One of the most important things while learning Ethical Hacking is security and anonymity. Public servers like Google etc, don’t fare well in providing perfect privacy. Hence when browsing from services such as Google Chrome, Mozilla Firefox etc, every single request we send, is captured in some form or the other. Sometimes it’s captured by third-party applications, or sometimes even by the native browsers/sites. This data can then be sold to third-parties, totally invading your privacy.
For a normal browsing session, these things wouldn’t usually hurt us as much. But as we are Cybersecurity enthusiasts, we will be engaging in activities like Social Engineering, Cloud Shells, Kali tools etc. And when we do this, it would be much better if we are utterly sure that we remain anonymous.
What is TOR Browser?
This browser is a modified version of Firefox ESR. It uses the TOR network. TOR stands for The Onion Router. It also disables unreliable plugins to improve anonymity of the user.
This browser also forces all connections to be made over HTTPS (using the https-everywhere plugin).
Download TOR:
Download TOR browser from its official page - https://www.torproject.org/download/languages/
Use TOR:
Head over to https://check.torproject.org/ to check your connection.
You get your own IP address, which isn’t your real address, rather a dubious one to maintain anonymity.
What is The Onion Router Network?
The Onion Router consists of random nodes. Whatever request you send to the server first reaches a random node. The node then passes it on to another random node. This goes on and on till your request has passed through a twisty path of 3 TOR nodes. So, you send it to the first node, which passes it to the middle, which gives it to the end node, which in turn sends it to the server. The server then replies to the end node which takes care of propagating it back to you via the rest of the nodes.
The advantage of this being that whenever someone tries to trace back your movements, they will get caught up in the mess made by the nodes.
Bridges are non-public nodes which are used to establish connections between the nodes.
To any service provider, they will be able to notice that you are using the TOR network. To hide that we use pluggable transports.
Using pluggable transports on the bridges will help it to look like any normal connection.
Pluggable Transports on Bridges:
https://bridges.torproject.org/options
After pressing on Get Bridges, complete the captcha and you will get your bridge lines.
Copy all the bridge lines, then head over to the tor browser and go in preferences:
Search for a network, and paste your bridge lines in the Provide a Bridge option box.
Voila! Your bridge is set up to look like a normal connection.
Finally we can set the safety measure of our browser by navigating to the Privacy and Security
setting:
According to your need, choose the preferred security level. Keep in mind that the higher you increase the security level, the lower will be the performance of the browser.
This completes the basic overview of TOR and setting up the bridges for the best experience. In part 2, we’ll take a look at how to increase your anonymity and safety in TOR, and also how to use it with other applications to strengthen your privacy to a much higher level.
0 Comments