If you didn't knew torsocks, it's a tool to safely route various commands and applications over Tor. Let's install it first:

Updating repos & intstalling requirements

• $ sudo apt update && sudo apt install autoconf automake libtool gcc -y

Cloning the gitlab repository

• $ git clone https://gitlab.torproject.org/tpo/core/torsocks/ && cd torsocks

Compiling the package

• $ ./autogen.sh && ./configure && make && sudo make install

Now we can try to use any application/command by calling torsocks before

• $ torsocks firefox-esr will route your browser over Tor
• $ torsocks curl <arg> will route curl over Tor

You also can start a new terminal session fully routed over Tor by doing --shell

• $ torsocks --shell
• $ (your terminal is now using Tor)

This list is sponsorised by Intercambio | Tor hidden-service for making your swaps and transactions fully over Tor :D

Bitcoin

• Sparrow Wallet | Tor hidden-service
• Samourai Wallet | Tor hidden-service

Lightning Network

• Phoenix Wallet
• Zeus Wallet

Monero

• Feather Wallet | Tor hidden-service
• Stack Wallet

Litecoin

• Litecoin-core (with their proxy setting)

Ethereum

• Brume Wallet

Before starting this tutorial, heres two differences: using bridges is to hide your connection to Tor from ISPs, using a proxy would be to completely anonymize your connection to Tor.

Step 1: Edit torrc file

• sudo nano /etc/tor/torrc

Step 2: Add theses lines

For a HTTP proxy

• HTTPProxy / HTTPSProxy host[:port]
• HTTPProxyAuthenticator / HTTPSProxyAuthenticator username:password

For a SOCKS proxy

• Socks4Proxy/Socks5Proxy host[:port]
• Socks5ProxyUsername username
• Socks5ProxyPassword password

For a TCP proxy

• TCPProxy protocol host:port

For a bridge

• UseBridges 1
• Bridge [vanilla/obfs(3/4)/snowflake/meek] IP:Port [fingerprint]

Before starting this tutorial, here's what you need to know:

Geofencing on Tor (or banning specific fingerprints ect..) is for very specific usages. For example, i'm in Japan and I obvously want, to avoid Japan Internet blocking rules, then I block all Japan relays.

Step 1: Edit torrc file

• sudo nano /etc/tor/torrc

Step 2: Add theses lines

• StrictNodes 1
• ExcludeNodes {CC},{Fingerprint},{Nickname}

You can also only block exit-nodes, if you don't want to apply theses rules on guard and relay nodes with:

• ExcludeExitNodes {CC},{Fingerprint},{Nickname}

Step 3: Save & restart Tor

• sudo service tor restart

After theses settings were applied, all relays from your wishes will be blocked at the guard, relay and exit node level.

This tutorial is made, because a lot of people seems to not understanding, how to "Torrify" the network traffic of an application, but hat's not that hard.

Step 1: Find the network settings of an application

You're simply going to the application settings you wanted.

Step 2: Search a "proxy" setting

You search "proxy" to set up your application for using Tor.

Step 3: Add the Tor SOCKS5 Proxy

When add the proxy, add theses informations:

• Proxy type: SOCKS5
• IP/Host: (127.0.0.1 for IPv4) (::1 for IPv6)
• Port: (9050 for Tor-CLI) (9150 for TorBrowser)

Step 4: Setup Tor as a DNS resolver to not leak your requests

Introduction

Tor (The Onion Router) is a network protocol made by the United States Naval Research Laboratory to encrypt and anonymise your network traffic trough circuits inside a decentralized relay network.

Architecture

You have five types of relays inside Tor:

• 🛡 Guards (used to connect to Tor)
• 🌉 Bridges (get a hidden access to Tor)
• 🧶 Relay nodes (used to make circuits)
• 🚪 Exit nodes (used when you exit Tor)
• 🗃 HSDirs (Hidden Services Directories used to contact a hidden service)

Hidden-services (.onion)

Connections to hidden-services are fully end-to-end encrypted (the base32 is the public-key) inside Tor, first we ask to a HSDir if the hidden-service is alive

• 🙋‍♂️↔🛡↔🧶↔🧶↔🗃

Then the connection to the hidden-service looks like this

• 🙋‍♂️ ↔🛡↔🧶↔🧶↔🧶↔🧶↔🧶↔🧶↔🛡↔🖥

Connection to the Internet

Tor gives the possibility to reach the internet trough his exit nodes network. The exit node haves the traffic unencrypted, if you don't use HTTPs (for example) it also know where goes the traffic, it look likes this:

• 🙋‍♂️↔🛡↔🧶↔🚪↔ (website/server)

How can you use Tor ?

• Using the official browser (it's like using firefox but with Tor) TorBrowser
• Using a tunneling solution like a VPN with:
• • Orbot / Invizible (Android)
• • Torsocks / Anonsurf (Linux)
• • OnionFruit (Windows)
• With a dedicated operating system like TailsOS, Whonix, Qubes
• By setting up a SOCKS5 Proxy on your application

Install Tor CLI

• sudo apt install tor

Add the DNS port to your Tor settings

• sudo nano /etc/tor/torrc

Add this line

• DNSPort (a port you choose) IsolateDestAddr

Save the file and modify your DNS settings

• sudo nano /etc/resolv.conf

Remove any nameserver line and add this one

• nameserver 127.0.0.1:(the port you took before)

cross-posted from: https://monero.im/post/171

Why i should make a hidden-service for my RPC endpoint ?

Because it gives you a private and secure access to your node.

Step 1: modify torrc to activate the hidden-service

In your terminal, install Tor and modify your configuration using nano

• sudo apt install tor
• sudo nano /etc/tor/torrc

Now, in the hidden-service section, remove the hashtags to activate your hidden-service, replace the defaults ports for 18081 (the default port number used for the RPC) and save the file.

• HiddenServiceDir /var/lib/tor/hidden_service/
• HiddenServicePort 18081 127.0.0.1:18081

Step 2: restart Tor & get the hidden-service

Restart the service and then open the "hostname" file to get your hidden service.

• sudo service tor start
• sudo nano /var/lib/tor/hidden_service/hostname

Step 3: start your monero node

Bind the localhost interface with the --rpc-bind-ip arg of monerod.

• ./monerod --rpc-bind-ip 127.0.0.1

Step 4: connect your wallet to your node

Use FeatherWallet, go in the network-settings, in the proxy tab add a Tor SOCKS5 proxy (127.0.0.1:9050), check the only connect to .onions and start a bundled Tor router boxes.

Now in the nodes tab, add (your_hidden_service).onion:18081 as your remote-node and you can now use your node over Tor !