A step often hastily overlooked in the attack process is the step of footprinting the target. As anyone who has ever had to thoroughly research a target knows this process can be exhausting and quite unrewarding. I tend to disagree with people who feel this is unrewarding. Researching a target is similar to learning to program, exploit, harden, etc. in my opinion. The more information you know about your target the more likely you are to succeed. As the old adage goes, “Proper planning prevents piss poor performance.”

We can enhance our performances by planning properly from the onset. This means remaining anonymous as long as possible through many different means. An easy method to accomplishing this anonymity early on in our attack process should begin with the The Onion Router (Tor). Tor is an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy.

Tor is free and works by creating an encrypted virtual communications circuit within a distributed network of relays run by volunteers all around the world. Traffic leaving your system that would normally be bound for the Internet is passed randomly through this distributed network so that no single point in the network is able to determine the source or destination of the packet. Once a circuit has been established, many kinds of data can be exchanged and several different sorts of software applications can be deployed over the Tor network. More information about how Tor works can be found at the Tor Overview page.

Tor is only as strong as the volunteer network that operates it. Users of the Tor network must operate an onion proxy to be able to communicate with the rest of the Tor network. Tor employs application independence and operates using the TCP stream (Session layer). Many different types of applications can be used with Tor: web browsing (using Privoxy), IRC, instant messaging, hidden services and even command line tools. Find a few more Supported Programs.

Let’s begin by installing the Tor package.

Download Tor for your platform. I’m using Debian 5.0.1 (Lenny) so I’ll walk you through my installation. We’ll be using the Linux/BSD/Unix Install Instructions as a general guide.

For Debian, Ubuntu, and Knoppix based systems Tor points you to https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian to begin the download and installation process. The first paragraph directs us to modify our sources list. Use the following command to open your sources.list:

nano /etc/apt/sources.list

You’ll be looking at the contents of your source.list. Scroll to the bottom, add the following lines, and then save and exit.

deb      http://mirror.noreply.org/pub/tor lenny main
deb-src  http://mirror.noreply.org/pub/tor lenny main

Now we need to update apt and then install Tor using these two commands:

apt-get update
apt-get install tor

Once you’ve run this last command you should notice something similar in your terminal during package installation:

The following extra packages will be installed:
doc-base libfreezethaw-perl libmldbm-perl libuuid-perl
privoxy socat tor-geoipdb tsocks

You’ll probably be prompted to agree to installing extra/new packages and then you should eventually see this:

Starting tor daemon: tor...
Jun 20 22:55:09.575 [notice] Tor v0.2.0.34 (r18423). This is
experimental software. Do not rely on it for strong anonymity.
(Running on Linux x86_64)
Jun 20 22:55:09.576 [notice] Initialized libevent version 1.3e
using method epoll. Good.
Jun 20 22:55:09.576 [notice] Opening Socks listener on
127.0.0.1:9050
done.

Our new packages installed without error. One of the packages included with the Tor package is Privoxy. Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. It essentially provides anonymity while browsing the web. We can verify that Tor and Privoxy are running on our system with:

ps aux

You should see /usr/sbin/privoxy and /usr/sbin/tor running in your list of current processes.

If you’re using Firefox/Iceweasel I recommend installing an add-on called Torbutton. Torbutton creates a button with your browsers status bar on the far right-hand side. After installing this add-on Tor will be disabled by default. You can enable Tor by clicking on this button and it should change to “Tor Enabled” while turning green. You can test whether or not Tor and Privoxy are working using https://check.torproject.org/.

If you decide you don’t want to use the Torbutton add-on you can try the FoxyProxy or SwitchProxy add-ons. If you want to avoid add-ons altogether you can configure Firefox/Iceweasel manually. I would use 127.0.0.1:8118 for your HTTP and SSL proxies and 127.0.0.1:9050 for your SOCKS Host (SOCKS v5).

To use Tor with other applications that support HTTP proxies, just point them at Privoxy (127.0.0.1:8118). To use SOCKS directly for instant messaging, IRC, etc., you can point your application directly at Tor (127.0.01:9050), but see this FAQ before doing so. For applications that support neither SOCKS nor HTTP, take a look at tsocks or socat which were installed when we installed our Tor package.

Those of you wishing to secure your anonymity even more should check out the Torify HOWTO. This is most likely where you’ll find the real benefits of Tor. I recommend checking out torsocks and letting your imagination run wild.

You should also uninstall browser plugins such as Java, Flash, ActiveX, RealPlayer, Quicktime, Adobe’s PDF plugin, and others because they can be manipulated into revealing your IP address. You should also be aware of cookies when browsing with Tor disabled. Cookies on your system can still provide identifying information even when using Tor so clear your cookies often or block them altogether. Lastly, keep in mind that Tor encrypts traffic within the distributed network but once your traffic leaves the Tor network through an exit node, it is available for prying eyes unless your original traffic was encrypted.

Update: You can display quite a bit of information about your Privoxy configuration using Privoxy show status.