Browsing Anonymously With Tor

Overview:

Looking to browse the internet “anonymously” using off-the-shelf hardware? Heading down to your local coffee shop to “borrow” wifi to upload the latest ISIS targets is no longer a viable option. Learn how to browse the internet using tor. Tor is short for The Onion Router. Its premise is that your traffic is bounced through several relays that are operated by tor’s volunteers.

To start browsing anonymously, you will need the following:

  • Raspberry pi
  • SD card
  • Wifi dongle
  • USB to ethernet adapter (optional)
  • Power supply

Setup:

First, download and extract the latest raspbian image. Once that completes, insert the SD card to your computer to copy the .img file over to the SD card. I am using command line on my Mac. If you are using Windows, you can visit this guide for software that will do this for you.

In my case, the SD card is disk3. Using rdisk with dd is about 20 times faster because you are accessing the disk raw. Read more about why this is the case here.

Once the copy is complete, install the SD card in your raspberry pi and connect a power source, monitor, and keyboard. Note that you can also use a usb to serial adapter connected to the GPIO pins. From here, you will be guided through a quick install process. Choose the first option in the menu to expand the filesystem. It’s also a good idea to create a new password for the “pi” user. Lastly, reboot the pi to complete the install.

After the pi has rebooted, you should be able to connect using an ssh client. Check the local IP while you still have the monitor and keyboard connected.

Installation:

Now that we have a working install of raspbian, we can start installing the needed packages. For this install, we are configuring the pi as an access point. Run the following commands to update the repo and install the needed packages:

Note that after the install is complete, isc-dhcp-server will likely fail to start. This is ok, since we have not yet configured it. Open up /etc/dhcp/dhcpd.conf in vi. Two lines need to be commented out, one needs to be uncommented, and a DCHP configuration needs to be added. Diff output from the changes made are below:

We need to bind the DHCP server to the wlan0 interface. This is the interface that will be listening for incoming DHCP requests. If you are using a usb to ethernet dongle, use the appropriate eth# interface instead. Edit the /etc/default/isc-dhcp-server file and configure the interface on the last line.

Next is to configure an IP address for the wlan0 interface. Open /etc/network/interfaces. Set the wlan0 interface to static instead of dhcp, give it an IP of 192.168.70.1 with a /24 netmask. Also comment out the last three lines.

Now we are going to configure the access point with some encryption. Create a new file /etc/hostapd/hostapd.conf and paste in the following config, modifying to your liking. If you are using the usb to ethernet dongle, you do not need to install hostapd.

I should note that the version of hostapd installed with apt was not compatible with the RealTek chipset in my wireless adapter. You will have to roll your own version of hostapd with your specific hardware drivers or find one pre-built. This link from adafruit is one that I found to be compatible with my chipset.

Next, edit /etc/default/hostapd to specifiy the previously created configuration file. Uncomment DAEMON_CONF and add the filename.

To allow forwarding of traffic, we need to edit /etc/sysctl.conf. Open in vi and look for the following line and uncomment it.

Also run the following to activate forwarding:

The following iptables rules create a network translation between eth0 and wlan0 and also save the configuration. If you are using a usb to ethernet dongle, switch wlan0 for eth1 or equivalent.

Add the following lines to the bottom of /etc/tor/torrc:

Create a log file and set the permissions for tor to use, useful for troubleshooting.

With the install complete, reboot the pi gracefully. Once it comes back online, check for a new wireless network called Pi_AP in my case. Check the following link to determine if you are browsing over Tor:https://check.torproject.org/

 

Safe browsing.

 

 

 

2 thoughts on “Browsing Anonymously With Tor

  1. Nice post! However aren’t the iptables rules a bit too relaxed? If I’m not mistaken, currently the rules will redirect port 53/UDP traffic to TOR as well as all TCP connections. However what will happen if the “protected” PC does an outbound UDP connection to other ports or uses a non-TCP protocol (i.e. icmp)? I believe that this will expose the true IP address.

    I’ve read a couple of posts recommending against ip_forwarding=1 and prefer to explicitly state which connections will go through TOR, blocking everything else:

    https://github.com/grugq/PORTALofPi/blob/master/build.sh

    https://lists.torproject.org/pipermail/tor-talk/2012-October/026226.html

    John

Leave a Reply

Your email address will not be published. Required fields are marked *