Creating a Secure Tor Environment

As we all know there are ways that your real IP can be leaked when using tor (JavasScript, Flash, Malware and software errors). In this tutorial I’m going to show how to create a fairly secure tor environment using VMWare, which will prevent any IP leaks. The environment can be used for general browsing and malware research.

The first thing you’re going to need to do is install VMware workstation (VMware player may also work), then install your favorite windows OS.

As you can see, I’m using Windows 8 because it’s a great OS with a totally decent user interface which wasn’t designed by Fisher Price.

The following instructions are to be carried out on the host (the computer running VMware)
Next you’re going to need to enter the Virtual Machine settings and set the Network Adapter to Bridged, this will allow your VM to act as if it’s a part of the network you’re connected to. I should warn you that this may not be ideal for malware research as malware could probe, and possibly exploit, devices on your network. I will do a second (more complicated) tutorial that shows how to isolate the VM from your network, whilst still allowing it to connect to the internet via Tor.

If you have multiple network interfaces on your host machine, you will need to go into the VMware “Edit” menu and click “Virtual Network Preferences”, from there you can set the bridge to connect to the adapter you use for internet access.

Next you need the network (local) IP Address of the host network adapter you specified in the above. If you don’t know how to do that, you can go to the network settings in control panel, right click the network adapter, click “status”, then click “details” and it will be under “IPv4 Address”.

You should download and install the “Vidalia Relay Bundle” as opposed to the tor browser. You can disable the relay feature by specifying “Client only”.

You will also need to edit the torrc file and set it to listen on the host’s network IP (and an port of your choice).

The following instructions are to be carried out inside the Virtual Machine
Now you need to setup the VM network adapter. All you need to do is go into the adapter settings, select “internet protocol version 4 (TCP/IPv4) and set “IP Address” to an IP within the network range of your host’s adapter (I chose 192.168.1.99 as my host adapter is 192.168.1.66).

If you set up everything correctly thus far, you should get a response when pinging your host’s network IP.

Now the VM is connected to your network but will not be able to access the internet, this is a good thing because it means once we finish the setup, internet access from within the VM will only be possible with tor.

I’ve decided to use proxifier, but the next few steps should work with any proxification software. First we will need to white-list the host’s network IP Address so we don’t get an infinite loop.

Once that’s done it’s time to add our proxy server. The proxy server will be the host’s IP and the port you decided to install tor on.

Now set the new proxy as the default rule (you can choose to skip this step and make specific rules if you wish).

Finally you need to set the name resolution mode to always resolve via proxy or the system will not be able to look up any domains.

If everything worked, you should be able to open a browser and check that your’re connected via tor. If the proxy client is closed, your VM internet will simply stop working instead of revealing your real IP.

Enjoy spending the rest of your life typing captchas.
For Beginners
15
Inline Hooking for Programmers (Part 2: Writing a Hooking Engine)

We’ll be writing a hooking engine using trampoline based hooks as explained in the previous article (we don’t handle relative instructions as they’re very rare, but we do use atomic write operations to prevent race conditions). First things first, we need to define the proxy functions which we will redirect …

For Beginners
4
Inline Hooking for Programmers (Part 1: Introduction)

A lot of my articles have been aimed at giving a high-level insight into malware for beginners, or those unfamiliar with specific concepts. Today I’ve decided to start a new series designed to familiarize people with malware internals on a programming level. This will not be a tutorial aimed towards …

For Beginners
3
Distributed Denial Of Service (DDoS) for Beginners

Distributed Denial Of Service, or DDoS, is an attack in which multiple devices send data to a target device (usually a server), with the hope of rendering the network connection or a system application unusable. There are many forms of DDoS attack, but almost all modern attacks are either at …