over an existing folder, erases all plugins, and all 'Connection Time Commands Script' (if you were using), so make backup before installing. (It is mentioned in download page of PortableApp site).
|
|
|
* You can either configure:
|
|
|
* Recommended: You can Configure PChat with initial Anonymity & Privacy friendly settings by following instructions in [[#Config_Files_Manually Configure .conf Files Manually]] section.
|
... | ... | @@ -183,112 +181,110 @@ You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XC |
|
|
|
|
|
You can now configure optional features and settings: [[#XChat_SSL SSL]] | [[#XChat_SASL SASL]] | [[#Load_Perl_CAP_SASL Load Perl and CAP_SASL]]
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_How_To_Torify"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Conf_File_Locations"></a>
|
|
|
}}}
|
|
|
= Location of .conf Files =
|
|
|
In Linux, the defaults, which are set, after XChat just got installed with 'apt-get install xchat' on Ubuntu Linux Oneirirc, are kept at [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/XChat/XChatDefaultConfigurationFiles XChatDefaultConfigurationFiles], in case you want to compare.
|
|
|
```
|
|
|
# Location of .conf Files
|
|
|
In Linux, the defaults, which are set, after XChat just got installed with 'apt-get install xchat' on Ubuntu Linux Oneirirc, are kept at [XChatDefaultConfigurationFiles](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/XChat/XChatDefaultConfigurationFiles), in case you want to compare.
|
|
|
|
|
|
Configuration files will be usually inside the hidden folder (in most linux or unix):
|
|
|
{{{
|
|
|
```
|
|
|
~/.xchat2/
|
|
|
}}}
|
|
|
```
|
|
|
Configuration files of Official [[#XChat_Official XChat]] are located, in Windows:
|
|
|
{{{
|
|
|
```
|
|
|
%APPDATA%\XChat 2\
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Configuration files of [[#HexChat HexChat]] (XChat fork) are located in:
|
|
|
{{{
|
|
|
```
|
|
|
Windows: %appdata%\HexChat
|
|
|
Unix: ~/.config/hexchat
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Configuration files of [[#PChat_Portable_Windows PChat]] (XChat & PChat based) are located, in Windows:
|
|
|
{{{
|
|
|
```
|
|
|
C:\PChatPortable\Data\settings\
|
|
|
}}}
|
|
|
```
|
|
|
Configuration files of [[#PChat_Windows_Linux PChat]] (XChat & XChat-WDK based) are located, in Linux/Unix:
|
|
|
{{{
|
|
|
```
|
|
|
~/.pchat2/
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Configuration files of [[#XChat_Aqua X-Chat Aqua]] (XChat based) are located, in Mac OSX:
|
|
|
{{{
|
|
|
```
|
|
|
~/Library/Application Support/X-Chat Aqua/
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
Configuration files of [[#XChat_Azure XChat Azure]] (X-Chat Aqua based) are located, in Mac OSX:
|
|
|
{{{
|
|
|
```
|
|
|
~/Library/Application Support/XChat Azure/
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Config_Files_Manually"></a>
|
|
|
}}}
|
|
|
= Compulsory XChat Privacy Settings =
|
|
|
Following paragraphs describe which configuration files '''you must manually configure''', to make XChat based IRC clients/software more Anonymity & Privacy friendly.
|
|
|
```
|
|
|
# Compulsory XChat Privacy Settings
|
|
|
Following paragraphs describe which configuration files **you must manually configure**, to make XChat based IRC clients/software more Anonymity & Privacy friendly.
|
|
|
|
|
|
You can force XChat, right after installation to use Tor proxy from the very first start, and, you can also prevent default leaks, by manually editing below all files. (Please make a backup directory "config.bak" and copy all .conf files in there first, before editing).
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="plugins"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== Plugins and Scripts ==
|
|
|
XChat comes with some modules by default. You can see them under XChat -> Window -> Plugins and Scripts. The [https://en.wikipedia.org/wiki/Attack_surface attack surface] can be decreased if you disable those plugins (in case you do not urgently need them). To disable automatic loading of plugins, move them out of the plugin directories. E.g. on Linux:
|
|
|
{{{
|
|
|
## Plugins and Scripts
|
|
|
XChat comes with some modules by default. You can see them under XChat -> Window -> Plugins and Scripts. The [attack surface](https://en.wikipedia.org/wiki/Attack_surface) can be decreased if you disable those plugins (in case you do not urgently need them). To disable automatic loading of plugins, move them out of the plugin directories. E.g. on Linux:
|
|
|
```
|
|
|
mkdir /usr/lib/xchat/plugins.disabled/
|
|
|
#to keep python for SASL use this: mv /usr/lib/xchat/plugins/{python.*,tcl.*} /usr/lib/xchat/plugins.disabled/
|
|
|
mv /usr/lib/xchat/plugins/* /usr/lib/xchat/plugins.disabled/
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
on Windows:
|
|
|
|
|
|
on Windows: [[BR]]
|
|
|
Most XChat client in Windows uses a "plugins" folder inside the installed folder. You should make another folder "plugins.bak", and move unnecessary .dll, .pl, .py etc plugin & scripts files from "plugins" to "plugins.bak" folder.
|
|
|
|
|
|
on Mac OS X: [[BR]]
|
|
|
on Mac OS X:
|
|
|
|
|
|
In newer version Aqua/Azure, plugins & scripts are inside 'PlugIns' folder, here: ~/Library/Application Support/<XChat>/PlugIns/. In older version Aqua, the 'Plugins' directory is inside where you installed XChat. Remove unnecessary plugins into a backup directory.
|
|
|
|
|
|
== servlist_.conf ==
|
|
|
## servlist_.conf
|
|
|
* When you start/run XChat for first time, then you should not connect with any outside servers, connect only in your own computer in a non-existent server, so you must see [[#XChat_FirstTime XChat First Time Start Issue]] section. If all settings are not configured properly, an accidental first time connection with outside IRC server can reveal your IP address, location, etc against your nickname.
|
|
|
* Make a backup copy of 'servlist_.conf' file, and empty (that is, remove all lines from) it.
|
|
|
* When all other configurations are set, then you may follow below instructions:
|
|
|
* It's recommend to use Hidden Service based IRC servers, or, SSL protected IRC servers, when connecting outside via Tor proxy.
|
|
|
* You can leave the OFTC IRC server which hosts the #Tor official channel, but do not auto connect with OFTC without making sure that your connection, ident & configuration, etc were set properly for an anonymous connection. OFTC's Hidden Service host is not working properly now.^1^
|
|
|
* You can also connect over SSL (recommend), but you have to verify the SSL fingerprint yourself, see [http://www.oftc.net/ oftc.net] for details.
|
|
|
* You can also connect over SSL (recommend), but you have to verify the SSL fingerprint yourself, see [oftc.net](http://www.oftc.net/) for details.
|
|
|
* The following file is for OFTC non-SSL:
|
|
|
{{{
|
|
|
```
|
|
|
N=OFTC
|
|
|
E=IRC (Latin/Unicode Hybrid)
|
|
|
F=18
|
|
|
D=0
|
|
|
S=irc.oftc.net
|
|
|
}}}
|
|
|
```
|
|
|
,,
|
|
|
^1^ There is a reason, why it does not point to the OFTC hidden service. "don't use the OFTC hidden service anymore. It proved to be quite unreliable, being sometimes down for days." source: [https://blog.torproject.org/blog/tails-011-out Tails 0.11 is out!] (Posted May 7th, 2012 by tails) And startpage.com host:oftc.net "tor" or "hidden service" has no reference.[[BR]]
|
|
|
^1^ There is a reason, why it does not point to the OFTC hidden service. "don't use the OFTC hidden service anymore. It proved to be quite unreliable, being sometimes down for days." source: [Tails 0.11 is out!](https://blog.torproject.org/blog/tails-011-out) (Posted May 7th, 2012 by tails) And startpage.com host:oftc.net "tor" or "hidden service" has no reference.
|
|
|
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Commands_ignore.conf"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== xchat.conf ==
|
|
|
## xchat.conf
|
|
|
Either
|
|
|
* copy this file and paste it into your XChat configuration folder '''or'''
|
|
|
* execute the commands starting with ''/'' (slash) one by one in XChat. Do not copy the ''#'' (hash) if you run those commands manually one by one.
|
|
|
* copy this file and paste it into your XChat configuration folder **or**
|
|
|
* execute the commands starting with _/_ (slash) one by one in XChat. Do not copy the _#_ (hash) if you run those commands manually one by one.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
# By default, XChat based IRC software, when started-up, or run for first time,
|
|
|
# it starts to use local network, to connect to the internet. To prevent that,
|
|
|
# and to force it, to use Tor proxy (a Socks5 server):
|
... | ... | @@ -392,21 +388,20 @@ completion_suffix = : |
|
|
# Not starting the server windows at the beginning so you can check and set
|
|
|
# settings before connecting to any IRC networks.
|
|
|
gui_slist_skip = 1
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Commands_xchat.conf"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
* At first time startup, XChat software by default is not configured for Anonymity. Please see [[#XChat_FirstTime XChat First Time Startup]] section.
|
|
|
|
|
|
== ignore.conf ==
|
|
|
## ignore.conf
|
|
|
Either
|
|
|
* copy this file and paste it into your XChat configuration folder '''or'''
|
|
|
* execute the commands starting with ''/'' (slash) one by one in XChat. Do not copy the ''#'' (hash) if you run those commands manually one by one.
|
|
|
* copy this file and paste it into your XChat configuration folder **or**
|
|
|
* execute the commands starting with _/_ (slash) one by one in XChat. Do not copy the _#_ (hash) if you run those commands manually one by one.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
# Issue/Use do this, to block the CTCP, DCC commands and
|
|
|
# inquiries sent toward your IRC client software:
|
|
|
#
|
... | ... | @@ -416,85 +411,82 @@ mask = * |
|
|
type = 136
|
|
|
mask = *!*@*
|
|
|
type = 136
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== ctcpreply.conf ==
|
|
|
## ctcpreply.conf
|
|
|
Either
|
|
|
* copy this file and paste it into your XChat configuration folder '''or'''
|
|
|
* execute the commands starting with ''/'' (slash) one by one in XChat. Do not copy the ''#'' (hash) if you run those commands manually one by one.
|
|
|
* copy this file and paste it into your XChat configuration folder **or**
|
|
|
* execute the commands starting with _/_ (slash) one by one in XChat. Do not copy the _#_ (hash) if you run those commands manually one by one.
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
# new and empty
|
|
|
# no CTCP replies
|
|
|
#
|
|
|
# Same as:
|
|
|
# Go to Settings -> Advanced -> CTCP Replies, delete everything and safe. Check again if everything is empty.
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
== keybindings.conf ==
|
|
|
## keybindings.conf
|
|
|
* no changes
|
|
|
|
|
|
== sounds.conf ==
|
|
|
## sounds.conf
|
|
|
* no changes, still empty
|
|
|
|
|
|
== notify.conf ==
|
|
|
## notify.conf
|
|
|
* no changes, still empty
|
|
|
|
|
|
== colors.conf ==
|
|
|
## colors.conf
|
|
|
* no changes
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_SSL"></a>
|
|
|
}}}
|
|
|
= SSL / TLS / Encryption =
|
|
|
[https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc#SSLTLSEncryption General Information on using IRC with TLS]
|
|
|
```
|
|
|
# SSL / TLS / Encryption
|
|
|
[General Information on using IRC with TLS](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc#SSLTLSEncryption)
|
|
|
|
|
|
== Enable SSL feature ==
|
|
|
## Enable SSL feature
|
|
|
IRC Networks (IRC Servers) which supports SSL/TLS/encrypted connections, you will must have to choose the top/first option from below, and the next option after that should be avoided:
|
|
|
* select "'''Use SSL for all the servers on this connection'''" option on any XChat based IRC clients in Windows/Linux in the expected network's Edit/Configuration window.
|
|
|
* select "**Use SSL for all the servers on this connection**" option on any XChat based IRC clients in Windows/Linux in the expected network's Edit/Configuration window.
|
|
|
* For X-Chat Aqua/Azure in Mac OSX, select IRC network, click on 'Show details'. On the expanded new window of that network, click on 'Connect Options' tab, and select "Use SSL for all servers in this network" option.
|
|
|
* Avoid selecting the option "Accept invalid SSL certificate" which is inside that specific IRC Network's Edit/configuration window. You must see next paragrapgh on how you can add valid certificate and use it appropriately.
|
|
|
* For X-Chat Aqua/Azure in Mac OSX, this option exist under 'Connect Options' tab, but avoid selecting it. You must see next paragrapgh on how you can add valid certificate and use it appropriately.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="UseCorrectCert"></a>
|
|
|
}}}
|
|
|
== Use Correct SSL Certificate ==
|
|
|
```
|
|
|
## Use Correct SSL Certificate
|
|
|
If destination IRC server uses a certificate from major or known or paid CA(Certificate Authority), then skip this section and goto [[#SSL-ServerPort SSL Server/Port]] section. But when a destination IRC server is using a self-signed certificate, then to make sure you are always using the correct SSL or TLS certificate for encrypting/decrypting and connecting with right destination, and not with some middle-man (middle relays, middle snooping relay/reflector) servers, then you must:
|
|
|
* first unselect the option "Accept invalid SSL certificate" for that server/network (and this is recommended way for Tor users).
|
|
|
* and then obtain correct certificate or key file from the IRC server's support website: For this you will must have to connect with that destination IRC server directly from your computer via local internet, (without using Tor proxy), and '''by using a different generic nickname''' (not real/actual username, and don't use the nickname that you usually use inside the Tor system), and ask IRC server operator/op where you can get the correct public certificate/key. Use generic nicknames like 'GuestXYZ', (XYZ is a decimal number), which you will not use anymore in future.
|
|
|
* Another alternative way to obtain correct certificate is to either run multiple Tor proxy servers in your computer, or, connect with destination IRC server using a '''different Tor circuit & exit node''' at least for three times. Very carefully watch your connection circuit & exit node using Vidalia's Network Map window. Each of those three times, use 3 different circuits and 3 different identd + nickname, and ask for server's cert/key file from each of those 3 different nicknames, then make sure to download also cert/key file via using 3 different circuits, 3 times. Compare, if all 3 files are same or not, if same then you can use it.
|
|
|
* and then obtain correct certificate or key file from the IRC server's support website: For this you will must have to connect with that destination IRC server directly from your computer via local internet, (without using Tor proxy), and **by using a different generic nickname** (not real/actual username, and don't use the nickname that you usually use inside the Tor system), and ask IRC server operator/op where you can get the correct public certificate/key. Use generic nicknames like 'GuestXYZ', (XYZ is a decimal number), which you will not use anymore in future.
|
|
|
* Another alternative way to obtain correct certificate is to either run multiple Tor proxy servers in your computer, or, connect with destination IRC server using a **different Tor circuit & exit node** at least for three times. Very carefully watch your connection circuit & exit node using Vidalia's Network Map window. Each of those three times, use 3 different circuits and 3 different identd + nickname, and ask for server's cert/key file from each of those 3 different nicknames, then make sure to download also cert/key file via using 3 different circuits, 3 times. Compare, if all 3 files are same or not, if same then you can use it.
|
|
|
* and copy-paste code from downloaded .crt or .pem file, inside the "cert.pem" (root certificate collection) file, which exist next to "ssleay32.dll" file inside XChat installation folder for XChat client in Windows. The 'cert.pem' exist next to all .conf files, when using XChat IRC clients for Linux/Unix, and when using XChat-WDK IRC client for Windows. See top most section for [[#Conf_File_Location .conf file locations]] on different OS. In XChat-WDK client, to use a SSL cert, rename the certificate/key file to match the network entry name that you've used inside "Network List" in Linux/Unix/Windows, and then add .pem at end as filename extension (it will look like 'NetworkName.pem'). A software update will overwrite 'cert.pem', so always make backup of it right after adding a server, and after a software update, copy-paste your cert code portion at the end of new 'cert.pem'. (You may also need to restart XChat once after adding a new cert, or, disconnect once & then reconnect with that IRC network).
|
|
|
* If your destination IRC Server uses a self signed or lesser known or newer Certificate Authority (CA) issued certificate, then those need to be added into 'cert.pem' file, or placed next to .conf files as .pem file, or added into operating system's default root certificate bundle file location. If the certificate was issued by a major, known or paid CA, then most likely it (a root certificate) already exist inside 'cert.pem' or in operating system's default root certificate collection location, thus not necessary to add them.
|
|
|
|
|
|
Add SSL certificate in MacOSX, for X-Chat Aqua/Azure:
|
|
|
* Obtain or download a valid CA/root/server certificate(cert) .crt file. For example, let us save the cert as 'CAname-or-ServerName.crt' file.
|
|
|
* Then, from the directory where you downloaded the certificate, execute the following commands from a Terminal shell:
|
|
|
{{{
|
|
|
```
|
|
|
sudo cp CAname-or-ServerName.crt /System/Library/OpenSSL/certs/CAname-or-ServerName.pem
|
|
|
sudo /usr/bin/c_rehash
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="SSL-ServerPort"></a>
|
|
|
}}}
|
|
|
== SSL Server/Port ==
|
|
|
```
|
|
|
## SSL Server/Port
|
|
|
If an IRC server's SSL supported secured port is 6697, then in XChat based irc client for Windows/Linux, a server's entry will look like this: "irc.server.net/+6697" (without the double quote symbols). The "+" symbol indicates, XChat will initiate a SSL/encrypted connection to that IRC server.
|
|
|
* In MacOSX X-Chat Aqua/Azure, the usage of + symbol or the port numbers next to host/server name is not necessary. A check mark is needed on the option box which is located at right most side of a 'Hostname/Servername' row and under the "SSL" column. And a port number is needed to be specified in that same 'Hostname/Servername' row under "Port" column.
|
|
|
|
|
|
== End to End Encryption ==
|
|
|
## End to End Encryption
|
|
|
For even stronger privacy, you should use End to End Encryption, by using
|
|
|
* GPG (There are no GPG plugins for XChat!? - Please elaborate or we remove the GPG thing.),
|
|
|
* [http://fishlim.kodafritt.se/ FishLIM] (no review; known security vulnerabilities)
|
|
|
* [http://www.vithon.org/forum/Thread/show/54/FiSH_encryption_for_X_Chat_Python.html Python FishLIM] (very few information, no review done)
|
|
|
* [http://voobar.follvalsch.de/mcpsx Mircryption fork] (no review, very old, "as alpha it can be")
|
|
|
* [http://www.donationcoder.com/Software/Mouser/mircryption/xchat_intro.php mircryption xchat] (no review)
|
|
|
* [https://github.com/J0s3f/xchat-otr xchat-otr] (no review, last commit 3 years old)
|
|
|
* [FishLIM](http://fishlim.kodafritt.se/) (no review; known security vulnerabilities)
|
|
|
* [Python FishLIM](http://www.vithon.org/forum/Thread/show/54/FiSH_encryption_for_X_Chat_Python.html) (very few information, no review done)
|
|
|
* [Mircryption fork](http://voobar.follvalsch.de/mcpsx) (no review, very old, "as alpha it can be")
|
|
|
* [mircryption xchat](http://www.donationcoder.com/Software/Mouser/mircryption/xchat_intro.php) (no review)
|
|
|
* [xchat-otr](https://github.com/J0s3f/xchat-otr) (no review, last commit 3 years old)
|
|
|
|
|
|
No review:
|
|
|
* No cryptography expert or other researcher reviewed the software.
|
... | ... | @@ -504,14 +496,13 @@ No review: |
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Adding_Server_Host"></a>
|
|
|
}}}
|
|
|
= Adding IRC Networks, Hidden Services, SSL or unencrypted (Common for ALL XChat based IRC Clients) =
|
|
|
Before continue, read instructions in these sections '''if you have not yet done that''': either see [[#Config_Files_Manually Configure All .conf Files Manually]], or, manually enter commands one by one from these sections: [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]].
|
|
|
```
|
|
|
# Adding IRC Networks, Hidden Services, SSL or unencrypted (Common for ALL XChat based IRC Clients)
|
|
|
Before continue, read instructions in these sections **if you have not yet done that**: either see [[#Config_Files_Manually Configure All .conf Files Manually]], or, manually enter commands one by one from these sections: [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]].
|
|
|
|
|
|
== General ==
|
|
|
## General
|
|
|
Adding different type of server host: Choose from below, based on what type of IRC server you want to connect with:
|
|
|
* If you want to connect to a Hidden Service ('Hidden Service' has a .onion host address),
|
|
|
* please follow set of steps mentioned in [[#Adding_Hidden_Service_Host Add Freenode's Hidden Service]] section below. You can easily change the 'Freenode' server name & it's .onion address, to match other server, which also provide a Hidden Service.
|
... | ... | @@ -522,23 +513,23 @@ Adding different type of server host: Choose from below, based on what type of I |
|
|
* If you want to connect to an IRC server over an unencrypted connection, (because they neither provide a Hidden Service nor SSL),
|
|
|
* please follow set of steps in [[#Connect_Regular_Host Connect with Regular IRC Server Host]] section.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Adding_Hidden_Service_Host"></a>
|
|
|
}}}
|
|
|
== Freenode ==
|
|
|
If you are only interested to connect to Freenode, then first read [http://freenode.net/irc_servers.shtml#tor Freenode's Tor information]. For connecting with other IRC Network/Server, find out their regular connection port number & encrypted/SSL secured connection port number.
|
|
|
```
|
|
|
## Freenode
|
|
|
If you are only interested to connect to Freenode, then first read [Freenode's Tor information](http://freenode.net/irc_servers.shtml#tor). For connecting with other IRC Network/Server, find out their regular connection port number & encrypted/SSL secured connection port number.
|
|
|
|
|
|
## Adding Freenode's Hidden Service
|
|
|
**Add Hidden Service host** based IRC Network:
|
|
|
|
|
|
== Adding Freenode's Hidden Service ==
|
|
|
'''Add Hidden Service host''' based IRC Network:[[BR]]
|
|
|
To connect quickly with Freenode by using existing "Freenode" network entry, 'Add' a second irc server inside it, rename 2nd irc server into freenode's .onion address, select option "Connect to selected server only", click on "Ok", "Connect". And in such case, skip below instructions and goto below [[#X-SASL X-SASL]] section.
|
|
|
|
|
|
But here we will create another Network entry named/called "FreenodeViaTor", and 'Add' the .onion IRC server address inside it, to use with nickname which you use when using Tor, and leave existing "Freenode" for direct & regular connection or other usage.
|
|
|
* Please first follow instructions in [[#Config_Files_Manually Configure All .conf Files Manually]] section to start your XChat based IRC client with initial Anonymity & Privacy friendly settings (recommended). But if you don't want to manually edit .conf files, then configure your client by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
|
|
* View instructions in [[#Circumvent_Tor_Bans How to Circumvent Tor Bans]].
|
|
|
* '''Create a Network''' named "FreenodeViaTor" (freenode has functional Hidden Service): XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "FreenodeViaTor" -> press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> Server List > click on bottom side "+" button below 'Networks' box -> rename default name 'New Network' by typing name '''FreenodeViaTor''' for the freenode IRC Network & then press 'Return' button once to save it.
|
|
|
* '''Add Hidden Service host''' address of freenode: XChat -> Network List -> select "FreenodeViaTor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "p4fsi4ockecnea7l.onion" (this is the current Freenode .onion address) and press Enter/Return button once.
|
|
|
* **Create a Network** named "FreenodeViaTor" (freenode has functional Hidden Service): XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "FreenodeViaTor" -> press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> Server List > click on bottom side "+" button below 'Networks' box -> rename default name 'New Network' by typing name **FreenodeViaTor** for the freenode IRC Network & then press 'Return' button once to save it.
|
|
|
* **Add Hidden Service host** address of freenode: XChat -> Network List -> select "FreenodeViaTor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "p4fsi4ockecnea7l.onion" (this is the current Freenode .onion address) and press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' -> select or click on "FreenodeViaTor" network -> click on 'Show details' button at bottomside -> in expanded new window, under 'General' tab, click once on 'NewServer' to select it, then click once again to edit it, rename 'NewServer' into "p4fsi4ockecnea7l.onion" (without the double quote symbols), and press 'Return' button once to save server name -> click on 'Hide details' button on 'Server List' window.
|
|
|
* Select "Connect to selected server only" option. And optionally you may select the option "Auto connect to this network at startup" in 'Edit FreenodeViaTor' window in Windows/Linux. IRC Server, Network, Gateway or Bouncer which supports SASL login authenticatian mechanism for those "Server Password:" text field can be empty, as SASL plugin/script will automatically use password with IRC Server. If a IRC server or Hidden Service does not support SASL, then either provide your password in "Server Password" text field, or, use a [[#ConnectionCommandsScript Connection Time Commands Script]] to IDENTIFY.
|
|
|
* in X-Chat Aqua/Azure: select option "Connect to selected server only" under 'General' tab. And optionally you may select "Auto connect to this network at launch" under 'Connect Options' tab for "FreenodeViaTor" network.
|
... | ... | @@ -546,19 +537,18 @@ But here we will create another Network entry named/called "FreenodeViaTor", and |
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Adding_SSL_Host"></a>
|
|
|
}}}
|
|
|
== Adding Mozilla's SSL supported IRC server ==
|
|
|
'''Add SSL supported host''':
|
|
|
```
|
|
|
## Adding Mozilla's SSL supported IRC server
|
|
|
**Add SSL supported host**:
|
|
|
* Please first follow instructions in [[#Config_Files_Manually Configure All .conf Files Manually]] section to start your XChat based IRC client with initial Anonymity & Privacy friendly settings (recommended). But if you don't want to manually edit many .conf files, then configure your client by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections.
|
|
|
* View instructions in [[#Circumvent_Tor_Bans How to Circumvent Tor Bans]].
|
|
|
* '''Create a Network''' entry named/called "Mozilla_IRC_SSL_via_Tor": XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "Mozilla_IRC_SSL_via_Tor" -> press Enter/Return button once.
|
|
|
* **Create a Network** entry named/called "Mozilla_IRC_SSL_via_Tor": XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "Mozilla_IRC_SSL_via_Tor" -> press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' > click on bottom side "+" button below 'Networks' box -> rename default name 'New Network' by typing name Mozilla_IRC_SSL_via_Tor for the Mozilla IRC Network & then press 'Return' button once to save it.
|
|
|
* '''Add IRC server''' address for Mozilla: XChat -> Network List -> Select "Mozilla_IRC_SSL_via_Tor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "irc.mozilla.org/+6697" (without the double quote symbols) and press Enter/Return button once.
|
|
|
* **Add IRC server** address for Mozilla: XChat -> Network List -> Select "Mozilla_IRC_SSL_via_Tor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "irc.mozilla.org/+6697" (without the double quote symbols) and press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' -> select or click on "Mozilla_IRC_SSL_via_Tor" network -> click on 'Show details' button at bottomside -> in expanded new window, under 'General' tab, click once on 'NewServer' to select it, then click once again or double-click to edit it, rename 'NewServer' into "irc.mozilla.org" (without the double quote symbols), and press 'Return' button once to save server/host name -> on that same row click on square box on right side under SSL column, a check mark will appear -> on the same row under "Port" column click once or double click, an empty text-field or a text-field with 6667 in it will appear, change 6667 into 6697, or type in 6697, a secured protocol supported port of Mozilla, press 'Return' button once.
|
|
|
* '''Enable SSL''': select option "Use SSL for all the servers on this connection", and you should avoid selecting "Accept invalid SSL certificate". Please see [[#XChat_SSL SSL]] section for more info on how you can add destination server's valid certificate, in Windows/Linux/Unix.
|
|
|
* **Enable SSL**: select option "Use SSL for all the servers on this connection", and you should avoid selecting "Accept invalid SSL certificate". Please see [[#XChat_SSL SSL]] section for more info on how you can add destination server's valid certificate, in Windows/Linux/Unix.
|
|
|
* For X-Chat Aqua/Azure: in expanded new window of "Mozilla_IRC_SSL_via_Tor" network, click on 'Connect Options' tab, select "Use SSL for all servers in this network" option. Please see [[#XChat_SSL SSL]] section for more info on how you can add destination server's valid certificate in Mac OSX.
|
|
|
* Select "Connect to selected server only" option. And optionally you may select the option "Auto connect to this network at startup". You can either specify password in "Server Password" text field, or, use a [[#ConnectionCommandsScript Connection Time Commands Script]] to IDENTIFY, if the server does not support SASL authentication mechaninm, like Mozilla's IRC server. But if a IRC server supports SASL, then no need to specify password in "Server Password" field.
|
|
|
* in X-Chat Aqua/Azure: select "Mozilla_IRC_SSL_via_Tor" network and click on 'Show details', select option "Connect to selected server only" under 'General' tab. And optionally you may select "Auto connect to this network at launch" under 'Connect Options' tab, type in IRC network's password in 'Server password:' text-field when you will be connecting with a (non-encrypted or) SSL/encryption supported IRC server. Goto 'on Join' tab, and if you are going to use Connection Time Commands Script, then click on '+' button at below the 'Connect commands' box, change 'NEW COMMAND' into 'LOAD -e ./irc_server-name_login_script.txt' or something similar, press 'Return' button once to save it.
|
... | ... | @@ -566,49 +556,46 @@ To go back to your previous section, where you came from: [[#XChat_Official XCha |
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Adding_BNC_Host"></a>
|
|
|
}}}
|
|
|
== Connect to BNC(bouncer) to Reach a Destination IRC Server ==
|
|
|
'''Connect to BNC to Reach a Destination IRC Server''': When you will use a bouncer(BNC) server to reach a IRC destination server, then connect to bouncer(BNC) server using SSL/encrypted connection via going through Tor proxy, and, also connect from bouncer to destination using SSL/encrypted connection.
|
|
|
```
|
|
|
## Connect to BNC(bouncer) to Reach a Destination IRC Server
|
|
|
**Connect to BNC to Reach a Destination IRC Server**: When you will use a bouncer(BNC) server to reach a IRC destination server, then connect to bouncer(BNC) server using SSL/encrypted connection via going through Tor proxy, and, also connect from bouncer to destination using SSL/encrypted connection.
|
|
|
* Via using tor proxy, connect with the IRC Network which has the official IRC channel of a BNC(bouncer) Service Provider, where you want to create a bouncer account. (Not all) some bouncer service providers allows to apply for bouncer account over their web-server, visit them through your torified web-browser. Apply for a bouncer account, mention your destination IRC server's host address & (SSL) port. Before a SSL port use + symbol, like, irc.freenode.net/+6697. Wait for it to be created completely. Most bouncer will not allow you to change destination by yourself.
|
|
|
* Follow set of instructions in [[#Adding_SSL_Host Adding Mozilla's SSL Server]] section, and, change the name of Mozilla network, server, etc to match with the name of bouncer(BNC) server.
|
|
|
* Most bouncer requires you to use bouncer server's password in this form: "nickname-in-bouncer''':'''bouncer-password" (without the double quote symbols) specified in "Server password:" text field of 'Edit' / Configuration window for that bouncer Network entry.
|
|
|
* Most bouncer requires you to use bouncer server's password in this form: "nickname-in-bouncer**:**bouncer-password" (without the double quote symbols) specified in "Server password:" text field of 'Edit' / Configuration window for that bouncer Network entry.
|
|
|
* Usually bouncer will remain connected with the destination IRC server, (if last time you get disconnected because of broken internet connection), but will disconnect if you closed all Tabs, or chosen to use 'Disconnect' option. Create a new account in destination IRC server, if you do not have an IRC account.
|
|
|
* Most destination IRC servers wants their users to apply IDENTIFY irc command or else your nickname will be changed into 'Guest' or something similar, and may also disconnect you after 1 minute, and will not allow to join into various channels. See [[#ConnectionCommandsScript Connection Time Commands Script]] section.
|
|
|
* To use identify command on destination IRC server when connecting via a BNC, you will have to use a script file containing IDENTIFY commands during connection time, as the "Server password:" text-field is already used for login into BNC. Follow steps in 'Connection Time Commands Script' section, to create the script file, for example, "DestinationIRCnetwork-via-BNC-via-Tor.txt". Add commands like below in that script:
|
|
|
{{{
|
|
|
```
|
|
|
nick YourPrivacyNickNameInIRCserver
|
|
|
TIMER 10 MSG NickServ IDENTIFY password-of-IRC-server
|
|
|
}}}
|
|
|
```
|
|
|
Some channels will not allow you to change nickname, so use "part #channel" in script, before using nick command.
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Connect_Regular_Host"></a>
|
|
|
}}}
|
|
|
== Connecting to regular IRC Networks ==
|
|
|
'''Connect to Regular IRC server/host''': Please first follow instructions in [[#Config_Files_Manually Configure All .conf Files Manually]] section to start your XChat based IRC client with initial Anonymity & Privacy friendly settings (recommended). But if you don't want to manually edit .conf files, then configure your client by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections, before following below instructions.
|
|
|
* '''Create a Network''' entry named/called "Mozilla-via-Tor": XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "Mozilla-via-Tor" -> press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' > click on bottom side "+" button below 'Networks' box -> rename default name 'New Network' by typing name ''Mozilla-via-Tor'' for the Mozilla IRC Network & then press 'Return' button once to save it.
|
|
|
* '''Add IRC server''' address for Mozilla: XChat -> Network List -> Select "Mozilla-via-Tor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "irc.mozilla.org/6667" (without the double quote symbols) and press Enter/Return button once.
|
|
|
```
|
|
|
## Connecting to regular IRC Networks
|
|
|
**Connect to Regular IRC server/host**: Please first follow instructions in [[#Config_Files_Manually Configure All .conf Files Manually]] section to start your XChat based IRC client with initial Anonymity & Privacy friendly settings (recommended). But if you don't want to manually edit .conf files, then configure your client by following instructions in [[#XChat_FirstTime Start XChat First Time]], [[#Commands_HowToTorify Execute Torify Commands]], [[#Commands_ignore.conf DCC CTCP ignore Commands]], [[#Commands_xchat.conf Set Net Proxy, ident, Block auto DCC, etc Commands]] sections, before following below instructions.
|
|
|
* **Create a Network** entry named/called "Mozilla-via-Tor": XChat -> Network List (Ctrl+S) -> Add -> rename "New Network" into "Mozilla-via-Tor" -> press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' > click on bottom side "+" button below 'Networks' box -> rename default name 'New Network' by typing name _Mozilla-via-Tor_ for the Mozilla IRC Network & then press 'Return' button once to save it.
|
|
|
* **Add IRC server** address for Mozilla: XChat -> Network List -> Select "Mozilla-via-Tor" -> Edit. Then select the IRC server "newserver/6667" --> Edit --> Rename it into "irc.mozilla.org/6667" (without the double quote symbols) and press Enter/Return button once.
|
|
|
* For X-Chat Aqua/Azure: goto main menu 'File' -> click on 'Server List' -> select or click on "Mozilla-via-Tor" network -> click on 'Show details' button at bottomside -> in expanded new window, under 'General' tab, click once on 'NewServer' to select it, then click once again to edit it, rename 'NewServer' into "irc.mozilla.org" (without the double quote symbols), and press 'Return' button once to save server name. The 'SSL' option check box on that row, should remain unmarked. If the area under 'Port' column in that row is empty, then XChat will use port 6667 by default. For connecting to other ports, you will have to specify it there.
|
|
|
* '''Connect with Netowrk''': for example, connect with Mozilla, via Tor proxy: goto 'XChat' main menu -> Network List -> select "Mozilla-via-Tor" -> Connect. A new "Mozilla" tab will appear, and it connected through Tor to Mozilla.org via the open/internet.
|
|
|
* **Connect with Netowrk**: for example, connect with Mozilla, via Tor proxy: goto 'XChat' main menu -> Network List -> select "Mozilla-via-Tor" -> Connect. A new "Mozilla" tab will appear, and it connected through Tor to Mozilla.org via the open/internet.
|
|
|
* For X-Chat Aqua/Azure: to connect with "Mozilla-via-Tor": goto main menu 'File' -> click on 'Server List' -> select or click on "Mozilla-via-Tor" network -> click on 'Connect in a new tab' button at bottomside.
|
|
|
* If you find that, Tor exit-node is blocked/denied by the Mozilla's server, or, blocked by another IRC server where you want to connect, then view [[#Circumvent_Tor_Bans Circumvent Tor Bans]] section.
|
|
|
* Enjoy.
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua Xhat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_SASL"></a>
|
|
|
}}}
|
|
|
= SASL =
|
|
|
'''SASL''': SASL is a type of user login and authentication mechanism. Some IRC Networks/Servers, like Freenode, provide a Hidden Service, (not all) but some of them, require the user's IRC client software to have a '''functional SASL''' feature (or component) to be present & working. XChat based IRC client software either comes with the X-SASL plugin, or needs the CAP_SASL perl script (and related software components, like Perl) to be present & working. See section [[#X-SASL X-SASL]], [[#Load_Verify_Perl Load & Verify Perl]], [[#CAP_SASL_Download CAP_SASL Download]] and your specific IRC client's section below, on how to add functional SASL support if your IRC client software does not support SASL initially right after installation. Since many IRC Networks, still don't support SASL yet, so SASL related steps may be not be necessary to follow for those type of IRC servers.
|
|
|
```
|
|
|
# SASL
|
|
|
**SASL**: SASL is a type of user login and authentication mechanism. Some IRC Networks/Servers, like Freenode, provide a Hidden Service, (not all) but some of them, require the user's IRC client software to have a **functional SASL** feature (or component) to be present & working. XChat based IRC client software either comes with the X-SASL plugin, or needs the CAP_SASL perl script (and related software components, like Perl) to be present & working. See section [[#X-SASL X-SASL]], [[#Load_Verify_Perl Load & Verify Perl]], [[#CAP_SASL_Download CAP_SASL Download]] and your specific IRC client's section below, on how to add functional SASL support if your IRC client software does not support SASL initially right after installation. Since many IRC Networks, still don't support SASL yet, so SASL related steps may be not be necessary to follow for those type of IRC servers.
|
|
|
|
|
|
The /SASL or /XSASL command adds your login credentials in your XChat based IRC client, to use it against your desired IRC server. It is better to use the /SASL or the /XSASL command on the main IRC Network/Server tab, (like "freenode"), instead of on any channel name's tab (which starts with # or ## or * symbols, and neither on any username's tab), because, if there is any mistake in your command then others may get your password. You should prefer to add SASL login credentials while disconnected from IRC server, or, on a main TAB which is not connected to IRC Server. So click on any IRC network's main tab, don't click on it's any sub-tabs, and don't click on any username's tab, before using the /SASL or the /X-SASL command.
|
|
|
|
... | ... | @@ -616,111 +603,105 @@ A 'PLAIN' authentication method (uses Base64 encryption) is not secured (as the |
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Load_Perl_CAP_SASL"></a>
|
|
|
}}}
|
|
|
== Load Perl and CAP_SASL (Common for Official & older XChat based IRC Clients) ==
|
|
|
```
|
|
|
## Load Perl and CAP_SASL (Common for Official & older XChat based IRC Clients)
|
|
|
If you are using Official or older XChat based IRC clients, and does not have built-in SASL support, then you will need CAP_SASL, a perl based script, and for it you will also need Perl.
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="Load_Verify_Perl"></a>
|
|
|
}}}
|
|
|
=== Load and/or Verify PERL ===
|
|
|
```
|
|
|
### Load and/or Verify PERL
|
|
|
Perl usually exists inside Linux, Unix, MacOS. But in Windows OS, either install full scale Perl by installing Active Perl, or, install portable perl, like Strawberry Perl. If you are going to use perl based .pl scripts, only then you will need Perl.
|
|
|
* When using portable perl, add perl binary file's folder location inside environment variable, like PATH, so that XChat can use perl binary, or verify that the location exist in environment variable.
|
|
|
* To verify run below command, in Terminal or in Command Prompt or in shell:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
perl -v
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
If you can see Perl's version info, then Perl is present and working for any other software, under any directory. If you do not see Perl's version info, and instead you see "Command not found" or something similar, then first try to find Perl, if not present then install, and make sure that Perl binary's directory or folder location is included inside environment variable, like PATH, so that other software can use it from any directory. Goto www.Perl.org or goto #perl channel in irc.freenode.net and ask or find out how you can load Perl in your OS.
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="CAP_SASL_Download"></a>
|
|
|
}}}
|
|
|
=== Download the CAP_SASL script ===
|
|
|
Download CAP_SASL script [http://lwsitu.com/xchat/cap_sasl_xchat.pl cap_sasl_xchat.pl], or from [http://ygrek.org.ua/p/cap_sasl.html this] page, or follow the link mentioned in Freenode's FAQ page.
|
|
|
```
|
|
|
### Download the CAP_SASL script
|
|
|
Download CAP_SASL script [cap_sasl_xchat.pl](http://lwsitu.com/xchat/cap_sasl_xchat.pl), or from [this](http://ygrek.org.ua/p/cap_sasl.html) page, or follow the link mentioned in Freenode's FAQ page.
|
|
|
* Check your specific IRC client software below, find out which exact directory or folder it goes in.
|
|
|
* The CAP_SASL perl script requires XChat's Perl Language Interface Plugin, and Perl binary/runtime software. And XChat also requires access to Perl binary from inside its directory, using a pre-configured environment variable, like PATH.
|
|
|
* Load CAP_SASL: Goto XChat -> Window -> Plugins and Scripts... -> Load -> browse to the file cap_sasl_xchat.pl & select it -> Ok.
|
|
|
* Load in Mac OSX Aqua/Azure: goto main menu 'Window' -> click on 'Plugins and Scripts' -> Load -> browse to cap_sasl_xchat.pl -> Select -> Close. This option also exist under 'File' main menu.
|
|
|
* Ensure/Verify that this CAP_SASL script is being loaded, via: Window -> Plugins & Scripts -> you should see it listed there as "CAP SASL", or, "cap_sasl".
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="CAP_SASL_Config"></a>
|
|
|
}}}
|
|
|
=== Configure SASL ===
|
|
|
```
|
|
|
### Configure SASL
|
|
|
Configure SASL: (Before continue, read instructions in [[#XChat_SASL SASL]] and [[#CAP_SASL_Download CAP_SASL Download]] sections, if you have not yet done that). At first, click on the "freenode" or any IRC Network's/Server's main or top most tab, and then type:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
/sasl set
|
|
|
or
|
|
|
/sasl
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
and verify that you see this response:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
SASL: usage: /sasl set <net> <user> <password or keyfile> <mechanism>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
If you do not see the above response, then Perl binary is not present, or, XChat Perl Language Interface/Plugin is not present, or Perl binary's location is not avilable to XChat (missing from PATH).
|
|
|
* Next, enter below command, to use SASL with "FreenodeViaTor" (which has the p4fsi4ockecnea7l.onion IRC server) entry, use nick and password which you use with Tor, (and do not use "<", ">" symbols):
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
/sasl set FreenodeViaTor <your_Freenode_Nickname> <your_Nick_password> PLAIN
|
|
|
}}}
|
|
|
```
|
|
|
* View [[#XChat_SASL SASL]] section to find out in which TAB window you can enter /SASL command, and what SASL mode to use. In above command change "FreenodeViaTor" into other IRC Network's name which supports SASL and in which you have account.
|
|
|
|
|
|
Not all, but, some version of CAP_SASL script will need "/sasl save" command to save SASL login credentials.
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="X-SASL"></a>
|
|
|
}}}
|
|
|
== Configure X-SASL (Common for XChat-WDK based IRC Clients) ==
|
|
|
```
|
|
|
## Configure X-SASL (Common for XChat-WDK based IRC Clients)
|
|
|
X-SASL: (Before continue, read instructions in [[#XChat_SASL SASL]] section, if you have not yet done that). At first click on the "freenode" or any other IRC Network's/Server's main or top most tab/window, and then type:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
/xsasl
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
and verify that you see this response:
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
X-SASL Usage:
|
|
|
/XSASL ADD <login> <password> <network>, enable/update SASL authentication for given network
|
|
|
/XSASL DEL <network>, disable SASL authentication for given network
|
|
|
/XSASL LIST, get the list of SASL-enabled networks
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
If you do not see above response, then X-SASL plugin is not present. In this case, you will have to use CAP_SASL perl script, and Perl, for the SASL auth to work, See section [[#CAP_SASL_Download CAP_SASL Download]], [[#CAP_SASL_Config CAP_SASL Configuration]].
|
|
|
* Next, enter below command, to use SASL authentication mechanism with "FreenodeViaTor" (which has the p4fsi4ockecnea7l.onion IRC server) entry, use nick & password which you use with Tor, (and do not use "<", ">" symbols):
|
|
|
|
|
|
{{{
|
|
|
```
|
|
|
/xsasl add <your_Freenode_Nickname> <your_Nick_password> FreenodeViaTor
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
* View [[#XChat_SASL SASL]] section to find out in which TAB window you can enter /XSASL command, and what SASL mode to use. In above command change "FreenodeViaTor" into other IRC Network's name which supports SASL and in which you have account.
|
|
|
|
|
|
To go back to your previous section, where you came from: [[#XChat_Official XChat (Official)]] | [[#XChat_Unix_Linux XChat (Unix/Linux)]] | [[#XChat_Aqua X-Chat Aqua (MacOS)]] | [[#XChat_Azure XChat Azure (MacOS)]] | [[#HexChat HexChat]] | [[#PChat_Windows_Linux PChat (Windows/Linux)]] | [[#PChat_Portable_Windows PChat Portable (Windows)]] | [[#XChat_How_To_Torify How To Apply/Torify]] | [[#Adding_Server_Host Adding Different Server Host]] |
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a name="XChat_Clients"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|
|
|
|
|
|
= Editor comment =
|
|
|
# Editor comment
|
|
|
* (proper) Imho the few different XChat platform builds do not justify having detailed instructions for each of them. They are too similar, there are almost no differences. I think you are adding too much redundancy. Too much text is being mirrored. For example the line "gui_slist_skip = 1" is three times in the article. The text "with initial Anonymity & Privacy friendly settings by following instructions in" is 5 times in the text, but we have 6 clients. And if someone decides to update the text, he has to update it 5 times, instant of one times and is likely to forget something, that happened to the old article. Imho it's best to read from the top to the bottom through an article. Not click and navigate like crazy from one point to another.
|
|
|
* just added more/other xchat clients, now we can remove redundant sections. -- Bry8Star. Jun 05 2:14pm.
|
|
|
* Removed redundant "First Time Startup Issue" sections. and kept general direction to visit that section for further info. -- Bry8Star. Jun 06 7:05am.
|
... | ... | @@ -743,7 +724,7 @@ To go back to your previous section, where you came from: [[#XChat_Official XCha |
|
|
* found hidden service + ssl based irc servers. some guy name christopher running it.
|
|
|
* (proper) Tor relays, no matter if bridge, guard or middle are unable to decrypt the message for the exit relay. No matter if debug session or malicious Tor code. The Tor client does the encryption, onion routing. Every package is three times encrypted. Every node can decrypt only it's own layer and forward to the next one. Ok, unless, they found a way to break the whole encryption. Only the exit relay can read clear text traffic, unless encrypted end-to-end.
|
|
|
* From open source codes, any "inappropriately" compiled middle rogue Tor Relay (or exit node) can view portion of traffic, is common sense and common knowledge. And there are many other exploits mentioned by many users in #tor. Why would i give some1 that opportunity ? the steps which will make it more hard to decrypt is always better. . why would i wait for such case/scenario : OH, there was such hack or whatever exploit for this & that since that date, ok now lets do something better. why not stay one step ahead ? -- Bry8Star. Jun 07 9:00am.
|
|
|
* (proper) [https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhichTornodeknowswhat Which Tor node knows what?]; And a [https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Overviewastable table].
|
|
|
* (proper) [Which Tor node knows what?](https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhichTornodeknowswhat); And a [table](https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Overviewastable).
|
|
|
* pls see below.
|
|
|
* (proper) I am not saying end-to-end encryption does not make sense. The opposite, it's highly recommend.
|
|
|
* then why you've added that "You do not need to combine SSL with a hidden service." !? we need to make it clear to other people, that a self signed SSL need to be obtained over trusted & secured path and then used inside tor-net to get real privacy (that no one normally able to see content). -- Bry8Star. Jun 8, 8:33am.
|
... | ... | @@ -753,10 +734,10 @@ To go back to your previous section, where you came from: [[#XChat_Official XCha |
|
|
* (proper) Connections to hidden services are safe against sniffing of any Tor servers. Unless they can break the encryption, which is still theoretical. Connection is encrypted "Tor to Tor". Additional SSL combined with the hidden service would still make sense, in case the Tor instance runs on one server and the IRC server on another server.
|
|
|
* yes, if tor-client and HiddenService server daemon runs on different machine then that would be better, but, now most have more powerful multi-core processors, and processors now have built-in encryptions/decryptions features. And again, why would i make it easy or take a risk for some1 to break/decrypt it ? a smart person will always adopt a way to stay ahead, by using multiple layers of encryption. common sense. isn't that the reason why i'm using tor at the first place ? -- Bry8Star. Jun 07 9:12am.
|
|
|
* (proper) Like said before, I am not against it. I just want to see the fact corrected.
|
|
|
* (anonymous) please see updated section [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc#SSLTLSEncryption here]. If you disagree or have questions or something important is missing, please let me know.
|
|
|
* (anonymous) please see updated section [here](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IrcSilc#SSLTLSEncryption). If you disagree or have questions or something important is missing, please let me know.
|
|
|
|
|
|
* (proper) Ok, let's talk about those links...
|
|
|
* http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=1 - is about '''exit''' node sniffing, NOT entry guard/bridge/middle.
|
|
|
* http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=1 - is about **exit** node sniffing, NOT entry guard/bridge/middle.
