Xe1phix-[AnonSurf]-Wiki.txt

1.  
2.  
3. Table of Contents:
4.  
5. What is AnonSurf?
6. What is Tor?
7. Tor technical details
8. What is I2P?
9. I2P technical details
10. The AnonSurf menu toolbar
11. Starting Tor from parrot menu
12. Stopping Tor from parrot menu
13. Starting TorBrowser
14. Starting I2P from parrot menu
15. Starting Tor from parrot menu
16. Changing tor identity
17. Using AnonSurf through the CommandLine Interface (CLI)
18. Additional CLI tricks
19. Daemon Status Checks
20. Check your ip on the CLI
21. A couple good intro to Darknet videos:
22. Additional advice for i2p users:
23. References
24.  
25.  
26. What is AnonSurf?
27.  
28. Anonsurf [1] is Parrot's anonymous mode to force connections through tor and/or the i2p network. Anonsurf's usage has a graphical interface, and a
29. CommandLine Interface (CLI).
30.  
31.  
32. What is Tor?
33.  
34. Tor [2] is a SOCKS4 [3] & SOCKS5 encryption protocol.
35. Tor tunnels all traffic running across the users network anonymously.
36. Tor conceals a user's location and network data from anyone monitoring the user locally, and remotely.
37.  
38. Tor has several use cases:
39. [+] used with on the browser (torbrowser & iceweasel)  
40. [+] IRC [4] clients (hexchat)
41. [+] Instant messanging (torchat [5], tormessanger)
42. [+] Hidden servers (Creating .onion sites)
43.  
44. Tor technical details:
45.  
46. The Tor protocol works by:
47. [+] multiplexing [6] multiple “circuits” over a single node-to-node TLS connection.
48. [+] Tor traffic is routed through 3 nodes by default: Guard, relay, and exit.
49.  
50. TorRoutingDiagram.png
51.  
52.  
53.  
54. To be able to route multiple relays, Tor has something called stream multiplexing capability:
55. [+] multiple TCP connections can be carried over a single Tor circuit.
56. [+] Each node knows only the source and destination pairing for a circuit. It does not know the whole path.
57.  
58. TorCircuitsAndStreams.png
59.  
60.  
61. Taken from Mike Perry's talk at blackhat in 2007 found here [7]
62.  
63. Tor technical details described here [8]
64.  
65.  
66.  
67.  
68.  
69.  
70. What is i2p?
71.  
72. I2P [9] is a collection of anonymous unidirectional networking protocols that operate on the network layer.
73. I2p mainly uses a http proxy (port 4444) protocol called the i2ptunnel.
74. I2p routes traffic through .i2p TLD's called eepsites (example: inr.i2p).
75.  
76. There are two kinds of tunnels:
77.  
78. [+] outbound tunnels are those tunnels used to send messages away from the tunnel creator
79. [+] inbound tunnels are those tunnels used to bring messages to the tunnel creator.
80.  
81.  
82.  
83. I2P is an anonymous network layer protocol. This means it is robustly designed to scale across many platforms:
84.  
85. [+] Applicaton layer clients (i2pbrowser, iceweasel, etc)
86. [+] IRC clients (hexchat, Xchat, etc)
87. [+] P2P networks (Robert, I2phex, i2psnark, etc)
88. [+] instant messanging (i2p-messanger, i2p-talk)
89. [+] Email (I2P-Bote, Susimail, etc).
90.  
91.  
92. There are a couple interfaces written for additional ports to be possible:
93.  
94. [+] SAM (Simple Anonymous Messaging) is a protocol which allows a client application written in any programming language
95. to communicate over I2P, by using a socket-based interface to the I2P router
96. [+] BOB (Basic Open Bridge) is a less complex app to router protocol similar to "SAM"
97. [+] I2P Webserver - A tunnel pointed to a Jetty webserver run on localhost:7658 for hosting a I2P eepsite (.i2p TLD).
98. [+] Irc2P - A IRC tunnel to the default anonymous IRC network.
99.  
100.  
101. There are several other projects porting off the i2p conceptualization such as:
102.  
103. [+] Tahoe-LAFS [10] - A secure, decentralized, fault-tolerant, distributed data store and distributed file system.
104. [+] Imule - Uses the Kademlia algorithm and tunnels it through the I2P network.
105. [+] Syndie - A content distributing application which supports connecting to blogs, newsgroups, forums, etc.
106. [+] I2PBerry - A Linux distribution which can be used as a router to encrypt and route network traffic through the I2P network
107. [+] Outproxy Tor plugin
108.  
