How to install Privoxy and combine it with Tor
In this post I’ll show you how you can improve your privacy and anonymity while you are browsing on some websites. For this purpose I’ll use Privoxy and Tor. Privoxy is a non-caching web-proxy with filtering capabilities for enhancing privacy. Tor uses an overlay network of volunteers and relays your traffic through the Tor network to it’s destination. It also encrypts your data, so no Tor node (except the exit node) can read your data.
This is not a high-security setup, but it should improve your privacy and anonymity.
1. Privoxy
2. Tor
3. Combine Privoxy and Tor
4. Appendix
1. Privoxy
First of all we have to download Privoxy. You can find all releases for all systems here.
wget http://downloads.sourceforge.net/ijbswa/privoxy-3.0.21-stable-src.tar.gz
Next step is to extract the archive:
tar xzf privoxy-3.0.21-stable-src.tar.gz
I highly recommend to create a user and a group for Privoxy otherwise the installation will fail, if you install Privoxy as root. The advantage is that Privoxy does not run with root privileges.
groupadd -g 206 privoxy useradd -u 206 -g 206 -c "Web Proxy" -d /dev/null -s /bin/false privoxy
To create the configuration script you need the autoconf package to run autoheader and autoconf.
$ autoheader $ autoconf
Now we are able to run the configuration script. Don’t forget to use the options with-user and with-group to define the Privoxy user and group.
./configure --prefix=/usr/ --sysconfdir=/etc/privoxy \ --localstatedir=/var --with-docbook=no \ --with-user=privoxy --with-group=privoxy \ --enable-no-gifs --enable-compression
For an executable with security enhanced features, you can also use the following options:
--disable-toggle --disable-editor --disable-force
Explanation of these options (excerpt of the configure help):
--disable-toggle Don't support temporary disable --disable-force Don't allow single-page disable --disable-editor Prevents the use of the web-based actions file editor and web-based temporary disable setting.
The next step is to compile and install Privoxy:
$ make && sudo make install
If the installation was successful, you’ll get the following message:
Privoxy 3.0.21 stable installation succeeded!
Now we have to change some configurations. Open /etc/privoxy/config in your favorite editor. Maybe you have to change the config directory, change
confdir /etc to confdir /etc/privoxy
If you want to use the proxy in your network to serve all computers inside the network, you have to change the listen-address, change:
listen-address 127.0.0.1:8118 to listen-address 192.168.0.150:8118
and replace 192.168.0.150 with the ip address of your host.
The next step is optional and is not necessary to run Privoxy, but maybe you want to change the hostname. Just uncomment and change:
#hostname hostname.example.org to hostname COMPUTERNAME.DOMAIN.TLD
I’ve tested this installation on a Debian virtual machine and noticed that the start script contained the wrong config folder. Maybe you have to change the config folder in /etc/init.d/privoxy. Just change:
P_CONF_FILE=/usr/local/etc/privoxy/config to P_CONF_FILE=/etc/privoxy/config
My preferred Linux distribution is Slackware. I use the rc.privoxy from Slackbuilds. You can find the complete rc.privoxy at the end of this post. To start Privoxy during the boot process you have to edit /etc/rc.d/rc.local (on Slackware). Add the following lines:
if [ -x /etc/rc.d/rc.privoxy ]; then /etc/rc.d/rc.privoxy start fi
And to shut down Privoxy automatically add the following lines to /etc/rc.d/rc.local_shutdown (if it doesn’t exist, you’ll have to create it):
if [ -x /etc/rc.d/rc.privoxy ]; then /etc/rc.d/rc.privoxy stop fi
Now Privoxy is installed and ready to run.
2. Tor
Tor requires libevent. I’ll not show you the steps to install it. It should be straight forward to install libevent.
The first step to install Tor is to download the latest version and extract the archive:
$ wget https://www.torproject.org/dist/tor-0.2.4.19.tar.gz $ tar xzf tor-0.2.4.19.tar.gz
I highly recommend to create a new non-root user and a group for Tor.
# groupadd -g 220 tor # useradd -u 220 -g 220 -c "The Onion Router" -d /dev/null -s /bin/false tor
The next step is to run the configure script, compile and install Tor:
$ ./configure --prefix=/usr --sysconfdir=/etc \ --localstatedir=/var --with-tor-user=tor \ --with-tor-group=tor $ make $ sudo make install
Now we have to change some configurations. Change the directory to /etc/tor and copy the sample of the torrc:
# cd /etc/tor/ # cp torrc.sample torrc
Uncomment the following lines:
SocksPort 9050 # Default: Bind to localhost:9050 for local connections. Log notice file /usr/local/var/log/tor/notices.log RunAsDaemon 1 DataDirectory /var/lib/tor
You should also add the following line to run Tor with a specific user id.
## On startup, setuid to this user and setgid to their primary group. User tor
The last step is to create the log and lib folder for Tor and change the user and group of these directories:
# mkdir -p /var/lib/tor # mkdir -p /var/log/tor # chown -R tor:tor /var/lib/tor # chown -R tor:tor /etc/tor/ # chown -R tor:tor /var/log/tor
Now we can start Tor, but don’t start Tor as root!
sudo -u tor tor &
As I said, my preferred Linux distribution is Slackware. I use the rc.tor from Slackbuilds to start and stop Tor. You can find the complete content of rc.tor at the end of this post.
If you want to start Tor automatically (on Slackware), just add the following lines to the /etc/rc.d/rc.local:
if [ -x /etc/rc.d/rc.tor ]; then /etc/rc.d/rc.tor start fi
And add the following lines to /etc/rc.d/rc.local_shutdown to automatically shutdown Tor:
/etc/rc.d/rc.local_shutdown if [ -x /etc/rc.d/rc.tor ]; then /etc/rc.d/rc.tor stop fi
The first time I tried this installation on my virtual machine, it fails to build a Tor circuit. If something fails take a look at the log file /var/log/tor/notices.log. I noticed this warning:
[warn] Our clock is 22 minutes, 26 seconds behind the time published in the consensus network status document.
Tor needs an accurate clock to work correctly. Please check your time and date settings!
So I had to set the correct time. No problem, I used ntpdate to get the correct time:
ntpdate ptbtime1.ptb.de
This time it worked. If you want to verify it, use the following command:
curl --silent http://checkip.dyndns.org/ | grep -Eo \ '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>'
You’ll get your current ip address without using Tor. To verify the Tor installation you have to use the Tor SOCKS proxy on port 9050.
curl --silent --socks5 127.0.0.1:9050 http://checkip.dyndns.org/ | grep \ -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>'
If everything works fine, you’ll get a different ip address. This implies that Tor runs without problems.
3. Combine Privoxy and Tor
It’s very simple to combine Privoxy and Tor. Open the Privoxy config file /etc/privoxy/config and uncomment the following lines:
forward-socks5 / 127.0.0.1:9050 . forward 192.168.*.*/ . forward 10.*.*.*/ . forward 127.*.*.*/ .
You have to restart Privoxy and it should use Tor now.
To use Privoxy you have to configure your browser. Go to your network configuration of your browser and enter the ip address of the Privoxy host. I recommend to use this proxy for all protocols, including SSL.
4. Appendix
complete content of rc.privoxy:
