[tor-talk] Tor transparent proxy implementation on Windows

hmoh at Safe-mail.net hmoh at Safe-mail.net
Thu Dec 22 11:16:37 UTC 2011

> On 12/21/11 1:39 PM, songso at tormail.net wrote:
>  > I am quite convinced of the transparent proxy approach. The concepts 
> sound
>  > very convincing. [1] [2]
> ...
>  > Can you point me or post please some instructions how to build a Tor
>  > transparent proxy environment for Windows? (Windows host, Windows guest)
> The current solution for Windows is to run a Linux distro. :-)

I was looking for a Windows solution because a Windows XP VM on top of Windows 7 lags a lot less then Linux. And I am much more familiar and convenient with Windows, there are some apps and ways I do not like to miss, although I am getting familiar with linux for a while already.

> So, use TAILs.

As far I understand that also uses only a normal Tor installation... No transparent proxy.

> For a Windows solution that doesn't require another OS VM, there are few 
> ways to go:
> SOCKS is not well supported on Windows, at least by Windows. There are a 
> few third party SOCKS solutions for Windows, none built-in. The main 
> technique used for this is DLL Injection, which intercept's the apps 
> WinSock API calls, and redirects the destination to the SOCKS server, to 
> Tor. The Microsoft Research "Detours" technology is an API for this sort 
> of thing. Besides some antimalware tools disliking SOCKS DLL injecting 
> solutions, most solutions that I know of are user-mode-only, ignoring 
> kernel socket I/O.

I checked out this approach for a while, tested it and made my opinion. All those socks wrappers (Sockscap, Freecap, ...) are mostly build with connectivity in mind with no much eye for anonymity.

Problem is by design. (I say this before before, I do not care about bittorrent over Tor.) But I am referring here to the article 'bittorrent-over-tor-isnt-good-idea' [1]. Just as an example because it has been well researched. There might be other programs who do such strange things as detecting the external ip with nonstandard ways, router UPNP and so on. Difference is only that no one has researched that thoroughly yet. If the machine connected by Tor should be always unable to find out one's real IP, that one is not given by those socksifiers. Also in mind of compromising the program.

I am not a computer security researcher or expert but even I could find a massive leak about those socksifiers quite easily. As soon as IPv6 connectivity is given on the host those socksifiers will either ignore socks settings at all, even for IPv4 requests (tested with firefox IP whois) or leak DNS requests (seen it with WireShark). That's why I do not trust them. Also not much development / active support seams to be up there.

> Windows Firewall in modern Windows is less lame than in the past. The 
> 'netcmd' tool can be used to setup rules like 'iptables' does on Linux. 
> It might be possible to use Windows Firewall API in Tor or Vidalia at 
> install-time to work with a transparent proxy solution.
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa366319%28v=VS.85%29.aspx
> On Windows, Suricata uses the NetfilterWindows driver. I've not tried 
> this driver yet, not sure what options it might offer for Tor.
> http://sourceforge.net/projects/netfilterforwin/
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Windows
> There's also this, which is a third party commercial tool, I've not 
> looked at, not sure what technology they're using.
> http://netfiltersdk.com/
> AFAIK, if the Firewall API can't handle it, the current proper Windows 
> native solution for transparent socket proxying under Windows is to 
> write an Windows Filtering Platform (WFP) driver. I don't believe there 
> is any such drive that exists, in the open source community.
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa366510%28v=vs.85%29.aspx

Thanks, I'll check that all out to see if I can make something out of it.
> All that said, IMO you'd be best to stick with TAILS until someone from 
> the TorProject says that one of the above things works properly with Tor.

I see.

[1] https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea

More information about the tor-talk mailing list