brainfucksec / kalitorify Goto Github PK

on another tools i see only 1 ip address isnt better?
and the ip address on every 5 minutes or somethings like that changes?
and the ip i see in my terminal and on the site is different?
and how to set it up to use obfs4 bridge?

Hello,

I'm trying to check if I don't have leaks using the tcpdump method but this command (on kali, debian) returns blank

ss -ntp | grep "$(cat /var/run/tor/tor.pid)"

Tor is correctly running and I do see that my public ip is hidden using different online ip checker.

I'm not enterily sure of what a 'tor guard ip is' so I don't what I should be looking for using an other method.

There's a shift call to get rid of the -t argument here:

But also here:

Since there's nothing else to remove, the command will exit with code 1, which will in turn make the script return error code 1, even though it succeeded. Maybe remove the first shift call?

The first ip api address in the list of apis in check_ip() doesn't work for me any longer.:

https://ipleak.net/json/

If I start kalitorify with the command

sudo kalitorify -t

It gives me an error:
"Your system is not using tor!"

So I removed this address from the list and now the program works perfectly fine. If other users also experiencing this, maybe this address should be removed in general.

I use no proxies myself, no bridges, nothing.

Default shell from kali linux (Terminal) was used.

sudo kalitorify -t

| | || || | ___ || | _
| -| .'| | | _| . | _| | _| | |
|||,|||| ||| ||| |_ |
|___| v1.19.1

=[ Transparent proxy through Tor
=[ BrainfuckSec

==> Check default settings
:: Setting file: /etc/tor/torrc...
'/etc/tor/torrc' -> '/usr/share/kalitorify/backups/torrc.backup'
'/usr/share/kalitorify/data/torrc' -> '/etc/tor/torrc'

==> Starting Transparent Proxy
:: Disabling firewall ufw, please wait...
Firewall stopped and disabled on system startup

:: Configure system's DNS resolver to use Tor's DNSPort
'/etc/resolv.conf' -> '/usr/share/kalitorify/backups/resolv.conf.backup'

:: Disable IPv6 with sysctl
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

:: Start Tor service
[ ok ] Tor service started

:: Setup new iptables rules
[ ok ] iptables rules set

==> Check current status of Tor service
[ ok ] Tor service is active

==> Check Tor network settings
[!] Your system is not using Tor!

try another Tor circuit with 'kalitorify --restart'

so i need to restart after every time start kalitorify.. why?

Describe the bug
When i run kalitorify -t i get Your system is not using Tor! message

Program error message
Your system is not using Tor!

Shell used
bash

Describe the bug
the script is not working. At first, it was not starting because I think you change your script torrc.backup to iptables.backup to torrc.backup

Program error message

:: Starting Transparent Proxy
==> Configure DNS to use Tor's DNSPort
==> Disable IPv6 with sysctl
==> Start Tor service
==> Setup new iptables rules

:: Check current status of Tor service
[ok] Tor service is active

:: Check Tor network settings
[ok] Your system is configured to use Tor

:: Checking your public IP...
IP Address details:


[ok] Transparent Proxy activated, your system is under Tor

Shell used
bash

Additional context
I think some how the script got miss up with different names. can you please help me? also it I didn't install this in my home folder but at downloads as you also can see I'm not getting a Checking your public IP

Is there any reason why IPv6 is disabled on kalitorify -t?

Transparent proxy is not stopping even after typing kalitorify -c
After typing the cmd its showing transparent proxy is stopped but unable to vonnect until restarting the system

After running sudo kalitorify -t I am receiving 100% package loss:

if I run sudo kalitorify -c, it gets normal:

What is happening? Am I missing sth?

After installing kalitorify v1.17.1 on my 2019.x kali release, it's been impossible for me to have internet access at any level on my os. Not from terminal nor browsers or software center.

When typing kalitorify -t
I get:
cp: cannot stat '/et /resolv.conf' : no such file or directory
[Failed] cant copy resolv.conf to the backup directory

For kalitorify -r
I get
[Failed] curl: HTTP request error

For kalitorify -c
I get no error messages but still can't access Internet

For kalitorify -s
Tor service is not running

I've installed sooner openvpn and protonvpn. And it was working.

I want to add the line ExitNodes {xx} StrictNodes 1 in the torrc file but it always overwritten.

Describe the bug
Program stops at "Checking your public IP" step

Program error message
error:
title:Ratelimitexceeded,
message:Upgradetoincreaseyourusagelimitsathttps://ipinfo.io/pricing,orcontactusviahttps://ipinfo.io/contact

or

[ failed ] curl: HTTP request error

Guys, I have a problem.

When I enable kalitorify I get an IP address, that's fine, but when I try an nmap (for example) I can't run.

I think my Iptables blocking connections when I use kalitorify as it put some rules in iptables with drop flag. I've tried setting it to ACCEPT everything, but I can't proxy with Nmap.

IPTABLES RULES with Kalitorify:
hain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             owner UID match debian-tor tcp flags:FIN,SYN,RST,ACK/SYN state NEW
ACCEPT     all  --  anywhere             localhost           
ACCEPT     tcp  --  anywhere             localhost            tcp dpt:9040 flags:FIN,SYN,RST,ACK/SYN
DROP       all  --  anywhere             anywhere            


Without Kalitorify:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

I just can use internet when I set INPUT and Output accept, because kalitorify set as DROP and I can't do anything.

Describe the bug
Running sudo kalitorify -t gives…

Program error message
[!] Your system is not using Tor

try another Tor circuit with ‘kalitorify —restart’

Screenshots
No screenshots necessary.

Other network proxies/firewalls or DNS applications installed
No firewall (that I’m aware of? Unless one is included in Kali’s fresh install.) I’m currently running a NordVPN connection, maybe that has something to do with it?

Shell used
Bash.

Additional context
Kali 2021.3, all updated packages, and ran your install steps perfectly, just not connecting to a tor node. I’ve read the previous issue posts regarding this, but they didn’t resolve the issue for me/they were closed due to lack of response from the user, so I’m hoping to get this figured out for my case. Thanks!

DNS resolution not working avec running
sudo kalitorify --start
Infos:

Distributor ID: Ubuntu Description: Ubuntu 17.04 Release: 17.04
I'm able to ping IP but not domain names.

I'm running behind a PiHole, don't know if that can be a problem

Backup iptables rules... ./kalitorify.sh line 241: /opt/kalitorify/backups/iptables.backup: No such file or directory

Screen: https://i.gyazo.com/3aed39c067af7f7cb03b5e5b65d0aa64.png

I have 2 issues:

1. i get an error but still my IP is changed, so it seems work, although i have this error:
   Check Tor network settings
   Your system is not using Tor!
2. the IP shown in Kalitorify is different then the IP in DNSleak website.

Hi, I understand this is for Kali Linux but I want to know if this tool works well in Ubuntu or not, or even if there's a repo/tool with the same functionality for Ubuntu.

Thank you.

Describe the bug
When I start the transparent proxy and then i reset the iptables it says me that the file torrc.backup doesnt exist.

Program error message
:: Stopping Transparent Proxy
==> Restore default iptables rules
==> Stop tor service
==> Restore /etc/resolv.conf file with default DNS
==> Enable IPv6
==> Restore default '/etc/tor/torrc'
cp: no se puede efectuar `stat' sobre '/usr/share/kalitorify/backups/torrc.backup': No existe el fichero o el directorio

[-] Transparent Proxy stopped

Screenshots

Shell used
bash

when i use Kalitorify , i cannot ping , internet works ok.. but when i ping is giving me this:
ping: sendmsg: Operation not permitted

Is there any way to securely start kalitorify on boot? Currently, I have created a simple systemd service:

[Unit]
Description=kalitorify
Wants=network-online.target
After=network-online.target

[Service]
ExecStart=/home/user/kalitorify/kalitorify.sh -t

[Install]
WantedBy=multi-user.target

However, there's no error checking and even if everything works, there's still a few seconds delay when traffic is exposed while the script is loading.

I'm trying to use your torify program (great program btw) along with NordVPN........any suggestions? If i start the torify program first the VPN doen't connect and vice versa. Let me know what more information I need to provide to come to a solution.

