[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1



Thus spake Anothony Georgeo (anogeorgeo@xxxxxxxxx):

> Hi Mike,
> 
> Nice catch :-)
> 
> I would like to use your Snakes on a Tor but I'm not sure how to use
> it.  I downloaded it and I have all the required apps (md5summer,
> wget and openssl) on my Windows XP Home.
> 
> Could you give me a quick how-to?
> 
> BTW, I have my HTTP_PROXY and HTTPS_PROXY environmental variables
> set to 127.0.0.1:8118.
> 
> Thanks and sorry for the asking,

I'm guessing actually scanning is going to be WAY over your head. It's
really meant for people who run Tor servers on Linux boxen and know
what they're doing, because right now you have to manually eyeball the
SSL certs and MD5 error files to double-check everything is Ok. I'll
try to improve that in a few weeks.

But, the Metatroller is a neat toy if you just want to investigate
censorship conditions in China/Germany for a day or whatever.

For that you DO NOT actually need md5summer, wget, and openssl. You
only need those if you want to run soat.pl.

For the Metatroller to work, you need to tell Vidalia to start
Tor with an alternate torrc. Open a new 'torrc' textfile on your
Desktop somewhere and put the lines:

ControlPort 9051
__LeaveStreamsUnattached 1

in it. Tell Vidalia in its config window to use this file as an
alternate torrc location. Restart Tor.

Once you have everything in your path, ActivePerl installed and
Vidalia set up to use this Torrc, either Start->Run.. "cmd.exe" or
launch cygwin, and cd to the directory you unzipped SOAT into.

You should be able to type 

'metatroller.pl cached-directory country-codes'

and it shoud print a WARN and a NOTICE that it is ready.

Periodically you should hit up http://moria.mit.edu:9031/tor/ and save
that output to 'cached-directory' in the SOAT dir. Ditto for
http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1. Save that
to 'country-codes' in the same dir.

Once it's all set up, if you want to play with the Metatroller's
options, you can open another cmd.exe and type 'telnet 127.0.0.1 9052'
and you should be able to give it the commands it lists under 'HELP'.

You can actually watch the metatroller build circuits in the Vidalia
network status window. 

Now mind the warnings I gave about the Metatroller and anonymity,
ESPECIALLY if you fire up soat.pl also. 



If you run soat.pl, you should be running it on a seperate machine
than you are using normally (or inside a vmware image or simply
another instance of Tor) because of shortened pathlengths, strange
exit selection strategy, etc etc etc.

To actually scan, you need md5summer to be renamed to md5sum.exe, and
you need all those tools to be in your path. Perhaps c:\windows if you
don't mind the clutter. Hopefully the output from md5summer is the
same as UNIX md5sum..

I'm guessing these complications probably will make it beyond your
ability to actually scan at this time.. Between these ramblings and
the README file, hopefully you can at least tinker with the
Metatroller for a bit so you can bask in the glory of some orbiting
mind control lasers. Winter is coming, maybe you can save on the
heating bill.



-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs