Accessing the Tor network using Netsurf

posted in: Technology | 0

Online privacy and net-neutrality are terms that are being thrown about quite a lot nowadays. The security of systems on the Internet and especially the data on them as well as data passed to and from them has never been more important.

Malicious third parties including state sponsored hackers now have more knowledge and resources than ever, so it’s only natural that more and more people are taking steps to secure their online activity and protect their data. Encrypting your traffic and communications is a very good way of doing this, and Tor does this nicely.

What is Tor?

Tor is short for The Onion Router, it is an anonymity network initially developed by the U.S. Navy. It enables users to pass traffic across the internet anonymously. Now, it’s a non-profit organization whose main purpose is the research and development of online privacy tools.

The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn’t traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer.

There are several layers that your traffic passes through before leaving the Tor network using an exit-node, the end destination that you route to, say for example your Webmail website, they will only be able to see that you have visited their site from the IP address used by that Tor exit-node, they can’t tell what servers you’ve routed through and they can’t tell where you’ve come from.

It is important to keep in mind that while your traffic is encrypted from your computer to the exit-node where your traffic leaves the Tor network, but your traffic is not encrypted between the exit node and the final destination. So to be doubly sure that your traffic not intercepted to the final destination, then using protocols that utilise encryption such as SSH or HTTPS will achieve this.

How is Tor accessed?

Tor can be accessed through two methods – the Tor browser or the Tor daemon.

The most popular is through the Tor browser, which is an open-source web browser based on Firefox that is pre-configured to route all web traffic through Tor – it also features add-ons such as NoScript that restricts websites from executing scripts unless you specifically allow it to.

There’s no port of the Tor browser available for RISC OS, but the second method of accessing the network is very much accessible as long as you have a second non-RISC OS machine that you can configure as a Tor proxy that your RISC OS machine can route through.

The second option is the Tor daemon, which runs as a background process and opens up a local SOCKS5 proxy that can be used to push traffic onto the Tor network.

Providing you don’t have a firewall specific to the computer running the daemon blocking traffic to systems on your Local Area Network (LAN), any computers on the same local network (i.e. your home network) will also be able to use the computer running the daemon as a SOCKS5 proxy. This normally involves configuring a web browser to use that machine as a proxy or by using a utility like Proxychains (no RISC OS port unfortunately) that allows you to force specific applications through the Tor proxy.

Setting up a Tor proxy

Note: All the Unix/Linux commands below require admin privileges to work. Running these commands as root will work, or if your system has sudo installed and configured then use the sudo command before every command so that your privileges are elevated for that command.

Before you can access the Tor network on RISC OS you’ll need to configure a second non-RISC OS machine as the Tor proxy that you can configure Netsurf to push its traffic through.

1 – Pick a system to setup as a Tor proxy

You can setup a Tor proxy on Windows computers but in most cases people use a Unix-based or Unix-like operating system, they’re ideal for running servers like this and are extremely stable even under high load. I installed my Tor proxy on a Raspberry Pi running FreeBSD but it’ll work just as well on Linux or another BSD variant, including MacOS.

2 – Prepare the target system

Before going anywhere, you must make sure that the system you’re going to configure as a Tor proxy has the correct date and time. If it doesn’t, then your Tor proxy will accept connections but it won’t route them anywhere. It’s also recommended you install NTP to keep the time correct automatically, otherwise it will go out of sync after a while. It’s worth keeping in mind too that if you’re installing NTP, the existing date and time of your machine pre-install must be within 30 minutes of UTC-time otherwise ntpd won’t start.

On FreeBSD I used the command ‘pkg install ntp’ to install NTP onto my system. On Debian/Ubuntu based Linux systems you can use the ‘apt-get install ntp’ command. In my case I then added the line ntpd_enable=”YES” to the /etc/rc.conf config file so that NTP runs on boot, some Unix/Linux systems will configure this automatically.

Finally before installing Tor, configure the system to act as a Gateway. This will allow your system to receive packets and route them on. On FreeBSD I configured this by adding gateway_enable=”YES” to the /etc/rc.conf file. Most Linux systems will allow you to do this by editing the /proc/sys/net/ipv4/ip_forward file to replace the default configuration of 0 (Gateway disabled) to 1 (Enabled).

3 – Install and configure Tor

Now that the system is setup to run as a Tor proxy, you can install the Tor application. On FreeBSD the ‘pkg install tor’ command will take care of this, Debian/Ubuntu based Linux systems should accept ‘apt-get install tor’ in most cases.

Using a text editor such as nano we’ll then configure Tor to act as a proxy. This can be done by editing the /usr/local/etc/tor/torrc file on FreeBSD, or for Linux systems /etc/tor/torrc.

To enable your Tor SOCKS5 proxy to run on the default port of 9050, remove the hashtags from the start of the below lines then save the text file, removing the hashtags will enable the code to run. Make sure to change the 128.0.0.5 IP address to your own local IP address (usually something like 192.168.0.x).

SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
SOCKSPort 128.0.0.5:9050 # Bind to this address:port too.

RunAsDaemon 1

Once you’ve done that you’ll need to configure your system to run Tor on boot. Most Linux systems will do this by default when you install Tor. On FreeBSD I just added tor_enable=”YES” to the /etc/rc.conf config file.

Now that’s done you can start the Tor service by using the service tor start command. You can check to see if your system is listening on the Tor proxy ports you’ve configured in torrc file by running the netstat -a | grep LISTEN command which would show output results like below to show that it’s actively listening for connections on that port.

tcp4 0 0 128.0.0.5.9050 *.* LISTEN
tcp4 0 0 127.0.0.1.9050 *.* LISTEN

The above outputs shows that the system is listening on 128.0.0.5:9050 – which is port 9050 on the local LAN IP for my system, this means it’s accessible by machines other than just itself. The 127.0.0.1:9050 means it’s also listening for port 9050 (Tor SOCKS5) connections on the device itself.

4 – Configure a HTTP proxy

By default, Tor sets itself up as a SOCKS5 proxy. Most non-RISC OS web browsers will allow you to route web traffic through a SOCKS5 proxy but with NetSurf we’ll need to configure our Tor proxy to also serve as a HTTP proxy as it only has a HTTP proxy option.

We can use a piece of web proxy software called Polipo to do this. To install it on most Linux systems, use the ‘apt-get install polipo’ command, or on FreeBSD – ‘pkg install polipo’.

Once that’s done, we then just need to configure it to chain to Tor’s SOCKS proxy, we can do this by modifying Polipo’s config file – FreeBSD: /usr/local/etc/polipo/config or Debian/Ubuntu Linux: /etc/polipo/config.

Amend it so that it shows the below configuration. This will allow your system to act as a Tor HTTP proxy over the default Polipo port 8123.

allowedClients = 127.0.0.1, 192.168.1.0/24

socksParentProxy = “localhost:9050”
socksProxyType = socks5

proxyAddress = “0.0.0.0”

Once done, save the file. We then need to configure the system to run Polipo on boot. Most Linux systems will do this by default when you install Polipo. On FreeBSD I just added polipo_enable=”YES” to the /etc/rc.conf config file. After that’s done, restart Polipo and Tor using the ‘service tor restart’ and ‘service polipo restart’ commands, or just reboot your machine.

That’s it!

Your system should now be accepting SOCKS5 connections over port 9050 & HTTP connections over port 8123.

The above configuration does NOT use any authentication, so do not expose port 9050 and 8123 to the Internet (i.e. past your firewall), this configuration is designed to be used on a local network only. It is possible to setup Tor to require authentication before the proxy can be used, this will need to be setup if you want to access this proxy from outside of your local network.

Configure NetSurf to use the HTTP proxy

Now that there’s a Tor proxy running on your local network, it’s now time to boot up Netsurf on your RISC OS machine and point it to pass its traffic through the proxy and in-turn, the Tor network.

So once NetSurf is running, middle-click on its iconbar icon then select Choices then Connection.

Set the Proxy type as Simple proxy, then stick in the local IP address of your Tor proxy system in the Host field, followed by the port number of your HTTP proxy in the field to its right.

If you’ve followed this guide to the letter then the HTTP proxy will be running on port 8123, it is possible to set the proxy to run on the same port as the SOCKS5 proxy (9050) like in the image on this article.

 

Have a play around!

That’s it, NetSurf is now configured to push its traffic through the Tor proxy. You can test this out by checking your IP address with a website such as DuckDuckGo or ping.eu. This will show the IP address that other systems and websites you interact with through your Tor proxy will see you as. If you attempt to visit the IP address that DuckDuckGo or Ping.eu has shown to be the IP you’ve visited from, it should show you a ‘This is a Tor Exit Router’ page.

All your NetSurf traffic will now be pushed through various Tor proxies and anonymised. You can also access dark web (.onion) sites now also.

For more information on Tor, have a read of the Tor project’s extensive Documentation section. If you’re really curious then take a look dark web websites, these are websites that are hosted within the Tor network and can only be routed to from within the Tor network. These sites usually have .onion domain names.

Be wary though, while there’s an awful lot of good stuff on Tor and the dark web, there’s also a lot of bad stuff – so exercise caution when taking a look around.

 

Under the Microscope: Mop Tops

posted in: Games, News | 0

Since bursting onto the scene with the release of Overlord in 2015, Anthony Van Bartram of Amcog Games has been hard at work bringing a series of commercial games to the RISC OS market.

After his first release in June 2015 we saw him launch isometric adventure title Legends of Magic at the 2015 London Show before coming out with the Fervour-inspired space-maze game Xeroid at the 2016 Wakefield show.

Amcog have since stuck to their quick release schedule, with their latest title coming in the form of Mop Tops, a parallax scrolling puzzle game.

The main aim is pretty simple, but it’s pretty tricky to master. You must guide as many Mop Tops as possible to the exit within the time limit. You do this by giving objects to the Mop Tops to use or by dragging objects into their path.

It quickly came apparent to me upon playing the game that Mop Tops is one of those titles that, although there’s no huge backstory or much depth to the concept (not that there needs to be for a game like this), it keeps you coming back for more and more. It’s ideal for procrastination as I’ve found out the hard way. There’s 30 levels to play your way through, all with synthesised and sampled sound effects via Amcog’s very own RDSP Sound Mod.

Mop Tops is available from the Pling Store for £9.99 and is compatible with all modern RISC OS systems – including the Raspberry Pi, ARMX6 and machines running RISC OS 5 under RPCEmu. It should also be compatible with legacy systems running RISC OS 4 as well as Virtual RiscPC.

If you’re looking for a casual puzzler that you can sink some time into when you’ve got some time to kill, this is well worth your hard earned cash. Quite a few share my opinion too, Mop Tops picked up the Best Game of the Year award in the 2016 RISC OS Awards.

Experiments with StrongED – 2

posted in: Software | 0

The default mode is BaseMode. The other modes simply augment, or override, it. Many features of a mode can be set in the Mode Choices dialog box.

Other features have to be specified in the mode’s ModeFile and must be written in StrongED’s own command language. BaseMode’s ModeFile will be displayed if you click Ctrl-Adjust on StrongED’s iconbar icon.

It is a commonplace that programming languages can use variables to denote expressions. Thus

x = “this is some text”

is a piece of text in BBC BASIC. The variable x is defined in it to denote the literal text this is some text. The doublequote characters are used by BASIC to distinguish the literal text. Other languages may use other means to distinguish which parts of the program text refer to literal text; position, for example. Consider the command

echo hello there

in an Obeyfile. The word echo is a command, whereas hello there is literal text. If we put in doublequotes here we do not get the same result.

In BBC BASIC, as in other languages, we distinguish between a number 57 and a string “57”. Many languages, not BBC BASIC unfortunately, deal with patterns that can occur in text. It took time for people to realize the advantages of distinguishing separate types of value; that boolean values are distinct from number values, for example, – a distinction that BASIC fails to make but which was recognized fairly early in the history of programming. The distinction between patterns and strings took a little longer to sink in. Similarly, replacement strings (other languages talk of format strings) should really be distinguished from plain vanilla strings. Many languages, and among them StrongED’s command language, use strings to denote patterns, with certain characters, known as magic characters, playing a special role. This means that there has to be an escape character to indicate that the character following is to be taken in its literal and non-magical sense. In C, for example, the backslash (\) is used as an escape character.

These observations should be kept in mind if you look at StrongED’s help files, because the use of variables defining patterns is fundamental to StrongED’s command language. I do not intend to rehearse, or even summarize, these help files here. I mentioned in part 1 that I use a non-standard BaseMode Modefile. Instead, I will describe the steps I took to modify the standard one.

The first thing I wanted to do was get rid of the icons in the smartbar that I knew I was not going to use.  Scroll down in the BaseMode Modefile until you reach

#— Toolbar and mode-menu functions

 

Functions

The lines starting —>Icon define the icons in the smartbar, from left to right. The lines that follow each of these commands specify how they behave. The first group I removed (or commented out by inserting # at the beginning of the line) was

—>Icon—>—>Lot

—>Help-–>—>HBM_low

—>Key>—>c-L

—>Select->—>ListOfWindows

 

—>Adjust->—>OpenDialogueBox(LoadFile)

This removed the ListOfWindows icon (I very rarely have more than a couple of windows open at the same time). As well as removing groups I also changed the order in which the groups appeared in the ModeFile. For some groups I provided my own icons, which must go in BaseMode.Sprites or BaseMode.Sprites22. For what happens when you click on,or drag to, an icon it is useful to consult Help->Reference section->List of Functions from StrongED’s iconbar menu. In this way it is not too difficult to create new facilities for your own modes, but remember that a mode’s own smartbar icons will appear to the right of those provided by the BaseMode. Similarly, the menu items that you provide in a mode’s Modefile will appear beneath those furnished by the BaseMode.

So, at least superficially, it is not too difficult to personalize StrongED. It goes without saying that you should always put your modified files only in StrED_cfg, leaving StrongED itself alone. That way, if you are over-ambitious or if your syntax is not correct, you can always restore StrongED to its proper state.