109.  
110.  
111.  
112. I2P technical details:
113.  
114.  
115. [+] routerInfo - a data structure to provide routers the information necessary for contacting
116. a specific router (their public keys, transport addresses, etc).
117. [+] leaseSet - gives routers the information necessary for contacting a particular destination.
118.  
119. ElGamal/AES+SessionTags [11] is used for end-to-end encryption in several parts of I2P:
120.  
121. [+] To encrypt router-to-router tunnel building messages.
122. [+] For encryption of some netDb stores and queries sent to floodfill routers (destination-to-router or router-to-router).
123. [+] ElGamal is used to encrypt IV's and Session keys in a single block.
124.  
125. AES is used for symmetric encryption, in several cases:
126.  
127. [+] To transport encryption (see section "Transports") after DH key exchange
128. [+] AES encrypted payload using that key and IV.
129. [+] encryption of some netDb stores and queries sent to floodfill routers (destination-to-router or router-to-router).
130.  
131.  
132. More information on the i2p protocol here [12]
133. More information on the i2p encryption mention here [13]
134.  
135. I2P actually created its own protocol stack [13]:
136. I2pProtocolStack.png
137.  
138.  
139. I2P's technical details described here
140. https://geti2p.net/en/docs/how/tech-intro
141.  
142. I2P research papers found here [14]
143.  
144.  
145. The AnonSurf menu toolbar:
146.  
147. The Anonsurf mode menu option was created for an easy-to-use interface.
148. There are several options to choose from:
149. [+] Anonymous Mode Start
150. [+] Anonymous Mode Stop
151. [+] Change Identity
152. [+] Start I2P Services
153. [+] Stop I2P Services
154.  
155.  
156. Below is the list of options anonsurf offers:
157. Anonsurf-Toobar.png
158.  
159.  
160.  
161.  
162. Anonymous mode start
163.  
164. Choosing the Anonymous Mode Start option will do several things:
165.  
166. [+] Kill all applications that would leak your current IP Address
167. [+] Cleans the application cache for a clean, untainted browser session.
168. [+] If tor daemon isnt running, it is launched.
169. [+] Forces all future connections through the tor network
170. [+] Stops resolvconf.service
171. [+] Modifies resolv.conf to use Tor and FrozenDNS for future DNS queries
172. [+] Restarts resolvconf.service
173. [+] Modifies the iptables ruleset to restrict connects exclusively to the tor network.
174.  
175. Start-Tor.png
176.  
177.  
178.  
179.  
180. Starting TorBrowser [15]
181.  
182. When you start tor browser a few things will happen:
183. [1] Tor version check is performed
184. [2] Tor browser signature is downloaded to verify any MITM attempts
185. [3] Tor tarball is downloaded
186. [4] The tor tarball is verified by the developers signature
187. [5] Either a GOOD SIGNATURE notification is presented or a SIGNATURE VERIFICATION FAILED.
188. [6] Tor is then decompressed and launched.
189.  
190.  
191.  
192. Starting I2P from anonsurf menu
193.  
194. To start i2ptunnel with anonsurf click the Start I2p Services within the anonsurf menu option:
195.  
196. Start-I2p.png
197.  
198.  
199. Stopping I2P from anonsurf menu
200.  
201. To stop an i2ptunnel from the anonsurf menu
202. click on the Stop I2p Services option within the anonsurf menu option:
203.  
204. Stop-I2p.png
205.  
206.  
207.  
208.  
209. Using AnonSurf through the CommandLine Interface (CLI)
210.  
211. To show anonsurf binary options type:
212. anonsurf --help
213.  
214. anonsurf-help.png
215.  
216.  
217. To start tor daemon from the CLI Type:
218. anonsurf start
219.  
220.  
221. When you start Anonymous Mode on anonsurf It will present you with a notification alert
222. indicating it is Killing leaking services:
223. AnonSurfKillingLeakingServices.png
224.  
225.  
226.  
227.  
228.  
229. Additional AnonSurf CommandLine Interface (CLI) Tricks
230.  
231.  
232.  
233. To double check that your DNS queries will be restricted to Tor remote DNS & FrozenDNS for future DNS queries
234. Type the following:
235.  
236. cat /etc/resolv.conf
237. cat /etc/resolv.conf.head
238. cat /etc/resolv.conf.bak
239.  
240. CheckResolvConf.png
241.  
242.  
243.  
244.  
245. To start i2ptunnel from the CLI Type:
246. anonsurf starti2p
247. AnonSurfStartI2pCLI.png
248.  
249.  
250. To stop i2ptunnel from the CLI Type:
251. anonsurf stopi2p
252. AnonSurfStopI2pCLI.png
253.  
254.  
255.  
256.  
257. Daemon Status Checks
258.  
259. To find out the status of running daemons on anonsurf through the cli type:
260. anonsurf status
261.  
262.  
263. Checking the tor service status:
264.  
265. You can check the status of these daemons by typing couple easy commands:
266.  
267. systemctl status tor.service
268. service --status-all | grep "tor"
269.  
270. The same can be done with i2p:
271. systemctl status i2p.service
272. service --status-all | grep "i2p"
273.  
274. /usr/bin/i2prouter console
275. /usr/bin/i2prouter status
276. /usr/bin/i2prouter dump
277.  
278.  
279.  
280.  
281.  
282.  
283.  
284.  
285.  
286. Changing tor identity:
287.  
288. AnonSurf has a built in option called "Change Identity" menu option.
289. This does 3 things:
290. [+] clears browser state
291. [+] closes tabs
292. [+] And obtains a fresh Tor circuit for future requests
293.  
294.  
295. Through the commandline:
296. AnonSurfChangeIdentity.png
297.  
298. Through the GUI menu option:
299. AnonSurfChangeIdentityGUI.png
300.  
301.  
302.  
303.  
304. To Check your ip and verify your tor connection on the CLI type:
305. anonsurf myip
306.  
307. AnonSurfMyIPCLI.png
308.  
309.  
310.  
311. A couple good intro to Darknet videos:
312.  
313. Intro to Darknets Tor and I2P:
314. https://www.youtube.com/watch?v=tjJYC2LuJl0
315.  
316. 24C3: To be or I2P:
317. https://www.youtube.com/watch?v=TsfdzfGZyu0
318.  
319. Defcon15 Mike Perry Securing the Tor Network:
320. https://www.youtube.com/watch?v=e0TUNRFjkR0
321.  
322.  
323.  
324.  
325.  
326. Additional advice for i2p users:
327.  
328. To check if your iceweasel preferences are setup correctly
329. open up the about:preferences in a new tab:
330. I2pPreferences.png
331.  
332.  
333. Then the advanced tab:
334. I2pBrowserNetworking.png
335.  
336.  
337. Under the network tab, and then choose setttings
338. A new window will open up and make sure these settings are filled in:
339. I2prouter uses HTTP Proxy on 127.0.0.1:4444
340. I2prouter uses HTTPS Proxy on 127.0.0.1:4445
341. I2pConnectionSettings.png
342.  
343.  
344.  
345. I2p uses eepsites to access sites with the .i2p TLD
346. http://127.0.0.1:7657/home
347.  
348.  
349.  
350.  
351.  
352. Subscribing to another users hosts.txt file involves giving them a certain amount of trust.
353. Be very careful when adding new hosts files
354.  
355. What are some good trused subscription links?
356.  
357. http://i2p-projekt.i2p/hosts.txt
358. http://i2host.i2p/cgi-bin/i2hostetag
359. http://stats.i2p/cgi-bin/newhosts.txt
360. http://no.i2p/export/alive-hosts.txt
361.  
362.  
363.  
364.  
365. http://inr.i2p/browse/          ## I2P Name Registry is a domain name registration service for I2P
366. http://no.i2p/browse/           ## backup of inr.i2p
367.  
368.  
369. add I2P Name Registry subscription link into your routers addressbook:
370.  
371. http://localhost:7657/susidns/addressbook.jsp?book=private&hostname=inr.i2p&destination=GGB99wXYBnX-wOxQ~Xrvo7AvngoYgifvZZL54ksZWzclcirG7AysqfkAKyv906PxfM4y2DcN2K9m4-D99yFj-1BdnUuIEqfi2yuaaVoWuOffT3h9ne~kZnq3C-wrmczD70Gxk4shvSVxMdUEFvEip8QY4K0R-FiKBsFAfWGTE3b9d-QCzP0H9VP5V-CaYjYVQuMRgMluk9gnoLRipvV7483f~rmGgYX8xwygEAQ3v9P4hrAlJrP0lWJLI1K6KQucP3THIxZ4A9Xxnl0I7EZAT8bHwzschFrcDPYM~DtQdkJTz2VphocbNLfIExTrFt88-xC69WE-fSbaMf9jucT4f5kdpfpRu0kM~am40etxPs8uXGF-L9IXCjgUkJHrWdPHeGhnx-ye2xvUTLO2jyga8iY89Ee3IpqivVUg-iAQJzX9NXC29sf0YzNj8d8mdWRNuzbLSx9CVJ3l1NPJr4k7hmCqf8lBGXNIFZQL4Wez1PPcM4gw0o73gqIxkxvVzVcpAAAA
372.  
373.  
374.  
375.  
376. Addressbook Subscription technical details:
377.  
378. I2P supports Base32 hostnames similar to Tors .onion addresses. Base32 addresses are much shorter and easier to handle than the full 516-character Base64 Destinations or addresshelpers. Example: ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p
379. In Tor, the address is 16 characters (80 bits), or half of the SHA-1 hash. I2P uses 52 characters (256 bits) to represent the full SHA-256 hash. The form is {52 chars}.b32.i2p.
380. Base32 is implemented in the naming service, which queries the router over I2CP to lookup the LeaseSet to get the full Destination. Base32 lookups will only be successful when the Destination is up and publishing a LeaseSet.
381.  
382.  
383. Add eepsites to your subscription addressbook:
384.  
385. When opening links for the first time, it will ask you if you would like to save the eepsite Base32 address to your subscription
386. addressbook. If you trust the provider, choose:
387. "save {i2peepsite}.i2p to router address book and continue to website"
388. I2pAddBoteEepsite.png
389.  
390.  
391. Once you have saved the base32 address to your personal subscription addressbook you wont see this prompt whenever
392. you visit the eepsite again. The SusiDNS will resolve the eepsite url through the SHA512 hash associated with that
393. eepsites .i2p.
394.  
395.  
396.  
397.  
398.  
399. You can change your browsers User Interface (UI) to a dark theme by going to the url:
400. http://127.0.0.1:7657/configui
401.  
402.  
403. And choosing
404. (x) midnight
405. (x) Set theme universally across all apps
406.  
407. I2pUserInterfaceMidnight.png
408.  
409.  
410. After Configuring the UI your browser should look like this:
411.  
412. I2pUIApply.png
413.  
414.  
415. To start a Irc2P (the IRC tunnel for i2p)
416. Point your IRC client to localhost:6668 and say hi to us on #i2p
417.  
418.  
419. To check if your version of i2p is up to date go to:
420. http://127.0.0.1:7657/configupdate
421.  
422. To access i2psnark, the i2p default torrent tunnel go to:
423. http://127.0.0.1:7657/i2psnark/
424.  
425.  
426.  
427.  
428. To add i2p eepsites to your dns subscriptions, go to:
429. http://127.0.0.1:7657/susidns/subscriptions
430.  
431.  
432.  
433. The best site for name resolution is inr.i2p
434.  
435.  
436. irc.echelon.i2p
437. irc.postman.i2p
438. irc.killyourtv.i2p
439. irc.devfs.i2p
440. irc.dg.i2p
441. irc.undefined.i2p
442. irc.welterde.i2p
443.  
444.  
445.  
446. imule .nodes file can be found at:
447. http://echelon.i2p/imule/nodes.dat
448.  
449.  
450.  
451.  
452.  
453.  
454.  
455. References:
456. [1] https://github.com/parrotsec/anonsurf
457. [2] https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
458. [3] https://en.wikipedia.org/wiki/SOCKS
459. [4] https://en.wikipedia.org/wiki/Internet_Relay_Chat
460. [5] https://github.com/prof7bit/TorChat/wiki
461. [6] https://en.wikipedia.org/wiki/Multiplexing
462. [7] https://www.blackhat.com/presentations/bh-usa-07/Perry/Whitepaper/bh-usa-07-perry-WP.pdf
463. [8] https://www.torproject.org/docs/documentation.html.en
464. [9] https://en.wikipedia.org/wiki/I2P
465. [10] https://en.wikipedia.org/wiki/Tahoe-LAFS
466. [11] https://geti2p.net/en/docs/how/elgamal-aes
467. [12] https://geti2p.net/spec/cryptography
468. [13] https://geti2p.net/en/docs/protocol
469. [14] https://geti2p.net/en/papers/
470. [15] https://github.com/TheTorProject/gettorbrowser
471. https://www.freehaven.net/anonbib/
472. https://www.whonix.org/wiki/I2P
473. http://i2p-projekt.i2p/en/faq#subscriptions
474. http://www.i2p2.i2p/naming.html
475.  
476.