Please help with TOR + ProxyFirewall

Discussion in 'privacy technology' started by ProjectMimic, Mar 1, 2008.

Thread Status:
Not open for further replies.
  1. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Ok This is my problem!
    I am setting up a BitTorrent Site using Tor's hidden services!
    The site works and with uTorrent connected to Privoxy "localhost:8118"
    it is able to connect to the tracker and works fine!

    BUT

    When i do a mass scrape on my site to check the seed's and peer's
    "httpd.exe" needs to check the tracker to get this information, but it cannot
    do this because the tracker is "http://mytorhiddenserv.onion/announce"!
    so "httpd.exe" needs to connect to the Tor network to be able to see that
    address because it is a Tor Hidden Service Address! So my problem now is
    to get "httpd.exe" (from Apache) to connect to TOR somehow!
    After searching google for like 2 day's i came across a couple of programs
    to do this!

    ProxyCap v3.0
    Proxifier v2.6
    ProxyFirewall v1.0.4

    Ok so let's start with ProxyFirewall, i add firefox as a test and tell ProxyFirewall to send firefox to "127.0.0.1:8118"(Privoxy)
    And for some odd reason NOTHING!!
    So i change it to "127.0.0.1:9050"(TOR)
    And it works goes to google and i can see that it's in a different country!
    So i check my web site "http://mytorhiddenserv.onion/"
    And NOTHING!! Even thoe it is running through TOR it wont use TOR's
    Hidden services! FireFox just adds a www. in front of the address
    and it does nothing! I have tried all 3 programs with the same
    result, i know that if i could just get ProxyFirewall to connect to Privoxy
    it would work! I remember hearing something about to use Tor's Hidden Service the connection has to be socks4a!
    Is there something i can do to Privoxy's config files that would allow this!
    There has to be some way to make this work, im getting so frustrated!

    Please Help, anyone!
    It would be very much apreshiated!
     
  2. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Anyone that can help me i will help them set up there own BitTorrent Site!:D
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I am not sure if I understand, but are you going to be using Tor for downloading these files? Or is this some service that is accoiated with, but different from Tor? I cannot imaging anyone wanting to use Tor to download something. That would drive me nuts. I would probably throw my computer through the window. I have also heard too that downloading from tor uses up valuable bandwidth that is needed for people who live in countries who are not free.
     
  4. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    No uTorrent is not set up to download the files through the Tor Network, only connect to the tracker!
    The Web site works and i can view it and uTorrent is able to connect to my Tracker!
    The Problem is getting "httpd.exe" (Part of Apache) to connect to Privoxy!
    To update the Seed's and Peer's that the site shows i have to do a "Mass Scrape" When this is done "httpd.exe" on my server connects to the tracker address to get that infomation but it cant, because i cant figure out how to get httpd.exe to connect to privoxy!:D
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ProjectMimic is trying to set up a BitTorrent site within Tor itself which means that only those using Tor can access it - and they would have to use Tor both for tracker access and file downloads.

    ProjectMimic, whatever your motives are, this is an inappropriate and unfair use of scarce Tor bandwith (which has to be donated by volunteers who choose to run nodes). It is peoples' website access that needs anonymity the most (especially for those in repressive countries) and people who insist on dragging huge quantities of data through Tor (that includes P2P and Rapidshare users) seriously degrade the service for everyone else.

    If you want to share content anonymously, use Freenet - that is what it is designed for.
     
    Last edited: Mar 4, 2008
  6. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Paranoid2000,

    You are almost right, you do need tor for tracker access but not to download the files them self! The files transfers will be a direct connection between users, uTorrent is able to do that by going to Preferences > Connection > Proxy!

    If you select HTTP Proxy 127.0.0.1:8118(Privoxy), only the tracker access goes through tor and all data transfer is a direct connection!

    You could if you select SOCKS 127.0.0.1:9050 and then check "Use Proxy for Peer 2 Peer connections) then All connections will go through TOR, but this is not what im doing, and i hope nobody would!

    Just the site and tracker access will go through TOR!
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Thanks for the clarification, but what would be the point of this?

    People can already anonymise their tracker access (hiding it from their ISP) by using Tor. However their real IP will be shown in the tracker and therefore visible to any participants (and various 4-letter media-related groups). The only way to avoid this is to run peer connections through Tor also (which would require each user to create a hidden service to accept incoming connections from peers) which then involves unacceptable use of Tor's bandwidth.

    All you would be doing is making Tor compulsory in order to access the tracker and if you want to limit access, making it private (and password protected) would do so far better.

    Aside from that though, the best bet for Apache would be to use mod proxy (see here for an IM-related example - changing /ime to /announce and the URL to point to Privoxy should work).
     
  8. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Ok, so i added this to httpd.conf

    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    ProxyPass /announce/ http://127.0.0.1:8118/
    ProxyPassReverse /announce/ http://127.0.0.1:8118/

    and it didn't work,:doubt:
    but i noticed that when the site scrapes the torrents it's actually going to
    "http://mytorhiddenserv.onion/scrape" not announce at least that is what it seems to be doing, so i changed it to this!

    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    ProxyPass /scrape/ http://127.0.0.1:8118/
    ProxyPassReverse /scrape/ http://127.0.0.1:8118/

    and still nothing! I uploaded a test torrent and started seeding it, but when i
    did the scrape so the site would see that there was 1 seeder i was watching privoxy and Tor's network map and nothing went through!o_O

    Haha i was getting ready to tell you how awesome you were to!:D

    Also the site will be private! i only plan on having a hand full of people on it!
    I just don't want anyone knowing were the site or the tracker is coming from!

    I also looked at that free net, and it seems that i would still have the same problem, plus i think it would be way to difficult for the average user, it's easier to just tell them to download tor and utorrent and that's all they need!

    Anyway thank you for your help so far!
     
  9. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Try specifying just "/" in the ProxyPass lines then - that may work assuming you want every access made by httpd to go via Tor. Are you seeing the URLs appear in the Privoxy window though? If so, that would confirm that httpd is using it to connect.

    As for the "private site" angle, how are you going to seed the torrent initially without revealing your real IP address?

    From a user perspective, Freenet should be simpler than Tor (you just need to install the Freenet client, then click on a link using your browser) but it does need more time to access content to start with. From a server perspective it is simpler too - you don't need to be running Apache or anything else, just submit your content via the Freenet client. The downside is that content is a little tricky to update and it isn't permanent (it's lifespan depends on other users requesting it).
     
    Last edited: Mar 5, 2008
  10. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Nope, that did not work either it hits privoxy and stops!
    The site wont work at all i just get a blank page!
    I tried changing the port to 9050 to connect directly to TOR and i get a " TOR is not an HTTP Proxy"! So now I'm pretty sure that the problem is with privoxy something in privoxy's config file is blocking the connection. But it's all running on the same machine so i don't understand how that could be a problem. I also don't understand why i have to have privoxy to view hiddenservice addresses!


    As for the "private site" angle, the initial seeder, yes, you would be able to see their ip, but, that's the users responsibility, plus it's a private site I'm not going to advertise- at least for now! At the moment, it's just for close friends and family; that and there are still bugs, as you can see!:) Right now it's just more "Can i do it" kinda thing!
     
  11. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Man i even set up CCProxy to be a cascading proxy pointing to privoxy!
    CCProxy 127.0.0.1:808
    Cascading to
    Privoxy 127.0.0.1:8118

    Set firefox to go to proxy 127.0.0.1:808 and it works goes throue privoxy and tor!

    Set Apache to go to 127.0.0.1:808(CCProxy)
    And Nothing!

    SO i am now thinking that the problem is 99.9% with Privoxy!
    There must be some change i can make to privoxy to make this work!:doubt:
     
  12. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Are you seeing the correct URL appearing in Privoxy's log? If so, then the reason for the blank page is almost surely a filtering issue (Privoxy is first and foremost a web filter) so try disabling them.

    See this post for replacement Privoxy configuration files (Kye-U's work) which disable almost all filtering - intended for cases where another web filter (e.g. Proxomitron) is being used, removing the need for Privoxy to do anything other than provide Socks connectivity.
     
    Last edited: Mar 7, 2008
  13. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    Nope i download the privoxy config files and that still didn't work!
    And no the connection was never made according to privoxy's log file!

    This might be over kill, but this is what i tried next!

    I installed BackTrack v2 in vmware!
    Updated the preinstalled version of tor, then configured privoxy to accecpt connections on the local network not just localhost!

    listen-address 127.0.0.1:8118
    2
    listen-address 169.254.0.1:8118

    Now back in the windows box i set up firefox to point to privoxy running on backtrack, It works! so now i change my httpd.conf file to point to privoxy on backtrack, (Hoping that being on linux it would work) but once again NOTHING!!!

    I dont understand why privoxy is not allowing this connection!
    I have put a copy of my server with torrent software installed and ready to go on The Pirate Bay, so if anyone could download a copy and maybe see if there is anything they can do to make it work it would be much apreshiated!

    http://thepiratebay.org/tor/4030235/

    Thanks for everyones time!
     
  14. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Is Privoxy running on a different system from Apache? If so (even if on a VM), then you need to add that machine's IP address to its listen-address option (you mention a 169.254.x.x address, this is assigned in cases where DHCP has failed - the proper IP address should be used, most likely 192.168.x.x if behind a router).
     
  15. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    It is running on the same system, other than when i tried running im vmware!
    the reason for the 169.254.x.x address is im running WooWeb,
    My laptop picks up wireless from upstairs then i use wooweb to connect the rest of my lan, so all the lan computers are given a 169.254.x.x address. so even the vmware system would get the same type of address when i use bridged networking!
     
  16. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    well my only other option is to use public trackers:mad:
    but if they go down so does my site:mad:
    i could always go to no-ip and setup an account to point to my ip but that wouldn't be very hidden:mad:

    does anyone have any other idea's??
    the tracker works it's just that the site cant updade the torrents, if nobody can help i guess this idea was a failure!:mad:
     
  17. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It seems that the problem is with getting Apache to talk to Privoxy. Try changing Apache's proxy settings to specify the actual LAN address rather than 127.0.0.1 - if that doesn't work (and Privoxy is working with other software) then you'd be better served posting a query in an Apache support forum.
     
  18. ProjectMimic

    ProjectMimic Registered Member

    Joined:
    Mar 1, 2008
    Posts:
    12
    nope that didn't work!
    Well do you know a good place were i could find an answer!

    how long do you think
    http://denis.stalker.h3q.com:6969/announce
    will be up?
    it would almost be easier because then my users wouldn't have to set up utorrent or any other bittorrent client.
    Really i should just do that then mod torpark or somthing, well i guess that wouldn't work in less i add privoxy so it can look at hidden service address.
    but if i did add privoxy then updated the tor.exe and change the home page to my site and re-distro??

    any thoughtso_O
     
Loading...
Thread Status:
Not open for further replies.