Tor Proxy on Local Area Network (LAN)
What ?
Setup multiple computers on a LAN to route through a tor proxy for specific applications (Links2, , etc)
Why ?
-To allow novice Linux users (mom,dad,etc), to use Tor on applications that allow socks proxy settings like links2, without needing to know how to start Tor in the command line or setting a tor daemon.
- (My reason) To allow another computer to handle Tor with a base install and to close all ports except for 9050 (or a randomly chosen port) outbound on a select computer that you use for Tor browsing and other Tor applications (endcurl, endget, endtube, oldtube, torsocks) etc.
-If you have an implant or a beacon with key logging it will usually broadcast out on port 53 or port 80, close everything (using endwall.sh and comment all ports out except local host for the ports you need and the random outbound port you will use for Tor) and set Tor outbound to a random port (not 9050 say 34591) and set your Tor proxy server to accept inbound for this random port. This will basically squash outbound beacons.
How ?
You will need two computers to test this. On the Tor proxy server,find out the LAN router assigned internal ip address using
$ ip link
( for example say its 192.168.5.153) and add these lines to /usr/local/etc/tor/torrc
SocksPort 127.0.0.1:9050
SocksPort 192.168.5.153:34591
This tells tor to listen on ip interface 192.168.5.153 on port 34591 for SOCKS5 connections.
Next allow the computers that you want to allow to connect to your Tor SOCKS proxy with the following lines
SocksPolicy accept 127.0.0.1
SocksPolicy accept 192.168.5.153
SocksPolicy accept 192.168.5.154
## SocksPolicy accept 192.168.0.0/16 # Allows everyone on your LAN to be allowed to connect to Tor
SocksPolicy reject *
So now 192.168.5.153 and 192.168.5.154 are authorized to connect to your tor proxy.
You also need to allow inbound access through the firewall.
use
$ ip link
on each computer or nmap to discover the ip's and mac addresses and add them as variables into endwall.sh
########## CLIENT IP and MAC ADDRESSES ##############
proxyhost_ip=192.168.5.153
proxyhost_mac=FF:FF:FF:FF:FF:FF
client1_ip=192.168.5.154
client1_mac=EE:EE:EE:EE:EE:EE
######### LOCAL HOST SECTION ###########
lo_open tcp 9050
lo_open tcp 34591
############## SERVER INPUT SECTION #########################
server_internal_1p tcp 34591 $proxyhost_ip $proxyhost_mac
server_internal_1p tcp 34591 $client1_ip $client1_mac
######### Add more clients individually as required
now rerun endwall on the proxy server
$ su
# ./endwall.sh
###################################
Now over on your client computer make sure that you have outbound locked to the server in endwall.sh
add the ip addresses and mac addresses to your script as before then add
################## CLIENT OUTPUT SECTION
client_out_internal_1p tcp 34591 $proxyhost_ip $proxhost_mac
#######################
Now comment out the rest of the output section as desired and rerun endwall.sh on the client .
Test this configuration by opening links2 and changing the proxy output from 127.0.0.1:9050
to 192.168.5.153:34591. Now access an onion webpage in links to test it. Should work.
For torsocks you now use the -a and -P flags
$ torsocks -a 192.168.5.153 -P 34591 -i curl www.google.com
I will be modifying all of the Endware files to allow for setting the Tor socks proxy ip and port in the script. I'll default it to 127.0.0.1 and 9050 so that it acts the same as before but you will be able to modify it in the script moving forward. I'll leave the variables torsocks_ip=192.168.5.153 and torsocks_port=34591 commented out as examples in all of the scripts moving forward.
So now you can safely close all outbound client out ports except for 34591 and route everything through your tor proxy server. I'm currently operating this way. It seems to work / have positive effects. The idea is that all of the outbound implant beacons