I installed kalitorify 1.24.3 into kali linux on a VirtualBox virtual machine but now there is no Internet access from it. When it checks my public IP address the IP Address details are blank. Is there a way out of this please?

after command kalitorify -c I get message: cannot stat '/usr/share/kalitorify/backups/torrc.backup': No such file or directory. There is a file in that directory though called resolv.conf.backup which contains a single line
nameserver 127.0.0.1

Looks like you have a great implementation. I am using the iptables rules from tor wiki and was just wondering if you knew if it's just me or scans like nmap return really inaccurate results like all ports open. Like nmap 'iphere'. Ping, and traceroute dont work as well afaik since its not tcp. Wget and browser work. Any ideas of programs for scans and networking that work/dont work? Thanks

Not a bug but a feature request. This is a great script but it would be more better if a IP rotator is included. On Github you find IP rotator script; maybe you can include.

i got this error when make install

data/torrc and /usr/share/kalitorify/data/torrc identify same file
data/torrc.default and /usr/share/kalitorify/data/torrc.default identify same file
MakeFile:13: install Error1

I'm experiencing a dns issue when I try to stop kalitorify using the -c option: after that I cannot ping anything even If I restart the network card, always have a "Temporary failure in name resolution" .
To solve that I must restart the machine (kali on vbox).
Is anyone experiencing the same issue?

Regex issue on line 143
if ufw status | grep -q active$; then

This will catch "inactive" as well as "active".

So even if our firewall is currently "inactive" the script will try to disable it.

Hi,

There is any way to stop the proxy after running the kalitorify -t command?

I installed Kalitorify on a Raspberry and works fine. I have internet and different IP.
After I close Kalitorify I have no internet connection. I see that resolve.conf is deleted.
When I restore and try again it happens again.

How to update kalitorify???

As of version 1.28.0, there are some changes:

• Changes the directory for program executable:

Old -> /usr/local/bin/kalitorify
New -> /usr/bin/kalitorify

• Changes the directory used for backups:

Old -> /usr/share/kalitorify/backups
New -> /var/lib/kalitorify/backups

• Changes also in the Makefile.

So, remove the program manually and then install the new version:

sudo rm -ri /usr/local/bin/kalitorify \
/usr/share/kalitorify \
/usr/share/doc/kalitorify

Describe the bug
While running latest kalitorify v1.25.0 on Kali [v 2021.1] via Windows WSL2.0
I was not able to start kalitorify as tor service was not detected.

Preconditions

> grep VERSION /etc/os-release
VERSION="2021.1"
VERSION_ID="2021.1"
VERSION_CODENAME="kali-rolling"

> uname -a
Linux host 5.4.72-microsoft-standard-WSL2 #1 SMP Wed Oct 28 23:40:43 UTC 2020 x86_64 GNU/Linux

Executed Steps

> sudo service tor start
Starting tor daemon...done.
> sudo kalitorify -s
:: Check current status of Tor service
[-] Tor service is not running! exit


> sudo kalitorify -t

 _____     _ _ _           _ ___
|  |  |___| |_| |_ ___ ___|_|  _|_ _
|    -| .'| | |  _| . |  _| |  _| | |
|__|__|__,|_|_|_| |___|_| |_|_| |_  |
                                |___| v1.25.0

=[ Transparent proxy through Tor
=[ brainfucksec


:: Check program settings
==> Reload systemd daemons
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

:: Starting Transparent Proxy
==> Configure DNS to use Tor's DNSPort
==> Disable IPv6 with sysctl
==> Start Tor service
[ERROR] can't start tor service, exit!

Please advice

basically as soon as i try to do kalitorify --tor when it comes to the tor network it says that my system is not using tor and when i do kalitorify --restart nothing shows up and nothing loads like the websites how can i fix it?

Describe the bug
On VirtualBox Kali Linux if i start kalitorify (kalitorify -t) without MAC change
all ok.

But if i try to change Mac

ifconfig eth0 down
macchanger -r eth0
ifconfig eth0 up 
kalitorify -t

i got an error:

Check Tor network settings
[!] Your system is not using Tor!

i try to run kalitorify -r and no result:

==> Restart Tor service and change IP
[ ok ] Tor Exit Node changed
==> Checking your public IP, please wait...

Program error message

Check Tor network settings
[!] Your system is not using Tor!

Other network proxies/firewalls or DNS applications installed
no

Shell used
bash

Additional context
After this i need to reboot Kali to start kalitorify without issues.
If i didn't change MAC - all working ok.

Checking your public IP, please wait...
[ failed ] curl: HTTP request error!
Please check your network settings.

Hi!
Try your job! Nice job!
I have found issue.
after run command to back to clearnet.
Need restart kali. Firefox stop open webpages and no ping ;)
Cya

@brainfucksec hi
Describe the bug
I am having leak issues when running a scan with Nessus : wireshark shows that the packets go directly to the target without passing through tor guard ip.It seems Nessus is able to bypass iptables.

Program error message
None

Screenshots

Other network proxies/firewalls or DNS applications installed
I dont know: it is a clean install of kali linux with only Nessus added

Shell used
bash on kali linux 2019.1 vmware image

Additional context
Other applications like openvas, nmap go through the tor guard ip and no traffic is detected using
tcpdump -n -f -p -i eth0 not arp and not host IP.TO.TOR.GUARD

Hi, this script work with parrot os?

I have just installed the script and its dependencies, whenever I try to run the script using ./kalitorify.sh -t it gives me the error that Your system us not using tor whereas I have the latest tor installed on my pc and I have tried manually starting the tor service as well but of no avail

Describe the bug
after running 'sudo kalitorify -t'
launch web browser and attempt to go to an .onion address

Program error message
"cannot find host" returned from browser. regular non-onion sites work fine. check.torproject.org says browser is connected to tor.

There are some messages in the syslog about giving up connecting and they seem to be happening when trying to resolve .onion addresses.

current kali linux 2020.1 fresh install in a VM
tried reverting last several commits but no change

Hey I'm getting an error code. This is where it seems to go down.

[] Set new iptable rules. . . iptables v1.8.2 (nf_tables): Could't load match 'owner': No such file or directory

Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): unknown option "--dport"
Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): unknown option "--dport"
Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): Could't load match 'owner': No such file or directory

Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): unknown option "--to-ports"
Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): unknown option "--to-ports"
Try 'iptables -h' or 'iptables --help' for more information.
Iptables: Invalid argument. Run 'dmesg' for more information
iptables v1.8.2 (nf_tables): unknown option "--syn"
Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): unknown option "--to-ports"
iptables v1.8.2 (nf_tables): Could't load match 'state': No such file or directory

Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): Could't load match 'owner': No such file or directory

Try 'iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): Chain 'REJECT' does not exsist
Done

==>Check current status of Tor service
[ ok ] Tor service is active

==> Check Tor network settings
Your system is not using Tor:
try restarting the program with 'kalitorify --restart'

Stuck at setup new iptables rules step.

Using Raspberry Pi 4

Does kalitorify provides doh or dot ?

Hello, I'm unable to use kalitorify as it stuck at "setup new iptables rules" forever:

==> Check default settings

==> Starting Transparent Proxy

:: Configure system's DNS resolver to use Tor's DNSPort
'/etc/resolv.conf' -> '/opt/kalitorify/backups/resolv.conf.backup'

:: Disable IPv6 with sysctl
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

:: Start Tor service
[ ok ] Tor service started

:: Setup new iptables rules

I did checked syslog and found out that my date is incorrect.
After setting up NTP, it's still not working, so I started to find solutions on the Internet.

Disabling IPv6, no use.
IPtable issue with instructions shown in following link, no use:
https://forums.kali.org/showthread.php?43649-Solving-iptables-issue-on-Kali-Linux-2019-1-ARM-32-bit-image-(kalitorify-kali-anonsurf)

In syslog, I only see
Aug 28 02:46:43 Korn Tor[22911]: Interrupt: exiting cleanly.
Aug 28 02:46:43 Korn systemd[1]: Stopping Anonymizing overlay network for TCP...
Aug 28 02:46:43 Korn systemd[1]: tor.service: Succeeded.
Aug 28 02:46:43 Korn systemd[1]: Stopped Anonymizing overlay network for TCP (multi-instance-master).
Aug 28 02:46:43 Korn systemd[1]: [email protected]: Succeeded.
Aug 28 02:46:43 Korn systemd[1]: Stopped Anonymizing overlay network for TCP.
Aug 28 02:46:46 Korn systemd[1]: Starting Anonymizing overlay network for TCP...
Aug 28 02:46:46 Korn systemd[1]: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Aug 28 02:46:46 Korn systemd[1]: Started Anonymizing overlay network for TCP (multi-instance-master).
Aug 28 02:46:46 Korn tor[22359]: Aug 28 10:46:46.895 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1c, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Aug 28 02:46:46 Korn tor[22359]: Aug 28 10:46:46.895 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 28 02:46:46 Korn tor[22359]: Aug 28 10:46:46.895 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 28 02:46:46 Korn tor[22359]: Aug 28 10:46:46.895 [notice] Read configuration file "/etc/tor/torrc".
Aug 28 02:46:46 Korn tor[22359]: Configuration was valid
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.114 [notice] Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1c, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.114 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.115 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.115 [notice] Read configuration file "/etc/tor/torrc".
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.137 [notice] Opening Socks listener on 127.0.0.1:9050
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.138 [notice] Opened Socks listener on 127.0.0.1:9050
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.138 [notice] Opening DNS listener on 127.0.0.1:5353
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.138 [notice] Opened DNS listener on 127.0.0.1:5353
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.138 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Aug 28 02:46:47 Korn tor[22369]: Aug 28 10:46:47.138 [notice] Opened Transparent pf/netfilter listener on 127.0.0.1:9040
Aug 28 02:46:47 Korn Tor[22369]: Tor 0.4.0.5 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1c, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Aug 28 02:46:47 Korn Tor[22369]: Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Aug 28 02:46:47 Korn Tor[22369]: Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
Aug 28 02:46:47 Korn Tor[22369]: Read configuration file "/etc/tor/torrc".
Aug 28 02:46:47 Korn Tor[22369]: Opening Socks listener on 127.0.0.1:9050
Aug 28 02:46:47 Korn Tor[22369]: Opened Socks listener on 127.0.0.1:9050
Aug 28 02:46:47 Korn Tor[22369]: Opening DNS listener on 127.0.0.1:5353
Aug 28 02:46:47 Korn Tor[22369]: Opened DNS listener on 127.0.0.1:5353
Aug 28 02:46:47 Korn Tor[22369]: Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Aug 28 02:46:47 Korn Tor[22369]: Opened Transparent pf/netfilter listener on 127.0.0.1:9040
Aug 28 02:46:47 Korn Tor[22369]: Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Aug 28 02:46:48 Korn Tor[22369]: Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Aug 28 02:46:49 Korn Tor[22369]: Bootstrapped 0% (starting): Starting
Aug 28 02:46:51 Korn Tor[22369]: Starting with guard context "default"
Aug 28 02:46:51 Korn Tor[22369]: Signaled readiness to systemd
Aug 28 02:46:51 Korn systemd[1]: Started Anonymizing overlay network for TCP.
Aug 28 02:46:51 Korn Tor[22369]: Bootstrapped 5% (conn): Connecting to a relay
Aug 28 02:46:51 Korn Tor[22369]: Opening Control listener on /run/tor/control
Aug 28 02:46:51 Korn Tor[22369]: Opened Control listener on /run/tor/control
Aug 28 02:46:51 Korn Tor[22369]: Bootstrapped 10% (conn_done): Connected to a relay
Aug 28 02:46:52 Korn Tor[22369]: Bootstrapped 14% (handshake): Handshaking with a relay
Aug 28 02:46:52 Korn Tor[22369]: Bootstrapped 15% (handshake_done): Handshake with a relay done
Aug 28 02:46:52 Korn Tor[22369]: Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Aug 28 02:46:52 Korn Tor[22369]: Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Aug 28 02:46:52 Korn Tor[22369]: Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Aug 28 02:46:53 Korn Tor[22369]: Bootstrapped 100% (done): Done

Is there anything I've done wrong?

Is there a cleaner way to enable the transparent proxying without completely disabling ufw? This potentially leaves ports open whilst the script is enabled.

Adding the following lines during the startup (after the other iptables rules) ensures slightly better security:

iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j DROP

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP