-- Leo's gemini proxy

-- Connecting to perso.pw:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;

How to use Tor only for onion addresses in a web browser


Author: Solène

Date: 12 June 2021

Tags: tor openbsd networking security privacy


Comment on Mastodon


Introduction


A while ago I published about Tor and Tor hidden services. As a quick reminder, hidden services are TCP ports exposed into the Tor network using a long .onion address and that doesn't go through an exit node (it never leaves the Tor network).


If you want to browse .onion websites, you should use Tor, but you may not want to use Tor for everything, so here are two solutions to use Tor for specific domains. Note that I use Tor but this method works for any Socks proxy (including ssh dynamic tunneling with ssh -D).


I assume you have tor running and listening on port 127.0.0.1:9050 ready to accept connections.


Firefox extension


The easiest way is to use a web browser extension (I personally use Firefox) that will allow defining rules based on URL to choose a proxy (or no proxy). I found FoxyProxy to do the job, but there are certainly other extensions that propose the same features.


FoxyProxy for Firefox


Install that extension, configure it:


- add a proxy of type SOCKS5 on ip 127.0.0.1 and port 9050 (adapt if you have a non standard setup), enable "Send DNS through SOCKS5 proxy" and give it a name like "Tor"

- click on Save and edit patterns

- Replace "*" by "*.onion" and save


In Firefox, click on the extension icon and enable "Proxies by pattern and order" and visit a .onion URL, you should see the extension icon to display the proxy name. Done!


Using privoxy


Privoxy is a fantastic tool that I forgot over the time, it's an HTTP proxy with built-in filtering to protect users privacy. Marcin Cieślak shared his setup using privoxy to dispatch between Tor or no proxy depending on the url.


The setup is quite easy, install privoxy and edit its main configuration file, on OpenBSD it's /etc/privoxy/config, and add the following line at the end of the file:


forward-socks4a   .onion               127.0.0.1:9050 .

Enable the service and start/reload/restart it.


Configure your web browser to use the HTTP proxy 127.0.0.1:8080 for every protocol (on Firefox you need to check a box to also use the proxy for HTTPS and FTP) and you are done.


Marcin Cieślak mastodon account (thanks for the idea!).


Conclusion


We have seen two ways to use a proxy depending on the location, this can be quite useful for Tor but also for some other use cases. I may write about privoxy in the future but it has many options and this will take time to dig that topic.


Going further


Duckduck Go official Tor hidden service access

Check if you use Tor, this is a simple but handy service when you play with proxies

Official Duckduck Go about their Tor hidden service


TL;DR on OpenBSD


If you are lazy, here are instructions as root to setup tor and privoxy on OpenBSD.


pkg_add privoxy tor
echo "forward-socks4a   .onion               127.0.0.1:9050 ." >> /etc/privoxy/config
rcctl enable privoxy tor
rcctl start privoxy tor

Tor may take a few minutes the first time to build a circuit (finding other nodes).

-- Response ended

-- Page fetched on Fri Apr 26 17:36:49 2024