-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tor-observe - tool to see to which destinations Tor is connecting to #28
Comments
Have you tested the new tor-ctrl-stream upgrades? I think this is exactly what you want: tor-ctrl-stream -s 9151 -z
It does not print circuits, it prints the hostname and ip. |
Completed
I prefer duplicate so we can see how many times it was requested
Complete
When using torsocks, the torsocks appears on the |
Correction, no need to specify 9151 tcp socket as on whonix, TBB is using /run/tor/control.
|
Output still contains some lines with
Possible to hide everything that comes before with a more specialized command line parameter or this tool? Yeah. Maybe tor-ctrl-stream does most things already. Then perhaps a wrapper script for simplicity that sets the parameters to show more relevant output for this only?
In that case the warning would have to be removed or toned down?
Possible to hide the
|
Are those fingerprint lines related to DIR_FETCH, if yes I can use that to hide those lines.
Yes.
It is possible, but you'd like to see the connections when streams are made yes, to be interactive during run time. For that I'd have to think more on how to do that, currently not possible.
You mean a specific field?
Indeed. |
Yes. Also: 650 STREAM 725 SENTCONNECT
Just a wrapper tor-observe (better name) actually running |
Didnt get it, do you have an output example? You want to cut that fields?
Binding(merging) tor-ctrl-stream with tor-ctrl-circuit? |
EDIT |
The x.x.x.x are redacted IPs. The $000 are redacted relay fingerprints.
No. I meant... Just a wrapper tor-observe (better name) actually running |
Not pushed to github yet
I really don't get it. I will leave this for later, or if you want to contribute, I'd be glad. |
Yeah. Not a big deal. And quicker done than explained. Will do later. :) |
Making a request on TorBrowser, enabled every event to find anything useful about the client, this is the maximum important information I got from the logs, the client ip 10.X.X.10 is the workstation. |
These were redacted from the table. Do you want the script to not show the raw logs of relays? |
For something to be shared in public, better avoid? Users will inevitably do a complete copy/paste of all outputs for such as "tor observe" tool (for lack of better term). |
I get it now. tor-observe will be a wrapper for tor-ctrl-stream on private mode and hiding even more things. by default, so no need to specify options as people will forget about that. |
Exactly. |
These lines are not printed on the table of tor-ctrl-stream when using |
If I was lazy, I'd do tor-ctrl -w -c "SETEVENTS STREAM" | sed "/DIR_FETCH/d;/\.exit\:/d;/^$/d" | \
cut -d " " -f3-6 but this wouldn't show StreamPurpose as it does not have a fixed field, could be on the 7th or 8th or not present at all if not a These are the lines that will be printed: 1235 NEW 0 www.torproject.org:443
1234 NEW 0 www.torproject.org:443
1235 SENTCONNECT 997 www.torproject.org:443
1234 SENTCONNECT 997 www.torproject.org:443
1233 REMAP 997 [2a01:4f8:fff0:4f:266:37ff:fe2c:5d19]:443
1233 SUCCEEDED 997 [2a01:4f8:fff0:4f:266:37ff:fe2c:5d19]:443 If you think it is important for the user to know if the purpose was a maye should hide these other
|
tor-ctrl-observer finished: ^CTerminated
StreamId StreamPurpose StreamTarget CircuitId CircuitPurpose
--------------------------------------------------------------------------------------------------------------
2004 USER duckduckgo.com-(52.142.124.215:443) 1266 GENERAL
2005 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2006 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2007 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2008 USER www.torproject.org:443 1255 GENERAL
2009 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2010 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2011 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2012 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2013 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2014 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2015 USER www.torproject.org-(95.216.163.36:443) 1255 GENERAL
2016 USER 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion:80 1260 HS_CLIENT_REND
2017 USER 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion:80 1260 HS_CLIENT_REND
2018 USER 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion:80 1260 HS_CLIENT_REND
2019 USER 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion:80 1260 HS_CLIENT_REND
2020 USER 2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion:80 1260 HS_CLIENT_REND Stream 2008 not showing torproject ip address is not a bug, stream was closed before being remapped. |
Closing this. If unsatisfied, something to improve or remove, let me know. |
stopped the filters on The tool for privacy is |
Sometimes users request a feature to observe connections between Whonix-Workstation and Whonix-Gateway. But it's not really limited to Whonix. Also users that are using Tor Browser would like to check what connections Tor is actually creating. (related: #27)
In #13 (comment) a Tor Browser regression was found, Tor Browser (Firefox) phoning home to firefox.settings.services.mozilla.com:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31575
Which you then reported at:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40788
Including some potential other unwanted connections.
There might be many more such privacy violations. But these are difficult to spot when these are routed over Tor.
Therefore it would be useful to have some tool that users can run which shows everything where Tor is resolving DNS and connecting to.
The text was updated successfully, but these errors were encountered: