brainfucksec / archtorify Goto Github PK

This isn't really a bug, but I still decided to make this issue, since this would probably be a useful/interesting feature.

Could you add support for automated IP rotating? That would be beneficial to some, particularly because the indiscriminate routing of traffic of an entire system could lead to the identification of a user.

Program error message
when i start the thing

 _____         _   _           _ ___
|  _  |___ ___| |_| |_ ___ ___|_|  _|_ _
|     |  _|  _|   |  _| . |  _| |  _| | |
|__|__|_| |___|_|_|_| |___|_| |_|_| |_  |
                                    |___| v1.30.1

=[ Transparent proxy through Tor
=[ brainfucksec


:: Check program settings
Set /usr/lib/systemd/system/tor.service
Set /etc/tor/torrc
Configure resolv.conf file to use Tor DNSPort
Reload systemd daemons

:: Starting Transparent Proxy
Disable IPv6 with sysctl
Start Tor service
Set iptables rules
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.8 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[ERROR] can't set iptables rules

Other network proxies/firewalls or DNS applications installed
nothing

Shell used
bash

Additional context
My system is fully updated
I have tor installed
If i update the package just keeps reinstalling to be fair this [( https://github.com//issues/26)]
when i do clearnet it says that tor is running but its not coz there was the error

Recreate circuit until the latency is below a given threshold.

Describe the bug
Using Archtorify seems to break bridged networks, which essentially bars the ability to access external resources from a virtual machine.

Program error message
The program and virt-manager do not return an error message and the virtual networks are activated as well.

Other network proxies/firewalls or DNS applications installed

• firewalld

Shell used

• zsh

Additional context
Creating a virtual machine with virt-manager, enabling archtorify and using the default configurations for creating a bridged network (NAT) should be enough to reproduce this issue.

If not how can I enable them? The wiki didn't mention anything about them.

Recreate circuit every -t minutes.

typo in README.md at #Donations, Please donate a litte to support my projects: should be Please donate a little to support my projects.

Describe the bug
Tor not working properly and is very slow to the point that it is unusable.

Program error message
Your system is not using Tor!
and on restart archtorify --restart -> https://ipapi.co/json/ returns nothing though tor is running.

Hello,
First, thank you very much for this code, that is exactly what I was looking for for a while.

I was thinking about the possibility to select tor exit node. Whether it is temporary or not, it could be very interesting to be able to select the country of the exit node. Some contents are blocked in some countries.
I'm not sure how to integrate this, but I know that orbot on android does it.
Do you think you can integrate this?

Hey,

first, thanks for this great script! It does exactly what i want! :-)

I have only one "issue" with that: NFS Shares arent accessable anymore from another Machine in the same lan.

I think this is because iptables blocks everything?

Describe the bug
i needed 2 change 3 backup files i had to read out of the archtorify.sh just to get a control port for nyx running my whole system is full with torrc update and backup files just to change 1 simple thingh it took me 1 hr searching!!!! Thumbs down for it when u wana conifigure sth by urself maybe for a linux full noob but hey i feel bit infiltrated i will let u know more when i read out all that creepy stuff which is on my desk from the gitklone install ...!

Program error message
The error message returned by the program.

Screenshots
If applicable, add screenshots to help explain your problem.

Other network proxies/firewalls or DNS applications installed
[e.g. firewalld, UFW, DNSCrypt]

Shell used
[e.g. bash, zsh, ksh]

Additional context
Add any other context about the problem here.

archtorify-git v1.29.0.r3.g91aece4-1 -> v1.30.1-1

• As of version 1.29.0, changes the directory used for backups:

Old -> /usr/share/archtorify/backups
New -> /var/lib/archtorify/backups

• Changes also in the Makefile.

So, remove the program manually and then install the new version:

sudo rm -ri /usr/bin/archtorify \
/usr/share/archtorify \
/usr/share/licenses/archtorify \
/usr/share/doc/archtorify

Users who have installed archtorify with an AUR helper only have to remove manually the old backup directory:

sudo pacman -Rsn archtorify-git

sudo rm -ri /usr/share/archtorify/backups

archtorify -s or archtorify --status goes to check_status function.

At the top of the function, check_root function is called, so the program complains if it isn't run as root. However, I didn't find any need for root access to check, as systemctl is-active tor.service doesn't require root access. I needed archtorify to run on my script which shouldn't be run on root, so I think you can remove check_root in check_status if you think that's OK.

If necessary, you can simply uncomment them, supplement them with bridge addresses, rather than look for these parameters on the network... To use it, you need to install the obfs4proxy package

#UseBridges 1
#ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy managed

#Bridge
#Bridge
#Bridge
...

Hi,
as I remember, you changed the Check public IP Address function in a previous commit. But it seems it needs an API for some reason.
It is not a problem as is, but it's a bit annoying. I don't know if you could do something.

Thanks for your work
S+KOH

> $ sudo archtorify -t                                                                                

 _____         _   _           _ ___
|  _  |___ ___| |_| |_ ___ ___|_|  _|_ _
|     |  _|  _|   |  _| . |  _| |  _| | |
|__|__|_| |___|_|_|_| |___|_| |_|_| |_  |
                                    |___| v1.30.0

=[ Transparent proxy through Tor
=[ brainfucksec


:: Check program settings
Set /usr/lib/systemd/system/tor.service
Set /etc/tor/torrc
Configure resolv.conf file to use Tor DNSPort
Reload systemd daemons

:: Starting Transparent Proxy
Disable IPv6 with sysctl
Start Tor service
Set iptables rules

:: Check current status of Tor service
[OK] Tor service is active

:: Check Tor network settings
[OK] Your system is configured to use Tor

:: Check public IP Address
{
  "status": 429,
  "error": {
    "title": "Rate limit exceeded",
    "message": "You've hit the daily limit for the unauthenticated API.  Create an API access token by signing up to get 50k req/month."
  }
}

[OK] Transparent Proxy activated, your system is under Tor

Torproject does not recommend using any other browser other than the Tor Browser. However, when you enable archtorify
and Tor Browser we get six hops instead of three. To avoid this, you need to set environment variables and create user.js in the Tor Browser directory. You can find out the details here. I think you need to implement this in archtorify.

Thanks.

https://wiki.archlinux.org/title/Tor#Pacman

/etc/pacman.conf

...
XferCommand = /usr/bin/curl --socks5-hostname localhost:9050 --continue-at - --fail --output %o %u
...

It would be nice to also add .onion mirrors to /etc/pacman.d/mirrorlist

but I only managed to find one working...

I don't know how exactly to reproduce this. Most times, when I use sudo archtorify --tor and later I use sudo archtorify --clearnet the torrent clients don't work no matter what I do (restarting, clearing the tor again, etc). Firefox also gives an error saying:

Hmm. We’re having trouble finding that site.

We can’t connect to the server at lemmy.ml.

If that address is correct, here are three other things you can try:

    Try again later.
    Check your network connection.
    If you are connected but behind a firewall, check that LibreWolf has permission to access the Web.

And there are some websites like https://forums.linuxmint.com/ that I can't visit while using tor.

I have a noip account but if the tor service is running I am unable to connect to SSH or my apache

Describe the bug
After using archtorify if i use the clearnet command my device is not able to connect to internet but then i use archtorify --tor command to start the service internet works or else i have to restart the device
Program error message
Search engine is unable to find dns address

Other network proxies/firewalls or DNS applications installed
Firewall is on

Shell used
bash

On https://github.com/brainfucksec/archtorify/wiki/Security It says,
tcpdump -n -f -p -i enp0s3 not arp and not host IP.TO.TOR.GUARD
You are not supposed to see any output other than the first two header lines.

but i am seeing some requests and unable to figure out what they are for:

20:31:10.607815 IP 127.0.0.1.9040 > 192.168.5.129.36712: Flags [R.], seq 2776651472, ack 1, win 64240, length 0
20:31:16.676091 IP 192.168.5.129.36712 > 127.0.0.1.9040: Flags [S], seq 2791298890, win 64240, options [mss 1460,sackOK,TS val 1663123331 ecr 0,nop,wscale 7], length 0
20:31:18.710823 IP 127.0.0.1.9040 > 192.168.5.129.36712: Flags [R.], seq 3637849319, ack 1, win 64240, length 0
20:32:09.636929 IP 192.168.5.128.68 > 192.168.5.254.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 280
20:32:09.638209 IP 192.168.5.254.67 > 192.168.5.128.68: BOOTP/DHCP, Reply, length 300
20:36:01.319322 IP 192.168.5.128.49494 > 192.168.5.2.53: 21182+ A? ping.archlinux.org. (36)
20:36:01.330778 IP 192.168.5.2.53 > 192.168.5.128.49494: 21182 2/0/0 CNAME redirect.archlinux.org., A 95.216.195.133 (75)
20:36:01.331317 IP 192.168.5.129.36714 > 127.0.0.1.9040: Flags [S], seq 1393874609, win 64240, options [mss 1460,sackOK,TS val 1663407986 ecr 0,nop,wscale 7], length 0
20:36:02.354967 IP 192.168.5.129.36714 > 127.0.0.1.9040: Flags [S], seq 1393874609, win 64240, options [mss 1460,sackOK,TS val 1663409009 ecr 0,nop,wscale 7], length 0
20:36:03.370777 IP 127.0.0.1.9040 > 192.168.5.129.36714: Flags [R.], seq 1056526521, ack 1393874610, win 64240, length 0
20:36:04.465054 IP 192.168.5.129.36714 > 127.0.0.1.9040: Flags [S], seq 1393874609, win 64240, options [mss 1460,sackOK,TS val 1663411120 ecr 0,nop,wscale 7], length 0
20:36:06.508506 IP 127.0.0.1.9040 > 192.168.5.129.36714: Flags [R.], seq 366473844, ack 1, win 64240, length 0
20:36:08.515431 IP 192.168.5.129.36714 > 127.0.0.1.9040: Flags [S], seq 1393874609, win 64240, options [mss 1460,sackOK,TS val 1663415170 ecr 0,nop,wscale 7], length 0
20:36:10.568620 IP 127.0.0.1.9040 > 192.168.5.129.36714: Flags [R.], seq 355014813, ack 1, win 64240, length 0
20:36:16.624992 IP 192.168.5.129.36714 > 127.0.0.1.9040: Flags [S], seq 1393874609, win 64240, options [mss 1460,sackOK,TS val 1663423279 ecr 0,nop,wscale 7], length 0
20:36:18.662654 IP 127.0.0.1.9040 > 192.168.5.129.36714: Flags [R.], seq 1039447427, ack 1, win 64240, length 0
20:39:46.702989 IP 192.168.5.128.68 > 192.168.5.254.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300
20:39:46.704161 IP 192.168.5.254.67 > 192.168.5.129.68: BOOTP/DHCP, Reply, length 305
20:39:46.704237 IP 192.168.5.129 > 192.168.5.254: ICMP 192.168.5.129 udp port 68 unreachable, length 341
20:39:50.232193 IP 192.168.5.128.68 > 192.168.5.254.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300
20:39:50.232549 IP 192.168.5.254.67 > 192.168.5.129.68: BOOTP/DHCP, Reply, length 305
20:39:50.232580 IP 192.168.5.129 > 192.168.5.254: ICMP 192.168.5.129 udp port 68 unreachable, length 341
20:39:58.902329 IP 192.168.5.128.68 > 192.168.5.254.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300
20:39:58.902769 IP 192.168.5.254.67 > 192.168.5.129.68: BOOTP/DHCP, Reply, length 305
20:39:58.902798 IP 192.168.5.129 > 192.168.5.254: ICMP 192.168.5.129 udp port 68 unreachable, length 341
20:40:15.029119 IP 192.168.5.128.68 > 192.168.5.254.67: BOOTP/DHCP, Request from xx:xx:xx:xx:xx:xx, length 300
20:40:15.029731 IP 192.168.5.254.67 > 192.168.5.129.68: BOOTP/DHCP, Reply, length 305
20:40:15.029780 IP 192.168.5.129 > 192.168.5.254: ICMP 192.168.5.129 udp port 68 unreachable, length 341

Is this normal?

I do have a tor browser running though.

So I thought about adding bridges support in case tor is blocked.
Here is my solution:
add --bridges $EDITOR parameter
then after moving torrc but before launching tor:

$EDITOR /tmp/bridges.txt
echo "UseBridges 1" >> /etc/tor/torrc
sed 's/^/Bridge /' /tmp/bridges.txt >> /etc/tor/torrc
rm /tmp/bridges.txt

After using this script the torrc on my system states to not edit this file, and references the README. I couldn't find anything regarding this in the README. How would one go about changing the torrc, without the changes getting overwritten?

Describe the bug
A clear and concise description of what the bug is.

Program error message
The error message returned by the program.

Screenshots
If applicable, add screenshots to help explain your problem.

Other network proxies/firewalls or DNS applications installed
[e.g. firewalld, UFW, DNSCrypt]

Shell used
[e.g. bash, zsh, ksh]

Additional context
Add any other context about the problem here.

When the above script is called it pipes all the system traffic through tor but I would like a feature to just run one command or application through tor.

Is it possible to restart the script at reboot?

Kind of found a way around by including the app in passwordless sudoers