forum.opennet.ru

Составление сообщения

Исходное сообщение

"Выпуск sandboxed-tor-browser, прослойки для изоляции Tor Bro..."
Отправлено vi, 13-Дек-16 17:46

>> Есть ли возможность узнать что-то особое о хосте, из виртуалбокса к примеру?
> Ping из виртуалбокса без проблем раскроет IP-адрес основной системы, чтобы этого небыло
> нужно городить хитрый проброс всего трафика через tor proxy.
Хитрый, говорите...
# # Add group and user
# groupadd -g 17500 whowho
# useradd -m -s /bin/sh -G whowho -c "Wgotsy" wgotsy
# passwd wgotsy
# su - wgotsy
$ mkdir ~/opt
$ cd ~/opt
# # Download and install tor-browser
# #
# # https://www.torproject.org/download/download-easy.html#linux
$ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser...
$ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser...
# #
# # https://www.torproject.org/projects/torbrowser.html.en#downl...
# #
# # Linux Instructions
# #
# # !!! Do not unpack or run TBB as root. !!!
# #
# # Download the architecture-appropriate file above, save it somewhere, then run one of the following two commands to extract the package archive:
# #
# # tar -xvJf tor-browser-linux32-6.0.7_LANG.tar.xz
# #
# # or (for the 64-bit version):
# #
$ tar -xvJf tor-browser-linux64-6.0.7_LANG.tar.xz
# #
# # (where LANG is the language listed in the filename).
# #
# # Once that's done, switch to the Tor browser directory by running:
# #
$ cd tor-browser_LANG
# #
# # (where LANG is the language listed in the filename).
# #
# # To run Tor Browser, click either on the Tor Browser or the Tor Browser Setup icon or execute the start-tor-browser.desktop file in a terminal:
# #
# # !!! Do not unpack or run TBB as root. !!!
# #
$ ./start-tor-browser.desktop
# #
# # !!! Do not unpack or run TBB as root. !!!
# #
# # This will launch Tor Launcher and once that connects to Tor, it will launch Firefox.
# #

# # Get user gid
$ id
uid=17222(wgotsy) gid=17222(wgotsy) группы=17222(wgotsy),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),60(games),104(scanner),107(bluetooth),109(netdev),17500(whowho)
$ exit
$ su - root
Make firewall rules
# echo '
:
TOTOR_GID="17222"
if test -z "${TOTOR_GID}" ; then exit ; fi
LOCAL_TOR_PORTS="9150,9151"
REMOTE_TOR_PORTS="9050"
REMOTE_TOR_HOST="192.168.57.62"

## OUTPUT ##
# Clear previous output firewall rules
# Re-create OUTPUT-torify-clnt if it doesn't exist
ipt_all -N OUTPUT-torify-clnt || true
ipt_all -F OUTPUT-torify-clnt || true
ipt_all -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_all -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_all -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN
#ipt_all -A OUTPUT-torify-clnt -j LOG
##ipt_all -A OUTPUT-torify-clnt -m tcp -p tcp -m owner --gid-owner "${TOTOR_GID}" -j DROP
##ipt_all -A OUTPUT-torify-clnt -m udp -p udp -m owner --gid-owner "${TOTOR_GID}" -j DROP
##ipt_all -A OUTPUT-torify-clnt -m owner --gid-owner "${TOTOR_GID}" -j DROP

## IPv4 OUTPUT in table nat ##
# Clear previous output firewall rules
# Re-create OUTPUT-torify-clnt if it doesn't exist
ipt_inet -t nat -N OUTPUT-torify-clnt || true
ipt_inet -t nat -F OUTPUT-torify-clnt || true
ipt_inet -t nat -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_inet -t nat -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_inet -t nat -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN
ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN
ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN
ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -d "${REMOTE_TOR_HOST}" --dport "${REMOTE_TOR_PORTS}" -j RETURN
ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -d "${REMOTE_TOR_HOST}" --dport "${REMOTE_TOR_PORTS}" -j RETURN
ipt_inet -t nat -A OUTPUT-torify-clnt -j LOG
ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}"
ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}"

## IPv6 OUTPUT in table mangle ##
# Clear previous output firewall rules
# Re-create OUTPUT-torify-clnt if it doesn't exist
ipt_inet6 -t mangle -N OUTPUT-torify-clnt || true
ipt_inet6 -t mangle -F OUTPUT-torify-clnt || true
ipt_inet6 -t mangle -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_inet6 -t mangle -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt || true
ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN
ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN
ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN
ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j LOG
#ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}"
#ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}"
ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j DROP
' > /etc/My_Favorit_Firewall/rules/60torify-client.rules
# service My_Favorit_Firewall reload

Далее (в следующей части) настройка Tor (запускаемого вместе с tor-browser-ом) and Tor-browser (хотя его как раз настраивать не надо) от пользователя.
;)

Исходное сообщение
"Выпуск sandboxed-tor-browser, прослойки для изоляции Tor Bro..." Отправлено vi, 13-Дек-16 17:46
>> Есть ли возможность узнать что-то особое о хосте, из виртуалбокса к примеру? > Ping из виртуалбокса без проблем раскроет IP-адрес основной системы, чтобы этого небыло > нужно городить хитрый проброс всего трафика через tor proxy. Хитрый, говорите... # # Add group and user # groupadd -g 17500 whowho # useradd -m -s /bin/sh -G whowho -c "Wgotsy" wgotsy # passwd wgotsy # su - wgotsy $ mkdir ~/opt $ cd ~/opt # # Download and install tor-browser # # # # https://www.torproject.org/download/download-easy.html#linux $ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser... $ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser... # # # # https://www.torproject.org/projects/torbrowser.html.en#downl... # # # # Linux Instructions # # # # !!! Do not unpack or run TBB as root. !!! # # # # Download the architecture-appropriate file above, save it somewhere, then run one of the following two commands to extract the package archive: # # # # tar -xvJf tor-browser-linux32-6.0.7_LANG.tar.xz # # # # or (for the 64-bit version): # # $ tar -xvJf tor-browser-linux64-6.0.7_LANG.tar.xz # # # # (where LANG is the language listed in the filename). # # # # Once that's done, switch to the Tor browser directory by running: # # $ cd tor-browser_LANG # # # # (where LANG is the language listed in the filename). # # # # To run Tor Browser, click either on the Tor Browser or the Tor Browser Setup icon or execute the start-tor-browser.desktop file in a terminal: # # # # !!! Do not unpack or run TBB as root. !!! # # $ ./start-tor-browser.desktop # # # # !!! Do not unpack or run TBB as root. !!! # # # # This will launch Tor Launcher and once that connects to Tor, it will launch Firefox. # # # # Get user gid $ id uid=17222(wgotsy) gid=17222(wgotsy) группы=17222(wgotsy),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),60(games),104(scanner),107(bluetooth),109(netdev),17500(whowho) $ exit $ su - root Make firewall rules # echo ' : TOTOR_GID="17222" if test -z "${TOTOR_GID}" ; then exit ; fi LOCAL_TOR_PORTS="9150,9151" REMOTE_TOR_PORTS="9050" REMOTE_TOR_HOST="192.168.57.62" ## OUTPUT ## # Clear previous output firewall rules # Re-create OUTPUT-torify-clnt if it doesn't exist ipt_all -N OUTPUT-torify-clnt \|\| true ipt_all -F OUTPUT-torify-clnt \|\| true ipt_all -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_all -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_all -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN #ipt_all -A OUTPUT-torify-clnt -j LOG ##ipt_all -A OUTPUT-torify-clnt -m tcp -p tcp -m owner --gid-owner "${TOTOR_GID}" -j DROP ##ipt_all -A OUTPUT-torify-clnt -m udp -p udp -m owner --gid-owner "${TOTOR_GID}" -j DROP ##ipt_all -A OUTPUT-torify-clnt -m owner --gid-owner "${TOTOR_GID}" -j DROP ## IPv4 OUTPUT in table nat ## # Clear previous output firewall rules # Re-create OUTPUT-torify-clnt if it doesn't exist ipt_inet -t nat -N OUTPUT-torify-clnt \|\| true ipt_inet -t nat -F OUTPUT-torify-clnt \|\| true ipt_inet -t nat -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_inet -t nat -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_inet -t nat -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -d "${REMOTE_TOR_HOST}" --dport "${REMOTE_TOR_PORTS}" -j RETURN ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -d "${REMOTE_TOR_HOST}" --dport "${REMOTE_TOR_PORTS}" -j RETURN ipt_inet -t nat -A OUTPUT-torify-clnt -j LOG ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" ## IPv6 OUTPUT in table mangle ## # Clear previous output firewall rules # Re-create OUTPUT-torify-clnt if it doesn't exist ipt_inet6 -t mangle -N OUTPUT-torify-clnt \|\| true ipt_inet6 -t mangle -F OUTPUT-torify-clnt \|\| true ipt_inet6 -t mangle -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_inet6 -t mangle -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| true ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j LOG #ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" #ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j DROP ' > /etc/My_Favorit_Firewall/rules/60torify-client.rules # service My_Favorit_Firewall reload Далее (в следующей части) настройка Tor (запускаемого вместе с tor-browser-ом) and Tor-browser (хотя его как раз настраивать не надо) от пользователя. ;)

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>>> Есть ли возможность узнать что-то особое о хосте, из виртуалбокса к примеру? >> Ping из виртуалбокса без проблем раскроет IP-адрес основной системы, чтобы этого небыло >> нужно городить хитрый проброс всего трафика через tor proxy. > Хитрый, говорите... > # # Add group and user > # groupadd -g 17500 whowho > # useradd -m -s /bin/sh -G whowho -c "Wgotsy" wgotsy > # passwd wgotsy > # su - wgotsy > $ mkdir ~/opt > $ cd ~/opt > # # Download and install tor-browser > # # > # # https://www.torproject.org/download/download-easy.html#linux > $ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser-linux64-6.0.7_ru.tar.xz > $ wget -c https://www.torproject.org/dist/torbrowser/6.0.7/tor-browser-linux64-6.0.7_ru.tar.xz.asc > # # > # # https://www.torproject.org/projects/torbrowser.html.en#downloads > # # > # # Linux Instructions > # # > # # !!! Do not unpack or run TBB as root. !!! > # # > # # Download the architecture-appropriate file above, save it somewhere, then run > one of the following two commands to extract the package archive: > # # > # # tar -xvJf tor-browser-linux32-6.0.7_LANG.tar.xz > # # > # # or (for the 64-bit version): > # # > $ tar -xvJf tor-browser-linux64-6.0.7_LANG.tar.xz > # # > # # (where LANG is the language listed in the filename). > # # > # # Once that's done, switch to the Tor browser directory by > running: > # # > $ cd tor-browser_LANG > # # > # # (where LANG is the language listed in the filename). > # # > # # To run Tor Browser, click either on the Tor Browser > or the Tor Browser Setup icon or execute the start-tor-browser.desktop file > in a terminal: > # # > # # !!! Do not unpack or run TBB as root. !!! > # # > $ ./start-tor-browser.desktop > # # > # # !!! Do not unpack or run TBB as root. !!! > # # > # # This will launch Tor Launcher and once that connects to > Tor, it will launch Firefox. > # # > # # Get user gid > $ id > uid=17222(wgotsy) gid=17222(wgotsy) группы=17222(wgotsy),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),60(games),104(scanner),107(bluetooth),109(netdev),17500(whowho) > $ exit > $ su - root > Make firewall rules > # echo ' > : > TOTOR_GID="17222" > if test -z "${TOTOR_GID}" ; then exit ; fi > LOCAL_TOR_PORTS="9150,9151" > REMOTE_TOR_PORTS="9050" > REMOTE_TOR_HOST="192.168.57.62" > ## OUTPUT ## > # Clear previous output firewall rules > # Re-create OUTPUT-torify-clnt if it doesn't exist > ipt_all -N OUTPUT-torify-clnt \|\| true > ipt_all -F OUTPUT-torify-clnt \|\| true > ipt_all -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| > true > ipt_all -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| > true > ipt_all -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN > #ipt_all -A OUTPUT-torify-clnt -j LOG > ##ipt_all -A OUTPUT-torify-clnt -m tcp -p tcp -m owner --gid-owner "${TOTOR_GID}" -j > DROP > ##ipt_all -A OUTPUT-torify-clnt -m udp -p udp -m owner --gid-owner "${TOTOR_GID}" -j > DROP > ##ipt_all -A OUTPUT-torify-clnt -m owner --gid-owner "${TOTOR_GID}" -j DROP > ## IPv4 OUTPUT in table nat ## > # Clear previous output firewall rules > # Re-create OUTPUT-torify-clnt if it doesn't exist > ipt_inet -t nat -N OUTPUT-torify-clnt \|\| true > ipt_inet -t nat -F OUTPUT-torify-clnt \|\| true > ipt_inet -t nat -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| > true > ipt_inet -t nat -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt \|\| > true > ipt_inet -t nat -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN > ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d > localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN > ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d > localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN > ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -d "${REMOTE_TOR_HOST}" --dport > "${REMOTE_TOR_PORTS}" -j RETURN > ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -d "${REMOTE_TOR_HOST}" --dport > "${REMOTE_TOR_PORTS}" -j RETURN > ipt_inet -t nat -A OUTPUT-torify-clnt -j LOG > ipt_inet -t nat -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination > "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" > ipt_inet -t nat -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination > "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" > ## IPv6 OUTPUT in table mangle ## > # Clear previous output firewall rules > # Re-create OUTPUT-torify-clnt if it doesn't exist > ipt_inet6 -t mangle -N OUTPUT-torify-clnt \|\| true > ipt_inet6 -t mangle -F OUTPUT-torify-clnt \|\| true > ipt_inet6 -t mangle -D OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt > \|\| true > ipt_inet6 -t mangle -I OUTPUT -m owner --gid-owner "${TOTOR_GID}" -j OUTPUT-torify-clnt > \|\| true > ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m owner ! --gid-owner "${TOTOR_GID}" -j RETURN > ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -m multiport -d > localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN > ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -m multiport -d > localhost --destination-ports "${LOCAL_TOR_PORTS}" -j RETURN > ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j LOG > #ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m tcp -p tcp -j DNAT --to-destination > "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" > #ipt_inet6 -t mangle -A OUTPUT-torify-clnt -m udp -p udp -j DNAT --to-destination > "${REMOTE_TOR_HOST}":"${REMOTE_TOR_PORTS}" > ipt_inet6 -t mangle -A OUTPUT-torify-clnt -j DROP > ' > /etc/My_Favorit_Firewall/rules/60torify-client.rules > # service My_Favorit_Firewall reload > Далее (в следующей части) настройка Tor (запускаемого вместе с tor-browser-ом) and Tor-browser > (хотя его как раз настраивать не надо) от пользователя. > ;)
	Введите код, изображенный на картинке:

При общении не допускается: неуважительное отношение к собеседнику, хамство, унизительное обращение, ненормативная лексика, переход на личности, агрессивное поведение, обесценивание собеседника, провоцирование флейма голословными и заведомо ложными заявлениями. Не отвечайте на сообщения, явно нарушающие правила - удаляются не только сами нарушения, но и все ответы на них. Лог модерирования.

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру