皮革材料做网站,力杨网站建设,塘厦初级中学,如何制作论坛网站使用 tor 保护自己
前置 要求
kali linux 系统开启全局科学上网
安装Proxychains4 并配置
安装 Proxychains4
apt-get install Proxychains4
# 或者
apt install Proxychains4 编辑 配置文件 ┌──(root㉿kali)-[~]
└─# whereis proxychains
proxychains: /usr/bin/pro…使用 tor 保护自己
前置 要求
kali linux 系统开启全局科学上网
安装Proxychains4 并配置
安装 Proxychains4
apt-get install Proxychains4
# 或者
apt install Proxychains4 编辑 配置文件 ┌──(root㉿kali)-[~]
└─# whereis proxychains
proxychains: /usr/bin/proxychains /usr/share/man/man1/proxychains.1.gz┌──(root㉿kali)-[~]
└─# wherwhereis proxychains4.conf
proxychains4.conf: /etc/proxychains4.conf┌──(root㉿kali)-[~]
└─# cat /etc/proxychains4.conf┌──(root㉿kali)-[~]
└─# cp /etc/proxychains4.conf /etc/proxychains4.conf.bak┌──(root㉿kali)-[~]
└─# vim /etc/proxychains4.conf# proxychains.conf VER 4.x
#
#
# HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS.# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#round_robin_chain
#
# Round Robin - Each connection will be done via chained proxies
# of chain_len length
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped).
# the start of the current proxy chain is the proxy after the last
# proxy in the previously invoked proxy chain.
# if the end of the proxy chain is reached while looking for proxies
# start at the beginning again.
# otherwise EINTR is returned to the app
# These semantics are not guaranteed in a multithreaded environment.
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list.
# this option is good to test your IDS :)# Make sense only if random_chain or round_robin_chain
#chain_len 2# Quiet mode (no output from library)
#quiet_mode## Proxy DNS requests - no leak for DNS data
# (disable all of the 3 items below to not proxy your DNS requests)# method 1. this uses the proxychains4 style method to do remote dns:
# a thread is spawned that serves DNS requests and hands down an ip
# assigned from an internal list (via remote_dns_subnet).
# this is the easiest (setup-wise) and fastest method, however on
# systems with buggy libcs and very complex software like webbrowsers
# this might not work and/or cause crashes.
proxy_dns# method 2. use the old proxyresolv script to proxy DNS requests
# in proxychains 3.1 style. requires proxyresolv in $PATH
# plus a dynamically linked dig binary.
# this is a lot slower than proxy_dns, doesnt support .onion URLs,
# but might be more compatible with complex software like webbrowsers.
#proxy_dns_old# method 3. use proxychains4-daemon process to serve remote DNS requests.
# this is similar to the threaded proxy_dns method, however it requires
# that proxychains4-daemon is already running on the specified address.
# on the plus side it doesnt do malloc/threads so it should be quite
# compatible with complex, async-unsafe software.
# note that if you dont start proxychains4-daemon before using this,
# the process will simply hang.
#proxy_dns_daemon 127.0.0.1:1053# set the class A subnet number to use for the internal remote DNS mapping
# we use the reserved 224.x.x.x range by default,
# if the proxified app does a DNS request, we will return an IP from that range.
# on further accesses to this ip we will send the saved DNS name to the proxy.
# in case some control-freak app checks the returned ip, and denies to
# connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x.
# of course you should make sure that the proxified app does not need
# *real* access to this subnet.
# i.e. dont use the same subnet then in the localnet section
#remote_dns_subnet 127
#remote_dns_subnet 10
remote_dns_subnet 224# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000### Examples for localnet exclusion
## localnet ranges will *not* use a proxy to connect.
## note that localnet works only when plain IP addresses are passed to the app,
## the hostname resolves via /etc/hosts, or proxy_dns is disabled or proxy_dns_old used.## Exclude connections to 192.168.1.0/24 with port 80
# localnet 192.168.1.0:80/255.255.255.0## Exclude connections to 192.168.100.0/24
# localnet 192.168.100.0/255.255.255.0## Exclude connections to ANYwhere with port 80
# localnet 0.0.0.0:80/0.0.0.0
# localnet [::]:80/0## RFC6890 Loopback address range
## if you enable this, you have to make sure remote_dns_subnet is not 127
## youll need to enable it if you want to use an application that
## connects to localhost.
# localnet 127.0.0.0/255.0.0.0
# localnet ::1/128## RFC1918 Private Address Ranges
# localnet 10.0.0.0/255.0.0.0
# localnet 172.16.0.0/255.240.0.0
# localnet 192.168.0.0/255.255.0.0### Examples for dnat
## Trying to proxy connections to destinations which are dnatted,
## will result in proxying connections to the new given destinations.
## Whenever I connect to 1.1.1.1 on port 1234 actually connect to 1.1.1.2 on port 443
# dnat 1.1.1.1:1234 1.1.1.2:443## Whenever I connect to 1.1.1.1 on port 443 actually connect to 1.1.1.2 on port 443
## (no need to write :443 again)
# dnat 1.1.1.2:443 1.1.1.2## No matter what port I connect to on 1.1.1.1 port actually connect to 1.1.1.2 on port 443
# dnat 1.1.1.1 1.1.1.2:443## Always, instead of connecting to 1.1.1.1, connect to 1.1.1.2
# dnat 1.1.1.1 1.1.1.2# ProxyList format
# type ip port [user pass]
# (values separated by tab or blank)
#
# only numeric ipv4 addresses are valid
#
#
# Examples:
#
# socks5 192.168.67.78 1080 lamer secret
# http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
#
#
# proxy types: http, socks4, socks5, raw
# * raw: The traffic is simply forwarded to the proxy without modification.
# ( auth types supported: basic-http user/pass-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to tor
socks4 127.0.0.1 9050将配置文件中的 strict_chain前 加上一个# 号注释掉将配置文件中的 #random_chain前的 # 号 删除在配置文件的最后 添加 socks5 127.0.0.1 9050
安装 tor 服务
安装 tor 服务
apt-get install tor
#开启tor
tor
# 或者
sudo tor这个时候发现 tor 启动不起来 并且 产生 warn 似乎是端口被占用了一直以来 一般走到这儿 就算是用proxychains4 去 开启代理也是没用的 会报错这个时候就需要修改配置文件了 修改配置文件/etc/tor/torrc
# 老样子 修改之前将原本的 配置文件 做一个备份
┌──(root㉿kali)-[~]
└─# cp /etc/tor/torrc /etc/tor/torrc.bak┌──(root㉿kali)-[~]
└─# vim /etc/tor/torrc## Configuration file for a typical Tor user
## Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
## (may or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with ## try to explain whats going on. Lines
## that begin with just # are disabled commands: you can enable them
## by removing the # symbol.
##
## See man tor, or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## https://www.torproject.org/docs/faq#torrc## Tor opens a socks proxy on port 9050 by default -- even if you dont
## configure one below. Set SocksPort 0 if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
#SocksPort 192.168.0.1:9100 # Bind to this address:port too.## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *## Logs go to stdout at level notice unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using notice in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level notice or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tors logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
#RunAsDaemon 1## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
#DataDirectory /var/lib/tor## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
#ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
#CookieAuthentication 1############### This section is just for location-hidden services ##### Once you have configured a hidden service, you can look at the
## contents of the file .../hidden_service/hostname for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.## Required: what port to advertise for incoming Tor connections.
#ORPort 9001
## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows. Youll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
#Address noname.example.com## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
# OutboundBindAddress 10.0.0.5## A handle for your relay, so people dont have to refer to it by key.
#Nickname ididnteditheconfig## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
#RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting 4 GB may allow up to 8 GB total before
## hibernating.
##
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GB
## Each period starts daily at midnight (AccountingMax is per day)
#AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
#AccountingStart month 3 15:00## Administrative contact information for this relay or bridge. This line
## can be used to contact you if your relay or bridge is misconfigured or
## something else goes wrong. Note that we archive and publish all
## descriptors containing these lines and that Google indexes them, so
## spammers might also collect them. You may want to obscure the fact that
## its an email address and/or generate a new address for this purpose.
#ContactInfo Random Person nobody AT example dot com
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 0xFFFFFFFF Random Person nobody AT example dot com## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
#DirPort 9030 # what port to advertise for directory connections
## If you want to listen on a port other than the one advertised in
## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
## follows. below too. Youll need to do ipchains or other port
## forwarding yourself to make this work.
#DirPort 80 NoListen
#DirPort 127.0.0.1:9091 NoAdvertise
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
## can explain what Tor is if anybody wonders why your IP address is
## contacting them. See contrib/tor-exit-notice.html in Tors source
## distribution for a sample.
#DirPortFrontPage /etc/tor/tor-exit-notice.html## Uncomment this if you run more than one Tor relay, and add the identity
## key fingerprint of each Tor relay you control, even if theyre on
## different networks. You declare it here so Tor clients can avoid
## using more than one of your relays in a single circuit. See
## https://www.torproject.org/docs/faq#MultipleRelays
## However, you should never include a bridges fingerprint here, as it would
## break its concealability and potentionally reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...## A comma-separated list of exit policies. Theyre considered first
## to last, and the first match wins. If you want to _replace_
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, youre _augmenting_ (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## described in the man page or at
## https://www.torproject.org/documentation.html
##
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
##
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
## For security, by default Tor rejects connections to private (local)
## networks, including to your public IP address. See the man page entry
## for ExitPolicyRejectPrivate if you want to allow exit enclaving.
##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # no exits allowed## Bridge relays (or bridges) are Tor relays that arent listed in the
## main directory. Since there is no complete public list of them, even an
## ISP that filters connections to all the known Tor relays probably
## wont be able to block all the bridges. Also, websites wont treat you
## differently because they wont know youre running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
#BridgeRelay 1
## By default, Tor will advertise your bridge to users through various
## mechanisms like https://bridges.torproject.org/. If you want to run
## a private bridge, for example because youll give out your bridge
## address manually to your friends, uncomment this line:
#PublishServerDescriptor 0将配置文件中的 #SocksPort 9050 的 # 号去掉 然后保存这一步骤是参考 参考博客 想到的再次修改 proxychains4.conf 文件 将 最后的 端口号改为 9150
那么现在就可以 使用 代理 tor 网络隐藏自己了
┌──(root㉿kali)-[~]
└─# proxychains4 curl ipinfo.io
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/aarch64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Random chain ... 127.0.0.1:9150 ... ipinfo.io:80 ... OK
{ip: 5.xx.xxx.xxx,city: Amsterdam,region: Norxx xxlxand,country: NL,loc: 5x.x740,4.xxx7,org: AS60404 Liteserver,postal: 1012,timezone: Europe/Axxxxxam,readme: https://ipinfo.io/missingauth
}┌──(root㉿kali)-[~]
└─# proxychains4 curl -s https://check.torproject.org/ | grep -A 3 title | sed s/title//
[proxychains] config file found: /etc/proxychains4.conf
[proxychains] preloading /usr/lib/aarch64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Random chain ... 127.0.0.1:9150 ... check.torproject.org:443 ... OKCongratulations. This browser is configured to use Tor.
