An (Almost) Portable TOR Proxy!

A couple years ago, I wrote this step-by-step guide on using the SSH protocol to create encrypted “tunnels” to secure your internet traffic. It continues to be one of the most popular pages on this site, attracting several hundred hits a day.

A basic tunnel, as shown, is not the only thing you can do with SSH’s unique forwarding capability; far from it. Today, I’m going to show you how you can use SSH with the TOR onion router - one of the most valuable pieces of privacy and anonymity software available - to enable you to tap into the power of the TOR network from (almost) anywhere. Sound awesome? It is, it is…

This is not meant to be a step-by-step how-to guide; it assumes that you have at least a little familiarity with TOR, what it is, and what it does, as well as some knowledge of Unix/Linux. Those who are not geeks, or who are scared by command lines, should go elsewhere at this point.

Also, unlike the basic SSH tunnel proxy, the “price of admission” here is a little bit higher - you might well be able to do this on a regular shell account, but in my opinion the best way - for several reasons - is to do it on your own server, “dedicated” or otherwise. In my experimentation, I’ve used a cheap (4 Euro/month) VPS from VPS4Less. (I’m just a customer of theirs, and don’t get any money if you become one, as well.) A Linux-based VPS from any other hosting provider should work just as well. I use Debian, but any distribution which doesn’t suck should be fine.

Step one: This is the hard part; it’ll take you a half-hour or so, depending on how skilled you are at Linux administration. Download, compile, and install TOR on your server, following the instructions. I’ve had erratic issues using Privoxy; you can probably skip it if you understand the consequences. Don’t ask me for help installing TOR; I’m not a developer, just an user and operator of a TOR node, and I’m neither qualified nor inclined to troubleshoot whatever problems you might run into.

Step two: This is the easy part: Configure PuTTY to connect to your server - and to TOR. For the basics on this, see the earlier post; what you want to do is, in addition to (or instead of) creating a “dynamic” port forward, create a “local” one, to “127.0.0.1:9050″. (If you want to (try to) use Privoxy as well, you should use “127.0.0.1:8118″ instead.) The end result should look more-or-less like this:

As you can see, I’ve setup a “regular” dynamic proxy on (local) port 2222, then a forwarder directly to the remote TOR server on port 2223, and a forwarder into Privoxy on port 2224. The port numbers are arbitrary; you can certainly use something else. I recommend creating separate ports for TOR and Privoxy (which itself feeds into TOR) - not just because I’ve had problems with Privoxy, but because Privoxy only filters web traffic, and proxying anything else - IM traffic, email, or whatever - through it is a waste of resources. You can use them simultaneously, in different applications - i.e. Firefox can be using Privoxy, while your IM client can be using TOR directly, at the same time.

That configuration saved and loaded, you can connect to your server (which has TOR running), log in (preferably not as root), and configure your web browser, email client, or whatever else to use “127.0.0.1″, port 2223, as a SOCKS proxy. Assuming you followed all the steps correctly, you should now be browsing the web, reading and sending email, or whatever, through the TOR network - all without having to have TOR installed on the actual computer you’re using.

This is what makes the whole setup (almost) portable - by using the portable version of PuTTY (on a flash drive, say) you can take your TOR proxy with you wherever you go, without having to install anything on the machine you’re using. Sweet, no?

Bookmark to: