# How to forward a few sites to use TOR?



## User7 (Apr 4, 2015)

Hey.
I want to forward few site to use TOR. I have install and configure tor and it works well in Firefox via foxy-proxy ads-on. But I want to set some site to use proxy at the system level. I tried to use

```
setenv http_proxy 127.0.0.1:9050
```
but TOR is a SOCKS proxy, not an HTTP proxy and of course doesn't work.


----------



## tobik@ (Apr 4, 2015)

You could try setting up www/polipo. It is a HTTP proxy that understands SOCKS and the homepage also specifically mentions Tor.

I have never done this so cannot say anything more concrete. Good luck


----------



## SirDice (Apr 8, 2015)

tobik said:


> You could try setting up www/polipo.


Alternatively, you can use www/privoxy. That should allow you to define which URLs will go through TOR and which don't.


----------



## getopt (Apr 8, 2015)

Using Tor just for hiding one's IP in webservers' logfiles is one thing, but setting up Tor in a way that anonymity withstands attacks is not so easy. 

If there is a need for protected anonymity I would strongly suggest "newbees" to use tools that are proven to hold what they are designed for. Have a look at https://tails.boum.org 

If you still want your own configured Tor on FreeBSD, while your health may be at risk loosing your anonymity, please do your homework right as this is no newbee task!

A viable approach is to read carefully the configuration files of such distros/bundles like Tails. By doing this you might discover that it is not enough just to configure Tor and that's it. Selecting an acceptable browser and configuring the webbrowser is a much more challenging task.

Browsers are configured for first use in a way that they collect as much data from you as they can get. And with each new browser version more data are collected to feed the big-data-industry. All those old and newly added configurations have to be reviewed and disabled when you really need anonymity while using Tor. 

You should know that you cannot hide that you use Tor! All you can do is trying to hide within Tor. And this only works if you do it right and have no other leakages while using Tor.

IMO parallel Internet browsing and using Tor for some sites only is a risky task because you could mess a lot due to manual switching and the like. One single failure is enough and anonymity is gone for good. Also remember that you keep your Tor entry server usually for weeks!

While you are seeking anonymity you get a lot of attention just for the purpose to reverse it. Try looking at this from your ISP perspective. The ISP knows you well and gets all metadata, so do others all the time legally and not legally, but those do analyses and attacks in addition.

You can easily check if you do take your FreeBSD Tor-installation serious. Just check what `sysctl net.inet.ip.random` tells you. If that does not match what was advised in /usr/ports/security/tor-devel/files/pkg-message.in you might not be the person that does it's homework properly. This is just one single example.


----------



## User7 (Apr 10, 2015)

Thanks for lesson  certainly useful, but I have two attentions.



> You should know that you cannot hide that you use Tor!



Its not true. I tied use tor and HTTP proxy gateway in OUT, and  it works! I am sure if exist way to redirect TOR to connect to some VPN or Proxy at the end.(if use VPN we obtain encryption and little more speed, because VPN use compression  )

TOR is anonymity but isn't secure. http://www.securityfocus.com/news/11447

And "weakest link is the man" - or something


----------



## User7 (Apr 10, 2015)

Nope, if You buy VPN under tor, pay in BTC and use VPN at exit node  But maybe VPN provider will be know what are someone doing but newer found who are doing it . . .
(anonymity provides also a large number of people that deals with VPN - so I think it isn't possible to bind man with what he does, without any information about him, and his network, if VPN will use many of people. )


----------



## rootwyrm (Apr 11, 2015)

I do Tor proxying for certain services in a somewhat complicated way. However, this was(is?) the most correct way to do it.

First up, you're going to need security/tor and security/socat. Next you're going to need some (basic) shell scripting (depending on your service complexity.) Configure Tor roughly like this:

/usr/local/etc/tor/torrc

```
## System configuration
RunAsDaemon

## Listening ports
SocksPort  9050
## Listening addresses
SocksListenAddress  127.0.0.1

## Policy
SocksPolicy accept 127.0.0.0/8
SocksPolicy reject *

## Optional IPv6 bits
SocksListenAddress  [::1]
SocksPolicy accept6 [::1]/8
SocksPolicy reject6 *
IPv6Exit  1
```

Simple so far, right? Now we get socat involved. This script is a hack-and-slash example for multiple services done in the worst way possible. I strongly suggest improving on it. However, it is good for illustrative purposes.

/usr/local/etc/rc.d/socat.grl

```
INTADDR="127.0.0.1"
INT6ADDR="::1"
INTPORT="socksport=9050"
SOCAT="/usr/local/bin/socat -d "

/usr/sbin/daemon -f -p /var/run/socat.12000.pid $SOCAT TCP4-LISTEN:12000,fork SOCKS4A:$INTADDR:sekrit.destination:1234,$INTPORT
/usr/sbin/daemon -f -p /var/run/socat6.12000.pid $SOCAT TCP6-LISTEN:12000,fork SOCKS4A:$INT6ADDR:sekrit.destination:1234,$INTPORT
```

Breaking it down...
`/usr/sbin/daemon -f -p /var/run/socat6.12000.pid`

```
# Here, we're using trusty daemon(8) to make it a daemonized process.

$SOCAT
# Self explanatory

TCP6-LISTEN:12000,
# Set up a TCP6 listener on port 12000
fork
# fork the process
SOCKS4A:$INT6ADDR:sekrit.destination:1234,
# Use SOCKS4A proxy at $INT6ADDR with a destination of 'sekrit.destination' and a destination port of 1234
$INTPORT
# What the local SOCKS4A port is. In this case 9050.
```

You should use pf(4) or ipfw(8) to protect your listener port. One of the reasons I use this method is because it can be combined with carp(4) to create fault-tolerant Tor proxying of certain services, provided you don't need a constant connection.


----------

