Vous êtes sur la page 1sur 230

Warning

Violationofcomputersornetworksofothersisacriminaloffensepunishable by the law. Some of the procedures hereby outlined are only for educational/explanatory/informational purpose and only executed on devices underourpossessionorwithincontrolledtestenvironments,thereforeyouhold harmlesstheauthorsofthisdocumentforwhatyou’lllearnduringthiscourse andagainstanyverifiableconsequence.

Notesonthiswork

ThecontentofHacklog:Volume1isissuedfreeofchargeforthewholenet,

and is available in different formats, according to the Ethical Hacking self- regulationandrespectingthedifferentculturespracticingit.

You’refreetousepartsofthisdocumentforanywork,properlyquotingthe source(Hacklogbyinforge.net)and,includingafootnotelink,whenpossible. Sincethisprojectrequiredahighamountoftime,ifthisdocumenthasbeen usefulforthirdpartyprojects,wethinkitshouldbeshared,outofrespectforits author,hiscoworkersandwhobelievedinit.Theoriginaltextwaswrittenin

2017,inItaly.

Copyright

ThetextualcontentandtheimagesofHacklog:Volume1ebookarereleased

under Creative Commons 4.0 license – non-replicable, no derived works, commercialization.TheowneroftherightsforthisdocumentisStefanoNovelli, anditsdistributionisbyinforge.net.

Formyfriends,mylovedones,

andallwhomadethispossible.

Forallthehackers,

oraspiringhackers,worldwide.

StefanoNovelli

Translator'sForeword

Foreword

Anonymity

1.OperativeSystem

1.1Whichdistro?

1.1.1VirtualMachines

1.1.2LiveDistros

1.1.3TheTerminal

2.DataTraces

2.1MACAddress

GLOSSARY

2.1.1IdentifyingtheMACAddress

2.1.2MACSpoofing

2.2Hostname

2.2.1ChangingtheHostname

2.3DomainNameSystem

2.3.1ChoosingDNS

2.3.2ChangingDNS

2.3.3CacheDNS

2.4.1DeterminingtheIPinuse

2.4.2Proxy

2.4.2.1Proxytypes

2.4.2.2WhereyoucanfindProxies

2.4.2.3HowtouseProxies

2.4.2.4HowsafeareProxies?

3.Securecommunications

3.1VPN(VirtualPrivateNetwork)

3.1.1VPNTypes

3.1.1.1PPTP,forthespeedseekers

3.1.1.2L2TP/IPsec,forthesecurityandresponsivenessenthusiasts

3.1.1.3OpenVPN,fortopsecurityusers

3.1.1.4SSTP,forWindowsusers

3.1.2WhichVPN?

3.1.3HowtochooseaVPN

3.1.3.1AvoidFreeVPNs

3.1.3.2NoLogsPolicy

3.1.3.3Iftheyhaven’tgotyourdata,theycan’tcatchyou

3.1.3.4InternationalDataRetentionLaws

3.1.3.5PaymentMethods

3.1.4VPNList

3.1.4.1.MultiHop(cascading)VPNs

3.1.5UsingtheVPN

3.1.6TestingthequalityofaVPN

3.1.6.1TorrentTest

3.1.6.2DNSLeakTest

3.1.6.3KillSwitch(protectionagainstdisconnections)

4.ClearnetandDeepWeb

4.1TOR

4.1.1What’stheTORnetwork

4.1.2TORProjects

4.1.3TORinstallation

4.1.4TORusecases

4.1.4.1TORasaBrowser

4.1.4.2TORasaP2P

4.1.4.3TORasChat

4.1.4.4TORasaProxySoftware

4.1.5TORRelay

4.1.6TORBridges

4.1.6.1Bridgesadvanceduse

4.1.7.1MEEK&ScramblesuitProtocols

4.1.8TestingthequalityofTOR

4.1.8.1TORTestviaBrowser

4.1.9TORandDeepWeb

4.1.9.1Wheretofind.onionsites?

4.1.10IstheTORnetworkreallysafe??

4.1.10.1TORandHTTPprotocol

4.1.10.2TORandcompromisedexit-nodes

4.1.10.3TORBrowserandtheissueswith“pre-built”products

4.1.10.4TOR,Google&CO.

4.1.10.5TORisnotidiot-proof

4.2I2P

4.2.1UsingI2P

4.2.1.1InstallingI2P

4.2.1.2FirstlaunchofI2P

4.2.1.3ConfiguringaBrowserwithI2P

4.2.1.4I2Pusefulresources

4.2.1.5AnonymousnavigationinClearnet

4.2.1.6WheretofindI2Psites?

4.2.1.7DifficultieswithI2P

4.3.1Freenetinstallation

4.3.2ConfiguringFreenet

4.3.3UsingFreenet

4.3.4Freenetusefulresource

4.3.5SecurityinFreenet

5.ComboNetwork

5.1TORviaVPN

5.1.1HowtoperformTORviaVPN

5.2VPNviaTOR

5.2.1HowtoperformVPNviaTOR

5.3TORoverTOR

5.3.1Tortilla

5.3.2IsTORoverTORhelpful?

6.LocalResources

6.1Privatebrowsing

6.1.1HowtoenablethePrivateorIncognitomode

6.1.2WhatthePrivate/Incognitomodedoes(anddoesn’tdo)

6.2HTTPS

6.2.1ControllingHTTPSprotocols

6.3Cookies

6.3.2Controllingcookies

6.4“Special”Cookies

6.4.1“Special”Cookiesimpactoversecurity

6.4.2HowtoblockFlashCookies

6.4.3HowtoblockDOMStorage

6.5Javascript

6.5.1JavaScriptimpactoversecurity

6.5.2ControllingJavaScript

6.6Flash

6.6.1Flashimpactoversecurity

6.6.2ControllingFlash

6.7Java

6.7.1Javaimpactoversecurity

6.7.2ControllingJava

6.8ActiveX

6.8.1ActiveXimpactoversecurity

6.8.2ControllingActiveX

6.9WebRTC

6.9.1WebRTCimpactoversecurity

6.9.2ControllingWebRTC

6.10.1DefiningtheBrowserFingerprinting

6.10.2DefendingyourselffromBrowserFingerprinting

6.11FileDownloading

6.12BrowserSecurityTest

7.DataSecurity

7.1DataIntegrity

7.1.1Checksum&Hash

7.1.1.1HashTypes

7.1.1.2CalculatingaChecksum

7.1.1.3Checksumincommonuse

7.2DataEncryption

7.2.1PGP,PrettyGoodPrivacy

7.2.2GPG,GNUPrivacyGuard

7.2.2.1Understandingthepublic/privatekey

7.2.2.2CreatingyourownPGPkey

7.2.2.3Importing,exportingandrevokingaPGP/GPGkey

7.2.2.4PGP/GPGtoencryptanddecryptafile

7.2.2.5PGP/GPGfordatasignature

7.2.2.6PGP/GPGfordataintegrity

7.2.2.7PGP/GPGforemailencryption

7.3DiskEncryption

7.3.1TrueCrypt

7.3.2Veracrypt

7.3.2.1InstallingVeracrypt

7.3.2.2UsingVeracrypt

7.3.3Zulucrypt,LUKSandfamily

7.4Steganography

7.4.1SteganographywithLSBmethod

7.4.1.1LSBSteganographyTools

7.4.1.2Steghide

7.4.2CoverGenerationSteganography

7.4.2.1PureSteganographywithSPAMmethod

7.4.2.2PureSteganographywithPGPmethod

7.5DataBackup

7.5.1HowmanyBackupsdoyouneed?

7.5.2Rsync

7.5.2.1Rsyncinstallation

7.5.2.2LocalcopywithRsync

7.5.2.3RemotecopywithRsync

7.6ColdBootRAMExtraction

7.7Metadata&EXIFData

7.7.1HowtoviewtheEXIFData

7.7.1.1MAT:MetadataAnonymisationToolkit

7.7.1.2AlternatesoftwareforMetadata

7.8Camerasensors

7.9DataShredding

7.9.1HowtoperformDataShredding

7.9.1.1DiskCleaners

7.9.1.2FileShredding

7.9.1.3PhysicalDriveDestruction

8.DataRecovery

8.1Post-MortemForensics

8.1.1WhichOSforP.M.Forensics?

8.1.2CaineOS

8.1.2.1TestDiskorPhotoRec,whichone?

8.1.2.2PhotoRecMiniUseGuide

9.Vulnerability

9.1GeneralPrecautions

10.EnhancedOSs

10.1LiveOS

10.1.2LiveOS&Persistence:therisks

10.1.3LiveOS&VirtualMachines:therisks

10.2Virtualizedenvironments

10.2.1QubesOS

10.2.1.1Virtualizationlogic

10.2.1.2NetworkandStorageDomains

10.2.1.3WhyuseQubesandnotTailsOS?

10.2.2QubesOS+Tais

10.2.3QubesOS+Whonix

10.2.4SubgraphOS

10.2.4.1Hardenedlikefewothers

10.2.4.2NetworkandAnonymity

10.3PentestDistros

11.OnlineIdentity

11.1NEVERcombineyouridentities

11.2NEVERusethesamedata

11.3WatchOutforyourHabits

11.4Disposableemail

11.5IfyoumanageaSite/Blog/Forum

11.6ThingsyoushouldNEVERdo

12.1BuyingintheDarkNet

12.1.1DarkNetMarkets

12.1.1.1TypesofDarkNetMarkets

12.1.1.2WheretofindtheDarkNetMarkets?

12.2Crypto-currencies

12.2.1PrecautionswithCrypto-currencies

12.2.2Bitcoin

12.2.2.1HowBitcoinswork

12.2.2.2HowtoobtainBitcoins

12.2.2.3MakingBitcoinsuntraceable

12.2.3BeyondBitcoin

13.BeFree

Acknowledgments

AuthorsandCollaborators

Sources&Resources

SpecialThanks

Donors

Translator'sForeword

MarcoS.Doriaisaprofessionaltranslatorandproofreader,workinginthe

IT,MediaandMarketingtranslationIndustriessince2013.Helovescomputers,

music, books, technology and, especially, his wife Laura and his daughter Penelope. He also wrote two short novellas in Italian. Contact:

I first came across the Hacklog Project by chance. I was talking with a colleagueabouthowIwishedtofurtherexploretheITSecurityworld,andhe mentioned the Hacklog Volume 1, a very interesting handbook written by StefanoNovelli.

SinceIwaslookingfornewmaterialstoimproveasaTechnicalTranslator,I

immediatelygotmydigitalcopyandstartedreadingit.

Ifeltlikecaptured!Icouldn’tstopreading…everychapterranawaysofast

thatIimmediatelyfelttostartoveragain.

Hacklog Volume 1 really opened my eyes about topics like Anonymity, NavigationSafety…Freedom!Yes,freedom!BecauseIlearnedhowtousethe Webmoreconsciously;Ilearnedhowtobefreefromthecontrolofbigdata companiesdwellingonourpersonalinformationandhabits.

IfeltIhadtocontributetothisincredible,openproject!Sowhynottranslate

it?

Immediately,ImailedStefanoaboutthisidea,andwestartedthisadventure

quitesoon!

BeingthesonofoneofthefirstITConsultantsinmyarea,Iwasclose enoughtothecomputerworldtoknowthebasicbits-and-bolts;thereforeIreally can say that translating Hacklog Volume 1 has been my best professional experiencetodate.

IreallyhopeyouenjoyitasmuchasIdidworkingontheEnglishversion.I

wouldliketothankStefanoforthisincredibleopportunityandMarcoSilvestri,

whoreallyhelpedmeoutreviewingthewholetranslationandaddingtruevalue

toit.

Now,don’twaitanyfurther:enjoyyourreadingand…befree!

MarcoSilvestri.Contact:marco.silvestri777@gmail.com

IalreadyhadthechancetoworkwithStefanoastextreviewerfortheItalian editionofHacklogandwhileIwasdoingthatIfeltitwasagoodopportunityfor metolearnsomethingabouttheITworldIbarelyknewabout.Internetsecurity isextremelyusefulevenifyoudon'tworkwithcomputersandIthinkit'sreally important to have an idea of what happens every time you connect to the networkandwhatliesunderneathit.

WhenStefanotoldmehewantedtopublishanEnglishversionofthebookI

wasreallyenthusiastcauseIthoughtalotofpeoplecouldhaveenjoyedthis

bookasmuchasIdid.

IhadthechancetohelpMarco,thetranslatorthatmadethisEnglishversion

possibleandStefanoNovelli,themindbehindtheproject,andIwouldliketo

thankthembothforgivingmetheopportunitytohelpwiththebook.

Foreword

WelcometoHacklog,theCyberSecurityandEthicalHackingcourse.My

nameisStefanoNovelli,andIamtheauthorofthiscourse–Idecidedtowrite

thisdocumenttogiveanybodythechancetoapproachcybersecurityinamore

accessibleway,comparedtotraditionalchannels.

HacklogistheresultofmanyyearsofstudyintheHackingandITSecurity

fields:itencompassestestimonies,techniquesandconsiderations,collectedfrom

documents,trainingcoursesandfirst-handexperienceintheSecurityindustry.

Asacourse,Hacklogisdesignedforwhowishestolearnandhaveaninsight

overCyberSecurity;thismanualisnotaimedtoofferprofessionaltrainingtoIT

Securityexperts,andisnotintendedtoreplaceanyUniversity-gradeguidebook.

Thiscoursehasbeendesignedforyou–asastudentoraself-taughtreader–

whowishtofamiliarizewithEthicalHackingandCyberSecurity,learnthemain

techniquestorunsecuritytestsonyourmachinesandprotectyourselffromthe

intrudersbuzzinginthedarkworldofcyber-crime.

I would be a liar if I told you that you can start over without any IT knowledge.However,Idon’tmeantodiscourageyou,butit’squitethecontrary:

thefactthatyou’rehereisaverygoodstart!Thismeansyouwanttolearn,andI

cantellyouthisisaveryimportant,ifnotcrucial,fact.

Whileyoureadthisdocument,Iwilldemandyouto:

Haveapositiveattitudetowardsthecourse,don’tgetdiscouragedsoon!

Learnmoreaboutwhatisnottooclearforyou.

Takenotes,withpenandpaperifyouwish!

Getintouchwithotherpeopleifyoucan’tunderstandanypartofit.

Please,keepinmindthattheITbasicswillbetakenforgranted,suchasthe

differencebetweenhardwareandsoftware,whatisanoperativesystem,howto

downloadprograms,andsoon.Let’sbeginalready!Enjoyyourreading.

Anonymity

Overtheyears,anonymityonInternetbecameoneofthemostcrucialissues, tothepointthatnowadaysahugerangeoftoolsisouttheretohelpusleavingno tracesaround.Theneedforbeinginvisibleonlineisnotonlyaprerogativeof cyber-criminals:insomepartsoftheworld(suchasChina,SaudiArabia,Iran orNorthKorea),governmentcensorshipissostrongthatanonymityisnecessary nottobetrackedbypublicorprivatespyservicesandtoavoidpenaltiesinthose countrywhereDeathPenaltyisstillinflicted.Intherestoftheworld,anonymity can be useful for other scenarios, i.e. to report poor working conditions or questionableinternalpoliciesofagivencompany,aswellastobefreetousethe netoutsidea stronglyanalyticalsystem, refrainingfromsharing information about what we buy or sell, what we like or dislike with the Internet Big Companies,thusescapingthemasssocialexperimentrunbythemajorglobal powers.

Anonymityisalsoafundamentalfeatureforhacktivists,namelythosewho

practicedigitalactivism.OneexampleistheAnonymousmovement,andsuch

nameclearlyreflectstheneedtobeuntraceableduringonlineprotests.

IfyouneedtosecureyourITstructure,youshouldactuallyconsideranother good reason: to be anonymous as a means of prevention, avoiding any expositiontotheInternet,whereyoucanpotentiallybeattackedbyanyone.

Instead,ifyouworkintheITinvestigationfield,youmaybeinterestedin knowing the tools used by cyber-criminals to execute their attacks staying anonymousandavoidingcontrols.

1.OperativeSystem

When you use a computer or a smartphone, actually you’re using the operativesysteminstalledonsuchdevice:withoutit,yourmachinewouldbea lifelessboxfilledwithcables,capacitorsandelectronics.TheOperativeSystem isthesoftwaremanagingeverythingwithinacomputer:itsroleistounderstand whattheuseristyping,whattoshowonscreen,runprogramsandsoon.

There are different Operative System families available for the Desktop environment; the main three are: Windows, macOS (formerly OSX) and GNU/Linux.Ifyouarefamiliarwiththem,you’llknowthatGNU/Linuxisthe most frequently recommended Operative System: maybe I’ll say something unpopular,butthisshouldn’tbetheonlyoption,insteadIthinkthateveryOS hasprosandcons,anditmaybemoreorlessfitforanygivenscenarioithasto beusedin.Surely,atleastforwhatconcernsAnonymity,GNU/LinuxOperative Systemistheidealchoiceforwhowantstobeanonymous.

GNU/Linuxisanopensourceproject,thereforeit’sfree,itcanbemodified, anditdoesn’tcontainanyintentionallymaliciouscode.It’sthebestchoicefor userswhoneedtostayanonymous:thissystemisbuiltwithoutanydistortion,it has not been manipulated and it can hardly be tracked by spy services, governments,companiesintheindustry,intrudersandsoon.Agreatadvantage ofGNU/Linuxisitsflexibility,allowinganyonetobuildtheirowndistro:such principlegavebirthtobigcommunities,evenentirecompanies–suchasthe mostpopularRedHat,NovellorCanonical–thatgettheirrevenuefromthe Penguinecosystem,ensuringthousandsofjobseveryyear.TrustmeifItoldyou that distros are really unlimited in number: from the historical Debian or Slackwaretothemostuser-friendlyoneslikeLinuxMintorUbuntu,toplatforms designed for gamers, such as Steam OS, for audio/video productions, for microcomputers,Servers,Firewalls,Routers,etc.Amongtheseinfinitedistros, wecanalsofindsomespecificallydesignedforAnonymity.

1.1Whichdistro?

I'vealwaysbelievedthatthereisnoone-fit-for-alldistro.Inmyopinion, choosing a given GNU/Linux distro should not be a simple matter of pre- installedsoftware.Firstly,itmustberelatedtowhatauserneedsandtheirlevel ofknowledge(alsokeepinginmindtowhatextenttheyadheretotheproject philosophy).

IfyouareunfamiliarwithaGNU/Linuxdistro,thismaybethebestmoment

tofamiliarizewithit!Insomecases,youcouldhavetouseWindowsormacOS

nevertheless:wewillalsomarginallycoversuchOperativeSystems.

Duringthecourse, wewillmainly useDebian,a primarydistroused to developthemostpopulardistrosavailableonline,suchasUbuntu,LinuxMint, ElementaryOS,KaliLinux,ParrotSecurityOS,Backbox,Tailsandmanymore. Ifthisisyourfirstapproach,IsuggestyoutostartdirectlyfromDebian–you’ll learnmuchmoreanditwillbeeasierforyoutoshiftfromadistrotoanother, onceyou’llfamiliarizewithit.

Inthisdocument,wewon’tcoverhowtoinstallandrunDebian:youcan

readadoc(inItalianversion)availableforfreeatwww.hacklog.net,explaining

howtoinstallafunctionalversionofDebianandhowtoovercomethemost

commonissues.Ifyoudon’tfeelcomfortablewithDebianforanyreason,orif

you’rehavingtroubleinstallingyourperipherals,trywithUbuntuorLinuxMint,

sincetheyaremoreuser-friendlyandhavebuilt-in,proprietarydrivers.Besides

thepositioningofsomeelements,thecommandswearegoingtousewillwork

onthesedistrosaswell.

Instead, if you are confident with a given distro, you won’t have any problemsinusinganotherofthesesub-distros,eveniftheybelongtoother families.Inthefinalpartofthisbook,you’llfindacompleteoverviewofall Linuxdistrosdesignedforanonymity(andpartiallyforpentestaswell),soyou willbeabletorepeatthedifferenttestsusingworkingenvironmentsspecifically designedforanonymityandnot.

IfyoufollowedpreviousHacklogcourses,youknowthereisafasterand painlesswaytohaveLinuxinstalledinyourcomputer,withoutanypartitions, using a Virtual Machine. Virtual Machine is a kind of machine acting as a completecomputer,butactuallyresidingwithinadifferentOperativeSystem:

this ensures a stronger software compatibility and a better System usability, however it may compromise performance and, specially, expose the user to seriousrisksintermsofsecurityandprivacy.You’llfindthereasonsbehindthe latterstatementinthe“LiveOS”chapter,attheendofthecourse.

Finally,sincetheenvironmentisvirtualized,theSystemwillhavetofollow

therulesenforcedbythemainOperativeSystem,thenyoumayencountersome

issueswithanonymitysoftware.Forthesereasons,usingVirtualMachineisnot

advisableifyouwishtoapplymostofthetechniquesexplainedhere.

1.1.2LiveDistros

Duringthiscourse,wewillseewhyasaferapproachistousesometypesof

Linuxdistros,distributedonlytobeusedLive,namelyrunningwithoutbeing

installedonyourPC.Althoughtheyareextremelyuseful,wewillonlycover

themattheendofthetechnicalarguments,becausetheywon’tallowtoapply

someanonymitytechniques,asforVirtualMachines.

1.1.3TheTerminal

Oneofthemostimportantfeaturescoveredinthiscoursewillbetheuseof theterminal,asoftwareinstalledinallOperativeSystemsbydefault.Although we will commit to avoid any possible issue, the terminal behavior may be differentaccordingtothetypeofOperativeSysteminuse.Thisisoneofthe reasons why we suggest to use only certain distros (based on Debian GNU/Linux),sowewillbeabletoanticipateeachOperativeSystemresponse, preventinganyfatalissue.

Whenweusethecommandline,wewilluseaprogramcalledTerminal.The

terminallookslikethis:

$pingwww.inforge.net

PINGinforge.net(192.124.249.10):56databytes

---inforge.netpingstatistics---

1packetstransmitted,1packetsreceived,0.0%packetloss

round-tripmin/avg/max/stddev=32.630/32.799/33.073/0.195ms

Fromthisscreen,youonlyhavetotype“pingwww.inforge.net”,excluding

anydata,whichwillchangeaccordingtosituationswecannotdetermine.Ignore

theinitialDollarsymbol($),thisonlyshowsthebeginningofanewline.

Keep have this page available, whenever you get lost in the Operative System!

Inordertoknowwhichfilesanddirectoriesarecontainedinthepathweare

in:

$ls

Toaccessafolder:

$cd{foldername}

Togobacktothepreviousfolder:

$cd

Tocopyafile:

$cp{filename}{newfilename}

Tomoveorrenameafile:

$mv{filename}{newfilename}

Tocreateafolder:

$mkdir{foldername}

Touseatexteditor(wewillusetheCTRL+Xkeycombinationtoclosethe

editorandY/Ntoconfirmapossibleoverwriteaction):

$nano{filename}

Andsoon.Usingtheterminal,wewillrunprogramsalsorequiringsome

parameters,specifiedbythe-(minus)character:ifwewishtoknowhowthels

commandworksanditsallowedparameters,wemustuse--help:

$ls--help

Or,wecanusethemantool:

$manls

Furthermore,rememberthatwewillusetheaptcommandstoinstallnew

programsonDebian:

$apt-getinstall[packagename]

Althoughnotofficiallysupportedbythisdocument,itmaybepossibleto

installthesamepackageonRedHat-baseddistros(Fedora,CentOS,etc.)using

thecommand:

$yuminstall[packagename]

oralsoonArchLinux-basedsystems,usingthecommand:

$pacman-S[packagename]

You’ll always have to launch these and other commands as root (administrator).Insuchcases,youshouldusetheprefix:

$sudoapt-get

If the latter is not present, you’ll have to login as root first, using the command:

$su

2.DataTraces

NowthatwehaveinstalledDebian,itʼstimetolearnwhichtraceswemay

leaveonthenet.With“datatraces”,wemeanallthedigitalvaluesthatcanhelp

revealingouridentitysomehow.Suchtracesmayidentifyyourcomputeroryour

networkadapter,asanevidenceofyourconnectiontounsafenetworks.

In the worst case scenario, if you use your Internet contract, itʼs quite possibletoexposethefirstandlastnameoftheconnectionowner.Thereare manytechniquestoidentifysomeonewhosurfedanonymously:lateron,weʼll coverhowitcanhappenandtherelatedcountermeasurestoavoidthatsituation.

2.1MACAddress

MAC(MediaAccessControl)addressisaunique48bitcodeassignedby

network adapters manufacturers to their 802.x models; the code is directly writtenintheadapterEEPROMmemoryandisusedforthefirstauthentication stage to a local network by a network device, such a router, a switch and whatnot,whichwilllaterspecifyalocalIP.

MAC Address is composed by 6 couples of alphanumeric characters,

includingnumbersfrom0to9andlettersfromAtoF(thesocalledhexadecimal

notation,orbase16)andisrepresentedasfollows:ab:bc:cd:de:ef:f0.Thefirst

three sets of numbers (ab:bc:cd) are related to the manufacturer; check the IEEE2standardlistforthemanufacturersindex [2] .

ImagetoconnecttoahotelorapublicplazaWiFiconnection:inthiscase,a

networkstructurewillmanagetheDHCPprotocol,asystemwhichautomatically

assignstheMACAddressalocalIPaddress,allowingyoutofreelysurfthe

web!TheimportanceofleavingnotracesofaMACAddressisthatdatais

storedinthenetworkdevice,andthelattermaynotallowtoremovelogs,not

eventoitsowner.Furthermore,thisMACAddresswillbeprobablysharedby

therouter/switchwiththeISP(InternetServiceProvider),whichcouldstoreit

intotheirowndatabases.

2.1.1IdentifyingtheMACAddress

Inordertotesttheupcomingtechniques–allowingustochangeourMAC

Address–weneedtobeabletoidentifyourMACAddressfirst.Toachievethis, wecanuseacommandlinetoolavailableinanyoperatingsystem(onWindows itʼs known as Command Prompt, while on Linux and macOS itʼs called Terminal).

On Windows, launch the command ipconfig; on macOS and Linux, use ifconfig;actually,thelatteroneisgoingtobedeprecatedandreplacedbythe

iproute2software(evokedusingtheipcommand).Please,keepinmindthat

commandshavetoberunasroot,thereforeyoumustusethesucommandtobe granted with admin access. However, each command may show the configurationofallthenetworkinterfacecontrollersinthecomputer:

$iplinkshow{interface}

en1:

flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST>

mtu1500

ether61:a8:5d:53:b1:b8

inet6fe80::6aa8:6dff:fe53:b1b8%en1prefixlen64scopeid0x4

inet192.168.0.12netmask0xffffff00broadcast192.168.0.255

nd6options=1<PERFORMNUD>

media:autoselect

status:active

Where {interface} is the name of our network adapter. Usually, eth0 represents the Ethernet adapter, while wlan0 is the WiFi controller. It may happen that identifiers are different, according to the number of interfaces installedonyourPC.Ifyouwishtoverifyit,youcanseewhichinterfacesare enabledusingthecommand:

$iplinkshoworipa

WeneedtoidentifyourMACAddresswhichiscomposedby6couplesof

hexadecimalcharacters,asmentionedabove,separatedbycolons.Inourcase,

theMACAddresswillbe61:a8:5d:53:b1:b8.

2.1.2MACSpoofing

Fortunately,in(almost)allcases,wecanhideourMACAddress–doingthe

MACSpoofinginITjargon–inaveryeasyandeffortlessway.OnGNU/Linux,

youjusthavetoexecuteacoupleofcommandsfromtheterminal:

$iplinksetdev{interface}down

$iplinksetdev{interface}address00:00:00:00:00:01

$iplinksetdev{interface}up

PleasenotethatwhenyousetthisMACAddress,yourcomputerwon’tbe abletoaccessthenetanymore.You’llhavetogenerateavalidMACAddress, butIwon’tcoverthishere,duetothecomplexityofthetopic [3] .Youcanrestart yournetworkmanagerusingthecommand:

$servicenetwork-managerrestart

Instead, we’ll use a tool available in most of the GNU/Linux distros repositoriestogeneratearandomMACAddress.Thisprogramismacchanger andyouhavetoinstallitfirst.Inordertoinstallit,usethecommand:

$apt-getinstallmacchanger

YouwillbepromptedtochangeyourMACAddressimmediately.Ifyou

selectNo,youcandoitanywayusingthreecommands:

$ifconfig{interface}down

$macchanger-r{interface}

$ifconfig{interface}up

OnLinux,theifconfigcommandallowsyoutocheckyourconfigurations andcontrolyournetworkinterfaces.Asyouhaveseen,with{interface}down,

youtoldyournetworkadapter(inthisexampleidentifiedaseth0)toshutoff.In

thisway,youcanusethemacchangercommandtogeneratearandomvalue

(usingthe-rparameter)andapplyittotheeth0networkadapter.Onceyou

completethesesteps,reactivateyouradapterusingtheifconfig{interface}up command. Feel free to replace the ifconfig command with the newer ip

(iproute2)one.Incaseofconnectivityissues,youcanalsorestartusingthe

command:

$servicenetwork-managerrestart

Althoughthisoperationisquiteeasy,youcanfinddifferentscriptsonlineto

automatizetheentireprocess.Herearesome:

IntheWindowsenvironment(Figure2),youcanchooseamongdifferent

options, such as directly changing the settings through the following path:

Control Panel -> System -> Hardware -> Device Management -> Network Adapters->Adaptername->*right-click*->Properties->Advanced->Net Address->Value:

-> Network Adapters->Adaptername->*right-click*->Properties->Advanced->Net Address->Value :

Figure2:hereyoucanchangethevauleonWindowsOS.

NB:thisfeaturemaybemissingonsomenetworkadapters,becauseitis made available at the discretion of the manufacturers and according to the existingdrivers.

However,theabovefeaturecanbeusedthroughmanytoolsavailableonline.

Ifyouhavesomesparetime,youmaywanttotryoneofthefollowing:

•TechnitiumMACAddressChanger(https://technitium.com/tmac/)

OnmacOS,changingtheMACAddressofanEthernetnetworkadapterisa

relativelyeasytask.Youonlyhavetorunthefollowingcommands:

$sudoifconfigen0etheraa:bb:cc:dd:ee:ff

$sudoifconfigen0lladdr00:11:22:33:44:55

WhenitcomestoaWiFiadapter,thingsgetmorecomplex.Inthiscase,you havetopatchyourkernel [4] ,butyoushouldtryitonlyifyoufeelconfident enoughwiththeAppleworld.

Ifsuchpracticeistoocomplicatedforyou,butyoustillwishtoworkinthe

MacOSenvironment,considerpurchasinganexternalUSBdevice,andyouwill

beabletodotheMACSpoofingeasily,asyou’ddowiththeEthernetadapter.

2.2Hostname

Usually,ahostnameisconfiguredduringtheinstallationprocess.However, in some cases such possibility is hidden from Windows, MacOS and Linux OperatingSystems.

Thehostnameisanidentificationnamewecanspecifyforadevice,toseeits

rolewithinanetwork:however,thispieceinformationisoftenlefttochance,so

wecanusuallyfindtheusername(onMac,wewillreadsomethinglikeStefano-

MacBook-Pro.local),theOperatingSysteminuseorotherdatawemaywantto

keepsafefromotherpeopleintheLAN.

2.2.1ChangingtheHostname

InanyLinuxandMacOSdistro,thecommandwecanusetoknowour hostnameis hostname!

$hostname

ThelatestreleaseofDebianhasintegratedthesystemdcommand,thenyou

canalsouse:

$hostnamectl

and you will learn more about your Operating System, including static hostnames,machineIDs,theGNU/Linuxversioninuse,yourarchitecture,etc. Thehostnamecommandalsoallowsyoutotemporarilychangethevalueby typing:

$su

$hostname[newhostname]

Youcanverifysuchchangerunningtheaforementionedcommandsagain,or

closingandreopeningtheterminalsession.Ifyouneedtopermanentlychange

thecomputerhostname,onLinuxyoucanusethecommand:

$su

whileonmacOSitwillbe:

$sudoscutil--setHostName“[newhostname]”

Aswewilloftenseethroughoutthecourse,Windowsmanagesinformation initsownway.Inthiscase,youhavetoright-clicktheComputericonandselect Properties. You’ll find all the hostname information in the screen under “ComputerName,DomainandWorkgroupSettings”.

2.3DomainNameSystem

Before the invention of DNS, if you had to access to a computer in a network,youhadtoknowitsIPaddress,namelyasetofnumbersidentifyingan ITdeviceinanetwork(we’llcoveritshortly).Asdevicesincreasedinnumber,

itbecameimpossibletoremembersuchsets,therefore,in1983,anewsystem

was created in order to help memorizing them, using a unique name (i.e.

inforge.net)insteadofthereferenceIPaddress(suchas192.124.249.10).

ItwasthebirthofDNSlogicandtherelatedDNSservers,whichtranslatea domainname into the matching IP address. Domain is not referring to the websiteonly,buttotheentirenetwork–weusethetermdomaintorepresentan entirenetworkconsistingincomputersthatsharethesamelogicandthesame rules enforced by their admins. For now, you only need to know that your computerorInternetnetworkwillonlyrespondtotheDNSgivenbyyourISP, unlessitisexplicitlyexpressed.

Aswearegoingtosee,oneofthemajorthreatstousersprivacyonlineare InternetServiceProviders(ISPs),forthisreasonyoushouldreplacetheDNS

youareusing,whetheryouwanttobe100%anonymousornot.Furthermore,

youshouldconsiderthehugeadvantageintermsofresponseofferedbymore efficient and trusted alternate services. As you may have noticed for many websites, in order to accelerate governmental takedown operations, the competentbodiescommittodirectlycensoringadomainresolutionfromaDNS, ratherthanblockingtherelatedserves:italreadyhappenedformanysites(like ThePirateBay)anditwillkeeponhappeninginthefuture.Usingunfiltered DNS,you’llbealittlemoreanonymousandautomaticallyaccesstoacomplete, unfilteredlistofallthewebsitesactuallyavailableonInternet.

2.3.1ChoosingDNS

YoucanusetwotypesofDNS:publicandprivateones.

UsingpublicDNSyouwillimproveyouranonymityandprivacy,andyour

DNSrequestswillbefaster,withasafernavigation(ifyouareconcernedabout

malware-filledsites).PublicDNSusuallyleveragetwoIPaddresses,knownas

primaryandsecondaryDNS.ThinkofthesecondaryDNSasabackup,when

theprimaryistemporarilyunavailableorbusy.

Currently,therearemanyDNSprovidedbyahighnumberofcompanies

online:IwillnotlisttheIPaddresses,sincetheycanconstantlychange,butI

suggestyoutofollowtheofficiallinksandchoosethebestfitforyou:

DNSname

OfficialWebsite

Comodo

 

SecureDNS

https://www.comodo.com/secure-dns/

DNS

https://www.neustar.biz/services/dns-services/dns-

Advantage

advantage-free-recursive-dns

FoeBuDe.V.

https://digitalcourage.de/support/zensurfreier-dns-server

German

 

Privacy

http://www.privacyfoundation.de/service/serveruebersicht/

Foundatione.V.

Google

 

PublicDNS

https://developers.google.com/speed/public-dns/?csw=1

OpenDNS

https://www.opendns.com

OpenNIC

https://www.opennicproject.org

PowerDNS

https://www.powerdns.com

Validom

http://validom.net/

Please,considerthehighlightedonesasthemostrecommendedforyour

digitalraids;ifpossible,avoidDNSprovidedbyBigCompanieslikeGoogle(if

youknowhowtheyoperate,youshouldavoidthem).

Alternatively,youcancreateyourownprivateDNSonaDedicatedServeror VPS.Thisisanextremelycomplexsystemadministratortask,thenI’donly recommendittonetworkingveterans,usingoneofthemanyguidesavailable online [5] .

2.3.2ChangingDNS

Inmostcases,youcanusealternateDNSfollowingtwoprocedures:

1. ChangingDNSonyourrouter/modem(recommended)

2. ChangingDNSonyourOperatingSystem

ThefirstcasedirectlyappliestotheRouterorModemyou’reusing,through thewebinterfaceprovidedbyyournetworkdevice.Justaccessthegateway

address(obtainedbythecommandsweusedforMacSpoofingviaiproute2,

ifconfigoripconfig)fromyourwebbrowser,typetheadminpasswordandenter

theIPsundertheDNSchangesection.

OntheOpenDNS [6] forum,youcanfindagoodlist,includingalmostall productsavailableinthemarket,andhowtochangetheirvalues.Ifyouare workingonanOperatingSystem,it’seasyaswell.

Inexample,onWindows(Figure3),justfollowthispath:Start->Control

Panel -> Network Center -> *right-click the network you are using -> Properties->Internetprotocol(TCP/IP)->Properties->Checkthe“Usethe followingDNSserveraddresses”option.

followingDNSserveraddresses” option. Figure3:changingDNSonWindows

Figure3:changingDNSonWindows

Inourexample,wechangedourOSDNS,pointingtoGoogle(Windows

referstotheprimaryDNSas“preferred”andtothesecondaryas“alternate”).

OnmacOSoperatingsystems(Figure4),justfollowthispath:Apple->

SystemPreferences->Network->Advanced->“DNS”tab->Completethe

fieldsasshownandclickthe+button.

Figure4:changingDNSonOSX/macOSOperatingSystems OnGNU/Linux,naturally,itdependsonthetypeofdistroandtheDesktop

Figure4:changingDNSonOSX/macOSOperatingSystems

OnGNU/Linux,naturally,itdependsonthetypeofdistroandtheDesktop

Managerinuse.Inourcase,usingDebianwithGNOME3(Figure5),youcan

changeDNSunderNetworkManager(toprightbutton)->Choosethenetwork

(eth0)->*clickthewheelicon*->IPv4->DNS->addDNSwiththe+button.

. Figure5:changingDNSonDebianOperatingSystemswithGNOME3

Figure5:changingDNSonDebianOperatingSystemswithGNOME3

Luckily,Linuxuserscandoalmosteverythingviaterminal(changingDNS

included).Youcaneditthe“resolv.conf”fileusingnano.

$su

$nano/etc/resolv.conf

Within the file, enter the following (if you find any value, replace it or commentusing#):

nameserver{DNS}

Rememberthatyou’llsaveyourfilesonnanousingCTRL+X,then“Y”to

confirmyouchangesandENTERtoapplythefinalchange.Now,restartyour

network-manager:

$servicenetwork-managerrestart

YoucanverifyyourDNSbyentering:

$nmclideviceshoweth0|grepIP4.DNS

2.3.3CacheDNS

In time, operating systems introduced many features to improve general performance. One of the most important is DNS caching, a process which memorizesadomainresolutiononaliststoredinthecomputer,sincedomains rarely change their target IPaddresses, making pointless the resolution of a domainIPaddress.However,thiscreatesaprivacyissue:DNScachingexposes thefulllistofdomainsvisitedbythefinalusers,althoughtheycommittostay anonymous(includingprivatenavigation).

Fortunately,clearingtheDNScacheisquitesimple,evenbecausesystem

adminsmustrunmaintenanceontheirnetworkinfrastructurequitefrequently.

Oncewereachedthisstage,wehavetowipethecacheforallouroldlocalDNS.

OnWindows,youcanrunthecommand:

$ipconfig/flushdns

Furthermore,youmaywanttoexperimentwithouthavingtoclearthedamn

cacheeverysingletime.OnWindows,youmaytemporarilytogglethisfeature

on/offfromthecommandline:

$netstopdnscache

$netstartdnscache

OnmacOS,wemayfinddifferentvariants,sincesometoolsfromcertain

versionsarenotavailableontheneweronesanymore(andviceversa).The

followingseemstobethemostfunctionalone:

$sudodscacheutil-flushcache;sudokillall-HUPmDNSResponder

OnGNU/Linux,wecaninstallnscdfirst:

$su

$apt-getinstallnscd

thenflushthecache:

$/etc/init.d/nscdrestart

Youcanlearnmoreonline [7] .

2.4IPAddress

TheIPaddressisauniquesetofnumbersidentifyinganITdeviceconnected

toanetwork.IPaddressesasweknowthemareinIPv4format,composedby

foursetsofnumbersevaluatedfrom0to255,forexample192.168.1.1.Inthe

comingyears,Internetwillgraduallyshifttoanewformat–IPv6–allowing

moredevicestohaveauniqueidentificationcode.Untilthen,thiscoursewill

includeexampleswithIPv4.Furthermore,manypeoplemistakethepublicIP

withthelocalone:anIPaddressisassignedbyanetworkandthelattercanbe

localorInternet-based,justlikeIPs.

ThelocalIPaddressisthenassignedbyaninternalnetworkdevice,suchasa ModemoraRouter,toidentifyadevicewithinanetwork(i.e.acomputerwithin alocalnetwork).Inthemostcommoncases,IPaddressesarespecifiedwith

valueslike192.168.0.xor192.168.1.x.

ThepublicIPaddress,instead,isassignedbytheproviderorISPofferingthe Internetservice:suchaddressidentifiesanetworkoranITdevice.Sincepublic IPsareassignedbyISPs,theycannotbechangedbyfinalusers,butonlyhidden. Finally,publicIPaddressescanbestaticordynamic,thereforetheycanremain unaltered or change every time the modem is restarted (according to the customersInternetserviceagreement).

InordertoidentifythepublicIPinuse,wecanrelyondifferentonline

services.Mostsimply,wecanvisitoneofthefollowingportalsviabrowser:

IfyouwishtofamiliarizewiththeLinuxembeddedterminal,usethewget

program:

Inordertolearnhowthe-qO-parametersworks,runthecommand:

$wget--helpormanwget

2.4.2Proxy

CybercriminalswillaimtohidetheirIPpublicaddress–theonethatcan

identifythemonInternet–whiletheywon’tcaretoomuchaboutthelocal

address,sincetheywillhavealreadywipedtheirMACAddress,soanydata

withinthelocalnetworkwillnotbetraythem.Asyoualreadyknow,thelocalIP

addressisassignedbyarouterandisnotenoughtoidentifythecomputerowner,

unliketheMACAddress.

It’sworthmentioningthatexperiencedcybercriminalswillmostlynever

workfromtheirhomeoranearbynetwork:despiteallprecautionsputinplace,

theyperfectlyknowtheymusthideeverysingletraceorevidence,includingthe

“borrowed”networkconnectionusedfortheirattacks.Therefore,theywillrely

tooneoftheoldestITtools:Proxies.Proxies(technically,openproxies)are

servers–calledproxyservers–whichcanperformdifferentoperations:

•Provideanonymousnavigation

•Copywebpages

•Runsoftware-levelfiltering,actinglikeaFirewall

We must consider that, nowadays, proxies are less and less used for anonymous navigation, since they have been replaced by more effective methods; however, they are still useful in certain scenarios – mainly in programming–thereforeyouhavetoknowthemBasically,proxieslaybetween aclientandaserver,actingasinintermediarybetweenthem.

2.4.2.1Proxytypes

As we mentioned above, there are many types of proxies, according to different purposes and design specifications. Although it would be useful to understandhowtheycanbesmartlyusedinserverinfrastructures,herewewill onlyexplainthedifferencesinthescopeofanonymousnavigation.

ProxyHTTP/HTTPS

Aswecantell,HTTP/HTTPSproxiescanfilterinformationwithintheHTTP

protocolanditssecureform,HTTPS.Inshort(atleast,fornow)let’ssaythat

HTTPisacommunicationprotocoldesignedtoparseinformationattheWorld

WideWeblevel.It’sthemostpopularprotocolandhastwoforms:

-HTTP(notencrypted)

-HTTPS(SSL/TLSencrypted)

WhenitcomestoHTTPproxies,theyarethemostpopularandeasytofind, since servers only have to manage such protocol, and then optimize their machinesforthatsingletask.ComparedtoSOCKS(thatwewillcovershortly), theyareusuallymoreresponsivebut,naturally,restrictedtotheirprotocol.In turn,suchtypesofproxiesarebrokendownintosub-categoriesaccordingto their “quality”. Although each agency distributing proxies use their own

evaluationcriteria,weconventionallydistinguish3levels:

-Nonanonymousproxies:theydon’tmasktheoriginalIPandusuallyadda

singlestringtoheaders(datasentinpackages)totherecipientserver.

- Anonymousproxies:theymasktheIPaddressbutalternateheaderstothe

recipientserver.

-Eliteproxies:theymasktheIPaddressanddon’talternateheaders.

SOCKS4Proxies

UsingaproxysupportingtheSOCKS4protocolinsteadofHTTP/HTTPS,

youcanrerouteanyTCP-baseddata,anditisahugebenefit.Thisessentially meansthatyoucanfiltertheWorldWideWebservices–naturallybasedonTCP aswell–butalsothewholerangeofprotocolssupportingthiskindofservice.

YoucanalsofindavariantnamedSOCKS4a.

SOCKS5Proxies

Quiteidenticaltothepreviousone,SOCKS5canalsoreroutedataonthe

UDP protocol, making it the safest proxy de facto. Furthermore, SOCKS5 protocolallowstheproxyownerstoenableaninternalauthenticationsystemas

wellastheIPv6support.Then,youcanuseSOCKS5proxieswithanytypeof

softwarethatusesanInternetconnection,suchasmail,chat,p2pprograms,etc.

ItisthedirectevolutionofSOCKS4protocol.

WebProxies(orCGIProxies)

Web Proxies are actual websites that don’t require any configuration or particulartoolsonthecomputer,allowingtodirectlynavigateinanonymity.You canfinddozensofthesetoolsonline.Herearesomewetestedforyou:

hide.me

Youcanfindacompletelistatwww.proxy4free.com.

2.4.2.2WhereyoucanfindProxies

Onceweunderstoodwhat’stheuseofproxies,wealsoneedtoknowwhere

wecanfindthem!

Throughlists

Probably,anoviceuserwoulduseGoogle,typingkeywordslike“proxylist” buttheymaynotbeawaretheyarethelastinalineofmillionsofpeople

thoughtlesslyusingproxies.Thismeansthat,in99.9%ofcases,theywould

obtaincompromisedproxies, marked as abused and banned, filtered or even inactive,beingclosedbytheirhost,whiletheactiveoneswouldbeslowand unstable.

Foryourinformation,themostactiveandpopularsiteswhereyoucanfind

proxiesare:

Hidemyass(Proxylist)-HTTP/HTTPS/SOCKS

Proxy4free-HTTP/HTTPS

samair.ru-HTTP/SOCKS

inCloak(ProxyList)-HTTP/HTTPS/SOCKS

CoolProxy-HTTP

GatherProxy-HTTP/SOCKS

SSLProxies-HTTP/HTTPS/SOCKS

Then,youwillneedtoconstantlyfindnewproxiesthatarefastenough,not

partiallyblockedbywebsitesandservices,andofferafair,generalcompromise

intermsofanonymity.

ThroughProxyScrapers

ProxyScrapersaresoftwareprogramsdesignedtoscrape,orcollectproxies

overtheweb,inordertoobtainthelatestproxies,fasterandwithnoefforts.

Onceagain,wesuggestyoutouseanysearchengine;wefoundsomeforyou,

hopingitcanbehelpful:

Bewareusingthoseprograms.Almostallarepoorlyprogrammedor,worse, theymaycontainharmfulcodeforyourOperativeSystem(ProxyScrapersare notalwaysdesignedforfairpurposes,andyoumakeyourbed ).Thebestthing youcando,then,istomakeyourownscraper,usingaprogramminglanguage andbeingvery,verypatient.

ThroughPremiumLists

PremiumListsaresitesornewsletters/mailinglistscontaininganindexof

proxiesnotpubliclysharedyet.Suchlistsaremostlypaidorreservedtoelite

groups.Actually,thereareveryfewpublicservicesofferingpaidproxylists,and

thelastremainingonesarenotthatexclusive,afterall:

Hidemyass(around24€/lifetime)

PremiumProxySwitcher(around9€/month)

ProxySolutions(around18€/month)

SharedProxies(around8€/10proxyes)

Coolproxies(around10€/month)

2.4.2.3HowtouseProxies

OnthewholeOperatingSystem

Atthispoint,everyusershouldbeabletoconnecttoaproxy,withmoreor

lessdifficulties,accordingtotheOperatingSysteminuseanditsversion.

In example: on Windows (Figure 6) you can set a proxy for the entire

computerfollowingthispath:ControlPanel->Internetoptions->Connections ->LANsettings->ProxyServer,whileyoucantrydifferentmethodsatthe same time on Windows 8 (but it’s quite confusing). Once you reached the location,youcanentertheproxyaddressandportintotherelevantfields.

Figure6:usingaproxyintheWindowsOSenvironment Fortunately,

Figure6:usingaproxyintheWindowsOSenvironment

Fortunately, the graphical environments of GNU/Linux (Figure 7) make

thingssimpler:onDebianwithGNOME3,youcangotoSettings->Network-

>NetworkProxies.

of GNU/Linux (Figure 7) make thingssimpler:onDebianwithGNOME3,youcangoto Settings->Network- >NetworkProxies .

Figure7:usingaproxyintheDebianenvironmentwithUnity

Toclosethislittlechapter,wearementioningtheAppleoperatingsystem:in macOS (Figure 8) you can reach the option through System Preferences -> Network->Advanced->Proxy.Hereyoucanalsospecifythedifferentservice typestofilterandassigneachonetherelatedauthenticationdata(inthecaseof

SOCKS5).

SOCKS5 ). Figure8:usingaproxyintheOSX/macOSenvironment

Figure8:usingaproxyintheOSX/macOSenvironment

Onceagain,youcanrunthesameprocessonLinuxcommandline,usinga

texteditor(nano)andeditingthefileyoucanfindin/etc/environment:

$su

$nano/etc/environment

Asstatedpreviously,regardingthegraphicalconfiguration,wewillcompile

thefilepastingthefollowinglines:

http_proxy="http://myproxy.server.com:8080/"

https_proxy="http://myproxy.server.com:8080/"

ftp_proxy="http://myproxy.server.com:8080/"

no_proxy="localhost,127.0.0.1,localaddress,.localdomain.com"

Pleasekeepinmind,however,thatsomeinternalprograms(suchasAPTfor Debian/Ubuntu-basedistros)willbypassthatreading [8] .

Usingprograms

Somesoftware,suchassharing,chat,andotherprograms,allowthefinal user to use internal proxy configurations. The reasons may vary (enterprise grade,university,andothertypesofproxies)andthisallowstouseaproxyto anonymize incoming and outgoing connections as well. In order to know whetheraprogramprovidesproxyfunctionalitiesornot,pleaseseetheofficial documentation.

Proxychains

Theproxychains [9] softwareisoneofthebestforusingproxiesinatargeted way; perhaps it is the best proxifier currently available. Unfortunately, its

developmenthaltedin2013:thegoodnewsisthataforkhasbeenintroduced,

proxychains-NG [10] .Asanadvantage,proxychainsensuresthatanyprogram–

andallitsdependencies–useonlySOCKS4,SOCKS5orHTTP/Sprotocolsfor

outbound communications. A word of warning: proxychains is officially availableforUNIXsystemsonly,i.e.GNU/Linux,macOS,(viaBrew)andBSD. Inordertolimitanypossibleissues,wewillusethehistoricalversion(the

deprecatedone),still100%workingandavailablefromDebian8repositories.

Here’showtoinstallit:

$su

$apt-getinstallproxychains

$exit

Itcanalsobeexecutedbynormalusers,soyoushouldgetbacktoyour

defaultuserviatheexitcommand.Tousetheprogram:

$proxychainswgethttp://ipinfo.io/ip-qO-

As you can see, it’s very simple: just type “proxychains” before the commandyouwishtouse.However,whenyoulaunchthecommand,you’llget thefollowingerror:

$proxychainswgethttp://ipinfo.io/ip-qO-

ProxyChains-3.1(http://proxychains.sf.net)

|S-chain|-<>-127.0.0.1:9050-<--timeout

|DNS-response|:ipinfo.iodoesnotexist

Thishappensbecauseproxychainsreadsaproxyconfiguredoverthe9050

portofyourcomputerbydefault,i.e.inlocalwith127.0.0.1astheIP.Toletit

readalistofyourproxies,youhavetocreateaconfigfile.Usingtheterminal,

launchthefollowing:

$mkdir$HOME/.proxychains

$nano$HOME/.proxychains/proxychains.conf

Thisway,wefirstlycreatedthefoldercontainingtheconfigfile,thenwe launchedthenanotexteditoroverthe“secret”pathinouruserfolder.Please notethefirstcallof$HOME,avariableallowingyoutoimmediatelyaccessthe

absolutefolderofyouruser.Inmycase,theuserisnamedstefano9lli,sothe

folderpathwillbe/home/stefano9lli,whichisinturnappendedtotherestofthe

string.

Youmayalsonoticethatthe.proxychains folder is called after $HOME variable.IntheUNIXworld,aperiodbeforeafoldernamemeansthatitmustbe hiddenwhenyouuseafilemanager.Now,wewillcreatetheproxychains.conf filewithinthefolder.Andwearereadytoaddsomevalues:

strict_chain

strict_chain proxy_dns [ProxyList]

proxy_dns

strict_chain proxy_dns [ProxyList]

[ProxyList]

httpproxyport

Save using the CTRL+X combination, the Y key and pressing ENTER. Remember:youcanuseoneofthefollowingconfigurationstousedifferent protocols:

strict_chain

strict_chain proxy_dns [ProxyList]

proxy_dns

strict_chain proxy_dns [ProxyList]

[ProxyList]

httpproxyport

socks4proxyport

177.73.177.25andtheportis8080):

$proxychainswgethttp://ipinfo.io/ip-qO-

ProxyChains-3.1(http://proxychains.sf.net)

|DNS-request|ipinfo.io

|S-chain|-<>-177.73.177.25:8080-<><>-4.2.2.2:53-<><>-OK

|DNS-response|ipinfo.iois54.164.157.29

|S-chain|-<>-177.73.177.25:8080-<><>-54.164.157.29:80-<><>-OK

177.73.177.25

|DNS-response|:ipinfo.iodoesnotexist

Aswecansee,thistimetheipinfo.iowebsitereturnstheproxyIPinsteadthe oneofyours,indicatingthatproxychainsworkedsuccessfully.Keepinmind that,actually,manyproxiescouldbealreadyconfiguredtoworkundercertain conditions only, so they could refuse to respond to some types of domain requestsortoprogramswithoutuser-agent.Naturally,tryingisthebestoption. Alltheusecasesforproxychainsareexplainedinthefollowingmanual:

$manproxychains

Proxycap

MaybethemostpopularWindowscounterparttoproxychainsisProxycap [11]

(Figure9),aprogramdevelopedbytheInitexteamforover10years.Justlike

proxychains, Proxycap can reroute all Internet communications, and is also equippedwithaGUI.Unfortunately,itisalsoapaidapp.Furthermore,you shouldalsoconsidermorealternatives.Wikipedia [12] ishostingapagewhere youcancomparethedifferentproxifiersonline.

Figure9:screenshowinghowProxyCapworks Duringwebnavigation Here, we will cover the proxy configuration via browser,

Figure9:screenshowinghowProxyCapworks

Duringwebnavigation

Here, we will cover the proxy configuration via browser, however, you shouldkeepinmindthatscreenshotsandmenusmayslightlyvaryaccordingto OperatingSystemsandBrowsersversions.Inourcase,wewillonlycoverthe mainnavigationBrowsers.Systembrowsers(Safari, Internet Explorer, Edge, etc.)alwaysrelyonthesystemconfiguration.

KeepinmindthateachBrowsersupportsextensionsaswell,andyoucan

alwaysfindaGUItoaccelerateproxyuse.GotoeachBrowserstoreandyou

willsurelyfindthebestextensionforyourneeds.

GoogleChrome/Chromium

FromtheGooglebrowser,gotoSettingsusingthetoprightbutton.Onthe

tabthatappears,click“Showadvancedsettings…”,thenclick“ChangeProxy

Settings”.Thus,youwilldirectlygototheProxyconfigurationpromptsofyour

OperatingSystem.

MozillaFirefox

FromtheFirefoxbrowser,selectthetoprightSettingsbutton,thenopenthe AdvancedtabandselectthetopNetworktab.Here,youwillfind“Connection” and the “Settings” button next to it. Once opened, you can configure your browserwithitsownproxysettings,using“Proxymanualconfiguration”,or relyingonthesystemsettings.

OperaBrowser

OnOpera,itisaveryeasytask.OpenthemenuandselectSettings,thengo

toPreferences.FromtheAdvancedtab,gotoNetwork,thenclickonProxy

server.Now,edittheclientsettings.

BewaretheBlacklists

ProxiesmaybeoftenincludedinBlacklists,onlinedatabasesstoringtheIP addressesusedforwebabuse,fraud,spamandsoon.Suchlistsarestoredby freeandpaidservices(thesocalledHoneypots),tohelpwebportals,Firewalls, CDNs,andwhatnottorapidlysearchthevisitorIPintheharmfulIPdatabase. The most popular are Spamhaus [13] and Barracuda [14] , but there are more around.InordertocheckwhetheryourIPisblacklistedornot,youcanuseall theIPverificationservicessupportingit,orusethespecificserviceofferedby WhatIsMyIPAddress.com.

2.4.2.4HowsafeareProxies?

Now,thequestionweshouldasktoourselvesis:areproxiesreallyensuring

fullanonymity?Inmostcase,theansweris:notatall.Nomatterhowsafethey

mayseem,proxyserversaremanagedbyexternalservices,payingtomaintain

serverscapabletohostourInternetrequests.

Being external services, we ignore who manages them; furthermore, we don’tknowtheirbusinessandwhytheyshouldbesuchbenefactors.Sometimes wemayencounterentitiesfightingagainstcensorship,oruniversityproxiesfor researchpurposes;however,insomecases,wemayfindcompaniesmaking moneyoverournavigation(e.g.torunmarketingsurveys)or,intheworstcase scenario,honeypotsmanagedbygovernmentalorganizationslikeNSAorFBI, monitoringtraffic.

Withoutmentioningthefactthataproxyservermaystorealmosteverything

youdo(sitesvisited,logins,operationsdone,etc.)andallthedatayourelease

online(IPaddress,browser,operatingsystem,etc.),actuallymakingitadouble-

edgedsword.Thisdoesn’tmeanthatIPspoofingdoneviaproxyispointless; instead,itspopularityandeaseofuseallowedtocreatelotsoflibrariesforevery programming languages, thus to define new use cases, e.g. many bruteforcers/bots/stressersandwhatnotstilluseproxylists.

3.Securecommunications

Sofar,wehaveseenhowanIPaddresscanbecomeadangeroustrackto leavebehindwhenyousurftheweb;anyserverintheworldcanlogandstore visitorsIPaddressesandmatchthemtoanyactionperformed.HidinganIP Address (technically, spoofing an IP) is not enough to mask Internet users activitiesonline:forexample,nonencryptedrequestscanbetrackeddownby governmentsandISPs(InternetServiceProviders),aswellasotherservicesand intruderslurkingtheweb.

WepreviouslyintroducedtheHTTPS protocols as a new communication methodforthecomputersconnectedtotheweb.Asdataencryptionisgetting moreandmorecrucialintheITscenario,secureprotocolsarereplacingthe weakerones(SSH->TELNET,SFTP->FTP,HTTPS->HTTPandsoon). Unlesstheprogramortheproxyweareusingisnotexplicitlyencrypted,allour Internetoperationswillbeeasilytraceable.

One note about WWW navigation: if privacy and anonymity are your priorities,justforgetGoogleandsimilarforever;choosesearchenginesthat won’ttrackyou,likeDuckDuckGo [15] orStartPage [16] ,instead.Why?Let’ssee anexample:YouTubeisaserviceacquiredandmanagedbyGoogleand,aswe know,ittrackseverything.YouTubereadsyourIPandthevideoyou’rewatching and creates a user profile, called fingerprint, making predictions about what you’dliketowatchnextor,perhaps,whatyou’regoingtopurchasewhileyou visitwebsiteswithGoogleAds.Apainchain.

3.1VPN(VirtualPrivateNetwork)

We’veseenthatproxiesareusefultools,butcan’tensureaproperbalance betweensafetyandspeedforseveralproblems.Furthermore,navigatingwithan openproxyisvirtuallyimpossible,anddangerousaswell!Unbelievablelagand

suddendownsmakeitunsuitableforoperationsrequiringmorethan5minutes!

VPNsareconsideredbymanyasthetomorrow’sproxies.Isittrue?Let’sfind

out!

VPNs(acronymofVirtualPrivateNetwork)areencrypted“tunnels”acting

likeanintermediarybetweenaclientandaserver,justlikeproxies,sothatall

theInternettrafficpassesthroughthatencryptedtunnel,blockinganyonefrom

monitoringyourconnection.

VPNs were originally designed to create a LAN network of computers connected via Internet, exactly like a physical network, but without all the related costs (device location, real world connections, etc.) and with all the properarrangements,likeFirewalls,Proxiesandsoon.UsingaVPN,youwon’t havetoconcernaboutfindingactivelistsorcertainprotocoltypes:allthetraffic

passingthroughaVPNisusuallyroutedandencryptedwitha128bitsquality

standardatleast.

Comparedtoaproxy,VPNensurehigherresponsiveness;itsarchitectureand

servergeolocationallowtooptimizeInternetnetworkrequests.Furthermore,

youdon’tneedtoreconfigurebrowserandtoolstostayanonymous,becausethe

tunnelingisgenerallyprovidedfortheentiresystem.

3.1.1VPNTypes

WecanfindatleastthreetypesofVPNinthemarket:TrustedVPN,Secure

VPNandHybridVPN.

Inthischapter,wewillcoverSecureVPNs,becausetheTrustedonesrequire

specialagreementswithISPsandarenoteasilyapplicabletocommoncases–

theyarealmostexclusivelydesignedforenterprisenetworkswhereinformation

deliverytorecipientsmustalwaysbeguaranteed.

HybridVPNs,instead,arethecombinationofTrustedandSecureonesand,

sincewearenotgoingtocovertheformer,wewillexcludethelatteraswell.

ThequalityofaVPNintermsofsecurityisdeterminedbythetypesofprotocols

andthesafetyofthekeysprovided–inadditiontothepoliciesandtheservice

stability,aswewillseeattheendofthischapter.

Mostcommonly,aVPNalonedoesn’tensuresecurity:i.e.untilacoupleof yearsago,thepopularVPNprovider,iPredator [17] offeredconnectivityonlyvia PPTPprotocol:thiskindofprotocolwasalreadyconsideredasnotfullysecure, sincedismissedbyMicrosoft(whichinventedandpatentedit),andnowweare almostcertainthatgovernmentalspyservicescancrackitinshorttimes.Thisis just one example of what we found out. Now we’re going to review each protocolandsumuptheirfeaturesandquality.

3.1.1.1PPTP,forthespeedseekers

PPTP(acronym of Point-to-Point Tunneling Protocol) was developed by Microsoft in order to create enterprise VPNs via telephone dial-up. It was exclusivelydesignedforVPNs,andgenerallyreliestoMS-CHAPtomanage authentication.Duetothepopularitygainedintheyears,thistoolcanbeeasily installed(orfoundpre-installed)onanydeviceinthemarket;furthermore,itis

fastandrequireslimitedresourcestorun.ThePPTPprotocolsupports128bit

keysonlyandstartedtolosegroundtovulnerabilities,tothepointthatMicrosoft

declareditunsafein2012,despitethedozensofpatchesreleasedtoensureits

efficiency.Theprotocolisconsideredunsafeand,quiteprobably,ithasalready been violated by NSA. Nevertheless, PPTP is still useful for low latency activities,suchasonlinegaming,torrent,streaming,etc.

3.1.1.2L2TP/IPsec,forthesecurityandresponsivenessenthusiasts

L2TP(acronymofLayer2TunnelProtocol)isaVPN-typeprotocolthat

doesn’tensureanydataprotectionalone;forthisreason,it’softenintegrated

withtheIPsecsuite.L2TP/IPseccombinesatunnelingprotocolwithencryption

andisalreadyimplementedonthenextgenerationoperatingsystems,allowing aneasysetupviaclientandagoodoverallspeed.Atthemoment,nocritical vulnerabilitieshavebeenidentifiedforthisprotocol,soIcanrecommenditif youwishtomaintainagoodprivacyandsecuritylayer.Aresearchconducedby someindustryexperts [18] ,however,suggeststhatNSAisinvolvedinanongoing effort to violate it. Although it has not been proved yet, some sources [19] confirmedthatIPsecisoneofthemainNSAtargets,andanattackwouldbe theoretically possible. However, L2TP/IPsec features dual stage data

encapsulationwith256bitencryptionkeys;althoughit’sslowerthanPPTP,the

multi-threading support implemented in next generation kernels allows to leverage multi-core processors architecture for encryption and decryption

operations.TheonlyminordownsideisthatL2TPusestheUDP500portby

default, which is often blocked by business firewalls and requires port- forwarding on the most enhanced routers and access points (disrupting navigation,especiallyinopennetworks).

3.1.1.3OpenVPN,fortopsecurityusers

OpenVPN is an open source software specifically developed to create

encryptedtunnelsbetweentwoITsystems,leveragingtheSSLv3/TLSv1-based

encryptionprotocolsaswellastheOpenSSLlibrary.Thesystemistotallyopen andtransparentenoughtobeconsideredasthemostreliableandsecuresolution; atthemoment,theriskofbeingviolatedbyanygovernmentalspyserviceis minimal.Dueitsopennature,youcanconfigurethisproductasyouwishand

useitonanyportwithoutanyportforwarding(i.e.alsoleveragingtheTCP443

porttoaddressHTTPrequeststhroughSSL)onyournetworkdevice.Thelibrary inuse(OpenSSL)canrelyondifferentciphers(likeBlowfish,AES,DES,etc.), however,mostVPNsuseAESorBlowfishciphersalmostexclusively.Thelatter

is128bit-basedandthedefaultcipherinOpenVPN.AES,instead,isarelatively

newcipherandiscurrentlyusedbydifferentgovernmentsaroundtheworldfor data protection purposes: since it’s able to manage 128bit blocks, it can

manipulatedataupto1GBinsize,unlikethe64bit-basedBlowfish,whichcan

manageonlythehalf.SlowerthanIPsec,thisprotocolcannegativelyimpact deviceswithlimitedprocessingpowerduetothelackofnativemulti-threading support;forthisreason,itcannotleveragethenextgenerationCPUs.Althoughit is not a standard de facto, like the aforementioned PPTP and L2TP/IPsec, OpenVPNhasbeenwelcomedintheVPNprovidermarket,andthedeveloper community released its client for all the most popular Operative Systems, includingmobiledevices.

3.1.1.4SSTP,forWindowsusers

SSTP(acronymofSecureSocketTunnelingProtocol)isatunnelingprotocol introducedbyMicrosoftandnativeforallWindowsversions–Vistaandlater– andavailable,butnotpre-installed,onLinuxandBSDsystems.Currently,there arenocertainplansformobileandthemostpopularrouterfirmware(except Router-OS [20] ,currentlytheonlyOperatingSystemforrouterssupportingit).

Just like OpenVPN, it uses the SSLv3-based encryption, allowing to use encryptedtunnelsevenbehindfirewallprotectednetworks;theSSTPprotocol canbeusedtogetherwithWinlogonorsmartcardauthentication.It’sthesecurity protocol currently used within the Microsoft Windows Azure cloud. Unlike OpenVPN, however, it’s a closed protocol, and the PRISM [21] scandal, that revealedacollaborationbetweenMicrosoftandNSA,isnotveryreassuring.

3.1.2WhichVPN?

Timetosumup:whattypeofVPNisthebestchoiceforyou?Personally,I wouldrecommendanOpenVPN,becauseitencompassesallthefeaturesyou maywantfromaVPN,namelythebestcompromiseamongspeed,safetyand developmenttransparency.The(minor)downsideisthatit’sdifficulttoinstall andused,comparedtoothertypesofVPN(duetothelackofabuilt-infeaturein almosteveryOS);mostcompanies,however,providedocumentationyoucan

refertoforsetupandutilizationtroubleshooting.L2TP/IPsecisquitepopulartoo

and unless you are utterly paranoid, ensures high speed and a good overall security.Honestly,IcannotrecommendPPTPandSSTP:theformerisobsolete andmaybeveryharmful,thelatterisfocusedtotheenterpriseworld,ratherthan anonymity.

3.1.3HowtochooseaVPN

ListingthetoponlineVPNsandelectingthebestonewouldn’tbewise,due

totheireverchangingmarket;aswehavedoneforproxies,wewillonlyprovide

someguidanceonhowtochoosethebestVPNforyourneeds.Then,wewill

summarizethemostpopularVPNsyoucanfind.

3.1.3.1AvoidFreeVPNs

Perhapsyouwondered:areVPNsfreeorpaid?

Theansweris:both.However,Iwanttoclarifythatfromnowon,Iwillonly

refertopaidVPNs.Why?

Reason#1:maintainingaVPNserviceshassomecosts

SomeofthebestVPNservices,likeHideMyAss,NordVPNorExpressVPN offer more than 1000 servers around the world. And, unsurprisingly, those servershaveacost!There’sacostformaintainingthem,acostforreplacingthe brokenones,acostformanagingthem.Unlessyoubelievethisworldisfilled

with benefactors spending hundreds of thousands of dollars each month to maintainthem,youshouldnevertrustfreeVPNs!

Reason#2:providersmaysellyourdata

HowdoesaVPNmonetize?Simplyput,theprovidersmaysellyourdata.I amnotreferringtousernamesandpasswords(butoneneverknows!),butto actual honeypots used for analytics purposes and to sell data to the highest bidders.

Reason#3:providersmayreuseourbandwidth

Onceyouareinthecircuit,youbecomepartofthevirtualnetwork,soyou

arean“accomplice”;yourInternetconnectionwillbeslower(quiteobviously)

andyoumaygettothe“endoftheline”andbedeemedresponsibleforillegal

practicesperformedbyotherusers.

Reason#4:providersmaybombyouwithadvertising

Thisisaquitecommonpractice,bothforthefreeproxiesandthefreeVPNs.

AdwareintheFreeVPNsmaybeembeddedintheclient,orshowingupduring

navigation,changingtheHTMLcodeofthewebpagesyou’regoingtoview.

Reason#5:youarenotprotected

Whenyoupurchaseaservice,youareprotectedbyadocumentthatyouand

thesellercompanyautomaticallyagreeto,the“TermsofService”.Togetherwith

thePrivacyPolicy,itisthelegaldocumentregulatingtherelationshipbetween

twoparties.WhenitcomestoFreeVPNs,howeverconfusingthedocuments

maybe,userstendtothink:“aslongasit’sfree,whocares!”Actually,aswe’re

goingtolearnsoon,ToSandPrivacyPoliciesguaranteetheVPNqualityand

ensureefficiencyandsafetyduringnavigation.

3.1.3.2NoLogsPolicy

LogsarefilesgeneratedforeachactivityperformedwithinanITsystem:in

thecaseofVPNs,logsmaystoreIPs,accessinformationandotherdatanot

encryptedbeforethehandshake(takingtotheactualtunnelingandthentothe

totalencryption).Ashortstorybeforewegofurther.

DoyouknowtheLulzSecgroup?Exactly,theguyswhoviolatedSonyand CIA. DidyouknowthataLulzSecmember,CodyKretsinger–akarecursion–was arrestedafterhehadbeenidentifiedbytheFeds,whorequiredtheaccesslogs from the VPN provider, HideMyAss, used by the hacker to violate Sony Pictures?

Ifyou’rechoosingaloglessVPN,don’ttrusttheadvertisingandgocheck

thePrivacyPoliciesdeclaredbytheprovider.

3.1.3.3Iftheyhaven’tgotyourdata,theycan’tcatchyou

ImagineyouaretheownerofaVPNcompanyand,inthemiddleofthe night,theFBI(orCIA,thepoliceorwhatever)ringsatyourdoorwithawarrant tosearchdataacrossyourservers.Wouldyoufeellikebeingajusticewarrior andprotectsomeoneyoudon’tknow,whopossiblyplayedwiththemainframe of some corporation in the other corner of the planet? Needless to say, the answerisno!TherearenoVPNproviderswhowouldriskyearsinjailforyou. Therearenosuchbenefactors;rememberthatproviderswillalwaysmendtheir fencesand,undertherightpressure,theymaysellyouout(likeHideMyAss).

Then,keepinmindthataVPNprovidercannotdiscloseinformationabout youtheyhaven’tgot–therefore,theycannotbeprosecutedforhavingfailedto handoffdataactuallynotintheirpossession.Usually,aVPNproviderrequires personal information to create an account and process payments (ex. name, email, payment information and billing addresses). Recently, the best VPN providers realized they can ensure better anonymity to their users offering paymentsincrypto-currencies(we’llcoverthemlater),allowing,withtheproper precautions,toanonymizethetransactions,freeingthesellersfromtheriskof storingbillingdata.

3.1.3.4InternationalDataRetentionLaws

Eachcountryhasspecificlawsaboutdataprotectionandprivacy,among

others.Themapbelow(Figure10)showscountriesintheworldwithacolor

codefromredtogreen:countriesinredhavestrictdataretentionlaws,while

greenonesarequiteflexible(statesinwhitehaven’tanylawsofthiskind).

Figure10:thefollowingmapandtherelatedinformationareavailable onlineatdlapiperdataprotection.com

Figure10:thefollowingmapandtherelatedinformationareavailable

onlineatdlapiperdataprotection.com

Justarealworldexample:NordVPNisacompanylocatedinPanama,a nationwithalmostnorestraintsintermsofdataretentionlaws.Unsurprisingly,it

isalsodefinedasataxhaven,where120bankssecretlyserverichentrepreneurs

(including tax evaders) and offshore companies. Here, companies have no obligationtoproducefinancialstatementsandresidentsmaydecidenottofile theirincometaxdeclarations,sowhywouldlocalVPNresellerswouldbother storingcustomerstaxdata?

Similarly,let’sthinkofHideMyAss,locatedintheUnitedKingdom:online trading requires the submission of documents, traceable payments, financial statementsand,mostimportantly,issubjecttocyber-crimelawsasregulatedby the Computer Misuse Act, allowing the Government to enforce searches wherevertheywant.

3.1.3.5PaymentMethods

FeaturesthatdistinguishasecureVPNfromanonsecureoneincludethe supportedpaymentmethods.IfyouareconsideringtorentaVPNwithpayment serviceslikePayPal,creditcardorbanktransfer(usingyourname),beaware that you will leave behind significant traces. No matter how strong a VPN privacypolicyis,bankswillstoreyourpaymentdata(andweknowtheyget quitealongwithgovernments).

AVPN accepting only traceable payments – credit card, bank transfer, moneyorderandsoon–cannotbedefinedasasecureVPN;unlikefreeVPNs thatcanonlygetyourIPandanyregisteredaccounts,paidVPNmaystoredata potentiallythreateningyouranonymity,likethebillinginformationofacredit cardorabankaccount.

In this case, you should prefer a VPN offering payments in crypto- currencies,likeBitcoin,Litecoin,etc.,andtaketheproperprecautionsinorderto avoidexposingyourwalletstotraceabilityrisks(wewillcoverthesafeuseof crypto-currencieslater).

3.1.3.6DMCANotices

DMCA(acronymofDigitalMillenniumCopyrightAct)isacollectionof Americanlawsagainsttheillegaldistributionofcopyrightedmaterials.Although itisthelegislationofaforeignoverseascountry,isquitesimilartotheUE [22] CopyrightLawandmaybesomehowapplicabletoourcountryaswell.We won’tcoverthisissueanyfurtherduetoitshighlytechnicallegalnature.The onlythingwecanbesureofisthatanyDMCAviolationmaycompelyourVPN toblockyouraccount,inordertoavoidanylegalissue.

3.1.4VPNList

ThefollowinglistincludessomeofthemostpopularVPNsIfoundonline:

youcanfindamorecompleteindexatvpndienste.net.

IunderlinedthebestVPNsIthinkyoushouldusetoavoidbeingtracedback

duringyournavigation.AccordingtotheirPrivacyPolicies,theywon’tstoreany

IPwhenyouusetheirservices;furthermore,theirofferings(protocols,data,

nation,toleranceandpaymentmethods)areclearlyoutlined.

VPNName

State

Datacollected

Log

IP

DMC

Italy

Personal

information

-

AIRVPN

   

Personal

 

BTGuard

Canada

information

-

   

Personal

 

Boxpn

Turkey

information

?

   

Name

 

ExpressVPN

USA

EmailAddress

✔ ✔

CreditCard

   

EmailAddress

 

HideMyAss

UK

BillingInformation

✔ ✔

IPAddress

iPredator

Sweden

EmailAddress

?

MULLVAD

Sweden

-

- -

   

EmailAddress

 

NORDVPN

Panama

Username/Password

- -

   

BillingInformation

   

PRQ

Sweden

Username/Password

-

-

PrivateInternet

       

Access

USA

BillingInformation

-

PureVPN

       
   

EmailAddress

   

SecurityKiss

UK

Name

?

BillingInformation

SHADEYOU

Holland

Username/Password

-

TorGuard

USA

Personal

 

-

information

   

Personal

   

information

OCTANEVPN

USA

EmailAddress

-

Payment

information

   

EmailAddress

   

Username/Password

Payment

information

-

SLICKVPN

USA

GoogleAnalytics

TemporaryCookies

   

WebserverData

   

Personal

   

SECUREVPN.TO

Multiple

information

-

   

Name

   

Steganos

Germany

Address

?

TelephoneNumber

   

Personal

   

VyprVPN

USA

information

   

Name

   

EmailAddress

WiTopia

USA

TelephoneNumber

CreditCard

BeparticularlycarefulwithVPNreviewingsites.Theyhavethebadhabitto

createfakeportalssponsoringtheirservicesandgivingthem5starstoalterany

kindofresult.Please,choosecarefullyanddiscusswithrealpeople.

3.1.4.1.MultiHop(cascading)VPNs

WhenauserconnectstoaVPNservice,theirInternettrafficisprotected towardsasingleVPN.MultiHopisaconnectionfromaVPNfromanother VPN (and so on). Multi Hop offers huge benefits in terms of privacy and anonymity, ensuring different data protection layers as well as different jurisdictions for the inter-linked VPNs. However, “hopping” may cause significantslowdownsandIthinknofurtherexplanationisneeded.Otherwise, theyexactlyworkasthedirectconnectionVPNs(client->VPN)withthesole differencethatoneormoreadditionalVPNslaybetweenthetwo(client->VPN ->VPNandsoon).Currently,theonlyVPNproviders(thatIfound)offering thiskindofsolutionare:

3.1.5UsingtheVPN

UsingaVPNonanygivenOperatingSystemisanextremelyeasytask, consideringthatallthemajorproducersofferready-to-useconfigurationstobe passedtotunnelingclientsor,better,offerpre-madeVPNsyoucanactivatein one click. This applies to all Operating Systems, except the GNU/Linux scenario:thedifficultiesdevelopingasingletoolforthefragmentedPenguin brand market convinced the producer to ignore it, only providing protocols connectivity.However,thisproblemoffersanadvantage:theLinuxcommunity canrelyonasingleclienttomanageallVPNconnections,sowewillhavea singlepathtofollow.Inthetestconfiguration,wearegoingtouseNordVPNas theprovidertogetherwiththeOpenVPNprotocol.

Fromtheterminal,downloadandinstalltheOpenVPNclient:

$su

$apt-getinstallopenvpn

Gototheprograminstallationfolder:

$cd/etc/openvpn

EachprovideroffersalistofVPNsyoucanimmediatelypasstotheclient.

Downloadthisfile:

$wgethttps://nordvpn.com/api/files/zip

Youhavejustdownloadedazipfile(withnoextension).Extractitusingthe

unzipcommand:

$unzipzip

Nowallthefilesareextracted.Viewthemusingthelscommand

$ls-al

Onceyouchosetheservertoconnectto,launchtheopenvpncommand:

forexample:

$openvpnit3.nordvpn.com.udp1194.ovpn

EntertheUsernameandPasswordNowyouareconnectedtotheVPNand

readytousethenetworktunnel.YoucanverifyitdownloadingyourIPinthe

network:

To close the VPN connection, use the CTRL+C key combination. Then, verifyyourIPagain.

3.1.6TestingthequalityofaVPN

Finally,yourentedyourVPN–orstillusingthefreetrial–butyou’re uncertain about your choice, aren’t you? Well, you are can’t be blamed, especially because you know there are very complex dynamics behind the Internet.Forexample,incaseofaVPNmisconfiguration,youwillstillhide yourIPfromthefinalsite,butDNSresolutionmaybenotencrypted,allowing yourISPtologyourdomainrequests,compromisinganyencryptioninplace.

OntheTesterswearegoingtointroduceshortly,youwillseesomealerts

all these

related to JavaScript, Apple-X, Cookies, WebRTC, Java

vulnerabilitieswillbecoveredinaseparatechapter,“LocalResources”.

3.1.6.1TorrentTest

ThetestswearegoingtorunwillcheckifVPNisworkingcorrectly,even

withP2Pprotocols(especiallyTorrent).Unfortunately,youjustcannotvisitthe

usual“whatismyipaddress”;instead,youhavetousethesameTorrentclient

andasetofmini-hacks.Let’sdrilldown;firstlyIwishtointroduceyoutoother

threewebservicesofferingthatcheck:

HowtoruntheVPNtestonTorrent

GetyourpreferredTorrentclientfirst,thendownloadaspecial.torrentfile

(oruseamagnetlink)andopenitintheTorrentclient(Figure11).

(oruseamagnetlink)andopenitintheTorrentclient(Figure11). Figure11:thetorrentisdownloading

Figure11:thetorrentisdownloading

Now,eachservicehasaspecificwaytorunthetest:inthecaseofTorGuard, youonlyhavetodownloadthetorrentandviewtheactivetrackerspage;to verifytheoutboundIP,youwillseetheVPN-assignedIPonthetrackerstatus

(Figure12).

Figure12:fromtheipMagnetsite,youcancheckhowyourIPisseenon Internet

Figure12:fromtheipMagnetsite,youcancheckhowyourIPisseenon

Internet

Theothersworkinasimilarway,justrefertotheinstructionsoneachweb

page.

3.1.6.2DNSLeakTest

Therearedifferentonlineservicestotestandverifyany“leaks”betweenyou andDNS.Wealreadycoveredthemearlyinthemanual;ifforanyreasonyou stillhavedoubts,gobackandreviewthosetopics!Insomecases,youoperating system may still use the default DNS provided by the IPS, although your

networklooks100%anonymous,thusutterlycompromisingyouranonymity.

Youshouldn’tunderestimatethisproblem:thenormalIPretrievingservicesgive afalsesenseofsafetytoVPNusers,whoareunawarethathidingjusttheIP Address isn’t enough. Plus, there is a second problem: imagine you’ve just changedyourDNSusingGoogle,OpenDNS,Comodoandwhatnot.Youmay thinkyourISPcannotreadyourrequestsanymore.Well,that’swrong.Some ISPscanre-readtheDNSconnectionsusingtransparentDNSproxies.

3.1.6.3HowtodefendyourselfagainstDNSLeaks

IfyouwanttodefendyourselfagainstDNSLeaksfromyourISP,youmust

setyoursystemtousetheVPNDNSoralternateDNS.Beforegoingmadwith

youroperatingsystemsetup,ensureyourdefaultVPNhasnottheDNSLeak

Preventfeatureavailable.TheexistingVPNsofferingthisservicearequiterare.

-PrivateInternetAccess(https://ita.privateinternetaccess.com)

Currently,thesoftwaresolutionsare:

- VPNWatcher(paid/availableforWindows,Mac,Android,iPhone,iPad/ www.ugdsoft.com/products/vpnwatcher/)

- VPNCheck (paid / available for Windows, Linux / www.guavi.com/vpncheck_free.html)

- VPN Lifeguard (open source / available for Windows / https://sourceforge.net/projects/vpnlifeguard/)

-TunnelRat(opensource/availableforWindows/www.tunnelrat.net)

-VPNetMon(free/availableforWindows/vpnetmon.webs.com)

TheseprogramscheckiftheDNSmatchthespecifiedonesand,incaseof

trouble,disconnecttheInternetconnection.

3.1.6.3KillSwitch(protectionagainstdisconnections)

AKillSwitch(Figure13)isanimportant–ifnotcrucial–featureintegrated

withmanyVPNclients,allowingtocutoffthenetworkwhenthetunnelstops

working.Wecansayitissomekindofnetworkdetonator,triggeredwhena

VPNturnsthetunnelingoffandisnomoreavailable.

VPNturnsthetunnelingoffandisnomoreavailable. Figure13:KillSwitchfeature,integratedwiththeNordVPNclient

Figure13:KillSwitchfeature,integratedwiththeNordVPNclient

Withoutthisfeature,incaseofVPNdisconnection,yourdevicewilltryto reconnect to Internet, leaving you exposed. You really should enable it, especiallyifyouusebackgroundapplications(e.g.whenyoudownloadfrom Torrent)orifyouneedtogoawayfromthedevice(ex.whenascanrequires moretimethanexpected).ItisnoteasytotellwhichVPNproviderofferssuch solution;eachcallsthe“KillSwitch”withaproprietaryname,thereforeIcan onlysuggestyoutomakeadeepsearchforeachsystemandevaluatecarefully.

4.ClearnetandDeepWeb

Sofar,weonlydiscussedabouthowtosafelyandanonymouslynavigatethe

Clearnet,theportionofInternetyoucanaccessthroughanydeviceandsearch

enginecapableofcommunicatingwithTCP/IPprotocolsaccordingthemost

commonstandards.Duringtheyears,however,Internetusersneededtocreatea

newkindofnetwork,onlyaccessiblewiththedueprecautions.Today,such

networkisknownastheDeepWeb.

Some people unconsciously believe the Deep Web is the “evil” part of Internet,converselytheClearnet(orSurfaceWeb)isthelegitone.Truthis,Deep WebistheparttheWorldWideWebcannotindex,acircuitaccessibleonlywith thedueprecautions(ex.usingspecificsoftware).When,instead,werefertothe “twisted”worldofarms/drugstraffickingandchildpornography,theproperterm isDarkNet(orDarkWebforwebnavigation).Ifyou’reinterestedinthistopic, readthisinterestingarticle [23] andlearnmoreabouttherelatedterminology.

Besides etymology, you shouldn’t underestimate the possibility of an alternativetothecommonInternet.AccessingtheDeepWebmaybeuseful,if notcrucial,fortaskslikeengagingyourcoworkers,gettinginforemovedfrom theClearnet,obtainingexploitsbeforethepublicroll-outandsoon.

Ok, but why this whole premise? Now that we know the basics of anonymousnavigationintheClearnet(althoughwestillhavetofurtherexplore itinthenextchapters),wewillalsocovertheDeepWeb,shortly,andhowto engagewiththisparticularworld,consideringeachsoftware/network.

4.1TOR

TimetodiscussaboutTOR [24] :Iamawarethatsomepeopleisnotmissing that,andtheymayberight,sinceit’sgettingquiteredundant!I’lltrytomake this part the least tedious possible, skipping the obvious things and getting straighttothepoint.Let’sbeginwithalittlereview!

4.1.1What’stheTORnetwork

TOR is an anonymous network created to allow secure navigation and protect users privacy. The software is maintained by The Tor Project, an association funded by a U.S. governmental department for TOR network developmentandresearch.Theprojectisrepresentedbyanonionicon,perfectly conveyinghowthenetworkoperates:TORserversactlikearouter,buildinga virtual,privatenetwork,layeredlikeanonion.Suchstratificationincludesthe following:

-Client:users

-Middleman:serversbouncingdatainthenetwork

-Exitrouters:finalserversonthechain,that“exit”towardsInternet

- Bridge routers: similar to exit routers, with the exception that their identifierisprivate,allowingtobypasstheblockagainstTORusers.

4.1.2TORProjects

TofacilitateTORnetworkaccess,TORProjectstarteddevelopingdifferent

projectsformanynavigationscenarios,including:

packagewithabrowser(Firefox),theHTTPSEverywhereplugin(forcingSSL connections),theNoScriptplugin(blockingJavaScript)and,obviously,theTor client. It’s available both in installer and portable versions for all Operating Systems.

- Orbot(https://guardianproject.info/apps/orbot/):clientallowingtoconnect totheTORnetworkandprotectthetrafficofalltheappsonAndroiddevices.

-Tails(https://tails.boum.org):aGNU/Linuxdistrodesignedforanonymous

navigation,allowingtorouteconnectiontotheTORnetwork.Italsofeatures

encryptionandanonymitytools.

- Arm (https://www.atagar.com/arm/): command line tool allowing to monitorandconfiguretheTORnetwork.

- Atlas(https://atlas.torproject.org):webtoolallowingtocheckthestatusof

theTORnetworkrelays.

foranonymity.

- Stem(https://stem.torproject.org):Pythonlibraryallowingtointeractwith

TOR.

-OONI(https://ooni.torproject.org):softwareusedbygovernmentstodetect

trafficmanipulationandmonitorourconnection.

Speaking of Tor Browser, you should know that the legacy instances includedBundle(whoremembersVidaliaandPrivoxy?)andBrowserversions.

4.1.3TORinstallation

Duetoit’spopularity,TORisavailableinalmostallexistingrepositories.In

fact,youcanusethecommand:

$su

$apt-getinstalltor

InDebian,however,wewillrarelyusethelateststableversion;theTor ProjectdevelopersadviseagainstusingTORinUbuntuandrelateddistros,since it’s outdated and unreliable. As a best practice, enter the TOR official repositoriesdirectlytoyourDebiandistro;firstly,usenanoeditorandopenthe /etc/apt/sources.listfile:

UsingDebian8Jessie,asrecommendedintheofficialwebsite [25] ,append thefollowinglinestothefile:

#TORrepository

debhttp://deb.torproject.org/torproject.orgjessiemain

deb-srchttp://deb.torproject.org/torproject.orgjessiemain

savewithCTRL+X,press“Y”andthenEnter.Youwillberedirectedtothe terminal. In order to avoid any problem with file certification, you have to importGPGkeys:

$

A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89

gpg

--keyserver

keys.gnupg.net

--recv

$gpg--exportA3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89|apt-

keyadd-

Updateyourrepositories,theninstalltheTORpackage:

$apt-getupdate

$apt-getinstalltordeb.torproject.org-keyring

Hereyougo!Nowyou’rereadytouseTOR,whichwillappearasalocal

proxylisteningtothe9050portviaSOCKSandthe9150portforTorBrowser

(we’llcoverthatshortly).Youcanalsoverifytheservicestatusbytyping:

$servicetorstatus

tostopit:

$servicetorstop

tostartit:

$servicetorstart

andtorestartit:

$servicetorrestart

ToverifyTORoperationalstatus,we’regoingtouseproxychains(seethe

Proxychapter),configuringittoconnecttoTORlocalproxies.Firstofall,check

theactuallocationofTORandtheportlistened:

$netstat-tanp|greptor

Thenetstatcommandallowsyoutoobtaintheentirelistofactivetasksusing networkresources;grepwillallowtofilterresultsonlybytheprocessyouwill specify.The|(pipe)operatorconcatenatesthetwoprograms.Theexpression

willreturn127.0.0.1:9050,where127.0.0.1isthelocalIP(ourPC)and9050is

theportbeingused.Beforemodifyingtheproxychainsconfiguration,getbackto

thenormaluser:

$exit

then,opentheproxychains.conffile:

$nano$HOME/.proxychains/proxychains.conf

andedititasfollows:

dynamic_chain

proxy_dns

[ProxyList]

socks4127.0.0.19050

saveusingCTRL+X,theYkeyandpressingENTER.Notethatwechanged

thestrict_chainintodynamic_chain,becauseyoumayencounternonoperational

relayswhenusingTOR.Thedynamic_chainfunctionsallowsyoutouseproxy

withmoreelasticity;strict_chain,instead,isstricttothepointthatitwillblock

anymodificationstotheproxystructure.

Now,verifyyoucurrentIP:

82.51.116.171

alternatively,youcanuseasimplercommand:

82.51.116.171

andcompareitwiththeoutboundoneusingproxychains:

$proxychainswgethttp://ipinfo.io/ip-qO-

ProxyChains-3.1(http://proxychains.sf.net)

|DNS-request|ipinfo.io

|S-chain|-<>-177.73.177.25:8080-<><>-4.2.2.2:53-<><>-OK

|DNS-response|ipinfo.iois54.164.157.29

|S-chain|-<>-177.73.177.25:8080-<><>-54.164.157.29:80-<><>-OK

177.73.177.25

Ofcourse,youcansetuptheentiresystemtopassallthetrafficthroughthe network-manager;alternatively,youcaneditthe/etc/environmentconfigfileas intheProxychapter.Youshouldconsiderthat,ifyouwishtouseTORforweb navigation, you may need to use Privoxy, a web proxy service capable of changingHTTPrequests,disablingadsandmore.Itisalreadyintegratedwith TORbrowser,andweencouragetocontinueifyouneedtonavigateusingTOR. Alternatively,visittheofficialwebpage [26] andgotothededicatedFAQs.

4.1.4TORusecases

OnceTORisactiveinyouroperatingsystem,youcanuseitindifferent

ways.Herearethemostcommonservicesandusecases.

4.1.4.1TORasaBrowser

Perhaps, the Tor Browser Bundle is the most popular TOR Project. The browser is based on Firefox ESR and is pre-configured to connect to TOR

internalSOCKSproxyserveratthe127.0.0.1:9150address.Italsocomeswith

thefollowing:

-TorLauncherstartstheTORnetworklinkinghostmode;

-TorButtonallowstocontrolTORclientidentitiesandsettings;

- NoScriptpreventsJavaScriptcodetobeexecuted(formoreinfo,seethe LocalResourceschapter);

-HTTPSEverywhereforcesthewebconnectionstousetheHTTPSprotocol

(seetheLocalResourcechapteragain).

TheclientisavailableforWindows,OSXandLinuxattheTorBrowser officialwebaddress [27] ;youcandownloadthreeversions:

-Stable,laversionestabile

-Experimental,laversionenightlypiùaggiornata(mamenotestata)

-Hardened,laversionealphadelprogettodisponibilesoloperLinuxx64 [28]

InstallingTORBrowser

Windows and MacOS binaries can be launched with a double-click; on GNU/Linux,instead,youcanhavealittlefunwiththeterminaltofamiliarize with it. Choose your preferred version for the available architecture and downloaditfromtheofficialwebsite.Ifforanyreasonyouareuncertainabout

whichonetopick,alwayspreferthe32-bitversion.Onceyoudownloadedthe

file,opentheterminalandgotoyourdownloadsfolder:

$cd$HOME/Downloads

Inourcase,thefileis“tor-browser-linux32-6.5a3_en.tar.xz”.Weknowit

becausewegotthefilelistbyusingthecommand:

$ls

Then,extractthecompressedfile:

$tar-xvJftor-browser-linux32-6.0.5_it.tar.xz

Pro tip: typing the name of a folder or a file every time can be quite annoying.UNIX-basedterminalsincludeanauto-completefeature:justtypea portionofthename(ex.tor-),thencompleteitusingthe[TAB]key.Example:

$tar-xvJftor-[TAB]

The terminal will automatically complete the file name. The folder containingtheexecutablewillbeextractedintor-browser_en/.Accessitwiththe command:

$cdtor-browser_en

Tolaunchtheexecutable,youcanusethestart-tor-browser.desktopscript.

Runitwiththecommand:

$./start-tor-browser.desktop

MoreaboutTORbrowser

The TOR Browser Bundle can be used both in the clearnet and in the

deepweb.Besidesitsportability(youcanuseitviaUSBdriversorSDcards), thissoftwareconvenientlyfeaturesthepre-installedTORcoreandTorButton

(Figure14),allowingyoutohandleconnectionswithoutexternalGUIs(asit

happenedwiththepreviousversion).TheentireTORnetwork,thus,ismanaged

bytheTorButton,byclickingthegreenonionnextthebrowserURLbar.

bytheTorButton,byclickingthegreenonionnextthebrowserURLbar. Figure14:TORButtononFireFox From the Security & Privacy

Figure14:TORButtononFireFox

From the Security & Privacy Settings you can set four features already availableintheFirefoxpreferencesandusetheSecurityLevelstochoosefrom

fouruserprofiles,determiningyour“paranoia”level(Figure15).

fouruserprofiles,determiningyour“ paranoia ”level(Figure15).

Figure15:advancedsettingsinTORBrowser

4.1.4.2TORasaP2P

TORProjectadviseagainstanyP2Psharing [29] ,withaparticularreferenceto themostpopularservice,Torrent.Thearetwomainreasonswhyyoushould

neveruseTorforP2Psharing:

1) Tornetworkcannotsupportbandwidth-consumingapplications.IfallTor

userssharedfilesusingtheP2Ptechnology,theTornetworkwouldsaturate.

2) TheTorrentnetworkmay“sellyouout”.AsmanyotherP2Pnetworks, TorrentneedstopassyourIPaddresstoapublicdatabase,inordertoconnect youtotrackersandthentopeers.Therefore,theTorrentclientmaysendyourIP address directly to the tracker, thus exiting the Tor network for the download/uploadstageandestablishingadirectconnection.

Actually,withproperprecautions,youcanuseTorrentnevertheless,although

itisnotadvisable.ToanonymouslyshareintheP2Pnetworks,youshoulduse

VPNorI2P(wewilldiscussitlater).

4.1.4.3TORasChat

ServiceslikeGmail,Hotmail,Skype,FacebookMessenger,aswellastheold Yahoo!MessengerandMSNandanyotherformofcommunicationoverInternet

canbetrackedandstoredforlongtimes,evenmorethan5years.Wewillalso

discusshowtoencryptmessageswithinthenetworklater;fornow,let’sonly

introducetheTorChatsoftware.

TorChat [30] is a decentralized and anonymous instant messenger that leverages the Tor network for Internet communications via the .onion meta- protocol.Itallowstoexchangeend-to-endencryptedmessagesandmultimedia. TorChat is natively available for Windows, Linux and next generation smartphones.YoucanalsofindunofficialversionforOSXsystems [31] ;useitat yourownrisk.

InstallingTorChat

IfyouintegratedtheTORProjectrepositoriestoinstallTOR,youcanalso

installtorchat.Firstofall,updateyoursystem:

$su

$apt-getupdate&&apt-getupgrade

Notehowweintroducedthe&&concatenationsymbol.Wecanuseittorun two discrete commands that shall not intercommunicate, unlike the | (pipe) symbolabove.Theapt-getupdateandapt-getupgradeupdaterepositoriesand softwareinoursystem,respectively.Atthispoint,youcaninstalltorchatwithno efforts:

$apt-getinstalltorchat

Aftertheinstallation,launchitdirectlyfromtheterminalbytyping:

$exit

$torchat

HowTorChatworks

InTorChat,eachuserhasauniquealphanumericIDwith16characters.Itis

randomlygeneratedbyTorattheclientfirstlaunchandtakestheformofa

.onionaddress.Thenyouwillobtainacodelikethis:murd3rc0d310r34l.onion,

andyourIDwillbemurd3rc0d310r34l.Youcanshareitwithotheruserswho

wanttochatwithyou.

AboutTorChatsecurity

TheactuallevelofusersecurityofferedbyTorChatisstillahottopic.A doubt arises from how the tool works: it creates a service within the host computer and simply transfers some data (just like netcat), exposing the computer to the same de-anonymization attacks already used in any other anonymousnetworks.

Thesecondproblemmayrelatetodatatransfer:thereisnomanualcontrol

overacceptingafiletransfer,andallthetemporarypartiswrittenonthe/tmp

path:theoretically,anattackermaytransferrandomdatatotheOperatingSystem

tmp,causingacrash,sincetheOSisRAM-mounted.Intheworstcasescenario,

wemayalsospeculateamachineexploiting,afteranoverfloworothertypesof

theoreticallyacceptableattacks.

ThefinalcriticalissueisthateveryonewillalwaysknowwhenaTorChatID

isonline,andyoucannotpreventit.Then,ifyouwanttoendrelationswithother

users,youwillhavetocreateanewTorChatID.Inconclusion,TorChatisa

usefultool;however,youshoulduseitonlywithtrustedpeopleandonlywhen

strictlynecessary.

4.1.4.4TORasaProxySoftware

JustlikeProxiesandunlikeVPNtunnels,youmustconfigureyourowntool

toworkwithintheTORnetwork.OnceTORisactive,youcanuseanactual

SOCKSproxyinyourcomputer.

At this point, you can run your software, proxified with Proxychains or

Proxycap(seetheProxyServerschapter),connectingtothe127.0.0.1address

(orlocalhost)throughthe9050port.Wealreadyexperiencedthisscenariowhen

weinstalledandtestedTOR(notTORBrowser),sopleaserefertotherelated

paragraphsabovetolearnhowtoproceed.

4.1.5TORRelay

IntheTORuniverse,Relaysgiveawayfreebandwidthtothenetworkusers. Thetorproject [32] recommendsTORuserstoenabletheRelayfeatureifthey

havemorethan250kb/sbothinuploadandindownload.

In the diagram showing the TOR elements list, Relays belong to the MiddlemanandExitNodecategories:anyonecanrunaRelayintheirnetwork andchoosetoactasaMiddleman,anExitNodeorboth.Forthepurposesofthis guide,settinguparelayisnotfundamental;ifyouwishtocontributetotheTOR networkdevelopment,however,youcancreateapersonalrelay.

4.1.6TORBridges

TORbridges–calledbridgerelays–areTORnetworknodesthatallowto

bypassISPandwebsitefilteringrelatedtoTORnetworkusage.Toensurethe

systemworkseffectively,youwon’tfindanycompletelistofbridgerelays,since

ISPsandwebsiteshoneypotswouldidentifyandblockthematonce.

YoucaninstructtheTORBrowserclienttousebridges,however,selecting

MyInternetServiceProvider(ISP)blocksconnectionstotheTornetwork”.

EnablethisoptioninTORNetworkSettings(ifyouuseTORBrowser,clickthe

topleftgreenonionicon).

4.1.6.1Bridgesadvanceduse

Ifyouwishtomanuallysetyourbridges,(e.g.touseTorExpertBundle, TOR-based Linux distros like Tails or TOR Browser through advanced configuration), you must firstly visit the Bridge page of Torproject

(https://bridges.torproject.org/bridges),skiptostep2,completethe(impossible)

captchaontopandthenobtainavaluelikethefollowing(***havebeenadded):

92.***.0.174:900165B2F8E594190A3************59B0E32FC45720

194.***.208.26:2704947063AFD4CB**********F16D6FE8DC68E6942DD6

107.191**.23:443225A895211B179FDE2E8F8E3************ECC0B0

YoucanlaunchTORBrowserandpassthenewlyobtainedbridges(Figure

16only).

16only). Figure16:enteringbridgesonTOR 4.1.7PluggableTransports Keep

Figure16:enteringbridgesonTOR

4.1.7PluggableTransports

Keep in mind, however, that bridges may be blacklisted as well, since everyonecanaccessthem,censorsincluded.Inordertobypassthatcheck,TOR developersintroducedanewfeature,knownaspluggabletransports.PTsturn theTORtrafficflowinto“clean”trafficbetweenclientandbridgethatmay otherwise be intercepted by the ISPwith the Deep Packet Inspection (DPI) technique,classifyingtheIPtrafficflowsand,oncethepatterniscompared,

blockingthemupstream.

Atthemoment,PTtechnologyisunderactivedevelopmentandrequires operatorsanddevelopers,inordertobeefficientlyintegratedwiththeTOR Project.Learnmorebyvisitingtheofficialwebpage [33] .Thecurrentlymost commonPTsaredefinedasobfuscatedbridges,sincetheyobfuscatetrafficin order to make it hardly interpretable by ISPs. The underlying technology leveragesalgorithms,identifiedbyprotocols,thatmixtheinboundandoutbound

packets.Therearethreeprotocolsofthiskind:obfs2,obfs3eobfs4.

Obfs2(version2,alsoknownas“Twobfuscator”)isthesimplestone:the

underlyingtechnologyallowstofetchinboundandoutboundtrafficdataand

resortthemrandomly.Asshownbyrecentstudies,thisprotocolcanbecracked

byinterceptingtheinitialhandshake(justlikewhathappenswithWEPsecurity

ofWiFinetworks),thusrevealingtheenclosedinformation.Asadeprecated

version,it’soutofdevelopmentandunsupportedbyTOR.

Obfs3(“Threebfuscator”)isquitesimilartothepreviousprotocol;however,

itusesDiffieHellmanforkeysswapduringthehandshake(wewillexplainthis

topicin“Encryption”).

Obfs4 is the fourth version of the protocol, although “it is closer to

ScrambleSuitethanobfs2/obfs3”,asitsdevelopersaid.Thelatestversionis

seeminglythesafestone,andiscurrentlyavailableinTorBrowserbydefault. YoucanlearnmoreabouttheprotocolontheofficialGithubpage [34] .TheTor ProjectofficialpagealsoincludesanObfs4list [35] .

4.1.7.1MEEK&ScramblesuitProtocols

TORcancommunicatewithmanyotherprotocols,besidestheObfsfamily*

(Figure17). Figure17:bridgesselectiononTOR Meek-*
(Figure17).
Figure17:bridgesselectiononTOR
Meek-*

Theprotocolsof themeek-*family havebeencreated in2014to allow

tunneling in a HTTPS circuit. Furthermore, a technique known as “domain

fronting”hidesTORbridgecommunicationstoISPs.Asyoucansee,themeek-

partisfollowedbyapopularwebservice:ifyouchooseAmazon,forexample, theISPwillthinkyouarecommunicatingwiththeworld-famouse-commerce (or with AWS cloud, more precisely), or Azure with Microsoft cloud and Google well,withGoogleservicesofcourse.AsexplainedbyTORProject, themeek-*basedprotocolsareslowerthantheobfs-*onesandshouldbeused onlywhentheISPblocksthelatter.Ifneeded,youcanfollowtheTORProject officialguide;itexplainshowtoconfigureyourclienttousethismeek [36] .In caseofdoubts,youcansafelyskipthisprotocol(oratleastrunsometests). Currently, they seem to be the only solid alternative in the occurrence of

advancedcensorship,likethelate2015caseinChina;however,itisstillanearly

versionandthesituationmaychangeinyears.

ScrambleSuit

TheScrambleSuitproject–asreportedontheGithubofficialpage [37] –aims tosolvetwoproblems:

•Protecttheuseragainstmonitoringattacks,requestinga“secret”sharedby

clientandserverandleveraginganout-of-bandcommunicationviaBridgeDB

(TORbridgelistingservice).

• Protectfromanalysisattacks,alternatingthedataflow.ScrambleSuitcan altertimeandlengthofthepackagebeingcommunicated.

It was developed as an independent transport protocol from SOCKS protocols,e.g.HTTP,SMTP,SSHandsoon.Alltheaboveshouldbetterexplain

howtheObfs4protocolworksaswell,whichisconsideredasfasterandmore

stable [38] , so we recommend to use ScrambleSuit only when Obfs4 is unavailable.Atthecurrentstage,ScrambleSuitisnomoreunderdevelopment.

TheabandonedprotocolsalsoincludeSkypeMorph [39] ,Dust [40] andFTE [41] . YoucanfindthecompleterelaysandP.T.documentationontheTorProject officialpage [42] .

4.1.8TestingthequalityofTOR

In this part of the document, we will run some tests to check the TOR Browsersafety.

AsforVPNs,ontheTestersviaBrowseryouwillseesomealertsrelatedto JavaScript,Apple-X,Cookies,WebRTC,Java allthesevulnerabilitieswillbe coveredinaseparatechapter,“LocalResources”

4.1.8.1TORTestviaBrowser

ThereferencesiteforyourtestswillbeTorCheck [43] ,poweredbyxenobite.

YoucanseethetestresultsinFigures18and19

,poweredbyxenobite. YoucanseethetestresultsinFigures18and19 Figure18:TorCheckwithoutusingTORBrowser

Figure18:TorCheckwithoutusingTORBrowser

Figure18:TorCheckwithoutusingTORBrowser Figure19:TorCheckusingTORBrowser

Figure19:TorCheckusingTORBrowser

Fromthispagewegetareportincludingdifferentitemsandvalues.Asyou

canseeonthetopscreen,thefieldswithalightgreenbackgroundrepresenta

goodprotection,thelightredones,instead,relatetoissuestobefixed(please

note,inthisexampleyouwillreceivethe“YourrealIP”itemasred,probably

duetoabug).Here’sthemeaningoftheitems:

YourrealIP:youractualIPaddress.Ifyoucanseethis,yoursecuritymay

becompromised.

YourcurrentIP:hereyoucanseetheIPaddressshowntothesiteyouare

viewing.Ifeverythinggoesasplanned,youwillgetadifferentIPthanyours(it

willbetheexitnodeone).

YourcurrentFQDN:FQDNisthedomainnamespecifyingtheDNSlevels.

ThatidentifierwarnsyouthatyourIPaddressisstillloggedbyyourISPduring

thedomainresolution.

YourGeolocation:hereyoucanseethegeographicallocationobtained fromtheIPaddress.It’sapproximateandreferstotheISPswitch,nottothereal addressoftheconnectionuser.

TorDNSEL:hereyoucancheckifthe“exiting”IPaddressispartofthe

ExitNodelist.Thisisanimportantitem,sinceitallowsyoutoknowwhether

theoutboundconnectionhasbeenmanipulatedortheexitnodeisidentifiedas

comingfromTOR.

LocalTorConsensus:norelateddocumentation.

YourHTTP-Referer:hereyoucanverifyifyouareleavingReferer-type

traces.TheReferervalueallowsanotherwebsitetoseewheretheclientcomes

from(ex.,fromasearch,asite,amail,etc.).

YourHTTP-Via:showsthevalueinformingtheserveraboutthetypeof

requestmadeviaTorproxy(ex.,Via:1.0fred,1.1inforge.net(Apache/1.2)).

YourHTTP-User-Agent:thisisthelookupofyourbrowserandoperating system.HTTP-User-Agentcanbemanipulated,andwewillseehowtodoitin thenextchapter,relatedtoLocalResources.

YourHTTP-ACCEPT: here you can see the values accepted by your browser,inexampleinformationaboutlanguage,cookies,cache,etc.

Your HTTP-CONNECTION: reports the browser Connection value. Usually,youwillfindthekeep-alivevaluehere.

TheTORnetworkisthemostpopulartooltoaccesstheDeepWeb,or,better, the TOR Deep Web. Without it, your browser cannot resolve domains with .onionextension,e.g.websiteshostedbyserversandcomputersconnectedto TOR.

4.1.9.1Wheretofind.onionsites?

Goodquestion.Wheredoyougowhenyoulookforsomething?Google,of

course!AsImentionedbefore,however,Google(aswellasBing,Yahooand

whatnot)istheblackdeathforanyonewishingtostayanonymous.Whattodo,

then?

ThefirststepanaspiringdeepnautshouldtakeisgettingtheTheHidden Wiki,aWikipedia-likepagegatheringsomeofthetop.onionsitesavailable.In ordertofindtheHiddenWiki,justgoogl ehm lookupthekeyword“The HiddenWiki”onasearchengineandgettosomesite–withacertainauthority, if possible – so you can obtain a .onion address like the following:

http://zqktlwi4fecvo6ri.onion(currently,itistheactiveone,butitmaygodown)

orevenwebsitesintheclearnet.

About the Hidden Wiki: you can find many versions around. The most populararethe“ion”ones,althoughtheyarequiteoutdated.Alternativelytothe officialone,youcanalsofindthe“MirrorVersion”,whichisthemostcomplete wiki.Asathirdchoice,instead,youcangettheHackBlock’sHiddenWikithat canbeupdatedbythecommunity(carefulwhatyoulookfor,anyway).Dozens ofwikisarecreated(andcl