I2P/Tor Workshop Notes
By the less than anonymous
Adrian Crenshaw
http://Irongeek.com
Menu:
Places to go, data to see
I2P eepSites
I2P Services/Apps
Tor Hidden Service Websites
Tor Hidden Service IRC
I2P Install
Install I2P In Windows
Install I2P in Linux (Standard
Method)
Install I2P in Linux using APT Method
Proxy Settings for I2P
Tor Install
Install Tor in Windows
Install Tor in Linux
Proxy Settings for Tor
I2P Tweaks
I2P, connection and Firewall
settings
Name Service subscripts to add
To Make I2P accessible to your
network
Run I2P as a service
Tor Tweaks
Tor IRC
Specify an Exit Node in Tor
Make Tor accessible to your
network
Run Tor as service in Windows
To
make Vidalia work again in Window after making Tor a service
Run Tor as service in Linux (Ubuntu)
To
make Vidalia work again in Linux after making Tor a service
Torify vs Torsock (hint:use
Torsocks) in Linux
Tor Hidden Services
Just a simple Tor Hidden Service
Backing up Tor Hidden Server Key
Working with I2PTunnels
Using the built in
web server (Jetty) I2P Tunnel
Make SSH Server and SOCKS Tunnel
Naming and announcing your eepSite
Encrypted Lease Set
Proxy Fun
Setup FoxyProxy to use
Tor and I2P at the same time
Extra
Other Notes
Tor Browser Bundle and other downloads
https://www.torproject.org/download/download.html
I2P
http://geti2p.net/en/download
Pidgin Portable
http://portableapps.com/apps/internet/pidgin_portable
Slides
http://www.irongeek.com/downloads/into-to-darknets-tor-and-i2p.pptx
Links and services we will visit
I2P eepSites
Project site
http://www.i2p2.i2p/
Forums
http://forum.i2p/
http://zzz.i2p/
Ugha's Wiki
http://ugha.i2p/
Search engines
http://eepsites.i2p/
http://search.rus.i2p/
General Network Stats
http://stats.i2p/
Site Lists &Up/Down Stats
http://inproxy.tino.i2p
http://perv.i2p
http://direct.i2p
http://no.i2p
http://inr.i2p
http://identiguy.i2p
All Your Wiki (Lots of links to .onion and .i2p sites)
http://nnkikjorplul4dlytwfovkne66lwo7ln26xzuq33isvixw3wu3yq.b32.i2p/wiki/index.php?title=Main_Page
Oniichan (The web based IRC may be interesting)
http://oniichan.i2p
Marketplace on I2P
http://themarketplace.i2p
I2P Services/Apps
IRC on 127.0.0.1 port 6668
Syndie
SusiMail
http://127.0.0.1:7657/susimail/susimail
Bittorent
http://127.0.0.1:7657/i2psnark/
eMule/iMule
http://echelon.i2p/imule/
Tahoe-LAFS
More plugins at
http://i2plugins.i2p/
Tor Hidden Service Websites
Check if you are using Tor
https://check.torproject.org/?lang=en-US&small=1
Core.onion
http://eqt5g4fuenphqinx.onion
TorDir
http://dppmfxaacucguzpc.onion
Hidden Wiki
http://kpvz7ki2v5agwt35.onion
Onion List
http://jh32yv5zgayyyts3.onion
TorLinks
http://torlinkbgs6aabns.onion
The New Yorker Strong Box
http://tnysbtbxsf356hiy.onion
Silk Road 2.0
http://silkroad6ownowfk.onion
Silk Road Forums
http://silkroad5v7dywlc.onion
Tor Hidden Service IRC
FTW
irc://ftwircdwyhghzw4i.onion
Nissehult
irc://nissehqau52b5kuo.onion
Renko
irc://renko743grixe7ob.onion
OFTC
irc://37lnq2veifl4kar7.onion
Gateway to I2P’s IRC?
