0x00 搭建私有Tor网络 ( private Tor network)
RS1 : Tor Client (客户端)
RS2 : Tor relay (退出及中继节点) 2个中继+1退出中继
RS3 : Tor Bridge relay (网桥)
RS4 : Authority Server (权威目录服务器)
权威服务器(Authority Server)必须和洋葱路由器(Tor)在同一时间
apt-get install tor ntpdate
ntpdate time.nist.gov
0x01 配置权威目录服务器RS4(Setup Authority Server on RS4)
(1). 运行以下命令生成的权威密钥(authority keys)
mkdir /var/lib/tor/keys
sudo tor-gencert --create-identity-key -m 12 -a 192.168.18.111:7000 \
-i /var/lib/tor/keys/authority_identity_key \
-s /var/lib/tor/keys/authority_signing_key \
-c /var/lib/tor/keys/authority_certificate
or ===>
sudo tor-gencert --create-identity-key -m 12 -a 192.168.18.111:7000 -i /var/lib/tor/keys/authority_identity_key -s /var/lib/tor/keys/authority_signing_key -c /var/lib/tor/keys/authority_certificate -v
当提示输入密码,请使用你的密码 dfgt@#dfd34341sd~~!。该命令将生成以下文件
authority_identity_key :长期密钥签署授权证书(authority certificate)
authority_signing_key :中期键(medium-term key)(3-12个月)签署目录信息
authority_certificate :由权威身份密钥(authority identity key)签名的文件,以证明权威签名密钥。
(2). 其次,生成router keys
https://tor.stackexchange.com/questions/8873/creating-directory-server
http://fengy.me/prog/2015/01/09/private-tor-network/
tor --list-fingerprint --orport 1 \
--dirserver "name 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
--datadirectory /var/lib/tor
or ==>
sudo tor --list-fingerprint --orport 1 --dirserver "name 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" --datadirectory /var/lib/tor/
(if permission denied : sudo chown -R root:root /var/lib/tor)
该命令将生成以下文件:
secret_id_key :长期密钥来签署路由器描述符和TLS证书。
secret_onion_key :用于建立一个电路和协商临时密钥中期关键。
secret_onion_key_ntor :握手短期关键(short-term key for handshake.)。
fingerprint : fingerprint of the identity key.
(3) 编辑torrc
gedit /etc/tor/torrc
TestingTorNetwork 1
DataDirectory /var/lib/tor
RunAsDaemon 1
ConnLimit 60
Nickname RS4
ShutdownWaitLength 0
PidFile /var/lib/tor/pid
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log
ProtocolWarnings 1
SafeLogging 0
DisableDebuggerAttachment 0
DirAuthority RS4 orport=5000 v3ident=finger1 192.168.18.111:7000 finger2
SocksPort 0
OrPort 5000
Address 192.168.18.111
DirPort 7000
# An exit policy that allows exiting to IPv4 LAN
#ExitPolicy accept 192.168.16.0/22:*
# An exit policy that allows exiting to IPv6 localhost
#ExitPolicy accept [::1]:*
#IPv6Exit 1
AuthoritativeDirectory 1
V3AuthoritativeDirectory 1
ContactInfo auth@test.test
ExitPolicy reject *:*
service tor start
finger1 : /var/lib/tor/keys/authority_certificate 找到 fingerprint 9F891F74141865DD89F1EB7D1C5853AB6188D041
finger2 : /var/lib/tor/fingerprint
eg. Your Tor server's identity key fingerprint is
'Unnamed C78C7376A09461466F95C56E36199148058FBF84'
===> finger2 = C78C 7376 A094 6146 6F95 C56E 3619 9148 058F BF84
0x02 配置客户端(Tor Client)
(1) 生成router keys
tor --list-fingerprint --orport 1 \
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
--datadirectory /var/lib/tor
(2) 编辑torrc
gedit /etc/tor/torrc
OrPort 5000
SocksPort 9011
Exitpolicy reject *:*
Nickname RS1
DirAuthority RS4 orport=5000 v3ident=finger1 192.168.1.4:7000 finger2 #(finger1 and finger2 in RS4)
TestingTorNetwork 1
DataDirectory /var/lib/tor
RunAsDaemon 1
ConnLimit 60
ShutdownWaitLength 0
PidFile /var/lib/tor/pid
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log
ProtocolWarnings 1
SafeLogging 0
DisableDebuggerAttachment 0
service tor start
0x03 配置中继和退出节点(以及网桥)
配置中继节点 Tor Relay (s)
(1) 生成router keys
tor --list-fingerprint --orport 1 \
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
--datadirectory /var/lib/tor
(2) 编辑torrc
gedit /etc/tor/torrc
OrPort 5000
SocksPort 0 #RS1 diffrent
Exitpolicy reject *:*
Nickname RS2
DirAuthority RS4 orport=5000 v3ident=finger1 192.168.1.4:7000 finger2 #(finger1 and finger2 in RS4)
TestingTorNetwork 1
DataDirectory /var/lib/tor
RunAsDaemon 1
ConnLimit 60
Nickname RS1
ShutdownWaitLength 0
PidFile /var/lib/tor/pid
Log notice file /var/lib/tor/notice.log
Log info file /var/lib/tor/info.log
ProtocolWarnings 1
SafeLogging 0
DisableDebuggerAttachment 0
# An exit policy that allows exiting to IPv4 LAN
ExitPolicy accept 192.168.16.0/22:*
# An exit policy that allows exiting to IPv6 localhost
ExitPolicy accept [::1]:*
IPv6Exit 1
service tor start
Tor Relay (s)配置退出中继节点
只是在”Tor Relay (s)配置中继 “ 配置文件中加一个:
ExitRelay 1
0x04 配置网桥 Bridge relay
Ubuntu
must have External IP
apt-get install obfs4proxy
gedit /etc/tor/torrc
SOCKSPort 0
ORPort 5000
ExtORPort auto
BridgeRelay 1
UpdateBridgesFromAuthority 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
Exitpolicy reject *:*
RunAsDaemon 1
PublishServerDescriptor 0
Nickname RS3
ContactInfo test@test.test
DirAuthority RS4 orport=5000 v3ident=finger1 192.168.1.4:7000 finger2 #(finger1 and finger2 in RS4)
service tor start
sudo cat /var/lib/tor/fingerprint
0x05 使用网桥 UseBridges
UseBridges 1
Bridge obfs4 89.46.73.150:41595 BE158D7939B8C95C54F07C50D7EBE50BEDA68C4D cert=3OCxcKIP+9UmUUVJPgjArM95dpZUDJv6+uFR35KlKy6JzkxbN3llrvE1jNzhFPWaX2mgZw iat-mode=0
Bridge obfs4 13.58.94.90:9443 DDAFCB98850DE23177224F382049A6FCD4A80E4B cert=MvzYIjUby2RfVa5ATIKkf1bC3lQ4JSzzmWtHCDcKZaCxByn4Tp5R30bMiMnOEXrKPP8qeA iat-mode=0
Bridge obfs4 83.212.97.47:54187 80FCA5A349AE7E5C2C8503BFB908D4204FDB9C3E cert=IfdoBRxcIl/l5YrMUxFrNSOOI5DjU3w8IcZI/CQMbpzBj/UdpdCZsT5yfbZ1MFL6xmTTGw iat-mode=0
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
MaxCircuitDirtiness 600 # 600 seconds = 10 minutes
firefox : socks5 —> 127.0.0.1 9050
0x06 Test The Private Network
在RS1,设置火狐为”127.0.0.1:9011” SOCKS5
Wireshark来观看每RS1访问http://192.168.1.4
0x07 Reference
https://www.torproject.org/docs/tor-manual-dev.html.en
https://ritter.vg/blog-run_your_own_tor_network.html
http://fengy.me/prog/2015/01/09/private-tor-network/
写于 : 2017-10-30 16:09:00