[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] torjail - run programs in tor network namespace


I want to share a project made in _to hacklab.


We would like to have some feedback about the project, particularly if you
find some way to deanonimize a program running in torjail, please, submit
an issue!

[from readme]

# Why

We've tried to deanonimize a program executed in torsocks environment and
that was not so difficult as torsocks use LD_PRELOAD, so you only need to
statically compile your stuff. As whonix is sometimes too much, the idea is
to experiment with linux namespaces and learn by doing something useful
(at least for us).

# How it works

It creates a separated network namespace (using ip netns) with its own
network interface and a link to the host interface with some iptables rules
(on host) that force traffic generated from inside torjail to only exit via
tor (including dns).
Inside torjail you'll be in another pid namespace (this way you cannot
switch namespace), and another mount namespace (we use this to show a
different /etc/resolv.conf).

# Firejail support

We support a nice `-f` flag for uso firejail in pair wit torjail as
security sandbox.

Good bye!

Attachment: signature.asc
Description: PGP signature

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to