#!/bin/sh # ******************************************************************** # This script uses exit to return proper error codes, # sourcing (. /path/to/rc.privoxy) it in your system's # rc files is a bad idea. # ******************************************************************** RETVAL=1 PRIVOXY_PRG="privoxy" PRIVOXY_BIN="/usr/sbin/$PRIVOXY_PRG" PRIVOXY_CONF="/etc/privoxy/config" PRIVOXY_USER="privoxy" PRIVOXY_GROUP="privoxy" PRIVOXY_PID="/var/run/$PRIVOXY_PRG.pid" declare -i check check=(`/bin/ps -e|/bin/grep $PRIVOXY_PRG|/usr/bin/wc -l`) # some checks for us if [ ! -x $PRIVOXY_BIN ] ; then exit 0 ;fi if [ ! -f $PRIVOXY_CONF ] ; then exit 0 ;fi # See how we were called. PRIVOXY="$PRIVOXY_BIN --user $PRIVOXY_USER.$PRIVOXY_GROUP --pidfile $PRIVOXY_PID $PRIVOXY_CONF" start () { # start daemon echo -n $"Starting $PRIVOXY_PRG: " if [ ! -f $PRIVOXY_PID ]; then ( $PRIVOXY 2>/dev/tty9 ) \ && echo " OK" \ && /bin/touch /var/lock/$PRIVOXY_PRG \ && RETVAL=0 elif [ $check -lt 3 ]; then echo "Zombie lock file found" /bin/rm -f /var/lock/$PRIVOXY_PRG $PRIVOXY_PID echo "Retrying..." start else echo "Already running" fi echo } stop () { # stop daemon echo -n $"Stopping $PRIVOXY_PRG: " if [ -f $PRIVOXY_PID ]; then /bin/kill `/bin/cat $PRIVOXY_PID` \ && /bin/rm -f /var/lock/$PRIVOXY_PRG $PRIVOXY_PID \ && echo " OK" \ && RETVAL=0 echo else echo " Not Running" fi } case "$1" in start) start ;; stop) stop ;; reload) if [ -f $PRIVOXY_PID ] ; then /bin/kill -HUP `cat $PRIVOXY_PID` \ && RETVAL=0 fi ;; restart) stop start ;; kill) echo "Kill all Privoxy" /bin/rm -f /var/lock/$PRIVOXY_PRG $PRIVOXY_PID /bin/killall $PRIVOXY ;; condrestart) # restart only if already running if [ -f $PRIVOXY_PID ] ; then stop start fi ;; status) /bin/ps ax|/bin/grep $PRIVOXY_PRG|/bin/grep -v 'grep\|init\.d\|rc\.d' RETVAL=0 ;; top) if [ -f $PRIVOXY_PID ]; then a="" for i in `/sbin/pidof $PRIVOXY_PRG` ; do a="$a -p $i" done /usr/bin/top $a fi ;; *) echo $"Usage: $PRIVOXY_PRG {start|stop|reload|restart|condrestart|status|top|kill}" exit 1 esac exit $RETVAL
Complete content of rc.tor:
#!/bin/sh # # tor - The Onion Router # # Startup/shutdown script for Tor. # # Written by Marco Bonetti , heavily based on # contrib/tor.sh, contrib/torctl and Debian init script. # Check available file descriptors if [ -r /proc/sys/fs/file-max ]; then SYSTEM_MAX=`cat /proc/sys/fs/file-max` if [ "$SYSTEM_MAX" -gt "80000" ]; then MAX_FILEDESCRIPTORS=32768 elif [ "$SYSTEM_MAX" -gt "40000" ]; then MAX_FILEDESCRIPTORS=16384 elif [ "$SYSTEM_MAX" -gt "10000" ]; then MAX_FILEDESCRIPTORS=8192 else MAX_FILEDESCRIPTORS=1024 cat </dev/null` if [ -z "$PID" ]; then echo " not running." exit 0 fi if kill -15 $PID; then echo " stopped." else sleep 1 if kill -9 $PID; then echo " killed." else echo " error!" exit 1 fi fi } tor_reload() { echo -n "Reloading Tor..." PID=`cat /var/run/tor/tor.pid 2>/dev/null` if [ -z "$PID" ]; then echo " not running." exit 0 fi if kill -1 $PID; then echo " reloaded." else echo " error!" exit 1 fi } tor_status() { PID=`cat /var/run/tor/tor.pid 2>/dev/null` if [ -z "$PID" ]; then echo "Not running." exit 1 elif kill -0 $PID; then echo "Running." exit 0 else echo "PID file /var/run/tor/tor.pid present but PID $PID is not running." exit 1 fi } case "$1" in start) tor_start ;; stop) tor_stop ;; restart) tor_stop sleep 3 tor_start ;; reload) tor_reload ;; status) tor_status ;; *) echo "Usage: $0 (start|stop|restart|reload|status)" esac
Sources:
Privoxy Doc Forwarding
Slackbuilds: Privoxy
Slackbuilds: Tor
Posted on December 18, 2013, in Command-Line, Configure, Install, Network, Security and tagged anonymity, anonymous browsing, Debian, linux, linux command line, Linux M0nk3ys, Linux Monkeys, privacy, privacy preserving proxy, privoxy, proxy server, security, Slackware, tor. Bookmark the permalink. 2 Comments.
Pingback: Privoxy with Tor | 0ddn1x: tricks with *nix
Pingback: Tor + Privoxy Experiment #1 | Hendrawan Kuncoro 's Blog