|
|
|
* http://www.irongeek.com/i.php?page=videos/cipherspaces-darknets-an-overview-of-attack-strategies - Too much. Have to read it later. Probable also not about guard/bridge/middle nodes breaking encryption.
|
|
|
* http://sheddingbikes.com/posts/1293530004.html - Discusses general trust problems. If you believe him, you shouldn't just Tor at all. He threats Tor like a trojan horse, which will record everything and send it to your adversary. It's not related to guard/bridge/middle sniffing.
|
|
|
* http://www.theinquirer.net/inquirer/news/2102435/aes-encryption-cracked "The practical consequence is that the effective key length of AES is about 2 bits shorter than expected" - interesting knowledge about AES is being gathered. It has no practical relevance for breaking Tor's encryption from Tor user to exit node.
|
... | ... | @@ -767,12 +748,12 @@ To go back to your previous section, where you came from: [[#XChat_Official XCha |
|
|
* http://www.cryptosystem.net/aes/ same...
|
|
|
* http://sourceforge.net/projects/sevenzip/forums/forum/45797/topic/3879800 2 bits again...
|
|
|
* http://www.idownloadblog.com/2011/05/24/ios-4-encryption-broken-by-elcomsoft/ iOS is not Tor. iOS is closed source with very little focus on openness and security. The article doesn't say it, but they implemented it wrong. Not AES fault. Yes, same thing *could* happen to Tor, someone finds an implementation error or they add one in future. And I *could* die right now because of an asteroid hitting my house.
|
|
|
* you've missed the 1st link toward http://thehackernews.com/. i see tor members also tryin to talk about it here, [https://blog.torproject.org/category/tags/tor-compromise https://blog.torproject.org/category/tags/tor-compromise]. -- Bry8Star. jun 09. 2012.
|
|
|
* you've missed the 1st link toward http://thehackernews.com/. i see tor members also tryin to talk about it here, [https://blog.torproject.org/category/tags/tor-compromise](https://blog.torproject.org/category/tags/tor-compromise). -- Bry8Star. jun 09. 2012.
|
|
|
https://blog.torproject.org/category/tags/tor-compromise
|
|
|
* (proper) https://blog.torproject.org/category/tags/tor-compromise is also mostly gossip. Speculation and people making wrong assumptions.
|
|
|
* (proper) To sum up, you couldn't provide any evidence, that bridge/guard/middle nodes ever decrypted anything. It's not simple as "debug session" and also not simple as "tweaked source code". The encryption between the Tor user and the exit node isn't the problem. One big problem is, that exit nodes see the cleartext, if Not using end-to-end encryption. There are more interesting attacks against Tor. Finding ways to force proxy bypass. If you scare someone breaking Tor's encryption between Tor user and exit, you should rather worry about buying zero day exploits. They are less expensive and require way knowledge.
|
|
|
* you want me to find attacks, weakness of tor and post it here ! i showed many simple news that shows its done multiple times. you are claiming tor is perfect, do you have a way to prove that ? do you know there are groups who runs middle nodes and collaborate with each others ? -- Bry8Star. jun 09. 2:45am.
|
|
|
* (proper) And all the other points you brought in are totally unrelated. Windows possible backdoors... I don't see what is has to do with "middle nodes debug session or custom source". That's just totally wrong. Carrier IQ for mobile phones is also totally unrelated, I am well aware, I wrote most of [https://trac.torproject.org/projects/tor/wiki/doc/Mobile Mobile]. See [http://freehaven.net/anonbib/topic.html anonlib], read papers from independent researchers (get them from all sources), and you'll learn what Tor's weaknesses are. Certainly middle node sniffing is none of it. Back to the SSL issue... Yes, adding SSL makes sense, always, I said that already and reasoned. But the things, which are totally wrong, "middle node sniffing" have to be deleted.
|
|
|
* (proper) And all the other points you brought in are totally unrelated. Windows possible backdoors... I don't see what is has to do with "middle nodes debug session or custom source". That's just totally wrong. Carrier IQ for mobile phones is also totally unrelated, I am well aware, I wrote most of [Mobile](https://trac.torproject.org/projects/tor/wiki/doc/Mobile). See [anonlib](http://freehaven.net/anonbib/topic.html), read papers from independent researchers (get them from all sources), and you'll learn what Tor's weaknesses are. Certainly middle node sniffing is none of it. Back to the SSL issue... Yes, adding SSL makes sense, always, I said that already and reasoned. But the things, which are totally wrong, "middle node sniffing" have to be deleted.
|
|
|
* point was+is tor is not perfect, neither windows, firewall, etc are a perfect systems. they have holes in them. there are many ways to get around many things. we can only make it harder for outsiders on areas where we have some controls. patches, fixes on this side, and exploits are implemented, tested on other sides. it is a 'Cat and Dog and Mouse' game that will go on. do you know there are groups running middle nodes and collaborates with each other ? -- Bry8Star. jun 09. 2:47am.
|
|
|
* (proper) You know, the funny thing in this discussion is, Tor is already totally broken against various active and passive attacks. Onion routing is broken by design. Mixmion with high latency and cover traffic, is by design better, but can attract too less users, because users want low latency. How to do such attacks is documented and confirmed by torproject.org. This one I'd worry about https://blog.torproject.org/blog/one-cell-enough (ISP can perform attack) or this one https://trac.torproject.org/projects/tor/ticket/3678 (read it, understand it, follow the links and read the papers) and follow the links here https://trac.torproject.org/projects/tor/ticket/5936.
|
|
|
* THANKS. you are most likely very expert on those area. i am glad you liked those article. i will read. i dont think i have the ability to really understand those. but i can definitely understand sum ups for average user like me, exposed by different experts from all around the world. -- Bry8Star. jun 09. 2:50am.
|
... | ... | @@ -784,7 +765,7 @@ https://blog.torproject.org/category/tags/tor-compromise |
|
|
* (anonymous) "since that is a more anonymous & secure way to connect with an IRC server, than connecting via Tor exit node, because by default, a tor circuit uses 4 nodes in between your IRC client software and an .onion host server, and it uses 3 nodes when connecting via Tor exit-node. When more middle nodes will exist in between you & destination server, then that path is more Anonymous." I deleted that because it's not really accurate; there isn't really a threat model were one hop more (or even 4, assuming the HS and its circuit is trustworthy) would make any difference at all. Either we have a global adversary who isn't affected by that, or you have correlation/timing/colluding attacks, which, you guessed it, aren't affected either. On the other hand according to TPO HS aren't really that well tested as other Tor code. If tor was high latency that would be very different.
|
|
|
* i'm sorry, i change that to that line, on the place of proper's line, something like .. onion host is better than SSL, and ssl not necessary .. wasn't clear enough what exactly he/she meant. -- Bry8Star ~ 2:10am jun 19 2012.
|
|
|
|
|
|
== Fork this article ==
|
|
|
## Fork this article
|
|
|
|
|
|
* (proper) I'd wish I'd had the time, but I can't discuss everything over and over again. I think we can't reach an agreement. We are too different. Until you'll agree with my view with "debug session or custom source code" could be ages if ever. Since there are no other contributors or admins... If there are only two people, no one can be right. Our styles are too different... What I don't want to do, is starting an edit war.
|
|
|
* those who has broken different portion of Tor, obviously used debug sessions & custom made tor from source codes. -- Bry8Star ~ 2:14am jun 19 2012.
|
... | ... | |