Know How...

Apr 10th 2017

Know How... 301

Raspberry Pi TOR

Set up your own RaspPi TOR AP!
Although the show is no longer in production, you can enjoy episodes from the TWiT Archives.
Category: Help & How To

Why you should care about encrypting and anonymizing your internet traffic, and how to build your very own Raspberry Pi TOR project. 

RasPi AP

1. Image Raspbian onto your SD card
2. Expand the volume
  -- Open Terminal
  -- "sudo raspi-config"
  -- Select option 1

3. Change the default password
  -- Select option 2

** RasPi will Reboot

4. Turn your RasPi into an Access Point
  * A GIT user by the name of "Harry Allerston" created a script to automate the process
  -- Open Terminal
  -- "git clone"
  -- "cd RPI-Wireless-Hotspot"
  -- "sudo ./install"
  -- "Y" to agree to terms
  -- "Y" to use preconfigured DNS
  -- "Y" to use Unblock-Us DNS servers
  -- "N" for WiFi defaults
  -- Type in a new WiFi password (it will be checked)
  -- Type in a new SSID
  -- Type in your desired WiFi channel (1, 6, 11)
  -- Type "N" when asked - "Are you using a rtl871x chipset?" -- 
  -- Type "N" for chromecast support (unless you plan to use a chromecast w/RasTor)

** Your Pi will reboot

5. Update your Raspbian installation
  - Open Terminal
  - "sudo apt-get update"
      * "apt-get" is a diagnostic tool that updates all packages and checks for broken dependencies


What's in your traffic stream?

Why should we care about encrypting/anonymizing our traffic?        
The easiest way to explain this is to show you what can be seen by your ISP.        
Parts and Tools        
1. "SharkTap" Gigabit Network Sniffer    ~$180
2. Wireshark (Windows and OSX)    FREE


6. Install TOR
  -- "sudo apt-get install tor"
  -- "Y" on "continue?"

7. Configure TOR
  -- "sudo nano /etc/tor/torrc"
  -- Add the following just below the first set of comments
    Log notice file /var/log/tor/notices.log
     AutomapHostsSuffixes .onion,.exit
     AutomapHostsOnResolve 1
     TransPort 9040
     DNSPort 53

8. Dump all the old rules from the iptable
  -- "sudo iptables -F"
  -- "sudo iptables -t nat -F"
      * iptables lets you configure the rules of the Linux Kernel Firewall.
      * It allow you to define how packets are treated
      * We're using it to route traffic through TOR

9. Route DNS through the TOR
  -- "sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53"

10. Route all TCP traffic through the TOR
  -- "sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040"

11. Check your routes
  -- "sudo iptables -t nat -L"

12. Save our new rules to the NAT table
  "sudo sh -c "iptables-save > /etc/iptables.ipv4.nat""

13. Create log file
  -- "sudo touch /var/log/tor/notices.log"
      * "touch" creates an empty file
  -- "sudo chown debian-tor /var/log/tor/notices.log"
      * "chown" changes the ownership of a fille (so that TOR can use it)
  -- "sudo chmod 644 /var/log/tor/notices.log"
      * "chmod" is the "change mode" command - it changes permissions
      *** 600 : Only owner can read/write
      *** 644 : Only owner can write, others can read
      *** 666 : All uses can read/write.

14. Start the TOR service
  -- "sudo service tor start"

15. Check to see if the service is running
  -- "sudo service tor status"

16. Change the service to start on boot
  -- "sudo update-rc.d tor enable"

Be Sure to Include this text in the notes!!!
"*** Install the WiFi Hotspot **
git clone
cd RPI-Wireless-Hotspot
sudo ./install

** Install TOR **
sudo apt-get install tor

** Configure TOR **
sudo nano /etc/tor/torrc

** Add the following to the config file **
Log notice file /var/log/tor/notices.log
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53

** Dump iptable **
sudo iptables -F
sudo iptables -t nat -F

** Route DNS **
sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53

** Route TCP **
sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040

** Check Routes **
sudo iptables -t nat -L

** Save routes **
sudo sh -c ""iptables-save > /etc/iptables.ipv4.nat""

** Create Log File **
sudo touch /var/log/tor/notices.log
sudo chown debian-tor /var/log/tor/notices.log
sudo chmod 644 /var/log/tor/notices.log

** Start TOR **
sudo service tor start

** Check TOR **
sudo service tor status

** Set TOR to start on boot **
sudo update-rc.d tor enable


Connect with us!

Thanks to CacheFly for the bandwidth for this show.