May 29, 2017, 03:47:47 PM
Welcome, Guest. Please login or register.

telnet towel.blinkenlights.nl

Author Topic: Questions about tor middlebox and nmap through tor  (Read 1303 times)

Offline r0tati0n

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 223
  • Internets: +21/-4
Questions about tor middlebox and nmap through tor
« on: March 06, 2015, 10:02:13 AM »
I built a middlebox out of an old computer and connected to its WLAN. When I am opening the TOR browser now, does that mean I have TOR through TOR? How can I check that and does it bring anymore anonymity/privacy compared to socks5+TOR?
Going to check.torproject.org with TOR-Browser and midori shows both are torified. But how can I be sure its TOR through TOR with TOR-Browser?

Another thing: I tried some tutorials about nmap through tor. They are specifically about proxychains and nmap, not via middlebox. I get a lot of open ports on my servers (almost all ports existing), which arent there. What is nmap reporting here?
« Last Edit: March 06, 2015, 10:07:57 AM by r0tati0n »
I'd like to have Augmentations.

Offline kinchan

  • Experienced
  • ***
  • Posts: 181
  • Internets: +17/-0
  • Love My Pi and my N900
Re: Questions about tor middlebox and nmap through tor
« Reply #1 on: March 07, 2015, 01:57:54 PM »
I don't know the system you're running, well, maybe all the network communication are torified, or maybe the tor service is launched at startup. but that doesn't mean you have TOR through TOR.
i wrote this, give it a try.

Code: [Select]
#!/bin/bash

## torified or not torified? - 07/03/2015 - kinchan
## depends : wget, curl, torsocks

if [ "$(which torsocks)" == "" ] ; then
echo "install torsocks"
sudo apt-get install torsocks -y
fi

## check for tor db

if [ ! -e "./Tor_ip_list_ALL.csv" ] ; then
echo "download tor db now"
wget --no-check-certificate --quiet http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv
clear
fi

## curl wanip query

export DEFWANIP=$(curl -s icanhazip.com)
export TERMTORWANIP=$(torsocks curl -s icanhazip.com)

echo "
---------------------------
"
if [ "$DEFWANIP" != "" ] ; then
echo -e "Your external ip through simple query seem to be \e[34m$DEFWANIP\e[0m and"
if [ "$(cat ./Tor_ip_list_ALL.csv | grep $DEFWANIP)" == "" ]; then
echo -e "it is not a tor exit node [\e[1;31m no \e[0m]"
else
echo -e "it is a tor exit node [\e[1;32m ok \e[0m]"
fi
fi

echo "
---------------------------
"

if [ "$TERMTORWANIP" != "" ] ; then
echo -e "Your external ip through torsocks seem to be \e[34m$TERMTORWANIP\e[0m and"
if [ "$(cat ./Tor_ip_list_ALL.csv | grep $TERMTORWANIP)" == "" ]; then
echo -e "it is not a tor exit node [\e[1;31m no \e[0m]"
else
echo -e "it is a tor exit node [\e[1;32m ok \e[0m]"
fi
fi

echo "
---------------------------
"

## launch web explorer to tor check page

if which xdg-open > /dev/null ; then
x-www-browser https://check.torproject.org/ 2> /dev/null
elif which gnome-open > /dev/null ; then
gnome-open https://check.torproject.org/ 2> /dev/null
else
xdg-open https://check.torproject.org/ 2> /dev/null
fi

echo "launching default web explorer to check.torproject.org"

echo "
---------------------------
"

For port scan through tor network, it's impossible.
Tor network not allowing ICMP/UDP request needed by nmap, for socks5 it depend of the server, sometimes it is possible.
"Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime."
##### Current project >> otto-gui ##### website #####

Offline Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 926
  • Internets: +93/-0
Re: Questions about tor middlebox and nmap through tor
« Reply #2 on: March 07, 2015, 03:04:48 PM »
TOR over TOR is not recommended...for a few reasons...

First You are taking a performance hit, you have increased your hops from three to six with for no real benefit to your anonymity...in fact, you are increasing your attack surface by using twice as many exit nodes...twice as many chances for the exit to be malicious...

Second, you are creating twice as many chances for someone to use traffic and changes in network conditions to correlate both ends of your network connection. This is a highly effective method of de-anonymization.

And this is besides the fact that such a configuration also allows for an amplification attack on the TOR network itself. In fact the TOR fellas keep threatening to ban exit nodes from rentering the TOR network to prevent these amplification attacks...

TOR over TOR is no good...Now i2p over TOR...well...

Offline r0tati0n

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 223
  • Internets: +21/-4
Re: Questions about tor middlebox and nmap through tor
« Reply #3 on: March 08, 2015, 01:28:27 AM »
System is Kali linux. Both laptops, the middlebox and the machine I am working on.
Issueing your script tells me I am torified when simply connecting to the middleboxes WLAN.
issuing a "proxychains bash torcheck.sh" gives me a different IP address than "bash torcheck.sh"

There are a few tutorials for nmap over tor.
EG:
http://www.aldeid.com/wiki/Tor/Usage/Nmap-scan-through-tor
proxychains nmap -Pn -sT -p 80,443,21,22,23 80.14.163.161

This should be specifically only TCP no ping check.
« Last Edit: March 08, 2015, 03:04:47 AM by r0tati0n »
I'd like to have Augmentations.

Offline kinchan

  • Experienced
  • ***
  • Posts: 181
  • Internets: +17/-0
  • Love My Pi and my N900
Re: Questions about tor middlebox and nmap through tor
« Reply #4 on: March 08, 2015, 01:21:23 PM »
There are a few tutorials for nmap over tor.
EG:
http://www.aldeid.com/wiki/Tor/Usage/Nmap-scan-through-tor
proxychains nmap -Pn -sT -p 80,443,21,22,23 80.14.163.161

This should be specifically only TCP no ping check.

In this tutorial, they doesn't use the tor network protocol, they use just tor exit node via proxychain, , (many of them are used with socks4/5). but there are not all compatible with nmap scan, the script "getTorExitNode.py" check for a valid one.

Quote
Why not just use an anonymous VPN?  Much faster and in the long run it is more secure than tor...

yep! and i know few people who use VPN >> socks5 >> tor.
they said that it is not so slow...  :)
"Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime."
##### Current project >> otto-gui ##### website #####

Offline r0tati0n

  • Top Hat Member
  • Experienced
  • ********
  • Posts: 223
  • Internets: +21/-4
Re: Questions about tor middlebox and nmap through tor
« Reply #5 on: April 04, 2015, 02:34:38 AM »
The tor people told me I would not nmap the target but the exit server, which probably has all ports open.
How can I nmap the target using the middlebox? (not proxychains)
Could you tell me why? Because it should be configured correctly
I'd like to have Augmentations.