Subscribe to WolfCoder's Kawaii Column
2 Comments
Posted by
WolfCoder 
Do you think danger lurks around every corner? Worried that you're constantly being spied upon? Got the tin-foil chic? Or perhaps you just want to play with networking lots of random boxes inside your computer for the learning experience. I'm personally all of the above although I've yet to find enough tin-foil~
You will need the following programs:
VirtualBox
Tor
TrueCrypt
And a light flavor of Linux you know how to use. If you don't know how to use any of them, I'd recommend Xubuntu since it uses the very light XFCE desktop instead of all that junk the regular flavor comes with.
I bet you know where this is going :3 TrueCrypt is easy to use and lets you create files you can just dump stuff into. And they're ENCRYPTED of course, it even lets you add a hidden volume inside a normal one for plausible denial. I don't think you need to go all the way, you really just need to make a volume just slightly larger than the hard drive space you want to give to each operating system in VirtualBox. It's a good first step to set up two of these such encrypted file containers, mount them and move on.
For Tor, you want the Vidalia Bundle which is under Other Downloads. You don't need the browser bundle or anything. Get it installed, fire it up and you're good.
I hope you've been downloading your chosen Linux while you have been doing this. You'll need to install VirtualBox and make two machines. One machine can have very little resources and memory (make it like 256MB for Xubuntu) and will be your firewall. Another will be your main and can get everything you feel like allocating to it. Both your firewall and normal virtual machine's HDD images should be inside TrueCrypt volumes so go ahead and make the volumes and select the location when making VirtualBox HDD images (.vdi). Be sure you're dumping it in the actual encrypted volume, not just somewhere else on a file system or USB drive.
Install the operating systems, install all updates and everything. Be sure you install an ssh server on the firewall, search for "ssh server" in Synaptic Package manager should have a result like "ssh", adding it should add the server.
Now, for the hard part. You'll want to go under Network Interfaces for your firewall. Be sure the first one is NAT and that you check the second one and set it to Internal Network. This means it gets to use your standard connection AND be connected to a virtual network that VirtualBox pretends is there. For your main, you'll want to deselect the NAT, and check the second one and make it Internal Network so it's the only active one (every time you want to update your main it will be easier to just enable the NAT and disable Internal Network).
This next step is if you don't know how to do this in Linux:
Open network connections settings and edit the connection (eth1) that was set to Internal Network under firewall. Edit it from Automatic DHCP to Manual and set up some IP (10.0.3.1), and the subnet mask to 255.255.255.0 and 10.0.3.1 again as the last number (since this is the firewall). Do the same from the main Linux, except use a different last number (10.0.3.2 for example) but make sure the last IP is 10.0.3.1 again. These are just safe IP addresses you make up yourself, others will work and they only mean anything inside the virtual network.
Make sure Tor is running, both machines are running and there were no problems connecting the networks manually. You should NOT be able to browse or use the internet inside your main Linux machine. You'll need to tunnel Tor from the outside into the machine. In a terminal:
ssh -N -L 8118:10.0.2.2:8118 <host>@10.0.3.1
Where <host> is the username of your firewall. You'll have to log into your firewall's account by the way, hope you set a password.
Make another terminal window and do:
ssh -N -L 9050:10.0.2.2:9050 <host>@10.0.3.1
Leave these windows open, it's piping Tor through the outside and out of 127.0.0.1:9050 and 8118 (localhost, or YOU). You should still not be able to browse websites. You'll have to go into Firefox or whatever and set 127.0.0.1 as your proxy server. HTTP proxy is 8118 and SOCKS proxy is 9050.
If this works, check.torproject.org should report that it works.
If you want to use lots of internet based Linux commands, I recommend proxychains. It's already configured to use Tor coming out of 127.0.0.1:9050. Type "proxychains bash" to start a shell that automatically sends your TCP packets through Tor with little hassle.
Now you have an encrypted operating environment where the only way out is through Tor. It's a handy environment if you want insane privacy or want to experiment with building networks- yes, try adding more virtual machines and see what combinations you can come up with~
You will need the following programs:
VirtualBox Tor TrueCryptAnd a light flavor of Linux you know how to use. If you don't know how to use any of them, I'd recommend Xubuntu since it uses the very light XFCE desktop instead of all that junk the regular flavor comes with.
I bet you know where this is going :3 TrueCrypt is easy to use and lets you create files you can just dump stuff into. And they're ENCRYPTED of course, it even lets you add a hidden volume inside a normal one for plausible denial. I don't think you need to go all the way, you really just need to make a volume just slightly larger than the hard drive space you want to give to each operating system in VirtualBox. It's a good first step to set up two of these such encrypted file containers, mount them and move on.
For Tor, you want the Vidalia Bundle which is under Other Downloads. You don't need the browser bundle or anything. Get it installed, fire it up and you're good.
I hope you've been downloading your chosen Linux while you have been doing this. You'll need to install VirtualBox and make two machines. One machine can have very little resources and memory (make it like 256MB for Xubuntu) and will be your firewall. Another will be your main and can get everything you feel like allocating to it. Both your firewall and normal virtual machine's HDD images should be inside TrueCrypt volumes so go ahead and make the volumes and select the location when making VirtualBox HDD images (.vdi). Be sure you're dumping it in the actual encrypted volume, not just somewhere else on a file system or USB drive.
Install the operating systems, install all updates and everything. Be sure you install an ssh server on the firewall, search for "ssh server" in Synaptic Package manager should have a result like "ssh", adding it should add the server.
Now, for the hard part. You'll want to go under Network Interfaces for your firewall. Be sure the first one is NAT and that you check the second one and set it to Internal Network. This means it gets to use your standard connection AND be connected to a virtual network that VirtualBox pretends is there. For your main, you'll want to deselect the NAT, and check the second one and make it Internal Network so it's the only active one (every time you want to update your main it will be easier to just enable the NAT and disable Internal Network).
This next step is if you don't know how to do this in Linux:
Open network connections settings and edit the connection (eth1) that was set to Internal Network under firewall. Edit it from Automatic DHCP to Manual and set up some IP (10.0.3.1), and the subnet mask to 255.255.255.0 and 10.0.3.1 again as the last number (since this is the firewall). Do the same from the main Linux, except use a different last number (10.0.3.2 for example) but make sure the last IP is 10.0.3.1 again. These are just safe IP addresses you make up yourself, others will work and they only mean anything inside the virtual network.
Make sure Tor is running, both machines are running and there were no problems connecting the networks manually. You should NOT be able to browse or use the internet inside your main Linux machine. You'll need to tunnel Tor from the outside into the machine. In a terminal:
ssh -N -L 8118:10.0.2.2:8118 <host>@10.0.3.1
Where <host> is the username of your firewall. You'll have to log into your firewall's account by the way, hope you set a password.
Make another terminal window and do:
ssh -N -L 9050:10.0.2.2:9050 <host>@10.0.3.1
Leave these windows open, it's piping Tor through the outside and out of 127.0.0.1:9050 and 8118 (localhost, or YOU). You should still not be able to browse websites. You'll have to go into Firefox or whatever and set 127.0.0.1 as your proxy server. HTTP proxy is 8118 and SOCKS proxy is 9050.
If this works, check.torproject.org should report that it works.
If you want to use lots of internet based Linux commands, I recommend proxychains. It's already configured to use Tor coming out of 127.0.0.1:9050. Type "proxychains bash" to start a shell that automatically sends your TCP packets through Tor with little hassle.
Now you have an encrypted operating environment where the only way out is through Tor. It's a handy environment if you want insane privacy or want to experiment with building networks- yes, try adding more virtual machines and see what combinations you can come up with~
Categories: Uncategorized
Share This Entry:
2 Comments On This Entry
Page 1 of 1
sithius92
06 March 2012 - 10:47 AM
You can never be too paranoid about your privacy/security. Thanks for the post!
WolfCoder
20 March 2012 - 09:18 AM
I've also seen it used to chain VPNs. Normally you can't do it lengthwise, but you can log into a VPN and start a new virtual machine that itself logs into a VPN to nest VPNs.
Page 1 of 1
Find New MMORPG Games!
LaTale 4/5
Luna Online 4/5
Dream of Mirror Online 4/5
MapleStory 4/5
NosTale 3/5
FlyFF 2/5
ASDA Story 2/5 Recent Comments
Information
The following permissions for anything that is my original creation are given. Anything known as an 'object' or 'my works' in this notice refers to anything that I have created and therefore have intellectual ownership of, but nothing that is not my original creation even if permission is given to me to post it to this blog. Any computer programs I have written (especially video games) belong under my intellectual ownership.
Program code, algorithms, protocols, or any other computer source code is licensed under the GPL. See bottom of notice.
Ownership
Some 'objects' do not require you to give credit to me, however, in no circumstances do you have permission to claim any of 'my works' for your own. Only the specific rights granted in each case will apply. Any rights granted can only be applied you, and anyone else who adheres to this notice.
Credit
When giving me credit, please cite your source using a link back to the original material. If my work is used in a computer program, place this information in your readme file.
Images
Images of 'my works' such as screen shots, graphics, or any sort of 2-dimensional image (still or moving) can be used as long as you do not gain any profit. This includes direct and indirect profit, such as access fees to resources such as a download fee. You may not, however, use the images if you do not give me credit. If you are granted use of such images, their use is not limited, even in things such as broadcasts and own computer programs, but remember it is important that you give me credit for using them.
Redistribution
Content posted in this log in the form of computer programs that I release can be freely redistributed and re-transmitted in any form as long as the content is unmodified in any way, and you do not claim any ownership of the content. You may not modify the content to inject malicious programming code or your own data, doing so will be a violation of this notice, but you may make additions and modifications using any source code I provide that are not malicious as long as it is clear which parts of the computer program were originally created by myself and which parts of the program are modified and added. Content that is redistributed must be freely available without any charge. If there are any contradictions with this paragraph statement and the Gnu General Public Licence, the GPL has priority and will apply instead of the conflicting statement in this paragraph.
You may post any of my tutorials on your website (this means a copy of the original material) as long as you include a link to the original tutorial on Dream.In.Code and you give credit to me as the author. Giving credit to a "WolfCoder" is sufficient as the link back to Dream.In.Code is also sufficient. Both the link and credit are required and important. If the link to Dream.In.Code and credit to me as the author are given, you may also include the copy of the tutorial in any other form as long as no profit, directly or indirectly (such as download fees, registration fees, or similar methods of profit) are gained. However, either me or Dream.In.Code reserves the right to deny this permission of tutorial redistribution for any reason.
Warranty
Use any of my original works at your own risk. Both myself and Dream.In.Code are not liable for any damages resulting from your use of my computer programs, even from the use of heavily-tested programs. The software and source code is provided as-is, along with any 3rd party source code modifications.
The computer programs and software are subject to the GNU General Public License unless otherwise stated. Please read carefully the GPL if you are not familiar with it at: http://www.gnu.org/copyleft/gpl.html
Comments
If you have any concerns, questions, or disputes of this notice, please contact me. This notice may change without warning.
Copyright © 2005-2010
Updated August 2010
|
|
| 