Total Pageviews

Monday, 20 June 2016

osx-tor

How to set Tor to run as background process on every OSX login.

I wanted to install Tor in a Mac OSx VM and set it to launch on login, running in the background at all times. This makes it available to access hidden services or to pipe clients like Adium for Jabber chat through Tor.
Various instructions I found online came close but didn't work. With much help from https://github.com/garrettr I got it running. Figured I should post the blow by blow.
These instructions begin from scratch, without assuming anything is installed.

FIRST INSTALL HOMEBREW

ENTER NEW COMMAND (~) > ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
==> This script will install:
/usr/local/bin/brew
/usr/local/Library/...
/usr/local/share/man/man1/brew.1
==> The following directories will be made group writable:
/usr/local/.
/usr/local/bin
/usr/local/include
/usr/local/lib
/usr/local/lib/pkgconfig
==> The following directories will have their group set to admin:
/usr/local/.
/usr/local/bin
/usr/local/include
/usr/local/lib
/usr/local/lib/pkgconfig

Press RETURN to continue or any other key to abort
==> /usr/bin/sudo /bin/chmod g+rwx /usr/local/. /usr/local/bin /usr/local/include /usr/local/lib /usr/local/lib/pkgconfig
Password:
==> /usr/bin/sudo /usr/bin/chgrp admin /usr/local/. /usr/local/bin /usr/local/include /usr/local/lib /usr/local/lib/pkgconfig
==> /usr/bin/sudo /bin/mkdir /Library/Caches/Homebrew
==> /usr/bin/sudo /bin/chmod g+rwx /Library/Caches/Homebrew
==> Downloading and installing Homebrew...
remote: Counting objects: 3585, done.
remote: Compressing objects: 100% (3430/3430), done.
remote: Total 3585 (delta 35), reused 1451 (delta 19), pack-reused 0
Receiving objects: 100% (3585/3585), 2.75 MiB | 5.16 MiB/s, done.
Resolving deltas: 100% (35/35), done.
From https://github.com/Homebrew/homebrew
 * [new branch]      master     -> origin/master
HEAD is now at 2c822ce rabbitmq: remove bottle.
==> Installation successful!
==> Next steps
Run `brew help` to get started

THEN INSTALL TOR

ENTER NEW COMMAND (~) > brew install tor
==> Installing dependencies for tor: openssl, libevent
==> Installing tor dependency: openssl
==> Downloading https://homebrew.bintray.com/bottles/openssl-1.0.2a-1.mavericks.
######################################################################## 100.0%
==> Pouring openssl-1.0.2a-1.mavericks.bottle.1.tar.gz
==> Caveats
A CA file has been bootstrapped using certificates from the system
keychain. To add additional certificates, place .pem files in
  /usr/local/etc/openssl/certs

and run
  /usr/local/opt/openssl/bin/c_rehash

This formula is keg-only, which means it was not symlinked into /usr/local.

Mac OS X already provides this software and installing another version in
parallel can cause all kinds of trouble.

Apple has deprecated use of OpenSSL in favor of its own TLS and crypto libraries

Generally there are no consequences of this for you. If you build your
own software and it requires this formula, you'll need to add to your
build variables:

    LDFLAGS:  -L/usr/local/opt/openssl/lib
    CPPFLAGS: -I/usr/local/opt/openssl/include

==> Summary
🍺  /usr/local/Cellar/openssl/1.0.2a-1: 463 files, 18M
==> Installing tor dependency: libevent
==> Downloading https://homebrew.bintray.com/bottles/libevent-2.0.22.mavericks.b
######################################################################## 100.0%
==> Pouring libevent-2.0.22.mavericks.bottle.tar.gz
🍺  /usr/local/Cellar/libevent/2.0.22: 48 files, 1.8M
==> Installing tor
==> Downloading https://homebrew.bintray.com/bottles/tor-0.2.6.7.mavericks.bottl
######################################################################## 100.0%
==> Pouring tor-0.2.6.7.mavericks.bottle.tar.gz
==> Caveats
You will find a sample `torrc` file in /usr/local/etc/tor.
It is advisable to edit the sample `torrc` to suit
your own security needs:
  https://www.torproject.org/docs/faq#torrc
After editing the `torrc` you need to restart tor.

To have launchd start tor at login:
    ln -sfv /usr/local/opt/tor/*.plist ~/Library/LaunchAgents
Then to load tor now:
    launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist
==> Summary
🍺  /usr/local/Cellar/tor/0.2.6.7: 19 files, 7.0M

THEN INSTALL TORSOCKS

ENTER NEW COMMAND (~) > brew install torsocks
==> Downloading https://homebrew.bintray.com/bottles/torsocks-2.0.0.mavericks.bo
######################################################################## 100.0%
==> Pouring torsocks-2.0.0.mavericks.bottle.tar.gz
🍺  /usr/local/Cellar/torsocks/2.0.0: 16 files, 284K

THEN SET TOR TO START AT LOGIN USING LAUNCHD

ENTER NEW COMMAND (~) > ln -sfv /usr/local/opt/tor/*.plist ~/Library/LaunchAgents
/Users/brass/Library/LaunchAgents/homebrew.mxcl.tor.plist -> /usr/local/opt/tor/homebrew.mxcl.tor.plist

LOAD TOR NOW

ENTER NEW COMMAND (~) > launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist

TEST THAT TOR IS RUNNING

ENTER NEW COMMAND (~) > torify curl -s https://check.torproject.org | grep Congratulations
  Congratulations. This browser is configured to use Tor.

You can stop here. I like to tweak the torrc file to add logging and pointers to a hidden service

CREATE LOG FILE

First create subdirectories for a log file (the directory '0.2.6.7' could change in later Tor versions)


ENTER NEW COMMAND (~) > mkdir /usr/local/Cellar/tor/0.2.6.7/var/

ENTER NEW COMMAND (~) > mkdir /usr/local/Cellar/tor/0.2.6.7/var/log/

ENTER NEW COMMAND (~) > mkdir /usr/local/Cellar/tor/0.2.6.7/var/log/tor/

Then create log file:


ENTER NEW COMMAND (~) > touch /usr/local/Cellar/tor/0.2.6.7/var/log/tor/notices.log

CREATE TORRC FILE

This creates torrc from the torrc.sample that Brew installs by default

ENTER NEW COMMAND (~) > mv /usr/local/etc/tor/torrc.sample /usr/local/etc/tor/torrc

EDIT TORRC

Add logging and a pointer to a hidden service

ENTER NEW COMMAND (~) > open /usr/local/etc/tor/torrc

Then add these lines at the top, substituting your details for MY_ONION.onion, MY_KEY and MY_CLIENT

Log notice file /usr/local/Cellar/tor/0.2.6.7/var/log/tor/notices.log
HidServAuth MY_ONION.onion MY_KEY #client: MY_CLIENT

UNLOAD AND RELOAD TOR

ENTER NEW COMMAND (~) > launchctl unload ~/Library/LaunchAgents/homebrew.mxcl.tor.plist
ENTER NEW COMMAND (~) > launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist

TEST HIDDEN SERVICE

If the hidden service is working, this will take you to it

ENTER NEW COMMAND (~) > torify ssh MY_ONION.onion
from  https://github.com/b4rton/osx-tor