[tor-talk] Tor transparent proxy implementation on Windows

Lee Fisher blibbet at gmail.com
Thu Dec 22 00:16:19 UTC 2011

On 12/21/11 1:39 PM, songso at tormail.net wrote:
 > I am quite convinced of the transparent proxy approach. The concepts 
 > very convincing. [1] [2]
 > Can you point me or post please some instructions how to build a Tor
 > transparent proxy environment for Windows? (Windows host, Windows guest)

The current solution for Windows is to run a Linux distro. :-) So, use 

For a Windows solution that doesn't require another OS VM, there are few 
ways to go:

SOCKS is not well supported on Windows, at least by Windows. There are a 
few third party SOCKS solutions for Windows, none built-in. The main 
technique used for this is DLL Injection, which intercept's the apps 
WinSock API calls, and redirects the destination to the SOCKS server, to 
Tor. The Microsoft Research "Detours" technology is an API for this sort 
of thing. Besides some antimalware tools disliking SOCKS DLL injecting 
solutions, most solutions that I know of are user-mode-only, ignoring 
kernel socket I/O.

Windows Firewall in modern Windows is less lame than in the past. The 
'netcmd' tool can be used to setup rules like 'iptables' does on Linux. 
It might be possible to use Windows Firewall API in Tor or Vidalia at 
install-time to work with a transparent proxy solution.

On Windows, Suricata uses the NetfilterWindows driver. I've not tried 
this driver yet, not sure what options it might offer for Tor.

There's also this, which is a third party commercial tool, I've not 
looked at, not sure what technology they're using.

AFAIK, if the Firewall API can't handle it, the current proper Windows 
native solution for transparent socket proxying under Windows is to 
write an Windows Filtering Platform (WFP) driver. I don't believe there 
is any such drive that exists, in the open source community.

All that said, IMO you'd be best to stick with TAILS until someone from 
the TorProject says that one of the above things works properly with Tor.


More information about the tor-talk mailing list