On 5 October 2012 11:37, <antispa...@sent.at> wrote: > This is a request. Would someone be so kind as to add a tutorial, in > fact, several tutorials for how to test/see if an app is Tor ready?
There's some wiki articles, but I'm surprised there wasn't a simple one... For Linux, I think the fastest/most naive way would be: 1) Set up a tor bridge on another host in your network/on the internet 2) Boot your client/testing machine from a LiveCD 3) Install Tor, have it point to the bridge 4) Install shorewall (or use iptables, but I don't know the correct iptables commands) 5) /etc/shorewall/zones: fw firewall net ipv4 6) /etc/shorewall/interfaces net eth0 detect dhcp 7) /etc/shorewall/policy fw net DROP warn net fw DROP info 8) /etc/shorewall/rules ACCEPT $FW bridgeip tcp bridgeport 9) This should prevent anything from leaving your machine that doesn't go to that single port on that single ip over TCP. Tail your logs, and let your machine quiet down. Stop any ntp services, system updates, etc. Get it so your machine is sending no traffic. 10) Start up your application, use *every single feature* and make sure it's all being correctly proxied through tor. Anything that shows up in your logs is a leak. investigate it. I purposely did not put this guide on the wiki, because this is stream of consciousness, and it's probably missing something. (For example, you should confirm that it correct stops outgoing icmp and udp.) Try it out, flesh it out, work out the kinks, write it more verbosely with samples and screenshots, and then put it on the wiki Finally, the application may read your IP address or another de-anonymizing information and send it over Tor. This is another class of leak, much harder to detect. In addition to what I wrote, you really should read all of what is on the wiki also: - https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver - https://trac.torproject.org/projects/tor/wiki/doc/Preventing_Tor_DNS_Leaks - https://trac.torproject.org/projects/tor/wiki/doc/PreventingDnsLeaksInTor - https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO - https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks It's long, but you're now doing work as a developer, not a user - you owe it to the users of *your* work to make every effort to do it correctly. -tom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
