Alexander Færøy · 87e762ce
Hide whitespace changes
Inline Side-by-side

Showing with 89 additions and 84 deletions

doc/torsocks.md doc/torsocks.md +89 -84

No files found.
--- a/doc/torsocks.md
+++ b/doc/torsocks.md
 [[TOC(noheading, depth=1)]]
-= Torsocks =
+# Torsocks
 Torsocks is a torifying wrapper that is primarily used to redirect all the network traffic 
 of individual SOCKS-friendly applications through the Tor network. It also ensures DNS queries 
 are handled correctly and explicitly blocks all UDP traffic from the application in question. 
 Torsocks is the successor of tsocks and is still actively maintained. It is simply packaged as 
-'''torsocks''' and is available (and often automatically included with the '''tor''' package) 
+**torsocks** and is available (and often automatically included with the **tor** package) 
 in many *nix based distributions.

-== Download ==
+## Download
 There are [[packages]] for different distributions.

-The code lives at [https://gitweb.torproject.org/torsocks.git torsocks.git], you can get a copy with
-{{{
+The code lives at [torsocks.git](https://gitweb.torproject.org/torsocks.git), you can get a copy with
+```
 git clone https://git.torproject.org/torsocks.git
-}}}
-For further instructions have a look at the [https://gitweb.torproject.org/torsocks.git/tree/README.md README].
+```
+For further instructions have a look at the [README](https://gitweb.torproject.org/torsocks.git/tree/README.md).

-== Usage ==
+## Usage
 Once you have installed torsocks, just launch it like so:
-{{{
+```
  torsocks [application]
-}}}
+```
 For example, you can use ssh to a some.ssh.com by doing:
-{{{
+```
  torsocks ssh username @ some.ssh.com 
-}}}
+```
 or launch pidgin by doing:
-{{{
+```
  torsocks pidgin 
-}}}
+```

-An alternative command is {{{torify}}}. It is only provided for backward compatibility, and unless it is entirely necessary, you should use {{{torsocks}}} at all times. Example:
-{{{
+An alternative command is `torify`. It is only provided for backward compatibility, and unless it is entirely necessary, you should use `torsocks` at all times. Example:
+```
 torify pidgin
-}}}
+```

-== Security ==
+## Security
 The tables below contains a small list of applications commonly used in conjunction with torsocks / torify. At the moment a 100% guarantee of being safe to operate with Tor can only be given for a few of them. This is because the operation of the applications and the data they transmit has not been fully researched, so it is possible that a given application can leak user/system data at a level that neither Tor nor torsocks can control.

-The following '''administrative''' applications are known to be compatible with `torsocks`:
+The following **administrative** applications are known to be compatible with `torsocks`:

-|| '''Application''' || '''100% Safe'''|| '''DNS'''|| '''Comments''' ||
-||  `ssh` || M || Y || Potential for identity leaks through login. ||
-||  `telnet` || M || Y || Potential for identity leaks through login and password. ||
-||  `svn` || M || Y || ||
-||  `gpg` || Y || Y || GPG implemented `--use-tor`. See [https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/GnuPG GnuPG]. ||
+| **Application** | **100% Safe**| **DNS**| **Comments** |
+|-----------------|--------------|--------|--------------|
+|  `ssh` | M | Y | Potential for identity leaks through login. |
+|  `telnet` | M | Y | Potential for identity leaks through login and password. |
+|  `svn` | M | Y | |
+|  `gpg` | Y | Y | GPG implemented `--use-tor`. See [GnuPG](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/GnuPG). |

-The following '''messaging''' applications are known to be compatible with `torsocks`:
+The following **messaging** applications are known to be compatible with `torsocks`:

-|| '''Application''' || '''100% Safe'''|| '''DNS''' || '''Comments''' ||
-||  `pidgin` || M || Y || Potential for identity leaks through login and password. ||
-||  `kopete` || M || Y || Potential for identity leaks through login and password. ||
-||  `konversation` || M || Y || Potential for identity leaks through login and password. ||
-||  `irssi` || M || Y || Potential for identity leaks through login and password. ||
-||  `silc` || M || Y || Potential for identity leaks through login and password. ||
+| **Application** | **100% Safe**| **DNS** | **Comments** |
+|-----------------|--------------|---------|--------------|
+|  `pidgin` | M | Y | Potential for identity leaks through login and password. |
+|  `kopete` | M | Y | Potential for identity leaks through login and password. |
+|  `konversation` | M | Y | Potential for identity leaks through login and password. |
+|  `irssi` | M | Y | Potential for identity leaks through login and password. |
+|  `silc` | M | Y | Potential for identity leaks through login and password. |

-The following '''email''' applications are known to be compatible with `torsocks`:
+The following **email** applications are known to be compatible with `torsocks`:

-|| '''Application''' || '''100% Safe'''|| '''DNS''' || '''Comments''' ||
-||  `claws-mail` || * || * || Use [https://trac.torproject.org/projects/tor/wiki/torbirdy TorBirdy] (Tor Button for Thunderbird) instead! ||
-||  `thunderbird` || '''*''' || * || Use [https://trac.torproject.org/projects/tor/wiki/torbirdy TorBirdy] (Tor Button for Thunderbird) instead! ||
+| **Application** | **100% Safe**| **DNS** | **Comments** |
+|-----------------|--------------|---------|--------------|
+|  `claws-mail` | * | * | Use [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy) (Tor Button for Thunderbird) instead! |
+|  `thunderbird` | ***** | * | Use [TorBirdy](https://trac.torproject.org/projects/tor/wiki/torbirdy) (Tor Button for Thunderbird) instead! |

-The following '''file transfer''' applications are known to be compatible with `torsocks`:
+The following **file transfer** applications are known to be compatible with `torsocks`:

-|| '''Application''' || '''100% Safe''' || '''DNS''' || '''Comments''' ||
-||  `wget` || '''M''' || '''Y''' || Possibility of identity leaks through http headers. ||
-||  `ftp` || M || Y || Passive mode works well generally. ||
+| **Application** | **100% Safe** | **DNS** | **Comments** |
+|-----------------|---------------|---------|--------------|
+|  `wget` | **M** | **Y** | Possibility of identity leaks through http headers. |
+|  `ftp` | M | Y | Passive mode works well generally. |

-'''Table legend''':
-{{{
+**Table legend**:
+```
 DNS: DNS requests safe for Tor?
           N - The application is known to leak DNS requests when used with torsocks.
           Y - Testing has shown that application does not leak DNS requests.
@@ -77,109 +81,110 @@ DNS: DNS requests safe for Tor?
           M - Safe enough in theory, but either not fully researched or anonymity can be compromised 
               through indiscreet use (e.g. email address, login, passwords).
           Y - Application has been researched and documented to be safe with Tor.
-}}}
-[[br]]
-= Older Information =
+```

-'''WARNING:''' The information below is heavily depreciated and it is highly advised to not follow it. 
-== uwt - modified torsocks to improve Tor stream isolation ==
+
+# Older Information
+
+**WARNING:** The information below is heavily depreciated and it is highly advised to not follow it. 
+## uwt - modified torsocks to improve Tor stream isolation
 This is a modified torsocks to support setting proxy type, ip and port by command line parameter to prevent identity correlation through circuit sharing.

 Written by Whonix developer proper/adrelanos. The Tails developers contributed feedback and a patch.

-*nix only, because torsocks/torify is not available for Windows.^1^ [[BR]]
+*nix only, because torsocks/torify is not available for Windows.^1^ 
+
 ,,
 ^1^ Perhaps a modified proxychains might work. Modified a similar way.

-== Additional SocksPorts ==
+## Additional SocksPorts
 You need to add additional SocksPorts to your torrc.

 Add to /etc/tor/torrc.
-{{{
+```
 SocksPort 9052
 SocksPort 9053
-}}}
+```
 Don't forget to restart Tor.

-== uwt ==
+## uwt
 uwt, the torsocks wrapper. (It's a fork of torsocks from the torsocks package.)

-{{{
+```
 nano /usr/local/bin/uwt
-}}}
+```

 UPDATE 17

-{{{
-#!html
+```
 <h1 style="text-align: left; color: red">
 Applies to non-Whonix users. Some versions prior UPDATE 15 were affected by a security issue. If you command included localhost or 127.0.0.1 it leaked.
 </h1>
-}}}
+```
 Thanks to intrigeri for reporting the issue!

 Moved to github.
-{{{
+```
 https://github.com/Whonix/uwt/blob/master/usr/bin/uwt
-}}}
+```

-== Manual use ==
+## Manual use
 Example for manual usage invoked by command line.
-{{{
+```
 uwt -t 5 -i 127.0.0.1 -p 9050 /usr/bin/wget -c https://check.torproject.org
-}}}
+```

-{{{
+```
 sudo uwt -t 5 -i 127.0.0.1 -p 9050 /usr/bin/apt-get --yes dist-upgrade
-}}}
+```

-== Wrapper use ==
+## Wrapper use
 For example, if you wish enforce the proxy settings without entering such a long command every time, you can use a wrapper, . The wrapper has to be placed in PATH ('echo $PATH') before the real executable.

-{{{
+```
 nano /usr/local/bin/wget
-}}}
+```

 Insert the following.
-{{{
-#!/bin/bash
+```
 #echo "This is uwt /usr/local/bin/wget wrapper."
 /usr/local/bin/uwt -t 5 -i 192.168.0.10 -p 9109 /usr/bin/wget $*
-}}}
+```

 In this example, if you want to use wget, you don't have to type 'uwt -t 5 -i 192.168.0.10 -p 9109 -c "/usr/bin/wget -c https://check.torproject.org"', you can simply use 'wget -c https://check.torproject.org'. The wrapper calls uwt and uwt calls torsocks. Your request will be routed through socks5, IP 192.168.0.10, port 9109.

 Thanks to intrigeri, for bringing up this suggestion!

-== Related discussion ==
- * [https://lists.torproject.org/pipermail/tor-talk/2012-June/024497.html tor-talk How to force redirect each application through separate SocksPorts? (preventing identity correlation)]
- * [https://mailman.boum.org/pipermail/tails-dev/2012-June/001268.html Tails-dev Tails's plans for Tor's stream isolation in Tor 0.2.3?]
- * [https://sourceforge.net/tracker/?func=detail&aid=3541363&group_id=11118&atid=361118 Privoxy feature request: support IsolateSOCKSAuth (preventing identity correlation) - ID: 3541363]
- * [https://mailman.boum.org/pipermail/tails-dev/2012-September/001575.html tails-dev bug reports, test and discussion]
+## Related discussion
+ * [tor-talk How to force redirect each application through separate SocksPorts? (preventing identity correlation)](https://lists.torproject.org/pipermail/tor-talk/2012-June/024497.html)
+ * [Tails-dev Tails's plans for Tor's stream isolation in Tor 0.2.3?](https://mailman.boum.org/pipermail/tails-dev/2012-June/001268.html)
+ * [Privoxy feature request: support IsolateSOCKSAuth (preventing identity correlation) - ID: 3541363](https://sourceforge.net/tracker/?func=detail&aid=3541363&group_id=11118&atid=361118)
+ * [tails-dev bug reports, test and discussion](https://mailman.boum.org/pipermail/tails-dev/2012-September/001575.html)

-== Workaround for IPv6 leak bug ==
+## Workaround for IPv6 leak bug

 As long as this bug https://code.google.com/p/torsocks/issues/detail?id=37 isn't fixed...

 If you on a IPv6 enabled network and use usewithtor <some-IPv6-aware-application>, then IPv6 traffic will be send in the clear, thus de-anonymzing you.

 Workaround: Add to /etc/sysctl.conf.
-{{{
+```
 net.ipv6.conf.all.disable_ipv6 = 1
-}}}
+```

 Run
-{{{
+```
 sysctl -p
-}}}
+```
 to activate. (Will remain activated after reboot.)

 Of course you can and should only apply this workaround if you don't depend on IPv6.

-[[br]]
-= Tickets =
-== Torsocks ==
+
+
+# Tickets
+## Torsocks
 [[TicketQuery(component=Core Tor/Torsocks,order=status,status=!closed,format=table,col=id|summary|status|priority|keywords|owner|)]] 

-= History =
-Moved to [https://trac.torproject.org/projects/tor/wiki/doc/torsocks/History torsocks/History].
\ No newline at end of file
+# History
+Moved to [torsocks/History](https://trac.torproject.org/projects/tor/wiki/doc/torsocks/History).
\ No newline at end of file