OnionPi (Tor Proxy)

Image
Non-game related chat
Post Reply
User avatar
0v3rz34l0u5
Warrant Officer
Warrant Officer
Posts: 1054
Joined: Sat Apr 29, 2017 9:35 pm
Gender: Male
Steam: http://steamcommunity.com/id/0v3rz34l0u5
Location: Cambridgeshire

OnionPi (Tor Proxy)

Post by 0v3rz34l0u5 » Sat Sep 08, 2018 8:10 pm

If any of you wish to make an OnionPi (a Raspberry Pi with Tor installed), please feel free to leach from my experience (and my habit of documenting what I do).

You will need:
A Raspberry Pi 3B (or B+ if you want 802.11ac) and case (optional).
An 8GB microSD card.
An ethernet cable.
A micro USB cable.
A HDMI cable (and adapter if your monitor doesn't support HDMI).
A wireless keyboard and mouse (a wired keyboard and mouse will also work) - I use a Tukzer mini keyboard with touchpad.

This guide was written for an OnionPi based in the UK, using a Raspberry Pi 3B running Raspbian Stretch with Desktop 27th June 2018.

After configuring your OnionPi, there are a lot of ways you can be identified even if your IP address is changed. Please go to https://www.torproject.org/ for more information on how to stay anonymous.

1. Download the latest version of Raspian from the Raspberry Pi Foundation.
Download from https://www.raspberrypi.org/downloads/raspbian/

2. "Burn" the image to the SD card using Win32 Disk Imager.
Download from https://sourceforge.net/projects/win32diskimager/

3. Connect power (microUSB), network and a monitor to the Pi and allow it to boot up then follow the "Welcome to Raspberry Pi" wizard.
• Set the password for user 'pi'.
• Skip connecting the pi to a wireless network as it will be a wireless access point.
• Skip updating Raspbian as I have experienced issues with it.

4. Enable remote GUI access (and do some optional customisations to the desktop): Go to "Start", Preferences, Raspberry Pi Configuration.
• Disable System Splash Screen
• Enable VNC Interface.

If you are using an English (US) keyboard:
• Go to "Start", Preferences, Main Menu Editor.
• Preferences: Tick Mouse and Keyboard Settings.
• Go to "Start", Preferences, Mouse and Keyboard Settings.
• Change the Keyboard Layout to English (US).

OPTIONAL - Go to "Start", Preferences, Appearance Settings.
• Desktop: change the background.
• Desktop: hide the wastebasket.
• Taskbar: change the size of the taskbar.
• Taskbar: reposition the taskbar to the bottom.

OPTIONAL - Go to "Start", Preferences, Main Menu Editor.
• Untick "Programming, Office, Other, Games, Education, Graphics, Sound & Video, System Tools, Universal Access and Help.
• Accessories: Untick Archiver, Calculator, File Manager, Image Viewer, PDF Viewer, SD Card Copier, Text Editor.
• Preferences: Untick Recommended Software but tick Theme and Appearance Settings.

OPTIONAL - Go to "Start", Preferences, Theme and Appearance Settings.
• Change Widget style to Adwaita-dark.
• Change Window Border theme to Nightmare-01.

OPTIONAL - Disable Bluetooth and Sound (the icons are in the top right).

OPTIONAL - Right click anywhere on the taskbar and click Add / Remove Panel Items.
• Remove Bluetooth, Volume Control (and the spacer below) and Ejector.
• Select Application Launch Bar and then click Preferences.
○ Remove Web Browser, File Manager, Mathematica and Wolfram.
○ Add Task Manager (Accessories).

5. Install the relevant software so that you can configure the Pi to be a DHCP server: Open the Terminal and type (wait for each command to finish before proceeding).
• sudo apt-get update
• sudo apt-get install hostapd isc-dhcp-server
○ type y and press enter.
• sudo apt-get install iptables-persistent
○ type y and press enter.
○ The package configuration wizard will be displayed. Click yes to both.

6. Set up the DHCP server.
• Run sudo nano /etc/dhcp/dhcpd.conf
• Find the lines
1. default-lease-time 600;
2. max-lease-time 7200;
• Add a # to the beginning of them (you'll re-add them later)
1. #default-lease-time 600;
2. #max-lease-time 7200;
• Find the lines
1. option domain-name "example.org";
2. option domain-name-servers ns1.example.org, ns2.example.org;
• Add a # to the beginning of them.
1. #option domain-name "example.org";
2. #option domain-name-servers ns1.example.org, ns2.example.org;
• Find the lines
1. # If this DHCP server is the official DHCP server for the local
2. # network, the authoritative directive should be uncommented.
3. #authoritative;
• Remove the # from authoritative;
1. # If this DHCP server is the official DHCP server for the local
2. # network, the authoritative directive should be uncommented.
3. authoritative;
• Scroll down the bottom and add the following lines. Note, don't forget the ; at the end of each line!!
1. subnet 10.255.1.0 netmask 255.255.255.0 {
2. range 10.255.1.10 10.255.1.50;
3. option broadcast-address 10.255.1.255;
4. option routers 10.255.1.254;
5. default-lease-time 600;
6. max-lease-time 7200;
7. option domain-name "local";
8. option domain-name-servers 8.8.8.8, 8.8.4.4;
9. }
· Save the file by pressing ctrl-x, pressing y then enter.
• sudo nano /etc/default/isc-dhcp-server
• Find the lines
1. INTERFACESv4""
2. INTERFACESv6""
• Add wlan0 between the speech marks for v4 and add # to v6
1. INTERFACESv4"wlan0"
2. #INTERFACESv6""
• Save the file by pressing ctrl-x, pressing y then enter.
• sudo cp /run/systemd/generator.late/isc-dhcp-server.service /etc/systemd/system
• sudo nano /etc/systemd/system/isc-dhcp-server.service
• Find the line
Restart=no
• Edit from no to on-failure
Restart=on-failure
• Add RestartSec=1 underneath
1. Restart=on-failure
2. RestartSec=1
• Scroll down the bottom and add the following lines.
1. [Install]
2. WantedBy=multi-user.target
• Save the file by pressing ctrl-x, pressing y then enter.
• sudo systemctl daemon-reload
• sudo systemctl disable isc-dhcp-server
• sudo systemctl enable isc-dhcp-server

7. Set up wlan0 for static IP.
• sudo nano /etc/dhcpcd.conf
• Scroll down the bottom and add the following lines.
1. interface eth0
2.
3. interface wlan0
4. static ip_address=10.255.1.254/24
• Save the file by pressing ctrl-x, pressing y then enter.

8. Configure the AP.
• Run sudo nano /etc/hostapd/hostapd.conf
• Add the following lines.
1. interface=wlan0
2. ssid=OnionPi
3. country_code=GB (this ISO alpha-2 coding) https://www.gov.uk/government/publicati ... y-codes--2
4. hw_mode=g
5. channel=13
6. macaddr_acl=0
7. auth_algs=1
8. ignore_broadcast_ssid=0
9. wpa=2
10. wpa_passphrase=Password
11. wpa_key_mgmt=WPA-PSK
12. wpa_pairwise=CCMP
13. wpa_group_rekey=86400
14. ieee80211n=1
15. wmm_enabled=1
• Make sure each line has no extra spaces at the end or beginning then save the file by pressing ctrl-x, pressing y then enter.
• sudo nano /etc/default/hostapd
• Find the line
#DAEMON_CONF=""
• Remove the # and add /etc/hostapd/hostapd.conf between the speech marks.
DAEMON_CONF="/etc/hostapd/hostapd.conf"
• Save the file by pressing ctrl-x, pressing y then enter.
• sudo nano /etc/init.d/hostapd
• Find the line
DAEMON_CONF=
• Add /etc/hostapd/hostapd.conf
DAEMON_CONF=/etc/hostapd/hostapd.conf
• Save the file by pressing ctrl-x, pressing y then enter.

9. Configure NAT.
• Run sudo nano /etc/sysctl.conf
• Scroll down the bottom and add
net.ipv4.ip_forward=1
• Save the file by pressing ctrl-x, pressing y then enter.
• sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
• sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
• sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
• sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
• Check the tables
• sudo iptables -t nat -S
• sudo iptables -S
• If all looks correct, run sudo sh -c "iptables-save > /etc/iptables/rules.v4"
• If you have made a mistake, reboot (sudo reboot) and then run the three iptables commands again (just press the up key to find them and make any changes).

10. Test the AP!
• Run sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
• Connect to the AP
• Disconnect from the AP
• Disable the AP with ctrl+x
• If all went well, run sudo service hostapd start
• Sudo rm /run/dhcpd.pid
• sudo service isc-dhcp-server start
• sudo udpate-rc.d hostapd enable
• Sudo update-rc.d isc-dhcp-server enable

11. Install Tor.
• Run sudo apt-get install tor
○ type y and press enter.
• sudo nano /etc/tor/torrc
• Add the following to the top of the file
1. Log notice file /var/log/tor/notices.log
2. VirtualAddrNetwork 10.192.0.0/10
3. AutomapHostsSuffixes .onion,.exit
4. AutomapHostsOnResolve 1
5. TransPort 9040
6. TransListenAddress 10.255.1.254
7. DNSPort 53
8. DNSListenAddress 10.255.1.254
• Save the file by pressing ctrl-x, pressing y then enter.
• Run sudo touch /var/log/tor/notices.log
• sudo chown debian-tor /var/log/tor/notices.log
• sudo chmod 644 /var/log/tor/notices.log

12. Update NAT so that traffic is routed through the Tor software.
• Run sudo iptables -F
• sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
• sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
• sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
• sudo iptables -t nat -L
• Check the tables
• sudo iptables -t nat -L
• If all looks correct, run sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"
• If you have made a mistake, reboot (sudo reboot) and then run the three iptables commands again (just press the up key to find them and make any changes).

13. Enable Tor
• Run sudo service tor start
• sudo update-rc.d tor enable
• sudo reboot

14. Test!
• On a device connected to the OnionPi, go to Google and search what's my IP.
• On a device not connected to the OnionPi, go to Google and search what's my IP.
• The IP addresses should be different. If they're not, something hasn't gone right.

To manage remotely, download VNC Viewer and connect to the IP address of the OnionPi.

If you have any issues, please contact me and I'll see if I can help!
Image

overzealous (adjective)
Too zealous; too enthusiastic or fervent.
"With his overzealous attempts to impress, he only managed to annoy them."

User avatar
Age.
Admiral Of The Fleet
Admiral Of The Fleet
Posts: 3938
Joined: Mon Jul 30, 2007 10:10 am
Gender: Male
Steam: http://steamcommunity.com/id/age_uk
Twitter: http://www.twitter.com/age_dub
Facebook: https://www.facebook.com/TheProvokedPrawn/
Location: Essex
Contact:

Re: OnionPi (Tor Proxy)

Post by Age. » Sun Sep 09, 2018 7:06 pm

I was under the impression that using Toronto was a bad idea as its linked to the Dark Web and is likely to bring attention to you, ironically, when you're trying to avoid it. Correct me if I'm wrong of course.
HILARIOUS Youtube videos
Image
--->Donate to keep EBS alive<---
If you have problems, be sure to check the Guides Section for simple idiot-proof guides with screenshots 'n' all.

User avatar
0v3rz34l0u5
Warrant Officer
Warrant Officer
Posts: 1054
Joined: Sat Apr 29, 2017 9:35 pm
Gender: Male
Steam: http://steamcommunity.com/id/0v3rz34l0u5
Location: Cambridgeshire

Re: OnionPi (Tor Proxy)

Post by 0v3rz34l0u5 » Sun Sep 09, 2018 8:26 pm

A Tor proxy won’t stop you being anonymous per se but it’ll help protect against ISPs tracking your surfing habits. https://www.torproject.org/about/overview.html.en

Tor has a bad rep for being used solely to access the dark web but it’s reported that it’s only 3% of traffic that does. https://www.theregister.co.uk/2017/07/29/tor_dark_web/

Remember that there’s the deep web too! :P
Image

overzealous (adjective)
Too zealous; too enthusiastic or fervent.
"With his overzealous attempts to impress, he only managed to annoy them."

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests