A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


I2P/Tor Workshop Notes


I2P/Tor Workshop Notes
By the less than anonymous
Adrian Crenshaw
http://Irongeek.com

Menu:

Downloads

Places to go, data to see
I2P eepSites
I2P Services/Apps
Tor Hidden Service Websites
Tor Hidden Service IRC
 

I2P Install
Install I2P In Windows
Install I2P in Linux (Standard Method)
Install I2P in Linux using APT Method
Proxy Settings for I2P

Tor Install
Install Tor in Windows
Install Tor in Linux
Proxy Settings for Tor

I2P Tweaks
I2P, connection and Firewall settings
Name Service subscripts to add
To Make I2P accessible to your network
Run I2P as a service

Tor Tweaks
Tor IRC
Specify an Exit Node in Tor
Make Tor accessible to your network
Run Tor as service in Windows
To make Vidalia work again in Window after making Tor a service
Run Tor as service in Linux (Ubuntu)
To make Vidalia work again in Linux after making Tor a service
Torify vs Torsock (hint:use Torsocks) in Linux

Tor Hidden Services
Just a simple Tor Hidden Service
Backing up Tor Hidden Server Key

Working with I2PTunnels
Using the built in web server (Jetty) I2P Tunnel
Make SSH Server and SOCKS Tunnel
Naming and announcing your eepSite
Encrypted Lease Set

Proxy Fun
Setup FoxyProxy to use Tor and I2P at the same time
 

Extra
Other Notes

 

Downloads

Tor Browser Bundle and other downloads
    https://www.torproject.org/download/download.html

I2P
    http://geti2p.net/en/download

Pidgin Portable
    http://portableapps.com/apps/internet/pidgin_portable

Slides
    http://www.irongeek.com/downloads/into-to-darknets-tor-and-i2p.pptx

Links and services we will visit
 
I2P eepSites

Project site
    http://www.i2p2.i2p/
 
Forums
    http://forum.i2p/
    http://zzz.i2p/
     
Ugha's Wiki
    http://ugha.i2p/
 
Search engines
    http://eepsites.i2p/
    http://search.rus.i2p/
 
General Network Stats
    http://stats.i2p/
 
Site Lists &Up/Down Stats
    http://inproxy.tino.i2p
    http://perv.i2p

    http://direct.i2p
    http://no.i2p
    http://inr.i2p
    http://identiguy.i2p

All Your Wiki (Lots of links to .onion and .i2p sites)
    http://nnkikjorplul4dlytwfovkne66lwo7ln26xzuq33isvixw3wu3yq.b32.i2p/wiki/index.php?title=Main_Page

Oniichan (The web based IRC may be interesting)
     http://oniichan.i2p

Marketplace on I2P
    http://themarketplace.i2p

I2P Services/Apps

IRC on 127.0.0.1 port 6668
Syndie
SusiMail
    http://127.0.0.1:7657/susimail/susimail
 
Bittorent
    http://127.0.0.1:7657/i2psnark/
 
eMule/iMule
    http://echelon.i2p/imule/
 
Tahoe-LAFS
More plugins at
    http://i2plugins.i2p/

Tor Hidden Service Websites

Check if you are using Tor
    https://check.torproject.org/?lang=en-US&small=1
 
Core.onion
    http://eqt5g4fuenphqinx.onion
 
TorDir
    http://dppmfxaacucguzpc.onion
 
Hidden Wiki
    http://kpvz7ki2v5agwt35.onion

Onion List
    http://jh32yv5zgayyyts3.onion 

TorLinks
    http://torlinkbgs6aabns.onion 

The New Yorker Strong Box
    http://tnysbtbxsf356hiy.onion 

Silk Road 2.0
    http://silkroad6ownowfk.onion

Silk Road Forums
    http://silkroad5v7dywlc.onion


Tor Hidden Service IRC

FTW
    irc://ftwircdwyhghzw4i.onion

Nissehult
    irc://nissehqau52b5kuo.onion

Renko
    irc://renko743grixe7ob.onion

OFTC
    irc://37lnq2veifl4kar7.onion

Gateway to I2P’s IRC?
    irc://lqvh3k6jxck6tw7w.onion

 

Walk Throughs

1 I2P Install

1A
Install I2P In Windows
1. Make sure you have a JRE 1.5 or higher installed
2. Download I2P Installer for Windows
    http://www.i2p2.de/download
3. Windows: Double click the installer, then Next, Next ,Next, Yes, Yes, Yes away, but choose install as service.

1B
Install I2P in Linux (Standard Method)
1. Make sure you have a JRE 1.5 or higher installed
2. Download I2P Install for Windows and Linux
    http://www.i2p2.de/download
3. From a console in Linux run

wget http://geti2p.net/en/download/0.9.10/i2pinstall_0.9.10.jar
sudo apt-get install default-jre
java -jar i2pinstall_0.9.10.jar

Tack on -console if you are not using a GUI

1C
Install I2P in Linux (APT Method based on http://www.i2p2.de/debian, this also seems to work well on Raspbian for the Raspberry Pi)
1. Drop to a terminal and edit /etc/apt/sources.list, I use nano:

sudo nano /etc/apt/sources.list

Add the lines:

deb http://deb.i2p2.no/ stable main
deb-src http://deb.i2p2.no/ stable main

Get the repo key and add it:

wget http://www.i2p2.de/_static/debian-repo.pub
sudo apt-key add debian-repo.pub
sudo apt-add-repository ppa:i2p-maintainers/i2p
sudo apt-get update
sudo apt-get install i2p i2p-keyring

2.  Run:

dpkg-reconfigure -plow i2p

Set it to run on boot.

3. Web surf to:
    http://127.0.0.1:7657/

See link above for more details, or for changes to the process


1D
Proxy Settings for I2P
Set HTTP proxy to 4444, and SSL to 4445 on local host (127.0.0.1).

2 Tor Install

2A
Install Tor in Windows
1. Grab Tor Browser or Vidalia Bundle  
Tor Browser Bundle
    https://www.torproject.org/dist/torbrowser/
 OR
Tor Vidalia Bundle
    https://www.torproject.org/dist/vidalia-bundles/
2. Run and take the defaults, except perhaps the path.

2B
Install Tor in Linux
Lots of options
Package manager:

apt-get install vidalia

Then make sure you choose the users that can control Tor, and restart the X server.

Browser Bundle:   
    https://www.torproject.org/dist/torbrowser/linux
One of many options here:
    https://www.torproject.org/download/download-unix


2C
Proxy Settings for Tor
Set SOCKS v5 to 9050 on local host (127.0.0.1). If you are using Firefox make sure that you go to about:config and set network.proxy.socks_remote_dns to true.


3 I2P Tweaks

3A
I2P, connection and Firewall settings
1. Click “I2P Internals”
    http://127.0.0.1:7657/config
 and look around.
2. Scroll down and note UDP Port.
3. By default, TCP port will be the same number.
4. Adjust your firewall accordingly, but this varies.

3B
Name Service subscripts to add (also show profile path)
Go to
    http://127.0.0.1:7657/dns
find subscriptions, and paste in:

http://www.i2p2.i2p/hosts.txt
http://i2host.i2p/cgi-bin/i2hostetag
http://stats.i2p/cgi-bin/newhosts.txt
http://tino.i2p/hosts.txt
http://inr.i2p/export/alive-hosts.txt

3C
To Make I2P accessible to your network
1. Click through to I2PTunnel, then the “Name: I2P HTTP Proxy” settings.
2. In the Access Point->Reachable Dropdown, set it to 0.0.0.0 if you wish, but only on a private network.
3. You could also export the web console to the network and enable a password if you wish:
    http://www.i2p2.de/faq.html#remote_webconsole
    It amounts to:
    Open up http://localhost:7657/configadvanced.jsp and add the line:
         consolePassword=somepassword
    Then restart the I2P router service.

 
3D
Run I2P as a service
Windows:
Configure it at install time
or use

install_i2p_service_winnt.bat
net start i2p

and

uninstall_i2p_service_winnt.bat
from the installed I2P directory.


Linux (Ubuntu):
See  
https://help.ubuntu.com/community/I2P
if you did a normal install.
If you did the APT method above:

From the command line, reconfigure the package to automatically start with:

dpkg-reconfigure i2p

Older way:
1. Edit the default I2P files

gedit /etc/default/i2p

2. Set RUN_DAEMON to "true"

RUN_DAEMON="true"

3. Start the I2P service

service i2p start

4.  Make sure /etc/rc5.d/ has a I2P symbolic link in it.

4 Tor Tweaks

4A
Tor IRC
1. Set Tools->Preferences-Proxy
Type: SOCKS 5/Host:127.0.0.1/Port 9050
2. Accounts->Manage accounts->add
3. set server without protocol prefix
4. set proxy to use global

4B
Specify an Exit Node in Tor
1. View network. (Vidalia or http://torstatus.blutmagie.de/ )
2. Right click on a node and copy it’s Finger Print.
3. Add this to your torrc and restart Vidalia/Tor
        ExitNodes $253DFF1838A2B7782BE7735F74E50090D46CA1BC
Or to do a country
        ExitNodes {US}
May have to use
        StrictExitNodes 1
To force it to be more than a preference
More options & info at https://www.torproject.org/docs/faq#ChooseEntryExit 


4C
Make Tor accessible to your network
1. Edit your torrc. (/etc/tor/torrc)
2. Add line:
        SocksPort 0.0.0.0:9050
3. Restart Tor.

4D
Run Tor as service in Windows
Windows:
1. Run:

cd "c:\Program Files\Vidalia Bundle\Tor"

2. Then:

tor -install

3. Other commands for stopping, starting and removing later:

tor -service start
tor -service stop
tor -remove

4E
To make Vidalia work again in Window after making Tor a service
1. CD into c:\Program Files\Vidalia Bundle\Tor and run:

tor --hash-password somepassword

Note: This output contains the hash you will use.
2: Add this to the torrc you will locate in C:\

ControlPort 9051
HashedControlPassword 16:B0AB72FC4E3A30D560A3524C79E7F26CF350A8504E73210426CCBE2373

3. If the service is already installed, run:

tor -remove

4. Not run this to set up your config:

tor -install -options -f C:\torrc ControlPort 9051

5. Now when you start, Vidalia will ask for the password to connect.

4F
Run Tor as service in Linux (Ubuntu)
1. Install Vidalia and dependencies.
2. edit /etc/default/tor.vidalia and set:

RUN_DAEMON="yes”

3. Make sure /etc/rc5.d/ has a Tor symbolic link in it.
4. May have to use

sudo /etc/init.d/tor start

to get it going, but it should start on the next reboot also.

4G
To make Vidalia work again in Linux after making Tor a service
1. Edit torrc

nano /etc/tor/torrc

and add

ControlPort 9051
HashedControlPassword 16:B0AB72FC4E3A30D560A3524C79E7F26CF350A8504E73210426CCBE2373

2. then restart the daemon:

/etc/init.d/tor restart


4H
Torify vs Torsock (hint:use Torsocks) in Linux
1. Run the following in order:

sudo tcpdump port 53

and in another terminal:

torify firefox

2. Web browse someplace, notice DNS traffic.
3. Run the following in order:

sudo apt-get install torsocks
sudo tcpdump port 53

and in another terminal:

torsocks firefox

4. Web browse someplace, notice NO DNS traffic.

5 Setting up a Tor Hidden Service

5A
Just a simple Tor Hidden Service
1. In Vidalia go to Settings->Services
2. Click the plus symbol and configure Virtual Port, Target and Directory Path. For example:

Virtual Port: 80
Target: 127.0.0.1:80 or just 127.0.0.1
Directory Path: c:\torhs or /home/username/torhs

3. Click ok, then go back into Services to copy out your .onion address.

5B
Backing up Tor Hidden Server Key
1. In Vidalia go to Settings->Services, and note the location set in “Directory Path:“.
2. In this path you should find two file to backup, hostname and private_key.
3. To restore on a new Tor install you can just copy these files to a new path, and create a Hidden Service that points to the directory they are placed in.

6 Working with I2P Tunnels

6A
Using the built in web server (Jetty) I2P Tunnel
1. Find the eepsite\docrootfolder under your I2P profile (location varies depending on how you installed I2P, see notes at end).
2. Edit the HTML files to your liking.
3. Go into I2P Tunnel
    http://127.0.0.1:7657/i2ptunnel/
 and start the built in I2P Webserver.
4. When it is up, click the Preview button to see your site and its Base32 address.
5. You may want to enable the “Auto Start(A):” check box.

6B
Make SSH Server and SOCKS Tunnel
1. Make a Standard server tunnel, set target and port.
2. Create client tunnel of type SOCKS 4/4a/5, take defaults other than setting port (I use 5555).
3. In Putty, under connection, set the proxy to 127.0.0.1 on port 5555 and set “Do DNS name lookup at proxy” to yes.

6C
Backing up I2P Tunnel Key
1. Under a server tunnels settings, note its “Private key file(k)” setting.
2. This is the path, or path relative to the active I2P profile, to the file you need to backup.
3. To restore on a new I2P install you can just copy it to the new install’s profile and make sure the new tunnel’s settings are mapped to it.

Backup keys may also be found in
C:\ProgramData\i2p\i2ptunnel-keyBackup
or
/var/lib/i2p/i2p-config/i2ptunnel-keyBackup/

6D
Naming and announcing your eepSite
1. Check that you name is not already in use.
    http://127.0.0.1:7657/susidns/addressbook.jsp
2. Set a website name under server tunnel settings.
    http://127.0.0.1:7657/i2ptunnel/edit.jsp?tunnel=3
3. Copy “Local destination(L):” key.
4. Add it to you master address book list.
    http://127.0.0.1:7657/susidns/addressbook.jsp?book=master
5. Register yout name with a subscription service if you like, stats.i2p for example.
    http://stats.i2p/i2p/addkey.html 
6. Announce in the forums if you wish, in the form:

6E
Encrypted Lease Set
1. Copy local destination or Base32 address:

bvpuvudy3hqxhspfgt7mb3ahsjawwcnqkkfdkhviaxpa4zb6qnia.b32.i2p

or

fTahDS7dipsSyqMQJVVKOOVL9mwkW03xNOC7TOTolGXjPYV9utMrac0TtJNVXHcTnuhvJ
mB4E85EzFd-mBDyU1VXpa5X070D0qNSuym3mEa2Esv7DqUa8lFhjSxf0u-Gc19ogv1woLUIy
fmPPecW96JNnkBB-9cGC2CWYu3Lgcu-0whRtz-Vy2NsxY6FdFkyDjtl-uTclmOwLnVrcgTzlNyq
UaiuSh154-R342Y3-BJiIL4gqWYL8A7TP9~rChgtoXwOquiHnrtbwpJejYEWcJWvtl43mOww4i0
Lw418WLGQZSxo~G1RU1tM51LKuCyAcnKtTXHfflh61TE1Oe2p4ZSzCSqjxcZRP4kt2xzj4z69
96U5K1I6PeI7PM5GZZi0LO4wDsdXfCTKXII6Z17fCXhqAHu4-OjAiDjrZ2felisAsTvd4uPiBmizLR
BIaYKUtMQEapWYndJcStnPXL1lhG1aiSfT4virorDfCTLBgGS-EZY9XyQFj~zHkakAnbYiAAAA

and key

8gQGEw7bLpHIhW8lgcdqWT8UrmZQrGbHTTaSZf2~Jfk=

2. Go to I2P internals->Keyring and add the value.
3. You should now be able to use that server tunnel.

7
Setup FoxyProxy to use Tor and I2P at the same time
This assumes you are using the Tor Browser Bundle
1. Search for FoxyProxy or https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
2. Continue to Download-> Add to Firefox->Allow
3. Restart.
4. Right click FoxyProxy icon, click Options.
5. Edit Default, choose Proxy Details tab, click manually configure, set ip to 127.0.0.1 and port to 9150.
6. Check "SOCKS Proxy?" and radio button "SOCKS5". Click OK.
7. Add proxy. Under General, set a name like "I2P", and a color.
8. Switch to Proxy Details tab. Set IP to 127.0.0.1 (or a remote proxy) and port to 4444.
9. Switch to URL Patterns tab. Add a new pattern, call it I2P and enter *.i2p/* as pattern. OK, OK to get back to proxy list.
10. Add New Proxy. Choose "Direct internet connection".
11. Switch to URL Patterns tab. Make a URL pattern for localhost like http://127.0.0.1:*. Move it to the top of the list.
12. Right click FoxyProxy icon, click "Use Proxies based on their predefined patterns and priorities".



Other Notes:

default i2p hops: 2 for exploratory, 3 for Client

Profile locations as a service/standalone app (check in http://127.0.0.1:7657/configclients to be sure):

C:\ProgramData\Application Data\i2p\
C:\Windows\system32\config\systemprofile\AppData\Roaming\I2P\
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I2P\
/usr/share/i2p/
C:\Users\username\AppData\Roaming\i2p

Web servers for testing:
Linux: apt-get install apache2
Windows:
    http://rejetto.com/hfs/

Proxy Selector Plugin
    https://addons.mozilla.org/en-US/firefox/addon/proxy-selector/

Widecap Download
(seems to proxify some apps, but not all, in Windows 7 32 and 64bit. Has some DNS leak issues):
    http://widecap.com/

Telnet server to test Widecap and Torsocks with:
    telehack.com

Add this to your torrc to run a local DNS server:

DNSPort 53
AutomapHostsOnResolve 1

base32calc.py

 

#!/usr/bin/env python
#Based on Duck's script from http://forum.i2p2.de/viewtopic.php?t=4367
import base64, hashlib, sys

if len(sys.argv) != 2:
   print 'Usage: convertkey.py <base64key>'
   sys.exit(1)

key = sys.argv[1]
raw_key = base64.b64decode(key, '-~')
hash = hashlib.sha256(raw_key)
base32_hash = base64.b32encode(hash.digest())
print base32_hash.lower().replace('=', '')+'.b32.i2p'


My spot in CipherSpace
    http://irongeeks.i2p/ 
or
    http://ecduxoion5uc5hnvzjxff6iiwhdwph6gse3dknyvlo7e6gaeho7a.b32.i2p/
 
https://github.com/lachesis/scallion/blob/binaries/

FoxyProxy Regex for I2P (from Tails Linux):
^https?://[-a-zA-Z0-9.]+\.i2p(:[0-9]{1,5})?(/.*)?$

Codenames used in NSA Tor deanonymization (some were only referenced, with no details):

EGOTISTICALGIRAFFE - Type confusion vulnerability in E4X, Firefox 11.0-16.02 and Firefox 10.0 ESR, used for deanonymization.
EGOTISTICALGOAT -used for deanonymization
ERRONEOUSINGENUITY - commonly know as ERIN. Only works against 13.0-16.0.2, used for deanonymization.
FINKDIFFERENT - Some sort of call back?
FUNNELOUT
QUANTUM - Does the redirection from the backbone
QUANTUMCOOKIE - Forces cookies onto the target, or forces them to give up cookies?
QUANTUMINSERT

FOXACID - "exploit orchestrator"
FOXACID tags - Not just anyone who visits gets hit, have to have a special tag
DireScallop - Ant-Ant-Malware and persistence agent
FrugalShot - FierAcid servers designed to get callbacks

TURMOIL
REMATION II - NSA Joint GCHQ counter-Tor workship
NEWTONS CRAFLE - GCHQ project to run Tor nodes for SIGINT.
QUICKANT - Tool for SIGINT bases on traffic going in and out under low latency
Evercookie
EPICFAIL - GCHQ QFD passes on email, web forum, but not cookies
GREAT EXPECTATIONS - EPICFAIL but would include cookies
RONIN - Track Tor nodes life span (not just if it was a Tor node, but when)
ONIONBREATH - DSD and GCHQ project to work with Hidden Services
MJOLNIR NSA developed library for constructing Tor circuits.
Coil Attack - DoS attack where a circuit is constructed to bounce back and forth between two Tor nodes
Flower Attack - DoS attack where a circuit is constructed to bounce back and forth between a target and multiple Tor nodes in sequence
Op MULLENIZE - GCHQ report. Something to do with "Staining" traffic so that machines can be tracked with something other than IP. Does not specifically reference Tor, but NAT and proxies. Could be referring to inserting cookies.

http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/
http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/

Change Log:

01/30/2013: Many more typo fixes and general updates.
12/26/2013: Small updates to many other sections.
12/19/2013: Updated "Site Lists &Up/Down Stats" section.
10/17/2011: Did some updates for Hack3rc0n and the 8.9 release. 
08/08/2011: Fixed some typos, added the index.
08/02/2011: First Posted

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast