[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Using tor as proxy for the command line

     On Thu, 06 May 2010 15:56:25 +0200 Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
>Scott Bennett wrote:
>>      On Thu, 06 May 2010 11:05:17 +0200 Jacob Appelbaum <jacob@appelbau=
>> wrote:
>>> Scott Bennett wrote:
>>>>      On Wed, 5 May 2010 20:22:55 +0200 Borja Luaces <borja.luaces@gma=
>>> =3D2Ecom>
>>>> wrote:
>>>>> I would like to know if it is possible to use tor as proxy for the c=
>>> mand
>>>>> line under linux (Ubuntu).
>>>>> If it is possible, how can I do it?
>>>>> PS: I would like to proxymise all the comunications from the command=
> l=3D
>>> ine
>>>>> (wget, nmap,...)
>>>>      Note that wget(1) abides by the ftp_proxy and http_proxy environ=
>>> nt
>>>> variables described in fetch(3).  I suspect that torify(1) used with =
>>> ap
>>>> will not be particularly useful to you nor would you endear yourself =
>>>> exit operators by doing that.
>>>> =3D20
>>> I wrote a little program to ease my use of wget with Tor/Polipo/Privox=
>>> % cat tor-wget
>>> #!/bin/bash -x
>>> export http_proxy=3D3D127.0.0.1:8118
>>> export https_proxy=3D3D127.0.0.1:8118
>>> wget -U " " $@
>>> EOF
>>      I would recommend using the full form in each of those above.  The=
>> are apparently a few cases where the abbreviated form you show here wil=
>> not work.  Also, you might define ftp_proxy; otherwise FTP requests wil=
>> go directly, instead of being blocked by privoxy.  Or if you have somet=
>> like 3proxy installed, you could set ftp_proxy to use that, but I don't=
> see
>> a very easy way to stop DNS query leakage if you do that.

     I've reread the man pages for 3proxy and its author's other proxies
since posting that.  It appears that none of them will translate ordinary
proxy protocols into SOCKS stuff, so please ignore my earlier comments
regarding 3proxy.  Any FTP connections will, at some point, be in the clear
from your system and cannot be diverted through tor by ordinary FTP proxies.
>I don't understand what you mean by this? What do you mean full form?

     As documented in the man page for fetch(3), it should look like a URL.
For example,

export http_proxy
export https_proxy

>How does this leak DNS...?

    No, I was referring there to the use of 3proxy as an FTP proxy, which
I now see won't help here anyway, so just forget all that.
>I agree that ftp_proxy is probably a good idea. I've added that to the
>helper script.
>>> I also started working on a patch to nmap with Fyodor to work with SOC=
>>> proxies; it's in my (ioerror) svn branch on the nmap subversion server=
>>> It sorta works but it's not great for anonymity because of the many
>>> kinds of packets that nmap wants to send.
>>      I think using nmap in the context of tor is really barking up the
>> wrong tree.
>Perhaps, the goal was more general than Tor - it's specifically a set of
>patches for SOCKS5.

     Would you post your specifications for it, please?

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/