Setting up Tor on BackTrack -
8 September, 2011 by ethicalhack3r

I was playing around with getting wpscan to run through the Tor network so I needed to setup Tor (from source) and Privoxy on BackTrack. These are the steps I took to setup Tor and Privoxy on Backtrack 5 R1. (wpscan does not yet support scanning through the Tor network)

I am no Tor expert and there are probably easier/better ways of doing this.

Installing Tor (Anonymous SOCKS proxy):

$apt-get install libssl-dev
$wget https://www.torproject.org/dist/tor-0.2.2.32.tar.gz
$tar -xzvf tor-0.2.2.32.tar.gz
$cd tor-0.2.2.32
$chmod +x configure
$./configure && make && src/or/tor

To check that Tor has been setup properly, add the following settings to your Firefox browser and then visit; https://check.torproject.org/

Installing Privoxy (HTTP proxy):

$apt-get install privoxy
$vim /etc/privoxy/config (uncomment line 1257, see comments[1] below)
$kill -9 (privoxy pid, there is probably a much nicer/easier way to do this)
$/usr/sbin/privoxy –pidfile /var/run/privoxy.pid –user privoxy /etc/privoxy/config

To check that Privoxy has been setup properly, add the following settings to your Firefox browser and then visit; http://config.privoxy.org/show-status/

Now all you have to do is point your applications to Privoxy on “127.0.0.1:8118″.

For example, to setup Nikto to use Tor/Privoxy, edit the nikto.conf file, lines 52-53:

# Proxy settings — still must be enabled by -useproxy
PROXYHOST=127.0.0.1
PROXYPORT=8118

And then run Nikto with the following command:

./nikto.pl -host 192.168.1.112 -useproxy

Please read the Tor warning before using Tor:
https://www.torproject.org/download/download.html.en#warning

References:
https://trac.torproject.org/projects/tor/wiki
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
http://www.privoxy.org/faq/misc.html#TOR

Comments:

[1] Also uncomment the following lines to use tor/privoxy when connecting to machines on your LAN:

# forward 192.168.*.*/ .
# forward 10.*.*.*/ .
# forward 127.*.*.*/ .

17 Responses


  1. nameless

    root@bt:~# wget https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.32-4-dev-en-US.tar.gz

    this is the new link


    Comment posted on September 28, 2011 at 18:18:15 BST

  2. Rahul Tyagi

    Yaa great man waiting for wpscan to support TOR too :)


    Comment posted on November 7, 2011 at 19:22:52 BST

  3. Kinjo

    Add a note for TOR, it will not support tools that use UDP or ICMP packets and you will not be anonymous.


    Comment posted on December 19, 2011 at 03:51:17 BST

  4. anonymous

    https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.35-6-dev-en-US.tar.gz
    this is the newest link for the second command: wget (the link^^^)


    Comment posted on February 16, 2012 at 21:25:48 BST

  5. Kelvin Lomboy

    Thanks for the Tor on BT tutorial. At the beginning I was having problems installing libssl-dev on my BT 5r2 Gome 64 bit VM. This is what I was getting:

    Reading package lists… Done
    Building dependency tree
    Reading state information… Done
    Some packages could not be installed. This may mean that you have
    requested an impossible situation or if you are using the unstable
    distribution that some required packages have not yet been created
    or been moved out of Incoming.
    The following information may help to resolve the situation:

    The following packages have unmet dependencies:
    libssl-dev: Depends: libssl0.9.8 (= 0.9.8k-7ubuntu8.6) but 0.9.8k-7ubuntu8.8 is to be installed
    E: Broken packages

    So I did the following to get around this issue:

    root@bt:~# wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.8_amd64.deb
    root@bt:~# dpkg -i libssl-dev_0.9.8k-7ubuntu8.8_amd64.deb
    root@bt:~# wget https://www.torproject.org/dist/tor-0.2.2.35.tar.gz
    root@bt:~# tar -xzvf tor-0.2.2.35.tar.gz
    root@bt:~# cd tor-0.2.2.35
    root@bt:~# ./configure && make && src/or/tor

    Hope this helps for anybody that is having this same issue as I had.

    I had no issues installing Privoxy. Thanks again!!


    Comment posted on March 24, 2012 at 03:59:11 BST

  6. CaptainBanjax

    I personally use Tor coupled with tsocks. Works like a charm. Tsocks is a nice little app that allows you to use a socks proxy with pretty much any app…whether or not proxies are natively supported.

    On an Ubuntu based OS just follow these steps:

    1. Install vidalia.

    sudo apt-get install vidalia

    when requested, allow ‘permanent takeover’ should you wish Vidalia to be your main frontend for Tor.

    This will also install Tor and all of its requisite packages.

    I generally opt to use Vidalia because it’s just easy.

    2. Install tsocks (if it isn’t already present).

    sudo apt-get install tsocks

    3. Update the tsocks config file to use Tor as it’s proxy.

    sudo nano /etc/tsocks.conf

    In the file if you scroll down you’ll see a line with a ‘server’ parameter. Change that to 127.0.0.1 then further down you’ll see a ‘port’ parameter. Change this to 9050.

    4. Run the wpscan script from the directory you have it in as follows:

    tsocks ./wpscan

    Easy!


    Comment posted on April 19, 2012 at 14:39:10 BST

  7. sh

    Thanks bro,reallly helped


    Comment posted on May 8, 2012 at 10:25:36 BST

  8. Jovica

    +1 for Tor + Tsocks. Great combination.


    Comment posted on June 9, 2012 at 23:33:27 BST

  9. Hi

    Hi

    Thanks to Kevin L. above.

    Whoever receives error while installing libsys can also do this,

    Add the following to /etc/apt/sources.list :

    deb http://security.ubuntu.com/ubuntu lucid-security main

    Sudo apt-get update

    Then follow the code normally

    Cheers!


    Comment posted on June 19, 2012 at 11:10:02 BST

  10. Robin

    You can just add the official Tor repo then install using apt.

    Add these lines to /etc/apt/sources.l

    deb http://deb.torproject.org/torproject.org lucid main
    deb-src http://deb.torproject.org/torproject.org lucid main

    Then you need to add the gpg key to your repo keychain (all one line)

    gpg –keyserver keys.gnupg.net –recv 886DDD89 && gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

    Now update the package lists

    apt-get update

    And finally install tor

    apt-get install tor


    Comment posted on July 8, 2012 at 23:15:22 BST

  11. Ryan

    Awesome tip, thanks Robin!


    Comment posted on July 20, 2012 at 14:25:22 BST

  12. steve

    Thanks for the tut! Will be using this quite abit!


    Comment posted on July 27, 2012 at 17:15:20 BST

  13. Anonymous

    Newest wget address for the second command:
    https://www.torproject.org/dist/torbrowser/linux/tor-browser-gnu-linux-i686-2.2.39-1-dev-en-US.tar.gz


    Comment posted on October 5, 2012 at 00:55:53 BST

  14. w00t

    Great tutorial


    Comment posted on January 22, 2013 at 20:33:32 BST

  15. Darwin

    After looking over a handful of the blog posts on your website, I seriously appreciate your technique
    of writing a blog. I added it to my bookmark website list and will be checking back soon.
    Take a look at my website too and tell me what you think.


    Comment posted on April 30, 2013 at 21:17:37 BST

  16. Junior

    What’s up, I read your blog daily. Your story-telling style is awesome, keep up the good work!


    Comment posted on May 11, 2013 at 16:03:35 BST

  17. seaside gentian eustoma exaltatum

    Heya fantastic blog! Does running a blog similar to this require a lot of work?
    I have very little expertise in programming but
    I had been hoping to start my own blog soon. Anyways,
    should you have any recommendations or tips for new blog owners please share.

    I know this is off subject but I simply needed to ask.
    Thank you!


    Comment posted on May 24, 2013 at 10:41:46 BST

Leave a Reply