Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Command Line Tor

DZone's Guide to

Command Line Tor

So Tor's useful for anonymous internet access, for sure. But most of us use it from the browser bundle - how can you use it from the command line or a program?

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Let's take a look at the command line first. So Tor, in the bundle we all know and love, consists of two things - the browser and the router. The browser is preconfigured to use the Tor router in the installed bundle. When you use Tor from the command line, we don't have that option. We end up needing to, somehow, force the commands we would generally use from the command line to dispatch requests through the Tor router.

To do this, you use Tor, Torify, and, preferentially, Torsocks. So first, you still need to install Tor. You don't need to use the bundle - you can use either brew or apt, or likely any other package manager. You'll want to install Tor and Torsocks. On Ubuntu or a similar Debian system, you get all this for free by installing Tor. If you're on OS X, use brew to install Tor and Torsocks separately - Torsocks isn't included. If you're not using either a Linux or OS X, well, you have other issues you might want to address, but you can fix that temporarily at least by downloading VirtualBox and getting a VM running you can use to do real work.

Now, you do need to configure Tor in order to use it - and this is slightly different depending on the platform you use. On a Mac, copy the torrc.sample file to the root of the Tor distribution - /usr/local/etc/tor, and name it torrc. Then uncomment the controlport line and the Cookieauthentication line. Change the cookieauthentication value to 0 and start Tor (the tor command on the command line is sufficient for this).

Do the same thing on a Linux system, but you don't need to copy the torrc file first - it's in /etc/tor. After you've made these changes, you can restart the service or the system - up to you. On Linuxes, Tor runs as a service.

Now Torify requires that you manually create a new session in order to use Tor. You do this by sending a command to the Tor control port, like this:

$ echo -e 'AUTHENTICATE ""\r\nsignal NEWNYM\r\nQUIT' | nc 127.0.0.1 9051 

Then, you can use Torify to execute a request over Tor:

$ torify curl -v https://slashdot.org

To start a new session, re-echo the authentication command to the local control port.

Now Torify is a bit complex, and it's easy to mess up. Torsocks is harder to use incorrectly, as you don't need to manually create a new session, or manually control the router. With Tor running, you use Torsocks just like you do Torify (e.g. torsocks <your command here>), and it will create the virtual circuit for you prior to executing your command.

So overall, not that bad! Enjoy your anonymous command line.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
tor ,security ,secure coding ,command line tools

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}