[tor-talk] Tor transparent proxy implementation on Windows
Lee Fisher
blibbet at gmail.com
Thu Dec 22 00:16:19 UTC 2011
On 12/21/11 1:39 PM, songso at tormail.net wrote:
> I am quite convinced of the transparent proxy approach. The concepts
sound
> very convincing. [1] [2]
...
> Can you point me or post please some instructions how to build a Tor
> transparent proxy environment for Windows? (Windows host, Windows guest)
The current solution for Windows is to run a Linux distro. :-) So, use
TAILs.
For a Windows solution that doesn't require another OS VM, there are few
ways to go:
SOCKS is not well supported on Windows, at least by Windows. There are a
few third party SOCKS solutions for Windows, none built-in. The main
technique used for this is DLL Injection, which intercept's the apps
WinSock API calls, and redirects the destination to the SOCKS server, to
Tor. The Microsoft Research "Detours" technology is an API for this sort
of thing. Besides some antimalware tools disliking SOCKS DLL injecting
solutions, most solutions that I know of are user-mode-only, ignoring
kernel socket I/O.
Windows Firewall in modern Windows is less lame than in the past. The
'netcmd' tool can be used to setup rules like 'iptables' does on Linux.
It might be possible to use Windows Firewall API in Tor or Vidalia at
install-time to work with a transparent proxy solution.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366319%28v=VS.85%29.aspx
On Windows, Suricata uses the NetfilterWindows driver. I've not tried
this driver yet, not sure what options it might offer for Tor.
http://sourceforge.net/projects/netfilterforwin/
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
There's also this, which is a third party commercial tool, I've not
looked at, not sure what technology they're using.
http://netfiltersdk.com/
AFAIK, if the Firewall API can't handle it, the current proper Windows
native solution for transparent socket proxying under Windows is to
write an Windows Filtering Platform (WFP) driver. I don't believe there
is any such drive that exists, in the open source community.
http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510%28v=vs.85%29.aspx
All that said, IMO you'd be best to stick with TAILS until someone from
the TorProject says that one of the above things works properly with Tor.
HTH
More information about the tor-talk
mailing list