Jump to content

Need advise/help with USB Armory Tor setup


jacs
 Share

Recommended Posts

I'm not advanced user, more like hobbyist when we talking about gadgets, linux etc., so I bought USB Armory, and some of the things I had no problem setting up, but when it came to setting up Tor Anonimizing Middlebox, I got really stuck with the whole IP address thing. I need help to properly setup Tor, with the correct IP addresses. As I mentioned, I'm not quiet good with networking, and I can't wrap my head around it. So, if you could point what the right setup and IP's should be, I'd grateful.

This is what > ip route shows

192.168.2.0/24 dev usb0 proto kernel scope link src 192.168.2.100

According to the Inversepath's documentation on Github, I had to set the USB with 10.0.0.2 IP and 255.255.255.0 Subnet Mask, then enable internet sharing. And in /etc/network/interfaces the setup should be:

auto usb0

allow-hotplug usb0

iface usb0 inet static

  address 10.0.0.2

  netmask 255.255.255.0

  gateway 10.0.0.1

 

I had to change it to:

auto usb0

allow-hotplug usb0

iface usb0 inet static

  address 192.168.2.100

  netmask 255.255.255.0

  gateway 192.168.2.1

 

to be able to connect to internet.

 

 

When it comes to setting up Tor, this is what it should look like:

 

/etc/tor/torrc

 

irtualAddrNetworkIPv4 10.192.0.0/10

AutomapHostsOnResolve 1



# Transparent proxy

TransPort 9040

TransListenAddress 127.0.0.1

TransListenAddress 10.0.0.1



# DNS

DNSPort 53

DNSListenAddress 127.0.0.1

DNSListenAddress 10.0.0.1

 

 

Create iptables in /etc/iptables.sh with:

#!/bin/sh



### set variables

#destinations you don't want routed through Tor

_non_tor="10.0.0.0/24"



#the UID that Tor runs as (varies from system to system)

_tor_uid="104"



#Tor's TransPort

_trans_port="9040"



#your internal interface

_int_if="usb0"



### flush iptables

iptables -F

iptables -t nat -F



### set iptables *nat

iptables -t nat -A OUTPUT -o lo -j RETURN

iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN

iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53



#allow clearnet access for hosts in $_non_tor

for _clearnet in $_non_tor; do

   iptables -t nat -A OUTPUT -d $_clearnet -j RETURN

   iptables -t nat -A PREROUTING -i $_int_if -d $_clearnet -j RETURN

done



#redirect all other pre-routing and output to Tor

iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port

iptables -t nat -A PREROUTING -i $_int_if -p udp --dport 53 -j REDIRECT --to-ports 53

iptables -t nat -A PREROUTING -i $_int_if -p tcp --syn -j REDIRECT --to-ports $_trans_port



### set iptables *filter

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



#allow clearnet access for hosts in $_non_tor

for _clearnet in $_non_tor 127.0.0.0/8; do

iptables -A OUTPUT -d $_clearnet -j ACCEPT

done



#allow only Tor output

iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT

iptables -A OUTPUT -j REJECT

 

Then define the "rt_usbarmory" routing table identifier in /etc/iproute2/rt_tables

#

# reserved values

#

255     local

254     main

253     default

0       unspec

#

# local

#

#1      inr.ruhep

1 rt_usbarmory

 

And launch:

# ip rule add from 10.0.0.1/32 table rt_usbarmory

# ip route add default via 192.168.1.1 table rt_usbarmory

# ip route del default

# ip route add default via 10.0.0.1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...