-
Notifications
You must be signed in to change notification settings - Fork 181
Manual
You can file an issue about it and ask that it be added.
Then an example of starting the tool:
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900Creates new TOR processes and specifies the number of processes to create:
--init 2
Specifies the user from which new processes will be created (the user must exist in the system):
-u debian-tor
Specifies the port number for TOR communication. Increased by 1 for each subsequent process:
--socks-port 9000
Specifies the port number of the TOR process control. Increased by 1 for each subsequent process:
-
--control-port 9900If there are connection problems after initiating the tool (eg. from the web browser), it may be necessary to wait a few moments for the full TOR connection established.
Examples of obtaining information about a given TOR process created by multitor:
multitor --show-id --socks-port 9000We want to get information about a given TOR process:
--show-id
You can use the all value to display all processes.
Specifies the port number for communication. Allows you to find the process after this port number:
--socks-port 9000
There is a "Use new identity" button in TOR Browser or Vidalia. It sends a signal to the control port of TOR, to switch to a new identity. An alternative solution is to restart the multitor or wait for the time defined in the
NewCircuitPeriodvariable, which default value is 30s.
If there is a need to create a new identity:
multitor --new-id --socks-port 9000We set up creating a new identity for TOR process:
--new-id
You can use the all value to regenerate identity for all processes. An alternative option to give new identity is to restart the multitor.
Specifies the port number for communication. Allows you to find the process after this port number:
--socks-port 9000
See Load balancing.
So if we created 5 TOR processes by multitor example output will be given:
multitor --init 5 -u debian-tor --socks-port 9000 --control-port 9900 --proxy privoxy
Set processes: 5
Created: 5
Not created: 0
Control password: TI24tO2k0E8f8jqoIr
Proxy state: running (privoxy » haproxy » socks)Multitor uses two type of proxy to create a load balancing mechanism - these are socks proxy and http-proxy. Each of these types is good but its purpose is slightly different.
For browsing websites (generally for http/https traffic) it is recommended to use http proxy. In this configuration, the polipo, privoxy or hpts services are used, which has many very useful functions which in the case of TOR is not always well-aimed. In addition, we are confident in better handling of ssl traffic.
The socks proxy type is also reliable, however, when browsing websites through TOR nodes it can cause more problems.
Multitor provides two types of connection:
-
http-to-haproxy-to-socks
- the frontend process is http-proxy
- the broker process is a HAProxy
- the backend process is a socks
-
haproxy-to-http-to-socks
- the frontend process is HAProxy
- the broker process is a http-proxy
- the backend process is a socks
Default Multitor uses http-proxy to create a local proxy server for all created TOR instances. The next services is HAProxy which distribute traffic (round-robin) between TOR processes.
If you want to change this, add --haproxy param.
The default configuration file for HAProxy is in templates/haproxy-template.cfg.
Communication architecture:
Client
|
|--------> HAProxy (127.0.0.1:16379)
|
|--------> TOR Instance (127.0.0.1:9000)
|
|--------> TOR Instance (127.0.0.1:9001)To run the load balancer you need to add the --proxy socks parameter to the command specified in the example.
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900 --proxy socksAfter launching, let's see the working processes:
netstat -tapn | grep LISTEN | grep "tor\|haproxy"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 28976/tor
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 29039/tor
tcp 0 0 127.0.0.1:9900 0.0.0.0:* LISTEN 28976/tor
tcp 0 0 127.0.0.1:9901 0.0.0.0:* LISTEN 29039/tor
tcp 0 0 127.0.0.1:16379 0.0.0.0:* LISTEN 29104/haproxy
tcp 0 0 127.0.0.1:16380 0.0.0.0:* LISTEN 29104/haproxyIn order to test the correctness of the setup, you can run the following command:
for i in $(seq 1 4) ; do \
printf "req %2d: " "$i" ; \
curl -k --location --socks5 127.0.0.1:16379 http://ipinfo.io/ip ; \
done
req 1: 5.254.79.66
req 2: 178.175.135.99
req 3: 5.254.79.66
req 4: 178.175.135.99Communication through socks proxy takes place without a cache (except browsers that have their own cache). Curl and other low-level programs should work without any problems.
Communication architecture:
Client
|
|--------> HAProxy (127.0.0.1:16379)
|
|--------> Polipo Instance (127.0.0.1:8000)
| |
| |---------> TOR Instance (127.0.0.1:9000)
|
|--------> Polipo Instance (127.0.0.1:8001)
|
|---------> TOR Instance (127.0.0.1:9001)To run the load balancer you need to add the --proxy http parameter to the command specified in the example.
multitor --init 2 -u debian-tor --socks-port 9000 --control-port 9900 --proxy httpAfter launching, let's see the working processes:
netstat -tapn | grep LISTEN | grep "tor\|haproxy\|polipo"
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 32168/tor
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 32246/tor
tcp 0 0 127.0.0.1:9900 0.0.0.0:* LISTEN 32168/tor
tcp 0 0 127.0.0.1:9901 0.0.0.0:* LISTEN 32246/tor
tcp 0 0 127.0.0.1:16379 0.0.0.0:* LISTEN 32327/haproxy
tcp 0 0 127.0.0.1:16380 0.0.0.0:* LISTEN 32327/haproxy
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN 32307/polipo
tcp 0 0 127.0.0.1:8001 0.0.0.0:* LISTEN 32320/polipoIn order to test the correctness of the setup, you can run the following command:
for i in $(seq 1 4) ; do \
printf "req %2d: " "$i" ; \
curl -k --location --proxy 127.0.0.1:16379 http://ipinfo.io/ip ; \
done
req 1: 178.209.42.84
req 2: 185.100.85.61
req 3: 178.209.42.84
req 4: 185.100.85.61In the default configuration, the Polipo cache has been turned off (look at the configuration template). If you set the network configuration in the browser so that the traffic passes through HAProxy, you must remember that browsers have their own cache, which can cause that each entry to the page will be from the same IP address. This is not a big problem because it is not always the case. After clearing the browser cache again, the web server will receive the request from a different IP address.
You can check it for example in the firefox browsers by installing the "Empty Cache Button by mvm" add-on and enter the http://myexternalip.com/ website.
The port numbers for the TOR are set by the user using the --socks-port parameter. Additionally, the standard port on which HAProxy listens is 16379. Polipo uses ports 1000 smaller than those set for TOR.
If you want to view traffic statistics, go to http://127.0.0.1:16380/stats.
Login: ha_admin
Password: automatically generated (see in etc/haproxy.cfg)
If you wat to view or changed Polipo params, got to http://127.0.0.1:8000/polipo/config (remember the right port number).
If you are building a gateway for TOR connections, you can put HAProxy on an external IP address by changing the bind directive in haproxy-template.cfg:
bind 0.0.0.0:16379 name proxyMultitor uses password for authorization on the control port. The password is generated automatically and contains 18 random characters - it is displayed in the final report after the creation of new processes.