[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?
From: Tom Ritter <tom@xxxxxxxxx>
Date: Fri, 5 Oct 2012 11:52:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 05 Oct 2012 11:53:16 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=EW4H8IRDswND9yw8nxRR/U8hMbCee3f8FA8jNWNO17Q=; b=dA1vI5UrMqdmLcHef3+KNNhrDA/nb91ljSlVdrrcQIEQBa1waRecKwFW6gPdIHFVts UrNEr/yNZvf5L9/Sg+CG9lu51z8ukD3uzwrGCawwu3gJxKw+sA+Wq9ZWLY6Efja2yctu IQ24rDIoEhhQTQouU329dtn/PX74ik6HyZqus=
In-reply-to: <1349451463.13062.140661136869853.750AB8C7@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1349451463.13062.140661136869853.750AB8C7@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 5 October 2012 11:37,  <antispam06@xxxxxxx> wrote:
> This is a request. Would someone be so kind as to add a tutorial, in
> fact, several tutorials for how to test/see if an app is Tor ready?

There's some wiki articles, but I'm surprised there wasn't a simple one...

For Linux, I think the fastest/most naive way would be:

1) Set up a tor bridge on another host in your network/on the internet
2) Boot your client/testing machine from a LiveCD
3) Install Tor, have it point to the bridge
4) Install shorewall (or use iptables, but I don't know the correct
iptables commands)
5) /etc/shorewall/zones:

fw    firewall
net    ipv4

6) /etc/shorewall/interfaces

net    eth0    detect    dhcp

7) /etc/shorewall/policy

fw    net     DROP     warn
net    fw      DROP    info

8) /etc/shorewall/rules

ACCEPT    $FW      bridgeip     tcp    bridgeport

9) This should prevent anything from leaving your machine that doesn't
go to that single port on that single ip over TCP.  Tail your logs,
and let your machine quiet down.  Stop any ntp services, system
updates, etc.  Get it so your machine is sending no traffic.

10) Start up your application, use *every single feature* and make
sure it's all being correctly proxied through tor.  Anything that
shows up in your logs is a leak.  investigate it.

I purposely did not put this guide on the wiki, because this is stream
of consciousness, and it's probably missing something.  (For example,
you should confirm that it correct stops outgoing icmp and udp.)  Try
it out, flesh it out, work out the kinks, write it more verbosely with
samples and screenshots, and then put it on the wiki

Finally, the application may read your IP address or another
de-anonymizing information and send it over Tor.  This is another
class of leak, much harder to detect.

In addition to what I wrote, you really should read all of what is on
the wiki also:
 - https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver
 - https://trac.torproject.org/projects/tor/wiki/doc/Preventing_Tor_DNS_Leaks
 - https://trac.torproject.org/projects/tor/wiki/doc/PreventingDnsLeaksInTor
 - https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
 - https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks

It's long, but you're now doing work as a developer, not a user - you
owe it to the users of *your* work to make every effort to do it
correctly.

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?
  - From: antispam06

References:
- [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?
  - From: antispam06

Prev by Author: Re: [tor-talk] Can we come up with a lighter, easier torified client apps ?
Next by Author: Re: [tor-talk] introducing ahmia search
Previous by thread: [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?
Next by thread: Re: [tor-talk] Request: would someone create a tutorial on how to examine an app for leaks?
Index(es):
- Author
- Thread