Tor Port Scanning Resistance How-To
Last Updated: December 2009
Contact: Shane dot M dot Pope @ gmail
Note: My server isn't currently up for testing. I plan on setting up a VM with the Apache server running it.
Known Bugs: Connecting too many times to the server causes an infinite loop because it keeps trying to read packets but it returns 0 bytes and repeats. I haven't fixed this. If you try to connect with 20 times simultaneously it generally happens.
Client setup (Tor client + local java proxy)
Download and run the local client proxy and leave open in console.
Run: javac SRTorClientProxy.java && java SRTorClientProxy
(Note: bridge is currently hardcoded to my ip, change it for local testing.)
Then Run: java SRTorClientProxy
Tor Setup (Vidalia below)
If running Tor (not vidalia) add these to the bottom of your torrc file usually located at /etc/tor/torrc and sometimes /usr/local/etc/tor/torrc
This will add my SR bridge's fingerprint as a bridge, but the local java proxy as the ip:port.
Bridge 127.0.0.1:12312 A467FC8134537FC13C2D6DC2E0071A4974577E64
(That finger print is wrong, I will update it when I setup my vm, set it to your fingerprint for testing.) Port MUST be the same as the remote port due to some stuff in the Tor server, this is hackery that will be fixed if this is implemented into
Go into Vidalia and select "My country blocks such and such..."
Add the following as a bridge:
If the Tor client says "No live bridge descriptors." or cannot connect to Tor in Vidalia, Tor may have marked the SR bridge as unconnectable, possibly because the java proxy above was not running when you ran the Tor client. Delete the state and cached-* files in ~/.tor to fix this.
rm ~/.tor/state && rm ~/.tor/cache*
Add these lines to your torrc (found in /etc/tor on Ubuntu):
#This fixes a bug where the SR client will try and connect to your IP
#instead of connecting to their local one... Probably breaks things
#Listen only to local host, we'll get connections from apache
#listen on 12312
#Bridge, don't publish, not an end-node
ExitPolicy reject *:*
Setup apache with SSL support (TODO: Going to write up for to set-up this as I do it on my VM.)
Download mod_tor.c from http://code.google.com/p/scanresisttor/source/browse/mod_tor/src/mod_tor.c (not a .c file, a link)
To build and install the module:
sudo apxs2 -i -a -c mod_tor.c && sudo /etc/init.d/apache2 restart
Add the following to /etc/apache2/httpd:
LoadModule tor_module /usr/lib/apache2/modules/mod_tor.so
Note 1: Change the password to anything.
Note 2: If you do not put Location in a folder ( just a / instead of /tor it will change the default apache properties instead of going to index.html it will say page not found )