Tor-Firefox-Proxomitron

Quote:

Originally Posted by tony62

In all honesty i had missed your post #15(large enough, as it is) , when browsing late last night, and jumped straight to post #16. So maybe i owe you some sort of appology.

I'll accept your some sort of apology.

Quote:

Like i was saying though, i don't doubt for any minute that P2K's approach is very, very secure. That said mine is (i've found) faster and very easy to configure 'on the fly'.

Try not to be so insecure next time, nobody said 'your' method is bad.
And if I were a glory hound, I would point out that the second link in post #17 was actually a post of mine!!!!!

And being an equally glory hound, I would say that paranoid2k's #24 just repeats points I've already made.

Quote:

Originally Posted by toploader

test your privacy

Bah, I already mentioned this link way back in 2003!

Just kidding.

[tony62]

Quote:

Originally Posted by deviladvocate.

Yes, on the behalf of the whole Wilders Security Forum, neigh the whole security community of the internet I thank you for bringing this to my attention.

With sarcastic comments like this, what do you expect?

Quote:

Originally Posted by deviladvocate.

And if I were a glory hound, I would point out that the second link in post #17 was actually a post of mine!!!!!

How many names do you have?

Quote:

Originally Posted by tony62

With sarcastic comments like this, what do you expect?

Just poking fun at you, look at your own post #17 again.

Quote:

How many names do you have?

Some of the deviladvocates are not me.

[tony62]

Quote:

Originally Posted by deviladovcate

Just poking fun at you, look at your own post #17 again.

I'm looking.......What is soooooo bad about post #17 that gives you such a h@#* on??

Anyway, as P2K has clearly stated, it's probably worth checking both varients out, before we condemn.
I have tested both, and after using the Proxo method with several headaches configuring it to suite my needs, i've gone for the easy option(extensions).

Quote:

Originally Posted by tony62

I'm looking.......What is soooooo bad about post #17 that gives you such a h@#* on??

It's not bad, just over anxious. As you admitted you jumped in without reading my post #15.

Quote:

Anyway, as P2K has clearly stated, it's probably worth checking both varients out, before we condemn.

There you go again being overly sensitive. Show me any sentence where I or paranoid2k or anyone for that matter *condemn* . Nobody was condemning anything. Just stating why someone might conceviably prefer one method rather than another that's all.

In fact if you read my post #15, you can see I was explaining how the whole big mess began with the firefox flaw and slowly evolved to the complicated mess we have today. And the implication was that people made a virtue out of necessity.

Seriously this is silly, for someone who claims to be knowledgable about firewalls, shouldnt you be spending your time teaching people about firewalls

[tony62]

Right, enough is enough.
For the original question(whatever that was), please bear in mind both suggestions, as they both work/tested. Proxo is very difficult to configure, however there is an abundance of info on how to do so(castlecops being my favourite).

Good day to you all, goodnight.

Edit: Oops spelling error!!

Edit Edit: P2K, reference this thread 'Run application' - Privoxy/Tor, as promised, this is my solution.

Thank you.

wow, some boards do not like this proxy. Sometimes google tell me I have malware or malware uses this IP

http://img520.imageshack.us/img520/3511/poof9iv.jpg

[Paranoid2000]

Quote:

Originally Posted by bent

wow, some boards do not like this proxy. Sometimes google tell me I have malware or malware uses this IP

Yes, I've had this issue too - it is apparently due to new Tor exit nodes needing to be registered with Google so that it then permits a higher volume of requests from them.

In the meantime, you may find the Proxomitron Google-Scroogle redirector filter a suitable workaround (not to mention another string to Proxomitron's bow...).

wow. That was a lot to absorb and try to understand. I did not see any of those folders in proxomitron.

This seem to be a very "often temporary failure" I don't think I can accept so much of this -

Quote:

This is often a temporary failure, so you might just try again.

Quote:

This is Privoxy 3.0.3 on localhost (127.0.0.1), port 8118, disabled

lol - that was easy. I fixed it.

[tony62]

Quote:

Originally Posted by loansome

lol - that was easy. I fixed it.

How did you fix it,, mate??

[Liquidslam]

I just now checked back with this thread for the first time in two weeks and am amazed at the number of replies that came in and the overall professional level. None of the one-eyed leading the blind stuff that I've encountered on some other forums. I see I should have become a member of this one a long time ago.

[tony62]

Quote:

Originally Posted by Liquidslam

I just now checked back with this thread for the first time in two weeks and am amazed at the number of replies that came in and the overall professional level. None of the one-eyed leading the blind stuff that I've encountered on some other forums. I see I should have become a member of this one a long time ago.

Glad we could all help.........and entertain

EDIT: After experimenting alot with both Firefox Extensions and Proxomitron, i've decided to stick with Proxo. Although i learned alot with the Extensions, proxo does offer better control over the pages you are viewing(just alot more difficult to troubleshoot).

HI all. I'm very new to this and managed to set it up and it works.

whatismyip.com cannot detect my True IP. BUT.. whenever I visit this site:

https://www.grc.com/x/ne.dll?bh0bkyd2

It detects it. How come?

[Paranoid2000]

Quote:

Originally Posted by _john

It detects it. How come?

The GRC URL is using the https (encrypted web access) protocol - you need to ensure that your browser is set up to use Tor for https as well as http traffic.

No wonder. the (s) at the end of http.

I can't find it in FireFox.. all I have are:

http
ssl
ftp
Gopher
Socks

I can't find (https)

Also is it safe to Log into Forum while using Tor? Will my username password be compromised?

[Paranoid2000]

Quote:

Originally Posted by -john

I can't find it in FireFox.. all I have are:...I can't find (https)

ssl (Secure Sockets Layer) = https

Quote:

Originally Posted by -john

Also is it safe to Log into Forum while using Tor? Will my username password be compromised?

Without Tor any http data you send is sent in the clear and visible to your ISP and anyone else with access to your local network (or any part of the route followed by your request as it travels to Wilders). With Tor it is sent encrypted to the Tor network and is only "in the clear" when it exits Tor - it has to be decrypted at this stage since the server you are contacting expects unencrypted data. With https, traffic is encrypted all the way with Tor adding extra levels of encryption.

The benefit of using Tor (and similar systems) is that the website you contact does not know where you are (assuming you are running a web filter to disable Java/ActiveX applets which could be used to find this out) and your ISP/local administrator cannot determine what sites you are visiting.

As for username/password data, usernames for vBulletin forums (like this one) are send in the clear while the password is scrambled (it is actually sent hashed using MD5). Therefore even if someone did pick up your login data they would not be able to determine the password.

Quote:

Originally Posted by Paranoid2000

ssl (Secure Sockets Layer) = httpsWithout Tor any http data you send is sent in the clear and visible to your ISP and anyone else with access to your local network (or any part of the route followed by your request as it travels to Wilders). With Tor it is sent encrypted to the Tor network and is only "in the clear" when it exits Tor - it has to be decrypted at this stage since the server you are contacting expects unencrypted data. With https, traffic is encrypted all the way with Tor adding extra levels of encryption.

Practically speaking though you don't need to fill in anything in the "SSL proxy" field in the browser??

If you are using the proxomitron+Tor method, you need to setup proxomitron via the method posted in your thread about dangers of HTTPS

then it seems just putting 127.0.0.1 in the normal "http proxy" field is enough, proxomitron itself handles HTTPS automatically then?

If you use the method discovered, invented ,trademarked, copyrighted and patented by Tony62 it seems just filling in the 127.0.0.1 for the socks field is enough as well.

This (second thing) surprised me when i was testing it a while ago. i dont really understand the whole business.

Quote:

The benefit of using Tor (and similar systems) is that the website you contact does not know where you are (assuming you are running a web filter to disable Java/ActiveX applets which could be used to find this out) and your ISP/local administrator cannot determine what sites you are visiting.

Personally I wouldn't do HTTPS + Tor for stuff like ebanking. Just plain HTTPS is enough. I mean ISPs can't really snoop in and see the content (what kinds of transactions are happening, or see your password) though they can see the site (bank site) you are connecting . For most people except for terrorists or drugdealers trying to hide the flow of transactions this isn't important.

Right?

And on the flip side, you generally (though the paranoid certainly can dream up scenarios where this isn't true) don't need to be annoymous to your bank either. They have far more sensitive information on your then your current ip.

Right?

Quote:

As for username/password data, usernames for vBulletin forums (like this one) are send in the clear while the password is scrambled (it is actually sent hashed using MD5). Therefore even if someone did pick up your login data they would not be able to determine the password.

Well you of course a simple naive hashing of the password alone isn't sufficient, because of the possibility of a replay attack. Because in such a case They don't actually need your password, just capture the hashed md5, and it's as good as the password.

You already know this of course, i'm just saying.

[WSFuser]

doesnt proxomitron need a couple of DLL files (ssleay32.dll and libeay32.dll) to decrypt SSL? (link to setup Proxo for SSL)

Yes of course, the link i made to dangers of HTTPS also links to those files.

But Tony62's method doesnt even need this, and it still works with HTTPS sites!!!

Quote:

With Tor it is sent encrypted to the Tor network and is only "in the clear" when it exits Tor - it has to be decrypted at this stage since the server you are contacting expects unencrypted data. With https, traffic is encrypted all the way with Tor adding extra levels of encryption.

TOR alone can do all that with no other programs like Proximitron and PRIVOXY?

I have Priv/proximitron and TOR running right now and have set it up but there are a lot I don't know yet. So my first question is: What can "TOR" alone do for me?

Quote:

Originally Posted by axnz

TOR alone can do all that with no other programs like Proximitron and PRIVOXY?

Quote:

Tor alone can do that yes for both HTTP and HTTPS if you follow the instructions given here http://www.imperialviolet.org/deerpark.html.

Whether HTTPS is available is however up to the server you are visiting, you cannot control this with or without proxomitron/privoxy.

Sidenote: I'm still amazed this method alone handles HTTPS as well without any special setup. Guess it shows what i know about socks proxies. LOL.

Quote:

I have Priv/proximitron and TOR running right now and have set it up but there are a lot I don't know yet. So my first question is: What can "TOR" alone do for me?

The long detailed reason why people use priv/proxomitron instead of straight Tor +firefox is described here in post #15 of this thread. Don't worry if it's confusing.

For simplicity, I now follow the lead of Tony62 by recommending the method described here http://www.imperialviolet.org/deerpark.html . Just browser+Tor is enough.

You don't have to care if the site is http or https, that setting alone will ensure Tor is used.

Quote:

Originally Posted by devilish

Tor alone can do that yes for both HTTP and HTTPS if you follow the instructions given here http://www.imperialviolet.org/deerpark.html.

THank. I managed to configurated for FireFox and I'm using Proximitron to filter out web junks. One question I have is the "use remote proxy" in Proximitron. I have set it up to hide my IP but it lag my browsing so I don't use it that much that mean I leave it "unchecked".

So that mean my IP will be visible to the sites that I visit. Regardless of whether my IP is hidden or not TOR still hide the site I go to from my ISP. Correct?

Quote:

Originally Posted by axnzz

THank. I managed to configurated for FireFox and I'm using Proximitron to filter out web junks. One question I have is the "use remote proxy" in Proximitron. I have set it up to hide my IP but it lag my browsing so I don't use it that much that mean I leave it "unchecked".

HUH? which method are you using? The link i gave is a method that does not involve proxomitron/privoxy at all.

Are you using A)Tor+proxomitron+ privoxy?

or B)Tor+Proxomitron(sockified with sockcap or freecap)?

or C)Tor + Privoxy?

Or just D)Tor alone?

I do not recommend C) because it cannot handle HTTPS.

If you are using Method B) , you don't need to check "use remote proxy" to use Tor

If you are using Method A) which I suspect you are, You definitely need to check "use remote proxy" to chain it to privoxy. Otherwise you won't be using Tor!

Method A is this

Firefox---> Proxomitron--->Privocy--->Tor--->website

Check remote proxy in proxomitron tells proxomitron to forward to Privoxy, and privoxy will then forward to Tor. If you break up the chain by not checking the box you get

Firefox-->proxomitron--->website

You are not using Tor at all!

Quote:

So that mean my IP will be visible to the sites that I visit. Regardless of whether my IP is hidden or not TOR still hide the site I go to from my ISP. Correct?

No! No! No!

When Tor is on, you gain both benefits together. If Tor is not on, you lose both!

Proxomitron/Privoxy do not hide your ip from websites, neither do they hide activity from your ISP.


If this is not clear, please give exact details on what you are doing. Otherwise we are just wasting time.