tsocks - secure way of using the internet in "suspicious"or"dangerous" hotspots

[netnomad]

hi friends out there,

i think security is an important subject.
last weeks i traveled around and used over the weeks almost hundred public hotspots,
sometimes in cafes, railwaystations or just in public areas.
usually i suspect wifi and prefer an internet connection per cable...
my way to secure the wifi-connection was tsocks over an ssh-tunnel through my router at home.
unfortunately i did not succeed to do that with tinycorelinux, so i used my debian-netbook.
i really love tinycorelinux, and i want to use it so often as possible, so i would be glad to use such a secure and easy network-configuration with tc.
is there someone who could package this great and secure tool "tsocks",
or is there somebody who succeeded in using the "poor-mans-vpn on a ssh-proxy" like:

ssh -D 12345 user@host -p 22
and
changing in the browser the network-config to localhost and port 12345

i didn't succeed with this above config, although many people say that it should work!?

Every help is welcomed!
Thank you for your help in advance.

[vitex]

I use an ssh SOCKS proxy when I travel.  The following steps worked for me with Tiny Core 3.8.2.

Install openssh and minefield.

Configure minefield to use a manual proxy with localhost:8080 for the SOCKS protocol and
"localhost, 127.0.0.1" for "No Proxy". (Both SOCKS 4 and 5 seem to work.) Leave all other protocols empty. You should receive an error message if you try to browse the Internet.

To try the proxy at home, execute

Code: [Select]

ssh -p 22 -D 8080 root@192.168.1.1 -N -q

in a shell terminal where you replace "192.168.1.1" with the IP address of your router on your local network and "22" with the port on which ssh is listening on the local network. Minefield should now work.

To try the proxy when away from home, execute

Code: [Select]

ssh -p 22222 -D 8080 root@1.2.3.4 -N -q

where you replace "1.2.3.4" with the IP address or DNS name of your home router and "22222" with the port on which the ssh server on the router is listening on the Internet.

[netnomad]

hi vitex,

thank you, with your hints i established a working socks.
i used to config all four proxies (http, ssl, ftp and socks) in the same manner over the same localhost port.
that was the reason that it didn't work... with tor i'm used to configure all four proxies.
after i just configure the socks-protocol to the localhost port, the socks-tunnel works fine.

can you explain me the difference and why only the socks port is changed?

how do you work with f.e. thunderbird to tunnel the smtp- and pop3-protocols over socks?

with tsocks almost every program can be started in a terminal and than the tunnel is used...
and the second advantage is that f.e. minefield needs no change in the network-configuration...

or do you see there a way without changing these parameters for every new usage?

thank you for your help.

[netnomad]

hi vitex,

now i noticed that in thunderbird it's the same configuration.
so it works in the same way...

but nevertheless, do you see there a way to use the same configuration for both cases, to be more flexible...?

and there is still some uncomfortable feeling about that 3 other proxies that are not on a localhost port...
... do you think that it's secure enough!
too often and too easy leads misconfiguration to dangerous communication outside the tunnel.

[vitex]

... with tor i'm used to configure all four proxies.
after i just configure the socks-protocol to the localhost port, the socks-tunnel works fine.

can you explain me the difference and why only the socks port is changed?

I have been experimenting with the Tor Browser Bundle (TBB) https://www.torproject.org/projects/torbrowser.html.en in preparation for releasing a Tiny Core script that will install or remaster TBB.  The version of Firefox in TBB, which was configured by the experts of the Tor project, only specifies a SOCKS v5 proxy.

how do you work with f.e. thunderbird to tunnel the smtp- and pop3-protocols over socks?

If you use the ports associated with encrypted versions of smtp and pop3, there is no need to use a proxy to conceal e-mail traffic.  I often use web mail when I travel so I only have to worry about protecting a browser. 

[netnomad]

I have been experimenting with the Tor Browser Bundle (TBB) https://www.torproject.org/projects/torbrowser.html.en in preparation for releasing a Tiny Core script that will install or remaster TBB.  The version of Firefox in TBB, which was configured by the experts of the Tor project, only specifies a SOCKS v5 proxy.

