Skip to content

Latest commit

 

History

History
381 lines (308 loc) · 8.69 KB

README.md

File metadata and controls

381 lines (308 loc) · 8.69 KB
Raw

TorBox Transparent Proxy using Raspberry PI

This guide is builded to help you to build a Tor Middlebox using a Raspberry Pi (Model B Plus).

Content index

  1. Requirements
  2. Installing operating system image
  3. Updating operating system
  4. Configuring the network
  5. Configuring the DHCP and its CACHE (dnsmasq)
  6. Configuring the WLAN-AP-Host (hostapd)
  7. Enable firewall
  8. Installing Tor
  9. Configuring Tor
  10. Configuring obfs4proxy
  11. Configuring crontab

Requirements

Hardware

  1. Raspberry Pi (Model B Plus) or higher.
  2. Micro SD card class 10 at least V30. Example (SanDisk® High Endurance)
  3. (Optional) USB Wireless WiFi Adapter. Example (USB TP-LINK TL-WN722N Wifi adapter)

Installing operating system image

Follow the Raspberry Pi instructions to installing operating system images

Updating operating system

sudo apt-get update ; sudo apt-get upgrade -y ; sudo apt-get install -y rpi-update ; sudo apt-get dist-upgrade -y
sudo apt-get clean ; sudo apt-get autoclean ; sudo apt-get autoremove
sudo reboot
sudo rpi-update
sudo reboot

Configuring the network

Installing the necessary packages using following command:

sudo apt-get install -y hostapd \
dnsmasq dnsutils tcpdump iftop vnstat links2 debian-goodies dirmngr

Don't start dnsmasq automatically after booting the system

sudo update-rc.d dnsmasq disable

Edit the following file:

sudo vi /etc/network/interfaces.wlan0

and put inside

# Localhost
auto lo
iface lo inet loopback

# Ethernet
auto eth0
iface eth0 inet dhcp

# WLAN-Interface
allow-hotplug wlan0
iface wlan0 inet static
  address 192.168.222.1
  netmask 255.255.255.0

so replace the configurations

sudo cp /etc/network/interfaces /etc/network/interfaces.org
sudo cp /etc/network/interfaces.wlan0 /etc/network/interfaces

Check if the "dhcpcd" is active: "Active: active (running)" using the following command:

sudo systemctl status dhcpcd

or

sudo systemctl status hostapd | grep "active (running)" | wc -l

If the service running, the edit the file 

sudo vi /etc/dhcpcd.conf

and add to end file:

# WLAN deny
denyinterfaces wlan0

so reboot the system with the command:

sudo reboot

Check if the WLAN is present

ip l

Configuring the DHCP and its CACHE (dnsmasq)

Edit the file

sudo vi /etc/dnsmasq.conf.torbox

and punt inside:

# DHCP-Server active for WLAN-Interface
interface=wlan0

# DHCP-Server not active for Ethernet
no-dhcp-interface=eth0

# IPv4-address range and Lease-Time
dhcp-range=192.168.222.100,192.168.222.150,24h

# DNS
dhcp-option=option:dns-server,192.168.222.1

# Logging
# **Decommentando** log-queries, i log del di dnsmaq verranno registarti in /var/log/daemon.log
# **Decommentando** log-facility, i log verranno registrati nel file specificato
log-facility=/var/log/dnsmasq.log
log-queries

Managing the dnsmasq log rotation; edit or change the following file using:

sudo vi /etc/logrotate.d/dnsmasq

so replace its content

/var/log/dnsmasq.log {
monthly
missingok
notifempty
delaycompress
sharedscripts
postrotate
[ ! -f /var/run/dnsmasq.pid ] || kill -USR2 `cat /var/run/dnsmasq.pid`
endscript
create 0640 dnsmasq dnsmasq
}

Replace the dnsmasq configurations

sudo cp /etc/dnsmasq.conf /etc/dnsmasq.conf.org
sudo cp /etc/dnsmasq.conf.torbox /etc/dnsmasq.conf

Check the configuration before activate

dnsmasq --test -C /etc/dnsmasq.conf

or test it

dnsmasq -C ./dnsmasq-dhcp-only.conf -d

Restart the dnsmasq and check her status

sudo systemctl restart dnsmasq
sudo systemctl status dnsmasq

Enable dnsmasq to start with the system

sudo systemctl abilita dnsmasq

Configuring the WLAN-AP-Host (hostapd)

Edit the file

/etc/hostapd/hostapd.conf

and replace with

# WLAN-Router-Mode

# Interface and driver
interface=wlan0
#driver=nl80211

# WLAN-Configurations-Standard
ssid=grott
hw_mode=g
ieee80211n=1
ieee80211d=1
country_code=FR
wmm_enabled=1


# WLAN-Encoding
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
ignore_broadcast_ssid=0

# WLAN-Configurations-Parameters
channel=11
wpa_passphrase=change-me

and apply the necessary rights using the command:

sudo chmod 600 /etc/hostapd/hostapd.conf

Start manually the hostapd 

sudo hostapd -dd /etc/hostapd/hostapd.conf

and check if the output contains

...
wlan0: stato dell'interfaccia COUNTRY_UPDATE-> ENABLED
...
wlan0: AP-ENABLED
...

If this working fine then edit the file

sudo vi /etc/default/hostapd

and add to end

RUN_DAEMON=yes
DAEMON_CONF="/etc/hostapd/hostapd.conf"

Starting the hostapd

sudo systemctl unmask hostapd # Optional
sudo systemctl enable hostapd
sudo systemctl start hostapd

Enable firewall

Edit the following file:

sudo vi /etc/network/interfaces.wlan0

and add to end

# IP-Forwarding MUST be disabled
up sysctl -w net.ipv4.ip_forward=0
up sysctl -w net.ipv6.conf.all.forwarding=0

# hostapd and dnsmasq restart
up service hostapd restart
up service dnsmasq restart

so replace the configuration

sudo cp /etc/network/interfaces.wlan0 /etc/network/interfaces

Installing Tor

sudo apt-get install -y tor obfs4proxy \
gvfs gvfs-fuse gvfs-backends gvfs-bin \
ipheth-utils libimobiledevice-utils usbmuxd \
wicd wicd-curses \
python3-setuptools ntpdate screen

Edit the file

sudo vi /etc/apt/sources.list

and add to end

deb https://deb.torproject.org/torproject.org stretch main
deb-src https://deb.torproject.org/torproject.org stretch main

so execute the following commands to build last version of tor (this operations can be very long)

gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
sudo apt-get update
sudo apt-get install -y build-essential fakeroot devscripts
sudo apt build-dep tor deb.torproject.org-keyring
if [ -d debian-packages ] ; then rm -r debian-packages ; fi
mkdir ~/debian-packages; cd ~/debian-packages
apt source tor; cd tor-*
debuild -rfakeroot -uc -us; cd ..
sudo dpkg -i tor_*.deb

Configuring Tor

# Transport
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 127.0.0.1:9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort
TransPort 192.168.222.1:9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr IsolateDestPort

# DNS (local and wlan interfaces)
DNSPort 127.0.0.1:5353
DNSPort 192.168.222.1:5353

# SOCKS (eth interface)
SocksPort 192.168.1.4:9100

# Control
ControlPort 127.0.0.1:9051
#HashedControlPassword <hashpassword> 
# use 'tor --hash-password <password>' to generate

# Debugging
DisableDebuggerAttachment 0
Log notice file /var/log/tor/notices.log

restart tor and testing it

sudo systemctl restart tor
echo -e 'PROTOCOLINFO\r\n' | nc 127.0.0.1 9051

Configuring obfs4proxy

sudo setcap 'cap_net_bind_service=+ep' /usr/bin/obfs4proxy

Configuring crontab

put the following bash files in the pi home (/home/pi)

iptable-clear.sh
iptable-config.sh
torbox-boot.sh

edit the root crontab

sudo crontab -e

so put inside

@reboot /home/pi/torbox-boot.sh >> /tmp/boot.log 2>&1

reboot the system, the tor middlebox transparent proxy is ready.

sudo reboot