HomeForumsComputersHacking

Actually toring your Windows traffic

No replies
20 October, 2009 - 00:36
EverestX
EverestX's picture
Offline
SX Crew
Joined: 2009/05/15

Actually toring your Windows traffic
---------------------------------------------

I've come to find out that Tor+Vidalia+Privoxy bundle for Windows doesn't really work for much other than Firefox. Given the fact you're browsing the Site, chances are you need more than *just* HTTP over TOR.

While I don't recommend Windows as a Pentest Platform, there are some fantastic tools such as Oxid's Cain and Able that are Windows Only. There are cases where apps are windows only, and in these cases you need to TOR your traffic forcibly.

I can not guarantee anything will work for you, but it did for me, here's how I did it.

Prereq's
----------
1 Windows Box (tested using XP sp3)
Internet Connection
Time to test and verify traffic
http://sourceforge.net/projects/advtor/

Making it happen (with the Cap'n)
-----------------------------------------

First Download, extract, and install Advance Tor from the link above at Source Forge.

The default setting should work for initially connecting.

The default Screen is this:

Photobucket

Once connected you'll see this.

Photobucket

I can confirm that the configuration is a bit glitchy,TEST THE CONNECTION TO TOR BEFORE SETTINGS MODIFICATION. If you get any errors after making modifications, just extract the zip again and start over.

Forcing Apps Over Tor
----------------------------

By default, most apps will not use TOR for the traffic. You will have to "force" it. Unfortunately, some apps and executables have issues with this so IT IS ABSOLUTELY NECESSARY THAT YOU VERIFY YOUR TRAFFIC IS LEAVING OVER THE TOR NETWORK!

In this screen shot you can see that I have Forced 7th Sphere (my trusty lightweight scanner) and BL4CK's VNC Viewer over TOR. (Both Work BTW)

Photobucket

Checking your shits
------------------------

You need to verify each forced app individually. Also, understand that a lot of time some traffic may be leaked regardless so be just as careful.

I recommend using your own gateway or perimeter firewall to verify. This is how I verify my traffic is coming over tor. Additionally, having remote systems to test and verify is even better.

whatismyip.org is a strait Text web page that you can test telnet connections to as well as web traffic .

As I have mentioned, a lot of apps DO work, some don't CMD for example.

**ZENMAP DID NOT WORK IN MY TESTING, you've been Warned, this may be due to my local network but test it**

--------------
Cisco and Supgergates pentest app needs to be tested with this method if someone gets a chance before me!

EDIT:

After some further testing, I have noted with scans that sometimes I receive NONE of the return traffic to my scanner. In other cases with the same application, I do get return traffic. I'm still researching further.

Also, I've noted that if you leave this enabled for about a day+ it will eat all your available ram and Page file. Don't use this app longer than you have to!

Top