Skip to content

Tor based Proxying Guide

Jump to bottom Edit New page
Likhith Chitneni edited this page Nov 15, 2017 · 5 revisions

Welcome to rTorrent's Tor-based HTTP tracker proxying guide.

In this human-readable walkthrough, we reconfigure rTorrent to route all HTTP tracker traffic – including both DNS-based hostname lookups and IP torrent traffic – through Tor.

Why Tor?

Tor is an open-source anonymity network with extensive cross-platform support, an active development and volunteer community, ongoing academic research, and (most relevantly) an application-independent SOCKS interface. Any application with SOCKS proxy support may route arbitrary data through the anonymizing Tor network without constraints, censorship, or surveillance.

Tor also officially discourages torrent traffic, although there's not particularly much Tor developers can do about that short of brute-force packing shaping (and probably breaking onion encapsulation in the process).

In other words, Tor is perfect in all but fundamentalist ideology. And the ideology is safely ignorable.

What's the Catch?

To preserve anonymity, this guide requires disabling all rTorrent features requiring UDP support. This includes:

Nothing's perfect. Especially nothing free as in both beer and speech. See the concluding section for alternative approaches.

I Want My UDP Support and I Want It Now

Too bad. At least, until rakshasa and company submit a pull request addressing this long-standing issue – and possibly not even then.

rTorrent seamlessly supports both SOCKS4- and SOCKS4a-compliant HTTP proxies "out of the box." rTorrent does not appear to currently support SOCKS5-compliant HTTP and UDP proxies. Since SOCKS4 and SOCKS4a proxy only HTTP rather than UDP connections, enabling HTTP proxying and UDP support in rTorrent will reliably expose your IP address to malicious middlemen (e.g., copyright trolls).

To safeguard user anonymity, this guide disables UDP support altogether. Somethin' is better than nothin', right?

Can We Get Started, Already?

Let's do this. In order, the following instructions:

  1. Install either:
  1. Install privoxy.
  2. Configure privoxy to forward all traffic to a local HTTP Tor proxy.
  3. Configure rTorrent to forward all traffic to a local SOCKS4a privoxy proxy.

Step 1: Tor

Unless you have a compelling reason to install Tor as a headless system daemon (e.g., you run a Tor relay or exit node – in which case, muchas thanks!), this guide strongly recommends installing the Tor Browser Bundle (TBB).

Doing so is trivial and requires no further configuration or customization. In brief:

  1. Install the TBB.
  2. Run the installed TBB. On startup, TBB implicitly starts Tor as a userspace daemon in the background. On shutdown, TBB implicitly stops this userspace daemon – thus stopping all torrents in rTorrent configured to proxy torrents through Tor. This implies that TBB must remain open while rTorrent is open. Closing TBB closes Tor and hence all torrents in rTorrent.
  3. Verify that the Tor HTTP proxy is listening on the expected port. The default TBB proxy port is 9150; the default non-TBB (i.e., headless system daemon) proxy port is 9050. For simplicity, these instructions assume the default TBB proxy port of 9150. Under non-Windows systems with netstat installed:

    1. Run:

        $ sudo netstat -atnp | grep tor

    2. A line resembling the following should be output:

        tcp        0      0 127.0.0.1:9150          0.0.0.0:*               LISTEN      32359/tor

Congratulations, salutations, and libations for all. Tor is up!

Step 2: Privoxy

Privoxy is a non-caching web proxy whose configuration file exceeds 2,000 lines in length. It's a little complex. While Tor itself provides a SOCKS5 proxy, this proxy typically leaks DNS hostname lookups, blocks default torrent ports, appears to unceasingly hate torrents in general, and is unsupported by rTorrent – which, again, only supports SOCKS4 and SOCKS4a proxies.

We will now install, configure, and start privoxy as a headless system daemon under Linux, a headless user daemon under OS X, and a GUI-driven user daemon under Windows.

  1. Install Privoxy. Under:

  2. Configure Privoxy.

    1. Find the installed Privoxy configuration file. Under:
      • Most Linux distributions, this file resides at /etc/privoxy/config.
      • OS X, this file typically resides at /Applications/Privoxy.app/config.
      • Windows, this file typically resides at C:\Program Files/Privoxy\config.txt.
    2. Edit this file.

      1. Search this file for the listen-address option. Configure Privoxy to listen on the default Privoxy port 8118. Add the following uncommented line under this option's commentary:

           listen-address  127.0.0.1:8118

      2. Search this file for the forward option. Configure Privoxy to act as a forward SOCKS4a proxy for Tor (i.e., to relay all traffic on the default Privoxy port 8118 to and from the default TBB HTTP proxy port 9150). SOCKS4a is strongly recommended over SOCKS4, which fails to proxy (and hence leaks) DNS hostname lookups. Add the following uncommented line under this option's commentary:

           forward-socks4a   /               127.0.0.1:9150 .

      3. (Optional) Search the Privoxy configuration file for the debug option. By default, Privoxy disables logging. Consider configuring Privoxy to log a small number of terse status messages by adding the following uncommented lines under this option's commentary:

           debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
   debug  1024 # Actions that are applied to all sites and maybe overruled later on.
   debug  4096 # Startup banner and warnings
   debug  8192 # Non-fatal errors

      4. (Optional) Search the Privoxy configuration file for the logdir and logfile options. Both should be uncommented by default and require no changes. The logdir option provides the absolute path of the directory containing all Privoxy logfiles. The logfile option provides the basename of the default Privoxy logfile in this directory. To find the absolute path of the default Privoxy logfile, join these two options. For example, the following options instruct Privoxy to log to /var/log/privoxy/privoxy.log:

           logdir /var/log/privoxy
   logfile privoxy.log

  3. (Re)start Privoxy. Under:

    1. systemd-based Linux distributions (e.g., Arch, Fedora, Ubuntu), run:

        $ sudo systemctl restart privoxy

    2. OpenRC-based Linux distributions (e.g., Calculate, Sabayon, Gentoo), run:

        $ sudo rc-service privoxy restart

    3. OS X, run:

        $ sudo /Applications/Privoxy/stopPrivoxy.sh
  $ sudo /Applications/Privoxy/startPrivoxy.sh

    4. Windows... we have no idea. If you find out how, please update these instructions accordingly.

  4. Verify that Privoxy is listening on the expected port. Under non-Windows systems with netstat installed:

    1. Run:

        $ sudo netstat -atnp | grep privoxy

    2. A line resembling the following should be output:

        tcp        0      0 127.0.0.1:8118          0.0.0.0:*               LISTEN      24526/privoxy

  5. Verify that Privoxy is successfully anonymizing HTTP requests. Under non-Windows systems with wget installed:

    1. Show your unproxied public IP address (i.e., the globally unique IP address of your local machine or network) by running:

        $ wget http://ipinfo.io/ip -qO -

    2. Verify that your unproxied public IP address is printed. For example:

        215.108.10.47

    3. Proxy all subsequent commands through privoxy:

        $ export http_proxy="http://127.0.0.1:8118"

    4. Show your proxied public IP address (i.e., the globally unique IP address of the Tor exit node to which privoxy forwards all traffic) by rerunning the same command:

        $ wget http://ipinfo.io/ip -qO -

    5. Verify that a different IP address is printed. For example:

        58.73.28.81

    6. Cease proxying commands through privoxy:

        $ unset http_proxy

Congratulations, salutations, and good vibrations. Privoxy is up, too!

Step 3: rTorrent

We will now configure rTorrent to anonymize all torrent traffic through the previously configured Tor-forwarding privoxy proxy.

  1. Configure rTorrent. Edit your current rtorrent.rc configuration file as follows:

    1. Enable privoxy proxying.

      1. Remove all existing http_proxy, proxy_address, network.http.proxy_address.set, and network.proxy_address.set options from this file.

      2. Add the following two lines anywhere to this file:

           network.http.proxy_address.set = 127.0.0.1:8118
   network.proxy_address.set = 127.0.0.1:8118

    2. Disable UDP support.

      1. Remove all existing use_udp_trackers, dht, peer_exchange, trackers.use_udp.set, dht.mode.set, and protocol.pex.set options from this file.

      2. Add the following three lines anywhere to this file:

           trackers.use_udp.set = no
   dht.mode.set = disable
   protocol.pex.set = no

  2. (Re)start rTorrent.

  3. Verify that rTorrent is successfully anonymizing torrent traffic.

    1. Browse to ipleak.net, a third-party web service reliably detecting IP and DNS leakage from torrent clients.

    2. Click the Activate button beneath the Torrent Address detection heading.

    3. Copy the resulting magnet link (displayed as this Magnet Link) to the system clipboard. In Firefox, for example, right-click this link and choose Copy Link Location.

    4. Keep this page open. We will return to it shortly. For now, note the following text displayed beneath this magnet link:

        No data just now from the above magnet url.

    5. Open rTorrent.

    6. Hit <Enter>. rTorrent should display an interactive prompt resembling:

        load.normal>

    7. Paste the previously copied magnet link.

    8. Hit <Enter> again. A new torrent whose name is a random string of alphanumeric characters should now be added.

    9. Hit <Ctrl-s> to start this torrent.

    10. Return to your open ipleak.net page. If you accidentally closed this page, this entire process must be repeated.

    11. Verify that your proxied public IP address is now displayed beneath this magnet link. As a sanity check, click on this IP address and verify that the geolocation of this IP address differs from your own.

Congratulations, salutations, and soul-soothing ministrations. rTorrent is up and cryptographically secure!

There's Got To Be Another Way

There always are. You just won't like any of them. Viable alternatives include:

  • The Invisible Internet Project (I2P), yet another open-source anonymity network with similar advantages as Tor (e.g., cross-platform, active development, ongoing research) without the burdensome cultural baggage and anti-P2P rhetoric. While detailed instructions for doing so exceed the mandates of this guide, it may be pertinent to note that:
    • I2P encourages torrent traffic to be routed through the I2P network.
    • I2P comes bundled with a torrent-specific web client for doing so: I2PSnark.
    • A variety of I2P eepsites (i.e., the I2P equivalent of Tor Hidden Services) provide PirateBay-like centralized repositories for hosting I2P-only public torrents. Common examples include:
    • Vuze, the proprietary torrent client formerly known as Azureus and now functionally indistinguishable from malware-like adware, provides the I2P Helper plugin. This plugin is perhaps the only remaining reason to install Vuze. It bridges clearnet- and I2P-hosted torrents, permitting unanonymous clearnet-hosted torrents to be anonymized over I2P and anonymous I2P-hosted torrents to be deanonymized over the clearnet. No, we have no idea why anyone would want to deanonymize themselves either. Nonetheless, the former feature is awesome incarnate.
  • Subscribing to a non-free anonymization service supporting both HTTP and UDP proxying. Common examples include:
Add a custom footer
Add a custom sidebar
Clone this wiki locally