irc://lqvh3k6jxck6tw7w.onion
Walk Throughs
1 I2P Install
1A
Install I2P In Windows
1. Make sure you have a JRE 1.5 or higher installed
2. Download I2P Installer for Windows
http://www.i2p2.de/download
3. Windows: Double click the installer, then Next, Next ,Next, Yes, Yes, Yes away, but choose install as service.
1B
Install I2P in Linux (Standard Method)
1. Make sure you have a JRE 1.5 or higher installed
2. Download I2P Install for Windows and Linux
http://www.i2p2.de/download
3. From a console in Linux run
wget http://geti2p.net/en/download/0.9.10/i2pinstall_0.9.10.jar
sudo apt-get install default-jre
java -jar i2pinstall_0.9.10.jar
Tack on -console
if you are not using a GUI
1C
Install I2P in Linux
(APT Method based on http://www.i2p2.de/debian,
this also seems to work well on Raspbian for the Raspberry Pi)
1. Drop to a terminal and edit /etc/apt/sources.list, I use nano:
sudo nano /etc/apt/sources.list
Add the lines:
deb http://deb.i2p2.no/ stable main
deb-src http://deb.i2p2.no/ stable main
Get the repo key and add it:
wget http://www.i2p2.de/_static/debian-repo.pub
sudo apt-key add debian-repo.pub
sudo apt-add-repository ppa:i2p-maintainers/i2p
sudo apt-get update
sudo apt-get install i2p i2p-keyring
2. Run:
dpkg-reconfigure -plow i2p
Set it to run on boot.
3. Web surf to:
http://127.0.0.1:7657/
See link above for more details, or for changes to the
process
apt-get install vidalia Then make sure you choose the users that can control Tor,
and restart the X server. Browser Bundle:
http://www.i2p2.i2p/hosts.txt 3C install_i2p_service_winnt.bat and
uninstall_i2p_service_winnt.bat
1D
Proxy Settings for I2P
Set HTTP proxy to 4444, and SSL to 4445 on local host (127.0.0.1).
2 Tor Install
2A
Install Tor in Windows
1. Grab Tor Browser or Vidalia Bundle
Tor Browser Bundle
https://www.torproject.org/dist/torbrowser/
OR
Tor Vidalia Bundle
https://www.torproject.org/dist/vidalia-bundles/
2. Run and take the defaults, except perhaps the path.
2B
Install Tor in Linux
Lots of options
Package manager:
https://www.torproject.org/dist/torbrowser/linux
One of many options here:
https://www.torproject.org/download/download-unix
2C
Proxy Settings for Tor
Set SOCKS v5 to 9050 on local host (127.0.0.1). If you are using Firefox make
sure that you go to about:config and set network.proxy.socks_remote_dns to true.
3 I2P Tweaks
3A
I2P, connection and Firewall settings
1. Click “I2P Internals”
http://127.0.0.1:7657/config
and look around.
2. Scroll down and note UDP Port.
3. By default, TCP port will be the same number.
4. Adjust your firewall accordingly, but this varies.
3B
Name Service subscripts to add (also show profile path)
Go to
http://127.0.0.1:7657/dns
find subscriptions, and paste in:
http://i2host.i2p/cgi-bin/i2hostetag
http://stats.i2p/cgi-bin/newhosts.txt
http://tino.i2p/hosts.txt
http://inr.i2p/export/alive-hosts.txt
To Make I2P accessible to your network
1. Click through to I2PTunnel, then the “Name: I2P HTTP Proxy” settings.
2. In the Access Point->Reachable Dropdown, set it to 0.0.0.0 if you wish, but only on a private network.
3. You could also export the web console to the network and enable a password if you wish:
http://www.i2p2.de/faq.html#remote_webconsole
It amounts to:
Open up
http://localhost:7657/configadvanced.jsp and add the line:
consolePassword=somepassword
Then restart the I2P router service.
3D
Run I2P as a service
Windows:
Configure it at install time
or use
net start i2p
from the installed I2P directory.
Linux (Ubuntu):
See
https://help.ubuntu.com/community/I2P
if you did a normal install.
If you did the APT method above:
From the command line, reconfigure the package to automatically start with:
dpkg-reconfigure i2p
Older way: gedit /etc/default/i2p 2. Set RUN_DAEMON to "true" RUN_DAEMON="true" 3. Start the I2P service service i2p start 4. Make sure /etc/rc5.d/ has a I2P symbolic link in it. cd "c:\Program Files\Vidalia Bundle\Tor" 2. Then: tor -install 3. Other commands for
stopping, starting and removing later: tor -service start
4E tor --hash-password somepassword Note: This output contains the hash you will use. ControlPort 9051 3. If the service is already installed, run: tor -remove
4. Not run this to set up your config: tor -install -options -f C:\torrc ControlPort 9051 5. Now when you start, Vidalia will ask for the password to connect. RUN_DAEMON="yes” 3. Make sure /etc/rc5.d/ has a Tor symbolic link in it. sudo /etc/init.d/tor start to get it going, but it should start on the next reboot also. nano /etc/tor/torrc and add
ControlPort 9051 2. then restart the daemon: /etc/init.d/tor restart sudo tcpdump port 53 and in another terminal: torify firefox 2. Web browse someplace, notice DNS traffic. sudo apt-get install torsocks and in another terminal: torsocks firefox 4. Web browse someplace, notice NO DNS traffic. Virtual Port: 80 3. Click ok, then go back into Services to copy out your .onion address.
Backup keys may also be found in bvpuvudy3hqxhspfgt7mb3ahsjawwcnqkkfdkhviaxpa4zb6qnia.b32.i2p or fTahDS7dipsSyqMQJVVKOOVL9mwkW03xNOC7TOTolGXjPYV9utMrac0TtJNVXHcTnuhvJ and key 8gQGEw7bLpHIhW8lgcdqWT8UrmZQrGbHTTaSZf2~Jfk= 2. Go to I2P internals->Keyring and add the value.
1. Edit the default I2P files
4 Tor Tweaks
4A
Tor IRC
1. Set Tools->Preferences-Proxy
Type: SOCKS 5/Host:127.0.0.1/Port 9050
2. Accounts->Manage accounts->add
3. set server without protocol prefix
4. set proxy to use global
4B
Specify an Exit Node in Tor
1. View network. (Vidalia or
http://torstatus.blutmagie.de/ )
2. Right click on a node and copy it’s Finger Print.
3. Add this to your torrc and restart Vidalia/Tor
ExitNodes
$253DFF1838A2B7782BE7735F74E50090D46CA1BC
Or to do a country
ExitNodes {US}
May have to use
StrictExitNodes 1
To force it to be more than a preference
More options & info at
https://www.torproject.org/docs/faq#ChooseEntryExit
4C
Make Tor accessible to your network
1. Edit your torrc. (/etc/tor/torrc)
2. Add line:
SocksPort 0.0.0.0:9050
3. Restart Tor.
4D
Run Tor as service in Windows
Windows:
1. Run:
tor -service stop
tor -remove
To make Vidalia work again in Window after making Tor a service
1. CD into c:\Program Files\Vidalia Bundle\Tor and run:
2: Add this to the torrc you will locate in C:\
HashedControlPassword 16:B0AB72FC4E3A30D560A3524C79E7F26CF350A8504E73210426CCBE2373
4F
Run Tor as service in Linux (Ubuntu)
1. Install Vidalia and dependencies.
2. edit /etc/default/tor.vidalia and set:
4. May have to use
4G
To make Vidalia work again in Linux after making Tor a service
1. Edit torrc
HashedControlPassword 16:B0AB72FC4E3A30D560A3524C79E7F26CF350A8504E73210426CCBE2373
4H
Torify vs Torsock (hint:use Torsocks) in Linux
1. Run the following in order:
3. Run the following in order:
sudo tcpdump port 53
5 Setting up a Tor Hidden Service
5A
Just a simple Tor Hidden Service
1. In Vidalia go to Settings->Services
2. Click the plus symbol and configure Virtual Port, Target and Directory Path. For example:
Target: 127.0.0.1:80 or just 127.0.0.1
Directory Path: c:\torhs or /home/username/torhs
5B
Backing up Tor Hidden Server Key
1. In Vidalia go to Settings->Services, and note the location set in “Directory Path:“.
2. In this path you should find two file to backup, hostname and private_key.
3. To restore on a new Tor install you can just copy these files to a new path, and create a Hidden Service that points to the directory they are placed in.
6 Working with I2P Tunnels
6A
Using the built in web server (Jetty) I2P Tunnel
1. Find the eepsite\docrootfolder under your I2P profile (location varies depending on how you installed I2P, see notes at end).
2. Edit the HTML files to your liking.
3. Go into I2P Tunnel
http://127.0.0.1:7657/i2ptunnel/
and start the built in I2P Webserver.
4. When it is up, click the Preview button to see your site and its Base32 address.
5. You may want to enable the “Auto Start(A):” check box.
6B
Make SSH Server and SOCKS Tunnel
1. Make a Standard server tunnel, set target and port.
2. Create client tunnel of type SOCKS 4/4a/5, take defaults other than setting port (I use 5555).
3. In Putty, under connection, set the proxy to 127.0.0.1 on port 5555 and set “Do DNS name lookup at proxy” to yes.
6C
Backing up I2P Tunnel Key
1. Under a server tunnels settings, note its “Private key file(k)” setting.
2. This is the path, or path relative to the active I2P profile, to the file you need to backup.
3. To restore on a new I2P install you can just copy it to the new install’s profile and make sure the new tunnel’s settings are mapped to it.
C:\ProgramData\i2p\i2ptunnel-keyBackup
or
/var/lib/i2p/i2p-config/i2ptunnel-keyBackup/
6D
Naming and announcing your eepSite
1. Check that you name is not already in use.
http://127.0.0.1:7657/susidns/addressbook.jsp
2. Set a website name under server tunnel settings.
http://127.0.0.1:7657/i2ptunnel/edit.jsp?tunnel=3
3. Copy “Local destination(L):” key.
4. Add it to you master address book list.
http://127.0.0.1:7657/susidns/addressbook.jsp?book=master
5. Register yout name with a subscription service if you like, stats.i2p for example.
http://stats.i2p/i2p/addkey.html
6. Announce in the forums if you wish, in the form:
6E
Encrypted Lease Set
1. Copy local destination or Base32 address:
mB4E85EzFd-mBDyU1VXpa5X070D0qNSuym3mEa2Esv7DqUa8lFhjSxf0u-Gc19ogv1woLUIy
fmPPecW96JNnkBB-9cGC2CWYu3Lgcu-0whRtz-Vy2NsxY6FdFkyDjtl-uTclmOwLnVrcgTzlNyq
UaiuSh154-R342Y3-BJiIL4gqWYL8A7TP9~rChgtoXwOquiHnrtbwpJejYEWcJWvtl43mOww4i0
Lw418WLGQZSxo~G1RU1tM51LKuCyAcnKtTXHfflh61TE1Oe2p4ZSzCSqjxcZRP4kt2xzj4z69
96U5K1I6PeI7PM5GZZi0LO4wDsdXfCTKXII6Z17fCXhqAHu4-OjAiDjrZ2felisAsTvd4uPiBmizLR
BIaYKUtMQEapWYndJcStnPXL1lhG1aiSfT4virorDfCTLBgGS-EZY9XyQFj~zHkakAnbYiAAAA
3. You should now be able to use that server tunnel.
7 C:\ProgramData\Application
Data\i2p\ Web servers for testing:
DNSPort 53
base32calc.py #!/usr/bin/env python
FoxyProxy Regex for I2P (from Tails Linux): Codenames used in NSA Tor deanonymization (some were only referenced, with no
details): EGOTISTICALGIRAFFE - Type
confusion vulnerability in E4X, Firefox 11.0-16.02 and Firefox 10.0 ESR, used
for deanonymization
http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
Setup FoxyProxy to use Tor and I2P at the same time
This assumes you are using the Tor Browser Bundle
1. Search for FoxyProxy or
https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/
2. Continue to Download-> Add to Firefox->Allow
3. Restart.
4. Right click FoxyProxy icon, click Options.
5. Edit Default, choose Proxy Details tab, click manually configure, set ip to
127.0.0.1 and port to 9150.
6. Check "SOCKS Proxy?" and radio button "SOCKS5". Click OK.
7. Add proxy. Under General, set a name like "I2P", and a color.
8. Switch to Proxy Details tab. Set IP to 127.0.0.1 (or a remote proxy) and port
to 4444.
9. Switch to URL Patterns tab. Add a new pattern, call it I2P and enter *.i2p/*
as pattern. OK, OK to get back to proxy list.
10. Add New Proxy. Choose "Direct internet connection".
11. Switch to URL Patterns tab. Make a URL pattern for localhost like
http://127.0.0.1:*. Move it to the top of the list.
12. Right click FoxyProxy icon, click "Use Proxies based on their predefined
patterns and priorities".
Other Notes:
default i2p hops: 2 for exploratory, 3 for Client
Profile locations as a service/standalone app (check in
http://127.0.0.1:7657/configclients to be sure):
C:\Windows\system32\config\systemprofile\AppData\Roaming\I2P\
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I2P\
/usr/share/i2p/
C:\Users\username\AppData\Roaming\i2p
Linux: apt-get install apache2
Windows:
http://rejetto.com/hfs/
Proxy Selector Plugin
https://addons.mozilla.org/en-US/firefox/addon/proxy-selector/
Widecap Download
(seems to proxify some apps, but not all, in Windows 7 32 and 64bit. Has some DNS leak issues):
http://widecap.com/
Telnet server to test Widecap and Torsocks with:
telehack.com
Add this to your torrc to run a local DNS server:
AutomapHostsOnResolve
1
#Based on Duck's script from http://forum.i2p2.de/viewtopic.php?t=4367
import base64, hashlib, sys
if len(sys.argv) != 2:
print 'Usage: convertkey.py <base64key>'
sys.exit(1)
key = sys.argv[1]
raw_key = base64.b64decode(key, '-~')
hash = hashlib.sha256(raw_key)
base32_hash = base64.b32encode(hash.digest())
print base32_hash.lower().replace('=', '')+'.b32.i2p'
My spot in CipherSpace
http://irongeeks.i2p/
or
http://ecduxoion5uc5hnvzjxff6iiwhdwph6gse3dknyvlo7e6gaeho7a.b32.i2p/
https://github.com/lachesis/scallion/blob/binaries/
^https?://[-a-zA-Z0-9.]+\.i2p(:[0-9]{1,5})?(/.*)?$
EGOTISTICALGOAT -used for deanonymization
ERRONEOUSINGENUITY - commonly know as ERIN. Only works against 13.0-16.0.2, used
for deanonymization
FINKDIFFERENT - Some sort of call back?
FUNNELOUT
QUANTUM - Does the redirection from the backbone
QUANTUMCOOKIE - Forces cookies onto the target, or forces them to give up
cookies?
QUANTUMINSERT
FOXACID - "exploit orchestrator"
FOXACID tags - Not just anyone who visits gets hit, have to have a special tag
DireScallop - Anti-Anti-Malware and persistence agent
FrugalShot - FierAcid servers designed to get callbacks
TURMOIL
REMATION II - NSA Joint GCHQ counter-Tor workship
NEWTONS CRAFLE - GCHQ project to run Tor nodes for SIGINT
QUICKANT - Tool for SIGINT bases on traffic going in and out under low latency
Evercookie
EPICFAIL - GCHQ QFD passes on email, web forum, but not cookies
GREAT EXPECTATIONS - EPICFAIL but would include cookies
RONIN - Track Tor nodes life span (not just if it was a Tor node, but when)
ONIONBREATH - DSD and GCHQ project to work with Hidden Services
MJOLNIR NSA developed library for constructing Tor circuits
Coil Attack - DoS attack where a circuit is constructed to bounce back and forth
between two Tor nodes
Flower Attack - DoS attack where a circuit is constructed to bounce back and
forth between a target and multiple Tor nodes in sequence
Op MULLENIZE - GCHQ report. Something to do with "Staining" traffic so that
machines can be tracked with something other than IP. Does not specifically
reference Tor, but NAT and proxies. Could be referring to inserting cookies.
http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html
http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/
http://apps.washingtonpost.com/g/page/world/gchq-report-on-mullenize-program-to-stain-anonymous-electronic-traffic/502/
Change Log:
01/30/2013: Many more typo fixes and general updates.
12/26/2013: Small updates to many other sections.
12/19/2013: Updated "Site Lists &Up/Down Stats" section.
10/17/2011: Did some updates for Hack3rc0n and the 8.9 release.
08/08/2011: Fixed some typos, added the index.
08/02/2011: First Posted
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek