Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

Multitor - A Tool That Lets You Create Multiple TOR Instances With A Load-Balancing

$
0
0

A tool that lets you create multiple TOR instances with a load-balancing traffic between them by HAProxy. It's provides one single endpoint for clients. In addition, you can view previously running TORprocesses and create a new identity for all or selected processes.

The multitor has been completely rewritten on the basis of:

Parameters
Provides the following options:
  Usage:
multitor <option|long-option>

Examples:
multitor --init 2 --user debian-tor --socks-port 9000 --control-port 9900
multitor --show-id --socks-port 9000

Options:
--help show this message
--debug displays information on the screen (debug mode)
--verbose displays more information about TOR processes
-i, --init <num> init new tor processes
-s, --show-id show specific tor process id
-n, --new-id regenerate tor circuit
-u, --user <string> set the user (only with -i|--init)
--socks-port <port_num|all> set socks port number
--control-port <port_num> set control port number
--proxy <socks|http> set load balancer

Requirements
Multitor uses external utilities to be installed before running:

How To Use
It's simple - for install:
./setup.sh install
For remove:
./setup.sh uninstall
  • symlink to bin/multitor is placed in /usr/local/bin
  • man page is placed in /usr/local/man/man8

Creating processes
Then an example of starting the tool:
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900
Creates new TOR processes and specifies the number of processes to create:
  • --init 2
Specifies the user from which new processes will be created (the user must exist in the system):
  • -u debian-tor
Specifies the port number for TOR communication. Increased by 1 for each subsequent process:
  • --socks-port 9000
Specifies the port number of the TOR process control. Increased by 1 for each subsequent process:
  • --control-port 9900

Reviewing processes
Examples of obtaining information about a given TOR process created by multitor:
multitor --show-id --socks-port 9000
We want to get information about a given TOR process:
  • --show-id
You can use the all value to display all processes.
Specifies the port number for communication. Allows you to find the process after this port number:
  • --socks-port 9000

New TOR identity
There is a "Use new identity" button in TOR Browser or Vidalia. It sends a signal to the control port of TOR, to switch to a new identity. An alternative solution is to restart the multitor or wait for the time defined in the NewCircuitPeriod variable, which default value is 30s.
If there is a need to create a new identity:
multitor --new-id --socks-port 9000
We set up creating a new identity for TOR process:
  • --new-id
You can use the all value to regenerate identity for all processes. An alternative option to give new identity is to restart the multitor.
Specifies the port number for communication. Allows you to find the process after this port number:
  • --socks-port 9000

Proxy
See Load balancing.

Output example
So if We created 2 TOR processes by Multitor example output will be given:

Load balancing
Multitor uses two techniques to create a load balancing mechanism - these are socks proxy and http proxy. Each of these types of load balancing is good but its purpose is slightly different.
For browsing websites (generally for http/https traffic) it is recommended to use http proxy. In this configuration, the polipo service is used, which has many very useful functions (including cache memory) which in the case of TOR is not always well-aimed. In addition, we are confident in better handling of ssl traffic.
The socks proxy type is also reliable, however, when browsing websites through TOR nodes it can cause more problems.
Multitor uses HAProxy to create a local proxy server for all created TOR or Polipo instances and distribute traffic between them. The default configuration is in templates/haproxy-template.cfg.
HAProxy uses 16379 to communication, so all of your services to use the load balancer should have this port number.

SOCKS Proxy
Communication architecture:
Client
|
|--------> HAProxy (127.0.0.1:16379)
|
|--------> TOR Instance (127.0.0.1:9000)
|
|--------> TOR Instance (127.0.0.1:9001)
To run the load balancer you need to add the --proxy socksparameter to the command specified in the example.
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900 --proxy socks
After launching, let's see the working processes:
netstat -tapn | grep LISTEN | grep "tor\|haproxy\|polipo"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 28976/tor
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 29039/tor
tcp 0 0 127.0.0.1:9900 0.0.0.0:* LISTEN 28976/tor
tcp 0 0 127.0.0.1:9901 0.0.0.0:* LISTEN 29039/tor
tcp 0 0 127.0.0.1:16379 0.0.0.0:* LISTEN 29104/haproxy
tcp 0 0 127.0.0.1:16380 0.0.0.0:* LISTEN 29104/haproxy
In order to test the correctness of the setup, you can run the following command:
for i in $(seq 1 4) ; do \
printf "req %2d: " "$i" ; \
curl -k --location --socks5 127.0.0.1:16379 http://ipinfo.io/ip ; \
done

req 1: 5.254.79.66
req 2: 178.175.135.99
req 3: 5.254.79.66
req 4: 178.175.135.99
Communication through socks proxy takes place without a cache (except browsers that have their own cache). Curl and other low-level programs should work without any problems.

HTTP Proxy
Communication architecture:
Client
|
|--------> HAProxy (127.0.0.1:16379)
|
|--------> Polipo Instance (127.0.0.1:8000)
| |
| |---------> TOR Instance (127.0.0.1:9000)
|
|--------> Polipo Instance (127.0.0.1:8001)
|
|---------> TOR Instance (127.0.0.1:9001)
To run the load balancer you need to add the --proxy http parameter to the command specified in the example.
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900 --proxy http
After launching, let's see the working processes:
netstat -tapn | grep LISTEN | grep "tor\|haproxy\|polipo"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 32168/tor
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 32246/tor
tcp 0 0 127.0.0.1:9900 0.0.0.0:* LISTEN 32168/tor
tcp 0 0 127.0.0.1:9901 0.0.0.0:* LISTEN 32246/tor
tcp 0 0 127.0.0.1:16379 0.0.0.0:* LISTEN 32327/haproxy
tcp 0 0 127.0.0.1:16380 0.0.0.0:* LISTEN 32327/haproxy
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 32307/polipo
tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN 32320/polipo
In order to test the correctness of the setup, you can run the following command:
for i in $(seq 1 4) ; do \
printf "req %2d: " "$i" ; \
curl -k --location --proxy 127.0.0.1:16379 http://ipinfo.io/ip ; \
done

req 1: 178.209.42.84
req 2: 185.100.85.61
req 3: 178.209.42.84
req 4: 185.100.85.61
In the default configuration, the Polipo cache has been turned off (look at the configuration template). If you set the network configuration in the browser so that the traffic passes through HAProxy, you must remember that browsers have their own cache, which can cause that each entry to the page will be from the same IP address. This is not a big problem because it is not always the case. After clearing the browser cache again, the web server will receive the request from a different IP address.
You can check it for example in the firefox browsers by installing the "Empty Cache Button by mvm" add-on and enter the http://myexternalip.com/ website.

Port convention
The port numbers for the TOR are set by the user using the --socks-port parameter. Additionally, the standard port on which HAProxy listens is 16379. Polipo uses ports 1000 smaller than those set for TOR.

HAProxy stats interface
If you want to view traffic statistics, go to http://127.0.0.1:16380/stats.
Login: ha_admin
Password: automatically generated (see in etc/haproxy.cfg)

Polipo configuration interface
If you wat to view or changed Polipo params, got to http://127.0.0.1:8000/polipo/config (remember the right port number).

Gateway
If you are building a gateway for TOR connections, you can put HAProxy on an external IP address by changing the bind directive in haproxy-template.cfg:
bind 0.0.0.0:16379 name proxy

Password authentication
Multitor uses password for authorization on the control port. The password is generated automatically and contains 18 random characters - it is displayed in the final report after the creation of new processes.

Logging
After running the script, the log/ directory is created and in it the following files with logs:
  • <script_name>.<date>.log - all _logger() function calls are saved in it
  • stdout.log - a standard output and errors from the _init_cmd() and other function are written in it

Project architecture
|-- LICENSE.md                 # GNU GENERAL PUBLIC LICENSE, Version 3, 29 June 2007
|-- README.md # this simple documentation
|-- CONTRIBUTING.md # principles of project support
|-- .gitignore # ignore untracked files
|-- .travis.yml # continuous integration with Travis CI
|-- setup.sh # install multitor on the system
|-- bin
|-- multitor # main script (init)
|-- doc # includes documentation, images and manuals
|-- man8
|-- multitor.8 # man page for multitor
|-- etc # contains configuration files
|-- lib # libraries, external functions
|-- log # contains logs, created after init
|-- src # includes external project files
|-- helpers # contains core functions
|-- import # appends the contents of the lib directory
|-- __init__ # contains the __main__ function
|-- settings # contains multitor settings
|-- templates # contains examples and template files
|-- haproxy-template.cfg # example of HAProxy configuration
|-- polipo-template.cfg # example of Polipo configuration



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>