Tor improves censorship

This is the version of Tor 11.5, considered an important release and that brings some improvements to allow users to avoid censorship when browsing. Already a year ago, with version 10.5, they began to focus on circumventing censorship and thus allowing users to navigate without problems.

One of the improvements in Tor 11.5 is that users no longer have to manually try bridge settings to unblock Tor. Now it brings a new feature that they have called Connection Assistance. What it does is automatically assign the bridge settings that work correctly based on the user’s location.

Basically what this feature does is track and download an updated list of different options depending on the country and thus use the best settings. However, the Connection Assistance feature is at an early stage and Tor asks users to report any bugs they may encounter.

On the other hand, there is another interesting feature included in Tor 11.5: HTTPS enabled by default. HTTPS only mode will be the default browsing mode and the connection will be made through a secure tunnel. This is important, since its function is to prevent data exchange between users and servers from leaking, since it is encrypted. It is very useful to avoid Main in the Middle attacks.

More network configuration options

In addition to the previous two changes, they have also included a new network configuration option. They call this feature Connection Settings. The goal is to improve the search for certain specific configurations. This will allow users to make certain changes in a simpler and more understandable way.

Keep in mind that keeping everything up to date is essential to avoid security problems. Therefore, our advice is to update the Tor browser with this new version. Not only are you going to have certain improvements and changes that they can make, but also fix possible vulnerabilities that may appear and thus prevent hackers from exploiting bugs.

You can go to the official Tor page and download the new version there. But you can also update it directly from the application, in case you already have it installed. To do this you just have to go to the menu at the top right, go to Help and click on About Tor Browser.

It will automatically start looking for new versions and, if it is available, it will update it without you having to do anything else. You will always be able to see exactly which version you have installed on your computer.

The post New version of Tor browser makes it easier for users to evade government attempts to block its use appeared first on Information Security Newspaper | Hacking News.

Today we will show you that how you can redirect your web traffic using tor proxies.We will use TOR-Router, a project from github. TOR router redirects all files under web traffic

• For testing we will use Kali Linux 2018.4 amd64. Open terminal type git clone https://github.com/Edu4rdSHL/tor-router.git
• Before installing ensure that TOR is installed. For that type sudo apt-get update & sudo apt-get install tor
• Type cd tor-router
• Type sudo bash install.sh && cd files
• After installing tor, must configure that following lines are written in the end.
• For that type nano /etc/tor/torrc & copy the below lines. These are lines are the configuration of TOR browser.

# Seting up TOR transparent proxy for tor-router
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 5353

• After configuring restart the tor service.
• Open another terminal type cd /home/iicybersecurity/Downloads/tor-router/files && type sudo ./tor-router
• Now the tor service has started.
• For checking if the tor is configured to redirect traffic. Open  https://check.torproject.org link from Mozilla firefox web browser.

• Above you can see that this web browser is configured to use tor. For checking the dns leak test go to : https://dnsleaktest.com/

• In DNS leak, it showing its current location in Switzerland. For final configuration we will check through what is my ip address website.
• Go to : whatsismyipaddress.com

• You can see it current location is in Guwahati (Assam) with Tor exit node.

The post How to Redirect Web Traffic Using Tor easily appeared first on Information Security Newspaper | Hacking News.

Brave has an integrated feature for integration into the Tor network, providing users with advanced security and privacy features to best hide their online activity, as well as access websites with .onion domain, hosted on dark web.

Earlier this Friday, a blog user at Ramble reported that Brave was leaking DNS requests made in the browser, information that was shared with their Internet service provider. It is important to mention that DNS requests are not encrypted, so it is possible to track these records to reach websites visited by users, even if they are hosted on Tor and accessed through Brave.

“Internet service providers know which pages we are visiting on the Tor network,” the user says in their post. This report quickly went viral among Brave enthusiasts, to the extent that well-known researchers such as James Kettle conducted rapid scrutiny of the browser employed analysis tools such as Wireshark.

In his report, Kettle confirmed what Ramble’s user mentioned: “I can confirm that it’s true; Brave browser Tor mode is filtering out the .onion addresses that users are visiting.”

As you may remember, this tool was specifically developed as an anonymous browsing tool, so this is not a minor incident. The incident has already impacted Brave’s image, which has spent the latest hours dealing with its users’ complaints through social media. To make matters worse, it appears that Brave has received a similar behavior report since April 2019 through his Github repository.

Soon after, a Brave representative confirmed this situation, adding that its developers will begin an investigation and release a fix to the issue, which they claim is not present in nighty, the developer version of Brave.

“We’re elevating the fix to a stable review,” one of Brave’s developers mentioned through his Twitter account. This person reports that the cause of this issue is related to cnme-based ad blocking regression, which uses a separate DNS query. To learn more about information security risks, malware, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.

The post Brave exposes activity logs in Tor; private browsing data is leaked appeared first on Information Security Newspaper | Hacking News.

Keeping yourself anonymous is sometimes your job requirement or for fun. Hackers always find ways to keep their internet traffic completely anonymous and if a hacker is given option to select proxy server of his/her choice than its a cherry on cream.

You all must be aware of TOR, today we will talk about a tool that will help you to select proxy server or TOR exit node of your choice easily. Using this tool, we can connect to any country using country ISO code. According to researcher of International Institute of Cyber Security TorGhostNg blocks all non TOR traffic through Iptables and redirects all the traffic to TOR network.

Environment

• OS: Kali Linux 2020
• Kernel-Version: 5.5.0

Installation Steps

• Use this command to clone the project.
• git clone https://github.com/githacktools/TorghostNG

root@kali:/home/iicybersecurity# git clone https://github.com/githacktools/TorghostNG
Cloning into 'TorghostNG'…
remote: Enumerating objects: 81, done.
remote: Counting objects: 100% (81/81), done.
remote: Compressing objects: 100% (79/79), done.
remote: Total 215 (delta 46), reused 0 (delta 0), pack-reused 134
Receiving objects: 100% (215/215), 80.06 KiB | 266.00 KiB/s, done.
Resolving deltas: 100% (117/117), done.

• Use the cd command to enter into Torghost directory

root@kali:/home/iicybersecurity# cd TorghostNG/
root@kali:/home/iicybersecurity/TorghostNG#

• Now, use this command to install dependencies sudo python3 install.py

root@kali:/home/iicybersecurity/TorghostNG# sudo python3 install.py
[+] Applying display language… Done
TorghostNG 1.3 - Make all your internet traffic anonymized through Tor proxy
Rewritten from TorGhost with Python 3
[i] tor is already installed
[i] macchanger is already installed
[i] pip3 is already installed
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support
WARNING: Skipping pyinstaller as it is not installed.
[+] Installing PyInstaller…
Collecting pyinstaller
Downloading PyInstaller-3.6.tar.gz (3.5 MB)
|████████████████████████████████| 3.5 MB 1.4 MB/s
Installing build dependencies … done
Getting requirements to build wheel … done
Preparing wheel metadata … done
Collecting altgraph
=======================================================================================================SNIP========================================================================================
13158 INFO: checking PYZ
13159 INFO: Building PYZ because PYZ-00.toc is non existent
13159 INFO: Building PYZ (ZlibArchive) /home/iicybersecurity/TorghostNG/build/torghostng/PYZ-00.pyz
13879 INFO: Building PYZ (ZlibArchive) /home/iicybersecurity/TorghostNG/build/torghostng/PYZ-00.pyz completed successfully.
13888 INFO: checking PKG
13889 INFO: Building PKG because PKG-00.toc is non existent
13889 INFO: Building PKG (CArchive) PKG-00.pkg
19268 INFO: Building PKG (CArchive) PKG-00.pkg completed successfully.
19281 INFO: Bootloader /usr/local/lib/python3.8/dist-packages/PyInstaller/bootloader/Linux-64bit/run
19281 INFO: checking EXE
19282 INFO: Building EXE because EXE-00.toc is non existent
19282 INFO: Building EXE from EXE-00.toc
19283 INFO: Appending archive to ELF section in EXE /home/iicybersecurity/TorghostNG/dist/torghostng
19328 INFO: Building EXE from EXE-00.toc completed successfully.
[*] Done
[i] You can run TorghostNG with 'torghostng'
[i] If you have any questions, take a look at TorghostNG Tutorial Videos here: https://bit.ly/34TNglL
You will love it, i think :D

• Use this command to find help option, sudo torghostng -h

• Now, use this command to start the tor services using the TorHostNg tool, sudo torghostng -s

• Here, we successfully started Tor services.
• In the above picture we saw the IP address.
• Now, let’s verify the IP address by typing this ifconfig.me in the browser.

• Successfully we got the same IP address.

Select the Proxy Server country

• Now you can make your internet traffic anonymized and use Proxy of any country of your choice.
• We can also change the TOR connection to different country, but before we will run sudo torghostng –c to check current TOR exit node IP.

• Now, we go to the new IP.
• Let’s try login to your Gmail account. As we know that when we try to login to any Gmail account, it will ask to authenticate ourself with operating system and location.  Now, Let’s check the mobile phone.

• In the above picture we see gmail account is accessed from France.

• We can also specify a particular country of our choice, by using country ISO country code. Click on this link for ISO Codes https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes
• Use this command to connect the TOR services of a particular country. Sudo torghostng -id au -c
• au is for Australia

• Here, we have connected to a particular country and we can also see check IP address.
• Now, use this command to verify the country
  • whois 139.99.133.150 This will display the complete details about the IP address.

• Successfully we got the details about the IP address and we proxy our traffic through Australia.

Conclusion

We saw how we connect the TOR services using this TorGhostNG tool. Many journalist and other profession people use TOR services to keep themselves safe on internet.

The post Anonymously, Proxy Your Internet Traffic from Any Country of Your Choice appeared first on Information Security Newspaper | Hacking News.

Kalitorify Introduction

Kalitorify is a tool that uses iptables to set transparent proxy via TOR network. This kalitorify sends all your outgoing traffic through the TOR network. Coming back to some basics:

What is Tor?

TOR (The onion router). We use this network to protect ourselves, from outside world and to be safe on the internet by using this TOR network. We can use this browser on our computers and mobile phones.

What is transparent proxy?

A transparent proxy is placed between users and the internet. This proxy doesn’t modify the users’ request, response and sends it to a web server without user knowing about it. A transparent proxy is also called an inline proxy, intercepting proxy, or forced proxy server. We also have a nontransparent proxy, which modifies the users’ requests and responses.

Kalitorify Environment

• OS: Kali Linux 2019.3 64 bit
• Kernel version: 5.2.0

Kalitorify Installation Steps

• Use command sudo apt update
• Next, use command sudo apt install tor -y. To install the tor browser in our OS.
• Use this command to clone the project git clone https://github.com/brainfucksec/kalitorify

root@kali:/home/iicybersecurity# git clone https://github.com/brainfucksec/kalitorify
 Cloning into 'kalitorify'...
 remote: Enumerating objects: 35, done.
 remote: Counting objects: 100% (35/35), done.
 remote: Compressing objects: 100% (24/24), done.
 remote: Total 496 (delta 17), reused 25 (delta 11), pack-reused 461
 Receiving objects: 100% (496/496), 184.44 KiB | 464.00 KiB/s, done.
 Resolving deltas: 100% (264/264), done. 

• Now, use the cd command to enter into the kalitorify directory.
  • cd /kalitorify

 root@kali:/home/iicybersecurity#cd kalitorify/
 root@kali:/home/iicybersecurity/kalitorify# 

• Next, use command kalitorify -h ,to find the help options.

• Now, use command kalitorify -v, to check the kalitorify tool version

• Next, use command kalitorify -t. To start transparent proxy through TOR network

• Next, type ifconfig.me in our browser. It will display details about your browser and your Public IP.

• Use command to kalitorify -s ,to check the status of the TOR network connection and your exit node details. For every 5-10 mins it will change your IP address and TOR node exit country.

• Now, Let’s try login to your Gmail account. As we know that when we try to login to any Gmail account, which has security checked for Two-step authentication.
• We will receive 2-step authentication step screen.
• On your Gmail mail box you will receive alert or if you are having android mobile mobile with that email configured, you will get alert that somebody is trying to login from Austria (which is TOR exit Node) as shown below:

• Now, Let’s check the mobile phone.

• Now, use command kalitorify -r. To restart the TOR services and changes the exit node.

• Next, use command kalitorify -c , To stop transparent proxy through TOR

Nipe Introduction

Nipe is a tool, developed for the people who want to work anonymously. By using this tool we can hide our details and our Kali machine will be connected to the TOR network.

Nipe Environment

• OS: Kali Linux 2019.3 64 bit
• Kernel-Version: 5.2.0

Nipe Installation Steps

• Use command to clone the file git clone https://github.com/GouveaHeitor/nipe

root@kali:/home/iicybersecurity# git clone https://github.com/GouveaHeitor/nipe
 Cloning into 'nipe'...
 remote: Enumerating objects: 45, done.
 remote: Counting objects: 100% (45/45), done.
 remote: Compressing objects: 100% (28/28), done.
 remote: Total 1261 (delta 16), reused 35 (delta 11), pack-reused 1216
 Receiving objects: 100% (1261/1261), 189.49 KiB | 415.00 KiB/s, done.
 Resolving deltas: 100% (667/667), done.

• Next, use cd command to enter into nipe directory

root@kali:/home/iicybersecurity# cd nipe/
 root@kali:/home/iicybersecurity/nipe#

• Now, use the command to install all the configuration files, sudo cpan install Switch JSON Config::Simple

root@kali:/home/iicybersecurity/nipe# sudo cpan install Switch JSON Config::Simple
 Loading internal logger. Log::Log4perl recommended for better logging
 Reading '/root/.cpan/Metadata'
   Database was generated on Tue, 17 Mar 2020 05:41:03 GMT
 Fetching with LWP:
 http://www.cpan.org/authors/01mailrc.txt.gz
 Reading '/root/.cpan/sources/authors/01mailrc.txt.gz'
 ............................................................................DONE
 Fetching with LWP:
 http://www.cpan.org/modules/02packages.details.txt.gz
 Reading '/root/.cpan/sources/modules/02packages.details.txt.gz'
   Database was generated on Sat, 28 Mar 2020 04:29:02 GMT
 .............
   New CPAN.pm version (v2.27) available.
   [Currently running version is v2.22]
   You might want to try
     install CPAN
     reload cpan
   to both upgrade CPAN.pm and run the new version without leaving
   the current session.
  
  
 ...............................................................DONE
 ===================================================================================================================================SNIP========================================================================================================================
 Running make install for SHERZODR/Config-Simple-4.58.tar.gz
 Manifying 1 pod document
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/FIRSTKEY.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/autosplit.ix
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/dump.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/param_hash.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/write_string.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/import_names.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/block.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/FETCH.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/import_from.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/STORE.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/verbose.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/vars.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/hashref.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/TIEHASH.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/errstr.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/NEXTKEY.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/CLEAR.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/EXISTS.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/error.al
 Installing /usr/local/share/perl/5.30.0/auto/Config/Simple/DELETE.al
 Installing /usr/local/share/perl/5.30.0/Config/Simple.pm
 Installing /usr/local/man/man3/Config::Simple.3pm
 Appending installation info to /usr/local/lib/x86_64-linux-gnu/perl/5.30.0/perllocal.pod
   SHERZODR/Config-Simple-4.58.tar.gz
   /usr/bin/make install  -- OK 

• Use this command to install the dependencies, perl nipe.pl install.

 <!--  /* Font Definitions */  @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536869121 1107305727 33554432 0 415 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-469750017 -1073732485 9 0 511 0;}  /* Style Definitions */  p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin-top:0in; margin-right:0in; margin-bottom:8.0pt; margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:"Calibri",sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:8.0pt; line-height:107%;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} --> 
 root@kali:/home/iicybersecurity/nipe# perl nipe.pl install
 Reading package lists... Done
 Building dependency tree Reading state information... Done
 The following packages were automatically installed and are no longer required:
   cython dh-python finger fonts-glyphicons-halflings freeglut3 libglu1-mesa liblinear3 libmng1 libqscintilla2-qt4-l10n libxdot4 python-alembic python-autobahn python-babel
   python-babel-localedata python-backports-abc python-bottle python-cbor python-chameleon python-concurrent.futures python-cssselect python-deprecation python-django python-django-common
   python-editor python-elixir python-filedepot python-flask-babelex python-flask-classful python-flask-login python-flask-mail python-flask-principal python-flask-restless
   python-flask-security python-flask-session python-flask-sqlalchemy python-flaskext.wtf python-formencode python-hupper python-ipy python-lz4 python-marshmallow
   python-marshmallow-sqlalchemy python-mimeparse python-mimerender python-mysqldb python-nplusone python-openid python-packaging python-passlib python-paste python-pastedeploy-tpl
   python-plaster python-png python-psycopg2 python-pydot python-pyparsing python-pyqrcode python-pyquery python-repoze.lru python-scgi python-selenium python-singledispatch python-sip
   python-slugify python-snappy python-speaklater python-sqlalchemy python-sqlalchemy-ext python-sqlalchemy-schemadisplay python-sqlparse python-tempita python-tornado python-tqdm
   python-translationstring python-trie python-trollius python-twisted python-txaio python-tz python-u-msgpack python-ubjson python-unidecode python-venusian python-waitress python-webob
   python-websocket python-wsaccel python-wtforms python-zope.component python-zope.deprecation python-zope.event python-zope.hookable python3-opengl qtchooser qtcore4-l10n rwho rwhod
   x11-apps xsltproc zsh zsh-common
 Use 'sudo apt autoremove' to remove them.
 The following additional packages will be installed:
   libip4tc2 libip6tc2 libnftnl11 libxtables12 netbase
 ============================================================================================================SNIP=================================================================================================================
 Installing new version of config file /etc/services ...
 Setting up iptables (1.8.4-3) ...
 Processing triggers for systemd (241-7) ...
 Processing triggers for man-db (2.8.6.1-1) ...
 Processing triggers for libc-bin (2.29-10) ...
 Scanning processes...
 Scanning candidates...
 Scanning linux images...
 Running kernel seems to be up-to-date.
 Restarting services...
  systemctl restart systemd-journald.service
 Service restarts being deferred:
  systemctl restart systemd-logind.service
 No containers need to be restarted.
 User sessions running outdated binaries:
  Debian-gdm @ user manager service: systemd[584]
  iicybersecurity @ user manager service: systemd[1513]
  root @ user manager service: systemd[1007] 

Nipe Tool Execution Steps

• Use command to view the tool options  perl nipe.pl

root@kali:/home/iicybersecurity/nipe# perl nipe.pl
 Core Commands
Command       Description                                                      -------       -----------                                                  install       Install dependencies                                          start         Start routing                                                stop          Stop routing                                                  restart       Restart the Nipe process                                     status        See status

• Now, use this command to start the services, perl nipe.pl start.

root@kali:/home/iicybersecurity/nipe# perl nipe.pl start
 root@kali:/home/iicybersecurity/nipe#

• Now, use this command to view the status of nipe services, Perl nipe.pl status

root@kali:/home/iicybersecurity/nipe# perl nipe.pl status
 [+] Status: activated.
 [+] Ip: 209.141.45.189

• Now, open the search engine and type ifconfig.me. This will displays browser details and TOR exit details.

• Next, use command to restart the services perl nipe.pl restart

root@kali:/home/iicybersecurity/nipe# perl nipe.pl restart
 root@kali:/home/iicybersecurity/nipe# perl nipe.pl status
 [+] Status: activated.
 [+] Ip: 185.220.101.28

• Now, use this command to stop the services perl nipe.pl stop and check the status of the services.

root@kali:/home/iicybersecurity/nipe# perl nipe.pl stop
 root@kali:/home/iicybersecurity/nipe# perl nipe.pl status
 [+] Status: disabled.
 [+] Ip: 112.196.159.40

Conclusion

Kalitorify and Nipe are the best tools to hide from outside world and to be safe on the internet by sending the outgoing traffic via TOR network.

The post How to anonymously use Kali OS for hacking appeared first on Information Security Newspaper | Hacking News.

Epic Browser

• Epic is an another web browser which developed to provide anonymity online. Epic uses its own proxies & filter to block unwanted advertisement & trackers.
• Epic key features include :-
  • Address Bar & Tracking Removed
  • Epic always stays on privacy browsing mode
  • Epic blocks comphrensive ads.
  • Do not track is always on.
• Follow screenshot shows that how Epic web browser blocks ads while opening facebook webpage.

• Above screenshot shows that how epic web browser blocks ads on facebook.com on the right hand side.
• Download Epic web browser : https://epicbrowser.com/index.html

TOR (The Onion Router)

• We will show you top Web browser which helps user to hide their identity. One to top most anonymous web browser is TOR.
• TOR (The Onion Router) is designed to provide anonymity online. The most popular web browser which uses ONION network for searching any query.
• Download TOR web browser : https://www.torproject.org/ You can even share or download files online but it might reveal your actual location over the TOR network.
• If the internet is working slow in your area. It will be annoying because TOR network route traffic from different relays which makes user slow to open any webpage.

SRWare Iron

• This browser is also developed on chromium project & similar to Google Chrome. The only difference is the anonymity.

• Srware iron does not create any session or collects any data from its users. As commented by ethical hacking researcher of International Institute of Cyber Security Srware has mentioned on the website that following points does not exist in Iron web browser.

• Download Srware Iron from : https://www.srware.net/iron/downloads.php
• Srware Iron does not generates any unique Identification numbers.

Comodo Dragon Browser

• This web browser looks very similar to Google Chrome but provide secure browsing in terms of security.
• Comodo Web Browser works same as TOR. This browser blocks tracking, spyware & cookies.

• Comodo has inbuilt feature of weak & strong SSL certificates. It also helps to protect against trojans, viruses & other malware attacks.
• Download Web browser : https://www.comodo.com/home/browsers-toolbars/browser.php

The post 4 browsers for safe anonymous surfing appeared first on Information Security Newspaper | Hacking News.

Thanks to this, users of Android devices will no longer have to resort to alternatives like Orfox to browse privately; this browser integrates the Tor protocol stack into a completely different browser.

The developers of Tor Project announced this project last September 2018; since then the public tests with alpha versions began and, after eight months, the mobile browser version is now available, the web application security service specialists mentioned.

During the announcement, Isabella Bagueros, director of Tor Project, said: “For us, to live up to the demand of users who only browse Internet through a mobile device was a priority”. The developers of Tor for Android ensure that the users of mobile devices are subjected to a constant activity of surveillance, censorship and information gathering, so offering alternatives to conventional browsers was fundamental.

“Although there are still notable differences between the version of Tor for desktops and the new version for mobile devices, Tor’s essential function, which is the protection of the user’s privacy, is equally functional in both versions of the Browser”, the developers added.

The mobile Tor Browser was launched with version number 8.5 and is synchronized with all previous versions of the browser for Linux, Windows and Mac; these systems will also update to V 8.5 shortly, reported web application security service experts.  

Although there is no official version of the Tor browser for computers with iOS, specialists from the International Institute of Cyber Security (IICS) recommend users of Apple devices to install the Onion Browser app to use the Tor browser in system Operative iOS.

Other companies have undertaken similar projects, such as Mozilla, which is currently working to find a method of integrating Tor protocol in the Firefox browser, it should be noted that Tor was written from the Mozilla code, so there are those who consider that the development of this project would bring the ultimate private navigation tool.

The post Tor browser now has a mobile version for Android devices appeared first on Information Security Newspaper | Hacking News.

In recent days, Tor users encountered a popup window in the browser mentioning that one of the extensions was compromised, so it had been disabled. No more details were offered, as the alert only mentioned a “cybersecurity issue”.

When they began investigating the incident, cyber forensics course specialists discovered that the extension in question, NoScript, could not be verified by Tor, despite being an extension accepted by this browser. NoScript is an important security extension in the use of this browser and it is also compatible with other browsers.

This alert triggered doubts about security in the browser, because there was the possibility that threat actors could inject a fake version of NoScript in Tor, or even a critical vulnerability in Firefox, because this supposedly compromised version of the extension was installed without users’ authorization.

Since version 44 of Firefox, launched in the beginning of 2016, Mozilla implemented a policy to stop allowing unsigned browser extensions, so now the company decides which plugins/extensions it allows and which not.

Shortly after the incident was revealed, Mozilla posted via Twitter: “We are investigating a security incident with a certificate that could cause your browser extensions to stop working or not to be installed properly. More details will be published as soon as our investigation is completed”.

Apparently, NoScript digital signature still does not expire, so the problem lies in Mozilla; According to cyber forensics course specialists, Firefox stopped relying on NoScript because of a problem that lies in Mozilla digital signature process, not in browser extensions themselves. In addition, it seems that the flaw affects the digital signature validation for each extension in each version of Firefox.

Experts from the International Institute of Cyber Security (IICS) mention that Mozilla released a temporary patch, although it only works if the user has the feature Mozilla’s Studios activated. The drawback is that this function enables the data collection of the browser, so this is not a functional option for Tor users at all.  

As a workaround, Tor users can temporarily disable xpinstall.signatures.required; this feature must be enabled again once Mozilla launches the official update. 

The post Mozilla digital signature verification flaw causes browser extensions fails appeared first on Information Security Newspaper | Hacking News.

A tool available to any user

OnionShare appeared in 2017 and, according to network security specialists from the International Institute of Cyber Security, allowed any user to share files in an easy way using the Tor network. Recently, OnionShare 2, the most important update the tool has received has been released.

OnionShare 2 has been launched to use all the new functions of Tor browser, to enjoy more privacy and better security when browsing through the Tor network, in addition to the ability to access new onion addresses. This new version also includes improvements in use, for example, enabling a public mode to receive error reports, including support for the anonymous use of Dropbox, and receiving files with OnionShare, as before could only be sent.

In addition, the sandbox mode is included in MacOS enabled by default to improve Apple’s security, not to mention that multiple bugs were corrected and the tool code was completely restructured.

How to share files over the Tor network

First of all, you must download the tool from GitHub and install it. For Windows systems, it must be installed in EXE. On the other hand, in MacOS systems, in the PKG file and in Linux the user will have to compile it themselves or download the latest version from GitHub.

When the installation is complete, the tool must be executed. The first thing that makes OnionShare 2 is to connect to Tor network, task for which the tool has a default module, but you can also configure this connection manually.

A few seconds later the connection will be established and OnionShare 2 will be ready for use. The tool has two different sections: file sharing and receiving files.

According to network security specialists, to share a file over the Tor network, the only thing the user needs is to drag the files they want to share to the corresponding window in “File sharing.” When you have finished dragging all the files, you must press the “Start sharing” button located at the bottom of the screen.

A message will then appear with the onion URL that leads to the shared files through Tor. Any Tor based search engine (Tor Bowser, for example) can access this location by simply entering the URL. Files shared with OnionShare 2 are not stored on the servers of any intermediary, so only the sender and the receiver of the files will be able to access them.

When the user wants to stop sharing the files, just has to press the red button shown in the screenshots and OnionShare 2 will remove the link and no one can access the files again.

Reception mode in OnionShare 2

In addition to the possibility of sending files, OnionShare 2 has a “reception mode”, which generates a URL directly to a directory on our computer. Any user entering this onion address will be able to access and upload any file to our computer from the browser.

This function is very useful if we need multiple users to send files securely to a single address, but it can be risky, because all the shared information will be stored on the computer of the user receiving the files, in addition to the risk of malware infection, so network security specialists recommend using this feature with proper precautions.

The post OnionShare: Share files over the Tor network appeared first on Information Security Newspaper | Hacking News.

A new machine learning algorithm is able to detect the use of apps like YouTube, Instagram, among others, in Tor browser

A group of network security and ethical hacking specialists claims to have developed an algorithm capable of detecting the activity patterns in Android operating system apps within the Tor network traffic with 97% accuracy.

This algorithm is not an anti-anonymity script, because it cannot reveal the real IP address of a user, nor other details about their identity. Still, this algorithm is able to reveal if a Tor user is using an Android application.

The work of this team of experts in network security is based on previous developments able to analyze the flows of TCP packets of traffic in Tor and differentiate between eight different types of traffic: browsing, chatting, email, streaming audio, video, File transfer, VoIP and P2P.

This time the specialists applied a similar concept of analysis of TCP packets flowing through a Tor connection to detect specific patterns associated with the activity of certain Android applications.

Subsequently, they developed a machine learning algorithm trained with Tor traffic patterns from ten different apps: Android Tor Browser, Facebook, Instagram, Twitter, YouTube, Spotify, Skype, Twitch, Replaio Radio and DailyMotion.

Once the algorithm training was completed, the specialists used it in Tor traffic to detect whether an individual were using any of these apps. The results were overwhelming, the algorithm showed 97.3% accuracy.

However, the algorithm is not as efficient as it seems. According to network security specialists from the International Institute of Cyber Security, it can only be used when there is no background traffic, in other words, when the user is using one and only one application on a smart device.

This means that when there are two or more apps communicating at the same time in the background, the algorithm starts confusing TCP traffic patterns, so its effectiveness level decreases.

In addition, the algorithm also has precision flaws. Some streaming apps (like YouTube or Spotify) produce very similar traffic patterns, so the algorithm tends to confuse them.

Finally, as future experiments consider the analysis of more applications, similar problems will continue to appear, thus the effectiveness of the algorithm will be considerably reduced.

The post Traffic of Android apps in Tor network could be detected with an algorithm appeared first on Information Security Newspaper | Hacking News.

• Hosting tor service is very easy and you can also host your own website on TOR. 

According to ethical hacking researcher of International Institute of Cyber Security, creating an custom tor link is not so difficult. This method mostly used by spammers who try to sell irrelevant content on the deep web.

For showing you we are using Kali linux.

Hosting a Web Server in Tor :-

• Before hosting the service on the tor it is recommended to test the Tor default hosting service. For Testing the default service we are using apache server. You can use any web server.
• For starting the server type sudo service apache2 start

root@kali:/home/iicybersecurity# sudo service apache2 restart

• Then for checking if the server has started type ps -ef | grep apache2

root@kali:/var/lib/tor/hidden_service# ps -ef | grep apache2
root      1514     1  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1515  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1516  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1517  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1518  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1519  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1520  1514  0 Dec25 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1589  1514  0 00:09 ?        00:00:00 /usr/sbin/apache2 -k start
www-data  1591  1514  0 00:09 ?        00:00:00 /usr/sbin/apache2 -k start
root      1719  1565  0 01:13 pts/3    00:00:00 grep apache2

• After executing the above command . Go to tor configuration page and edit the torrc.
• Type cd /etc/tor
• Then type ls
• Type nano torrc
• Then press ctrl+w and type location-hidden
• In that section remove # from HiddenService as shown below.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

root@kali:~# cd /etc/tor
root@kali:/etc/tor#
root@kali:/etc/tor# ls
torrc  torrc.save  torsocks.conf

root@kali:/etc/tor# nano torrc

Configuration file for a typical Tor user
Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
(may or may not work for much older or much newer versions of Tor.)
#
Lines that begin with "## " try to explain what's going on. Lines
that begin with just "#" are disabled commands: you can enable them
by removing the "#" symbol.
#
See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
for more options you can use in this file.
#
Tor will look for this file in various places based on your platform:
https://www.torproject.org/docs/faq#torrc
Tor opens a socks proxy on port 9050 by default -- even if you don't
configure one below. Set "SocksPort 0" if you plan to run Tor only
as a relay, and not make any local application connections yourself.
SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
SocksPort 192.168.0.1:9100 # Bind to this address:port too.
Entry policies to allow/deny SOCKS requests based on IP address.
First entry that matches wins. If no SocksPolicy is set, we accept
all (and only) requests that reach a SocksPort. Untrusted users who
can access your SocksPort may be able to learn about the connections
you make.
SocksPolicy accept 192.168.0.0/16
SocksPolicy reject *
Logs go to stdout at level "notice" unless redirected by something
else, like one of the below lines. You can have as many Log lines as
you want.
#
We advise using "notice" in most cases, since anything more verbose
may provide sensitive information to an attacker who obtains the logs.
#
Send all messages of level 'notice' or higher to /var/log/tor/notices.log
Log notice file /var/log/tor/notices.log
Send every possible message to /var/log/tor/debug.log
Log debug file /var/log/tor/debug.log
Use the system log instead of Tor's logfiles
Log notice syslog
To send all messages to stderr:
Log debug stderr
Uncomment this to start the process in the background… or use
--runasdaemon 1 on the command line. This is ignored on Windows;
see the FAQ entry if you want Tor to run as an NT service.
RunAsDaemon 1
The directory for keeping all the keys/etc. By default, we store
things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
DataDirectory /var/lib/tor
The port on which Tor will listen for local connections from Tor
controller applications, as documented in control-spec.txt.
ControlPort 9051
If you enable the controlport, be sure to enable one of these
authentication methods, to prevent attackers from accessing it.
HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
CookieAuthentication 1
######### This section is just for location-hidden services
Once you have configured a hidden service, you can look at the
contents of the file "…/hidden_service/hostname" for the address
to tell people.
#
HiddenServicePort x y:z says to redirect requests on port x to the
address y:z.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22
########## This section is just for relays
#
See https://www.torproject.org/docs/tor-doc-relay for details.
Required: what port to advertise for incoming Tor connections.
ORPort 9001
If you want to listen on a port other than the one advertised in
ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
follows.  You'll need to do ipchains or other port forwarding
yourself to make this work.
ORPort 443 NoListen
ORPort 127.0.0.1:9090 NoAdvertise
The IP address or full DNS name for incoming connections to your
relay. Leave commented out and Tor will guess.
Address noname.example.com
If you have multiple network interfaces, you can specify one for
outgoing traffic to use.
OutboundBindAddress 10.0.0.5
A handle for your relay, so people don't have to refer to it by key.
Nickname ididnteditheconfig
Define these to limit how much relayed traffic you will allow. Your
own traffic is still unthrottled. Note that RelayBandwidthRate must
be at least 20 KB.
Note that units for these config options are bytes per second, not bits
per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
Use these to restrict the maximum traffic per day, week, or month.
Note that this threshold applies separately to sent and received bytes,
not to their sum: setting "4 GB" may allow up to 8 GB total before
hibernating.
#
Set a maximum of 4 gigabytes each way per period.
AccountingMax 4 GB
Each period starts daily at midnight (AccountingMax is per day)
AccountingStart day 00:00
Each period starts on the 3rd of the month at 15:00 (AccountingMax
is per month)
AccountingStart month 3 15:00
Administrative contact information for this relay or bridge. This line
can be used to contact you if your relay or bridge is misconfigured or
something else goes wrong. Note that we archive and publish all
descriptors containing these lines and that Google indexes them, so
spammers might also collect them. You may want to obscure the fact that
it's an email address and/or generate a new address for this purpose.
ContactInfo Random Person 
You might also include your PGP or GPG fingerprint if you have one:
ContactInfo 0xFFFFFFFF Random Person 
Uncomment this to mirror directory information for others. Please do
if you have enough bandwidth.
DirPort 9030 # what port to advertise for directory connections
If you want to listen on a port other than the one advertised in
DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
follows.  below too. You'll need to do ipchains or other port
forwarding yourself to make this work.
DirPort 80 NoListen
DirPort 127.0.0.1:9091 NoAdvertise
Uncomment to return an arbitrary blob of html on your DirPort. Now you
can explain what Tor is if anybody wonders why your IP address is
contacting them. See contrib/tor-exit-notice.html in Tor's source
distribution for a sample.
DirPortFrontPage /etc/tor/tor-exit-notice.html
Uncomment this if you run more than one Tor relay, and add the identity
key fingerprint of each Tor relay you control, even if they're on
different networks. You declare it here so Tor clients can avoid
using more than one of your relays in a single circuit. See
https://www.torproject.org/docs/faq#MultipleRelays
However, you should never include a bridge's fingerprint here, as it would
break its concealability and potentionally reveal its IP/TCP address.
MyFamily $keyid,$keyid,…
A comma-separated list of exit policies. They're considered first
to last, and the first match wins. If you want to replace
the default exit policy, end this with either a reject : or an
accept :. Otherwise, you're augmenting (prepending to) the
default exit policy. Leave commented to just use the default, which is
described in the man page or at
https://www.torproject.org/documentation.html
#
Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
for issues you might encounter if you use the default exit policy.
#
If certain IPs and ports are blocked externally, e.g. by your firewall,
you should update your exit policy to reflect this -- otherwise Tor
users will be told that those destinations are down.
#
For security, by default Tor rejects connections to private (local)
networks, including to your public IP address. See the man page entry
for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
#
ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
ExitPolicy accept *:119 # accept nntp as well as default exit policy
ExitPolicy reject : # no exits allowed
Bridge relays (or "bridges") are Tor relays that aren't listed in the
main directory. Since there is no complete public list of them, even an
ISP that filters connections to all the known Tor relays probably
won't be able to block all the bridges. Also, websites won't treat you
differently because they won't know you're running Tor. If you can
be a real relay, please do; but if not, be a bridge!
BridgeRelay 1
By default, Tor will advertise your bridge to users through various
mechanisms like https://bridges.torproject.org/. If you want to run
a private bridge, for example because you'll give out your bridge
address manually to your friends, uncomment this line:
PublishServerDescriptor 0

•  After completing the whole process open an new terminal and type tor

root@kali:/home/iicybersecurity# tor
Dec 26 00:02:50.045 [notice] Tor 0.3.4.9 (git-cf9f4bf3cf8b43bb) running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1a, Zlib 1.2.11, Liblzma 5.2.2, and Libzstd 1.3.4.
Dec 26 00:02:50.047 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 26 00:02:50.047 [warn] Tor was compiled with zstd 1.3.5, but is running with zstd 1.3.4. For safety, we'll avoid using advanced zstd functionality.
Dec 26 00:02:50.092 [notice] Read configuration file "/etc/tor/torrc".
Dec 26 00:02:50.197 [notice] Scheduler type KIST has been enabled.
Dec 26 00:02:50.197 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 26 00:02:50.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 26 00:02:51.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 26 00:02:51.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Dec 26 00:02:51.000 [notice] Bootstrapped 0%: Starting
Dec 26 00:02:53.000 [notice] Starting with guard context "default"
Dec 26 00:02:53.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 26 00:02:53.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Dec 26 00:02:54.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 26 00:02:55.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 26 00:02:55.000 [notice] Bootstrapped 100%: Done

• For check if tor is running or not type ps -ef | grep tor

root@kali:/home/iicybersecurity# ps -ef | grep tor
iicyber+  1004   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
iicyber+  1024   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor
iicyber+  1032   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
iicyber+  1043   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
iicyber+  1048   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-goa-volume-monitor
iicyber+  1160   845  0 Dec25 ?        00:00:00 /usr/lib/tracker/tracker-store
iicyber+  1233   845  0 Dec25 ?        00:00:01 /usr/lib/evolution/evolution-calendar-factory
iicyber+  1273  1233  0 Dec25 ?        00:00:01 /usr/lib/evolution/evolution-calendar-factory-subprocess --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx1233x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/1233/2
iicyber+  1282   845  0 Dec25 ?        00:00:00 /usr/lib/evolution/evolution-addressbook-factory
iicyber+  1295  1282  0 Dec25 ?        00:00:00 /usr/lib/evolution/evolution-addressbook-factory-subprocess --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.AddressBookx1282x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/AddressBook/1282/2
root      1549  1545 10 00:02 pts/2    00:00:02 tor
root      1570  1565  0 00:03 pts/3    00:00:00 grep tor

• Then go to another location of tor for opening onion link. For that type cd /var/lib/tor/hidden_service
• Then type ls
• Type cat hostname

root@kali:/etc/tor# cd /var/lib/tor/hidden_service
root@kali:/var/lib/tor/hidden_service# ls
hostname  private_key
root@kali:/var/lib/tor/hidden_service# cat hostname
bzak2gopn2llmsnv.onion

• Copy the URL of onion and open that URL in tor browser as shown below.

• As you can see above, onion URL is working using apache server.

Create an Custom Onion URL :-

• You can also create an custom onion URLs with tool called eschalot.
• Eschalot is the tool used for generating the custom onion names. It uses brute force method to generate custom names.
• Eschalot can be used on any Linux distros. For showing we are using Kali Linux for generating the names.
• You can also enter desired name in characters but not all th
• Type git clone https://github.com/ReclaimYourPrivacy/eschalot.git
• Then type ls
• Type cd eschalot
• Type ls
• Type make for installing eschalot.

root@kali:/home/iicybersecurity/Downloads# git clone https://github.com/ReclaimYourPrivacy/eschalot.git
 Cloning into 'eschalot'…
 remote: Enumerating objects: 76, done.
 remote: Total 76 (delta 0), reused 0 (delta 0), pack-reused 76
 Unpacking objects: 100% (76/76), done.
 root@kali:/home/iicybersecurity/Downloads# ls
 eschalot
 root@kali:/home/iicybersecurity/Downloads# cd eschalot/
 root@kali:/home/iicybersecurity/Downloads/eschalot# ls
 CHANGELOG  eschalot.c  LICENSE  Makefile  nouns.txt  README  top1000.txt  top150adjectives.txt  top400nouns.txt  typecard.c  worgen.c
 root@kali:/home/iicybersecurity/Downloads/eschalot# make
 cc -std=c99 -O2 -fPIC -finline-functions -Wall -W -Wunused -pedantic -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wcast-qual -Wextra -o eschalot eschalot.c -lpthread -lssl -lcrypto
 In function ‘setoptions’,
     inlined from ‘main’ at eschalot.c:172:2:
 eschalot.c:788:4: warning: ‘strncpy’ specified bound 17 equals destination size [-Wstringop-truncation]
     strncpy(prefix, optarg, ONION_LENP1);
     ^~~~~~~~
 cc -std=c99 -O2 -fPIC -finline-functions -Wall -W -Wunused -pedantic -Wpointer-arith -Wreturn-type -Wstrict-prototypes -Wmissing-prototypes -Wshadow -Wcast-qual -Wextra -o worgen worgen.c

• After installing the eschalot type ./eschalot -vct4 -p null
• ./escalot is the tool which will be used for creating the custom onion link.
• -vct is used for eschalot default wordlist.
• 4 is the number of cpu cores.
• null will work as prefix. You can enter any of the alphabets which is used for generating the onion link. You can type aaa or adc any alphabet.
• The above command will generate the onion link with RSA keys. The link will generate continuously. For stopping the generation of the onion links enter ctrl+c
• RSA keys is used for authentication during SSL session. This key is part of public key that is generally used in SSL certificates.

root@kali:/home/iicybersecurity/Downloads/eschalot# ./eschalot -vct4 -p null
 Verbose, continuous, no digits, 4 threads, prefixes 4-4 characters long.
 Thread #1 started.
 Thread #2 started.
 Thread #3 started.
 Thread #4 started.
 Running, collecting performance data…
 Found a key for null (4) - nullbhldupqqrafc.onion
 nullbhldupqqrafc.onion
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQDSrpomuQTqtI4UCeyX+FBsq2+2UOCn/GrIg9eht7Yoh6glh0d/
 u334RPTeBThuDQVAJITT0YnlTKfIhFOzHhMhg9xfpK5vNRK9/5tD0WaYZyO1qv0x
 NN25NCQ2S/eCNkas1sDGIfw801no/tpB8+42cZQDNJFqjYdEobilUR2v0QIEAQAb
 1QKBgGRjZ+B2CLlnt4IB+oUbLNQJ9L0bOyv9lwusmWt6wccfYVmq57YiJZP9cgi7
 fj89FVn/g7QBARXe040y56D22dabItE+19Je63nlmbNmaVF5ZIJSybRrBsYioGlO
 5eKLUHg+uBa3uaxKawlpeGxG/EVxHSJ7aFT6I/J3mjw+7m1NAkEA+5z7x4hGYsdP
 z6ndtoRmyokMSFHhHPgm+qOc9ffWrUWh8RjaUwLtOgyjaGxOAlcg8ZPjYNDiBe1L
 QuDC7lkoxwJBANZa7pQAH6YtfecllQWqAGwtYx2B/k7C9Ou3wVoTazCfG8Gvar4Q
 79GAZrMnrtNSoN7FL3uV6WCBGcVSiS+ROqcCQCj80R7kxBDIXH7GND5EcVuwPyO5
 V4mqSHmQfsznva/eX0oQ/Bqtq5QN8mCoxkxpIullLa2ucWmuFwgezRf9w8kCQQCF
 +JO5G+ggRcVuCkbCzJhnm9sJUuG6Bn6iWATd5gl82j1iIpF3iSgqB9u8nTR76qUq
 r4/A4DfK1z/gziUp0Ou/AkBhiq8CZxN38lYwZoEd9IKb80FJXVpY5rsh8gWDrgMx
 aH1ZV5hKR7s+E1Nm2WW7weTqNwhjxDA9kD+4SOB0nQ2r
 -----END RSA PRIVATE KEY-----
 Found a key for null (4) - nullqvpp4spoef4i.onion
 nullqvpp4spoef4i.onion
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQC0B0pNNJ+Q2xXqag/S8GPHoOcTZXdkngQtu5e/qZfB3r7eqWPn
 2BAxRvQt+cy3LBxLjTRnjWa8PVOuzPE4oHeBWEpnOfH5Tfpdmc4KV3XxxS4C+pVI
 3WXnR2Gjwis6z0DrkuvQgE7BsSTY195koC3r1bfi9u7YzOgtBC55wnE2kwIEAQS5
 6QKBgAjSZ6GGmDh2Ss/aqBods3lwWr39mrYbErN1r6lpq8uAZ/bJN1Md7SZKph6m
 o6+qfOuxC4ORX+zKU48u/+dntOl6Fu4VsybIE5ku30NvEkcrPsnDb0UAKNepMfmn
 fK5AJ+0svD5YvWVT79BFfbUZglS/Hwo9vXAsob3hYwSNtEl5AkEA7/9EFpdN6N6V
 gSDcvSi8VGCczArlniOCaZTY3ehmSP2xenWJ1zNM0cMfFLR1hZux2XCK/lugrKxy
 erb8fLEjFQJBAMAIXROgz5RxsbAd21zIUsRjKRWk/8GU9MxrVR0RGX4bwmEno8NJ
 WdHfCkpR/t6qOSfzRjrIP4ESbzk5xKuYfQcCQADIK/KjoguRMMy3JxX4v/ZwwvQc
 7nkZ61zJMjU0Gsjn1PiVymq9nwM3TP1bScs1kppnqIxabhkrWxrPQXmEmNECQFF/
 Tsb27slzvpUCm6wgw19fI7sGONlxwSqDnLsdbPav9JkLirTjlwvByKaJVNRd1Tvp
 U/miFyKhBsckleBa3BcCQQDJ+hE9j3BtCjlnqGxVTxof/aOjPeAOD/Rrm9dG3CzD
 eEVYW+ykqsHo894LMu+7ljHuNr4BT+fUvtEI7TpDndOw
 -----END RSA PRIVATE KEY-----
 Found a key for null (4) - nullauzvxlunyne5.onion
 nullauzvxlunyne5.onion
 -----BEGIN RSA PRIVATE KEY-----
 MIICXgIBAAKBgQCrfAEBl2g6QRIPGzgAh0SqMALu+imguVaA/FgK1zpnnAEQfoiE
 BNCuqc/fw4Q3yseDwZE2pLqWOn6iUDOkgUHpALOy5WcS/FkY1Ps9VzHaWJn8kc9q
 uBpLP+hbot+3KucV0Q+JFqlgfVkUkFBwSpefuWQUtXl0YA0XSayqaGiGBwIEAQp9
 gQKBgFAXUTMMUzJltvuTs3Iw1TMONnsaappLvnIoFRsrNspD1n42qBE/9o1qJ523
 Fe0D7YQbx0xDE7uZMU5Ayy3jaqGvkoGwdaUNLjv1DGn+DyoYDEoE5bmprPzbnYgq
 IAW83E6c59jfr6erBaz3WQtr9/KpgTufoZ/FpFzYV68yy1fpAkEA5C4TfvCdliXw
 CBiG9rRfgNAkHGsRSmXQCHziI6LOcFV4Kn3y3T2Xq4bcsGyHBd127WvMFGheaQyq
 vVrgq3oOswJBAMBkWi/DRCZB1Q7orWxGv5TRbwWI66Mmj+k5j9+q1mxnVUoTwper
 5wGuhu/XGELMUlYFD5ZxjDFqg77FLtTxlV0CQQCJQc1xXDEIfGeoTxSeHI1fTQvI
 ri9rlzMToHZCw9DnNAre1VUFE4Twyh4uiVsgsbFP4b09yGyBVv5stB5l8hwXAkBD
 UcZxvD0GBdndxayfmMH0BvO1M/FyupIdXzjCaRGnvKEOEgBwxdiw/aH+DJFCIGkT
 aCsSZSqgIaLLeFgHollZAkEAjLtHAviEMzcCUFo3Z+RyOHKRf7wY7bpojqIqhoTl
 LupiINVe84dE9iMq7ICOezMA1bvyGaQvXFYCpBcTu1BRdQ==
 -----END RSA PRIVATE KEY-----

• After executing the above command some of the onion links with RSA keys has been generated. This links can be used to host on TOR.
• The above RSA keys and onion links are only for testing purposes. Used them with cautions.

Adding An Onion Address to Tor Service :-

• Now for hosting generated link which earlier have been created using eschalot.
• Stop the running tor service. For that open terminal where tor is running and then press ctrl+c for stopping tor.
• For checking if the tor has stopped type ps -ef | grep tor

root@kali:/home/iicybersecurity# ps -ef | grep tor
 iicyber+  1004   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
 iicyber+  1024   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor
 iicyber+  1032   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
 iicyber+  1043   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
 iicyber+  1048   845  0 Dec25 ?        00:00:00 /usr/lib/gvfs/gvfs-goa-volume-monitor
 iicyber+  1160   845  0 Dec25 ?        00:00:00 /usr/lib/tracker/tracker-store
 iicyber+  1233   845  0 Dec25 ?        00:00:01 /usr/lib/evolution/evolution-calendar-factory
 iicyber+  1273  1233  0 Dec25 ?        00:00:01 /usr/lib/evolution/evolution-calendar-factory-subprocess --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.Calendarx1233x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/Calendar/1233/2
 iicyber+  1282   845  0 Dec25 ?        00:00:00 /usr/lib/evolution/evolution-addressbook-factory
 iicyber+  1295  1282  0 Dec25 ?        00:00:00 /usr/lib/evolution/evolution-addressbook-factory-subprocess --factory all --bus-name org.gnome.evolution.dataserver.Subprocess.Backend.AddressBookx1282x2 --own-path /org/gnome/evolution/dataserver/Subprocess/Backend/AddressBook/1282/2

• As you can see the tor service is not running. Now you have to copy the eschalot generated onion RSA keys into the tor hidden_service.
• For that type cd /var/lib/tor/hidden_service
• Then type ls
• Type rm hostname

root@kali:/home/iicybersecurity/Downloads/eschalot# cd /var/lib/tor/hidden_service/
 root@kali:/var/lib/tor/hidden_service# ls  
hostname  private_key
root@kali:/var/lib/tor/hidden_service# rm hostname
 root@kali:/var/lib/tor/hidden_service# ls
 private_key

• Now you have to edit the private_key. Open private key and enter the RSA key which is generated eschalot into the private_key.
• Copy the entire RSA key from where you have downloaded the eschalot. Copy entire key from
  —–BEGIN RSA PRIVATE KEY—– to
  —–END RSA PRIVATE KEY—– as shown below.
• Type nano private_key copy the key.
• Then open another terminal
• And type TOR to start tor in the Kali Linux.

root@kali:/var/lib/tor/hidden_service# nano private_key
   GNU nano 2.9.8                                                private_key

-----BEGIN RSA PRIVATE KEY-----

MIICXQIBAAKBgQDSrpomuQTqtI4UCeyX+FBsq2+2UOCn/GrIg9eht7Yoh6glh0d/

u334RPTeBThuDQVAJITT0YnlTKfIhFOzHhMhg9xfpK5vNRK9/5tD0WaYZyO1qv0x

NN25NCQ2S/eCNkas1sDGIfw801no/tpB8+42cZQDNJFqjYdEobilUR2v0QIEAQAb

1QKBgGRjZ+B2CLlnt4IB+oUbLNQJ9L0bOyv9lwusmWt6wccfYVmq57YiJZP9cgi7

fj89FVn/g7QBARXe040y56D22dabItE+19Je63nlmbNmaVF5ZIJSybRrBsYioGlO

5eKLUHg+uBa3uaxKawlpeGxG/EVxHSJ7aFT6I/J3mjw+7m1NAkEA+5z7x4hGYsdP

z6ndtoRmyokMSFHhHPgm+qOc9ffWrUWh8RjaUwLtOgyjaGxOAlcg8ZPjYNDiBe1L

QuDC7lkoxwJBANZa7pQAH6YtfecllQWqAGwtYx2B/k7C9Ou3wVoTazCfG8Gvar4Q

79GAZrMnrtNSoN7FL3uV6WCBGcVSiS+ROqcCQCj80R7kxBDIXH7GND5EcVuwPyO5

V4mqSHmQfsznva/eX0oQ/Bqtq5QN8mCoxkxpIullLa2ucWmuFwgezRf9w8kCQQCF

+JO5G+ggRcVuCkbCzJhnm9sJUuG6Bn6iWATd5gl82j1iIpF3iSgqB9u8nTR76qUq

r4/A4DfK1z/gziUp0Ou/AkBhiq8CZxN38lYwZoEd9IKb80FJXVpY5rsh8gWDrgMx

aH1ZV5hKR7s+E1Nm2WW7weTqNwhjxDA9kD+4SOB0nQ2r

-----END RSA PRIVATE KEY-----

• After updating the private key, go to directory tor/hidden_services.

 root@kali:/home/iicybersecurity/Downloads/eschalot# ls
 CHANGELOG  eschalot.c  Makefile   README       top150adjectives.txt  typecard.c  worgen.c
 eschalot   LICENSE     nouns.txt  top1000.txt  top400nouns.txt       worgen
 root@kali:/home/iicybersecurity/Downloads/eschalot# cd /var/lib/tor/hidden_service/
root@kali:/var/lib/tor/hidden_service# ls
hostname  nullbhldupqqrafc.onion  private_key

• As you can see tor has added the onion link to its service. Now open Tor browser and enter the onion link as shown below.

• The Tor service has added the onion link. You can also enter create your own onion link and host to TOR network.

Be cautious while hosting on TOR. If you host any illegal material. Law enforcement may catch that can put you in legal trouble, according to ethical hacking courses.

The post Hosting your own .onion domain appeared first on Information Security Newspaper | Hacking News.

This tool is used by many ethical hackers.

First install TOR browser in kali linux and type apt-get install tor in linux terminal.

If the tor is already configured, then skip the above step and download exitmap.

• Type git clone https://github.com/NullHypothesis/exitmap.git for downloading exitmap.
• As we were in /root directory, exitmap is cloned/downloaded in the same directory. After download, navigate to /root/exitmap/bin and type

pip install -r requirements.txt as shown below:

• After installing requirements.txt in above step type ./exitmap checktest command in exitmap bin folder.

====== OUTPUT SNIP ========

• Output show how TOR bootstraps and the output of the checktest module, and the scan summary.

TEST USING THE FINGERPRINT:-

• For Getting the Tor node fingerprint go to : https://metrics.torproject.org/rs.html#advanced.
• Suppose we select a country from drop down menu, .i.e. DE for Germany country
• Then click on search it will list tor node for Germany.

• After the above search the fingerprint will be generated as shown below:

• Select and click any one Node, suppose we selected:

0x3d005 (7) 56.23 MiB/s 1d 18h Germany 62.138.7.171, we get as sown below:

• In the above screenshot you can see Tor node Fingerprint.

Using Desired Fingerprint:-

Type:

./exitmap -C DE –first-hop 9285B22F7953D7874604EEE2B470609AD81C74E9 checktest

as shown below.

==========OUTPUT SNIP==========

• Output show how TOR bootstraps and the output of the checktest module, and a the scan summary from German exit relays only, mention ethical hacking investigators.

The post TOR EXIT RELAY SCANNER USING EXITMAP appeared first on Information Security Newspaper | Hacking News.