ping
2015-01-10, 16:54
Installing backbox-anonymous will allow you to easily route all the traffic on your entire system through tor instead of having to set it up for individual tools and browsers.
First we need tor you can follow these instructions here https://www.torproject.org/docs/debian.html.en
leafpad /etc/apt/sources.list
and add this to the bottom
deb http://deb.torproject.org/torproject.org wheezy main
then update repo
apt-get update
Then add the gpg key used to sign the packages by running the following commands at your command prompt:
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
apt-get install deb.torproject.org-keyring
apt-get install tor
Then we need to edit the tor config in /etc/default/tor to allow it to be ran as daemon
leafpad /etc/default/tor
you will see: RUN_DAEMON=”no”
change it to say “yes”
control it with the commands:
service tor start
service tor stop
service tor restart
service tor status
Then we need the backbox-anonymous script that will route the traffic, copy and save to your desktop
#
# You should have received a copy of the GNU General Public License
# along with backbox-anonymous. If not, see <http://www.gnu.org/licenses/>.
export BLUE='\033[1;94m'
export GREEN='\033[1;92m'
export RED='\033[1;91m'
export ENDC='\033[1;00m'
# Destinations you don't want routed through Tor
NON_TOR="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
# The GID Tor runs as
TOR_GID="debian-tor"
# Tor's TransPort
TRANS_PORT="9040"
case "$1" in
start)
# Make sure only root can run this script
if [ $(id -u) -ne 0 ]; then
echo "\n$RED[!] This script must be run as root$ENDC\n" >&2
exit 1
fi
# Check torrc config file
grep -q -x 'VirtualAddrNetwork 10.192.0.0/10' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'AutomapHostsOnResolve 1' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'TransPort 9040' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'DNSPort 53' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
echo "\n$BLUE[i] Starting anonymous mode:$ENDC\n"
if [ ! -e /var/run/tor/tor.pid ]; then
echo " $RED*$ENDC Tor is not running! Quitting...\n" >&2
exit 1
fi
iptables -F
iptables -t nat -F
echo " $GREEN*$ENDC Deleted all iptables rules"
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
echo " $GREEN*$ENDC Modified resolv.conf to use Tor"
iptables -t nat -A OUTPUT -m owner --gid-owner $TOR_GID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --gid-owner $TOR_GID -j ACCEPT
iptables -A OUTPUT -j REJECT
echo "$GREEN *$ENDC Redirected all traffic throught Tor\n"
echo "$BLUE[i] Are you using Tor?$ENDC\n"
echo "$GREEN *$ENDC Please refer to https://check.torproject.org\n"
;;
stop)
# Make sure only root can run our script
if [ $(id -u) -ne 0 ]; then
echo "\n$RED[!] This script must be run as root$ENDC\n" >&2
exit 1
fi
echo "\n$BLUE[i] Stopping anonymous mode:$ENDC\n"
echo 'nameserver 208.67.222.222' > /etc/resolv.conf
echo 'nameserver 208.67.220.220' >> /etc/resolv.conf
echo " $GREEN*$ENDC Modified resolv.conf to use OpenDNS"
iptables -F
iptables -t nat -F
echo " $GREEN*$ENDC Deleted all iptables rules\n"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
open a terminal
cd Desktop
chmod 755 backbox-anonymous
mv backbox-anonymous /usr/bin/backbox-anonymous
now open the torrc file
leafpad /etc/tor/torrc
and add this to the bottom:
Quote
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
to route the traffic:
backbox-anonymous start
backbox-anonymous stop
backbox-anonymous restart
This does not guaranty you 100% anonymity, i have seen some DNS leaks on port 80, this is good for pentesting and hacking, i would suggest using a tor routed VM with tails or whonix for better security. And if you need any help just message me.
Edit: Swearing
First we need tor you can follow these instructions here https://www.torproject.org/docs/debian.html.en
leafpad /etc/apt/sources.list
and add this to the bottom
deb http://deb.torproject.org/torproject.org wheezy main
then update repo
apt-get update
Then add the gpg key used to sign the packages by running the following commands at your command prompt:
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
apt-get install deb.torproject.org-keyring
apt-get install tor
Then we need to edit the tor config in /etc/default/tor to allow it to be ran as daemon
leafpad /etc/default/tor
you will see: RUN_DAEMON=”no”
change it to say “yes”
control it with the commands:
service tor start
service tor stop
service tor restart
service tor status
Then we need the backbox-anonymous script that will route the traffic, copy and save to your desktop
#
# You should have received a copy of the GNU General Public License
# along with backbox-anonymous. If not, see <http://www.gnu.org/licenses/>.
export BLUE='\033[1;94m'
export GREEN='\033[1;92m'
export RED='\033[1;91m'
export ENDC='\033[1;00m'
# Destinations you don't want routed through Tor
NON_TOR="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
# The GID Tor runs as
TOR_GID="debian-tor"
# Tor's TransPort
TRANS_PORT="9040"
case "$1" in
start)
# Make sure only root can run this script
if [ $(id -u) -ne 0 ]; then
echo "\n$RED[!] This script must be run as root$ENDC\n" >&2
exit 1
fi
# Check torrc config file
grep -q -x 'VirtualAddrNetwork 10.192.0.0/10' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'AutomapHostsOnResolve 1' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'TransPort 9040' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
grep -q -x 'DNSPort 53' /etc/tor/torrc
if [ $? -ne 0 ]; then
echo "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$ENDC\n" >&2
echo "$BLUE#----------------------------------------------------------------------#$ENDC"
echo "VirtualAddrNetwork 10.192.0.0/10"
echo "AutomapHostsOnResolve 1"
echo "TransPort 9040"
echo "DNSPort 53"
echo "$BLUE#----------------------------------------------------------------------#$ENDC\n"
exit 1
fi
echo "\n$BLUE[i] Starting anonymous mode:$ENDC\n"
if [ ! -e /var/run/tor/tor.pid ]; then
echo " $RED*$ENDC Tor is not running! Quitting...\n" >&2
exit 1
fi
iptables -F
iptables -t nat -F
echo " $GREEN*$ENDC Deleted all iptables rules"
echo 'nameserver 127.0.0.1' > /etc/resolv.conf
echo " $GREEN*$ENDC Modified resolv.conf to use Tor"
iptables -t nat -A OUTPUT -m owner --gid-owner $TOR_GID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --gid-owner $TOR_GID -j ACCEPT
iptables -A OUTPUT -j REJECT
echo "$GREEN *$ENDC Redirected all traffic throught Tor\n"
echo "$BLUE[i] Are you using Tor?$ENDC\n"
echo "$GREEN *$ENDC Please refer to https://check.torproject.org\n"
;;
stop)
# Make sure only root can run our script
if [ $(id -u) -ne 0 ]; then
echo "\n$RED[!] This script must be run as root$ENDC\n" >&2
exit 1
fi
echo "\n$BLUE[i] Stopping anonymous mode:$ENDC\n"
echo 'nameserver 208.67.222.222' > /etc/resolv.conf
echo 'nameserver 208.67.220.220' >> /etc/resolv.conf
echo " $GREEN*$ENDC Modified resolv.conf to use OpenDNS"
iptables -F
iptables -t nat -F
echo " $GREEN*$ENDC Deleted all iptables rules\n"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
open a terminal
cd Desktop
chmod 755 backbox-anonymous
mv backbox-anonymous /usr/bin/backbox-anonymous
now open the torrc file
leafpad /etc/tor/torrc
and add this to the bottom:
Quote
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
to route the traffic:
backbox-anonymous start
backbox-anonymous stop
backbox-anonymous restart
This does not guaranty you 100% anonymity, i have seen some DNS leaks on port 80, this is good for pentesting and hacking, i would suggest using a tor routed VM with tails or whonix for better security. And if you need any help just message me.
Edit: Swearing