“VirtualBox + Tor + Backtrack” aka “How to become (almost?) invisible”

It happens sometimes that you don’t want to leave too many traces around while you’re wandering on the Net. Hey, I’m not judging you. I don’t even want to know what you tell your wife when you go out at night without her.

Anyway, if you don’t want to be seen Tor is a good tool to get the job done but in the past it was quite painful to configure every piece of your “stealth” system to use it and avoid unwanted privacy leaks from Tor-unaware applications.

Some detail about why just installing Tor on a PC wasn’t enough to surf safely every filthy slum of Internet is available on this page. The article also explains the use of a couple new feature of Tor’s latest releases: its transparent proxy support and its anonymous DNS server capabilities.

The guide is very straightforward and informative but it actually focuses only on how to take benefit of  the transparent proxy with a local installation of Tor on a physical computer.

I think you could do a lot better, privacy wise, with a couple virtual machines and two live Linux .iso files. One VM will operate as a transparent proxy and the other one will run a complete Linux live distro that you’ll use to surf the Net anonymously with every comfort.

Using live distributions over a virtual machine brings you two significant advantages:

1. The virtualization will let you run both systems together while you will still be able to work on your not-anonymous physical computer without changing any configuration of it.
2. Running a live distro means that every trace of your navigation data will disappear to nothing as you shutdown the two VMs with a single click.

We just need two pieces. Let me explain better.

1. Live Tor transparent proxy:

There’s an interesting project aimed to build a virtual Linux appliance that acts only as a secure stand-alone Tor transparent proxy. Here you can find a quick guide on how to cook it yourself starting from an Ubuntu fresh installation or you can simply download the ISO image of a very tiny prebuilt live distro.

Once you have built your custom distribution (or downloaded it) you can use the tor_vm.iso file to create a virtual transparent proxy running live inside any virtualization engine. In this guide I am going to use VirtualBox, but the same concepts are valid with Vmware, Qemu and so on.

Open VirtualBox, create a new virtual machine called tor_vm and mount tor_vm.iso file as the secondary IDE master device. Despite you want to run tor_vm as a live distribution you must add a virtual hard disk as the primary IDE master device (/dev/hda1) because Tor will save there some important data that it needs to keep you anonymous. If you want to be even more paranoid you can create a ram disk on your physical machine and feed that to the tor_vm instead of a standard .vdi persistent file. Then set the appropriate parameters for the VM (ram, cpu…), remove sound and USB devices and add a bridged network interface. You are actually free to choose a different networking mode for your machine but “bridge” will put the VM interface on the same subnet of the VirtualBox host, letting you free to use the proxy from the physical machine or from other hosts on the same LAN as well, if you want, without messing around with VirtualBox virtual networking system.

Start the tor_vm and wait until it configures its network interface with the DHCP server of your network and establishes a full connection to the Tor circuit. When this happens, you’ll see a dashboard showing the proxy’s ip address, its iptables rules and the traffic counters for every port. The Tor transparent proxy is now ready to accept connections from other physical or virtual hosts.

2. Live Backtrack stealth system:

Now that you have a Tor transparent proxy up and running on, say, 192.168.1.117 ip address, you need to anonymize the system that you’re going to use to surf. You could configure your physical system to do that but then you should bother wiping from your hard disk all temporary data that could trace your online activities.

A way better idea is to use another live distribution: the choice is up to you but I’ve choosed Backtrack 5 because it has a lot of interesting stuff for people who wants to play hide&seek in a comfortable Gnome environment.

So, download the latest iso image from the official site and attach it as a boot device to a new Virtualbox VM called bt_vm. Set the appropriate vm parameters and add a bridged network interface. Do not disable USB support, we’ll use it later. This time you don’t need to attach any virtual hard disk to the VM as Backtrack doesn’t need it and we don’t want to leave our footprints around. Start BT in “stealth mode” by choosing the appropriate entry from the boot menu so that your bt_vm will boot with no active network interface. Enter the gui if you want by typing “startx” at the command prompt, then start configuring the network to deal with the tor_vm transparent proxy.

Configure the bt_vm DNS resolver: edit /etc/resolv.conf and add

nameserver 192.168.1.117

192.168.1.117 being the address of the Tor proxy.

Now we’re ready to bring up bt_vm networking and go online. Just choose a free network address, say 192.168.1.120

:~# ifconfig eth0 192.168.1.120/24 up

And define a default route to the Tor proxy

:~# route add default gw 192.168.1.117

You’ve done. Now not just your browser but your entire Backtrack system is anonymized by Tor. You can test it by logging in with ssh to a remote system and checking your ip with “last” command, or connecting to a FTP host and looking in the remote logs.

If you’ve done all the right way, not a single byte of data should be able to escape your Backtrack VM without being anonymized by Tor.

I said that we needed the USB support on the bt_vm: you can actually write a small script to automate iptables, DNS and network configuration of the VM and put it on an encrypted pendrive that you can mount on Backtrack and use also to save some data that you possibly retrieve while surfing.

About root

I am the guy who make things work (most of the time). Sometimes I act as a Linux sysadmin, in the rest of my life I am a hungry reader, a biker and a trekking enthusiast.
This entry was posted in Privacy, Sysadmin, Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Comments are closed.