Skip to content

Latest commit

 

History

History
110 lines (82 loc) · 3.4 KB

README.md

File metadata and controls

110 lines (82 loc) · 3.4 KB

OnionComms

OnionComms is a repository of script to run an onion server and guides to configure client side applications to connect to any onion service that uses the same protocol, therefore, onion communications.


Table of contents


Server

Read the README inside the folder of the program you want to use, the scripts are non-interactive unless a password needs to be set. They were designed for Debian and derived systems.

Client

TORIFICATION.MD is a must read on how to do properly torifications of applications. In short:

  • application proxy settings may fail and leak DNS requests and IP address (per application)
  • enforce proxy with a wrapper may also fail if not using the libc and leak DNS requests and IP address (torsocks, orbot)
  • transparent proxy has huge security problems, it does not protect agains protocol leaks but the IP address will never be revealed (Tails)
  • isolating proxy is the best solution as no leaks occur but it requires two host (virtual or physical) (Whonix)

The client guides are intended for plain Debian users, therefore application proxy settings and enforcing a proxy with a wrapper is the only solution, which isn't great but it is what is available.

Transparent proxy is hard to configure system wide and isolating proxy requires advanced configuration of creating a network between two hosts, these methods already route everything through Tor, so you don't need to configure the client to have onion routing, as all the traffic already does. What may change are simple configurations such as enforcing TCP mode or "hardening" by removing some "bad features" that leaks protocol information.

Applications

Application Client Server
tor yes yes
torsocks yes no
Tor Browser yes no
Orbot yes no
Application Client Server
OpenSSH client yes no
OpenSSH server no yes
Remmina yes yes

TODO: Remmina guide is incomplete.

Application Client Server
Magic-wormhole yes no
OnionShare no yes
Application Client Server
Newsboat yes no
QuiteRSS yes no
Application Client Server
Mumble yes no
Mumble-server no yes
Application Client Server
Prosody no yes
Ejabberd no yes
Pidgin yes no
Dino IM yes no

TODO: Every XMPP client guide is incomplete.

Application Client Server
Hexchat yes no
Irssi yes no
Application Client Server
apt yes no
wget yes no
cURL yes no
git yes no
gpg yes no
Ricochet-refresh yes yes
TEG yes no

TODO: TEG guide is incomplete.