Thank you for that specific information.

If you use the ports associated with encrypted versions of smtp and pop3, there is no need to use a proxy to conceal e-mail traffic.  I often use web mail when I travel so I only have to worry about protecting a browser.

I use for the pop3 the port 995, but i guess my providers support only port 25 for smtp secured by TLS (with parameter >if it's possible<)...

By the way, my providers didn't allow to use smtp and pop3 from certain destination, that means,
when i traveled in some countries the firewall of my isp did block these two protocols.
i guess ip-ranges from specific countries are blocked and the mail is only usably over the webinterface.
After tunneling over my home router everything worked fine

[netnomad]

hi vitex,

my experience is a bit different to what you wrote:

minimum requirements for tor in combination with polipo under tinycorelinux:
the browser f.e. minefield6 needs more than the socks proxy on a localhost port.
additionally the http-proxy needs to be configured in the same way.
it doesn't matter, if the ssl- and ftp-proxy is configured, too.

configuration for ssh tunnel over a router proxy (poor-man-vpn):
at least the http-proxy must not be configured,
the communication is tunneled over the socks-proxy over an own localhost port.
it doesn't matter, if the ssl- and ftp-proxy is configured, too.

[vitex]

is there someone who could package this great and secure tool "tsocks" ...

I could not get tsocks to work on Tiny Core due to the way tsocks is using libraries.

I was able to build torsocks (http://code.google.com/p/torsocks/), which seems to be an improved version of tsocks.

The attached script will install torsocks on the Tiny Core system on which it is executed and will also build a personal torsocks extension.  See the comments at the top of the script for additional usage information.

$ ./getTorsocks.sh
===
=== This script has installed the following files:
===
===    /usr/local/bin/torsocks
===    /usr/local/bin/usewithtor
===    /usr/local/etc/torsocks.conf.sample
===    /usr/local/lib/torsocks/libtorsocks.a
===    /usr/local/lib/torsocks/libtorsocks.la
===    /usr/local/lib/torsocks/libtorsocks.so
===    /usr/local/lib/torsocks/libtorsocks.so.1
===    /usr/local/lib/torsocks/libtorsocks.so.1.0.0
===    /usr/local/share/man/man1/torsocks.1
===    /usr/local/share/man/man1/usewithtor.1
===    /usr/local/share/man/man5/torsocks.conf.5
===    /usr/local/share/man/man8/torsocks.8
===    /usr/local/tce.installed/torsocks
===
=== This script has created the following extension files:
===
===    /tmp/tce/optional/torsocks.tcz
===    /tmp/tce/optional/torsocks.tcz.dep
===    /tmp/tce/optional/torsocks.tcz.md5.txt
===

CAUTION: I  do not know whether or not the installed version of torsocks works correctly.

[solorin]

first thanks for all the research and tips, vitex.

to reiterate for other users searching on this topic
the tor project *strongly*recommends you use the tor browser bundle as a complete solution.
as highlighted above and in this thread by vitex.
http://forum.tinycorelinux.net/index.php/topic,11352.0.html.

however, if you insist on using applications that can't use a socks proxy.
you can use the script above or
torsocks 1.2 has now been uploaded to the repository for your convenience.

to use just load tor.tcz and torsocks.tcz
start tor as a service in cpanel or on the command line.

/usr/local/etc/init.d/tor start

then prepend usewithtor whenever calling your application of choice, i.e.

usewithtor chromium

you should be very careful not to mix modes of anonymity.
https://trac.torproject.org/projects/tor/wiki/doc/Modes_Of_Anonymity

you also should be concerned about:
1)data leakage.
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#DoesTorremovepersonalinformationfromthedatamyapplicationsends
2)browser fingerprinting.
https://blog.torproject.org/blog/effs-panopticlick-and-torbutton

and generally take steps that mimic the design of the tbb and tor button.
https://www.torproject.org/projects/torbrowser/design/
https://www.torproject.org/torbutton/en/design/

Pour vivre heureux, vivons cachés.