Privoxy/TOR not working with Iceweasel - firefox

I installed tor and privoxy on my linux 64-bit box. And uncommented the following line in /etc/privoxy/config file.
forward-socks5 / 127.0.0.1:9050 .
Then I started services for both. Now, if I run either of the following commands, I get the same IP address, which is not the real ip of PC. So I conclude both tor and privoxy are running.
curl -x 127.0.0.1:8118 curlmyip.com
curl --socks5 127.0.0.1:9050 curlmyip.com
If I use chrome with --proxy-server localhost:8118 switch, I again get the same anonymized IP address.
The problem is, I cannot use the http proxy, localhost 8118, with firefox/iceweasel. I go to Edit -> Preferences -> Advanced -> Network -> Settings and set HTTP and SSL proxies to localhost 8118. Iceweasel says "The proxy server is refusing connections"
Any solutions?

The use of browsers other than Tor Browser is recommended against. The use of privoxy / polipo has been deprecated by The Tor Project long time ago as well. The current advice is to only use Tor Browser, because only Tor Browser gives you an unified web fingerprint and you won't stand out.

I encountered a similar error where I was trying to use a combination of tor and privoxy on home PC.
The OS used was Kali Linux 2.0.
Steps to replicate issue
Installed tor
sudo apt-get install tor
Started Tor relay
tor
Validated if tor was working
netstat -atnp tor | egrep tor
In the output, observed tor output -- great.
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 2401/tor
tcp 0 0 192.168.x.x:44278 xx.xxx.xx.xx:443 ESTABLISHED 2401/tor
Installed privoxy
sudo apt-get install privoxy
Modified default privoxy config file in /etc/privoxy/config as per the instructions here under "How do I use privoxy together with tor" and included the following lines:
forward-socks4a 127.0.0.1:9050 .
forward 192.168.*.*/ .
forward 10.*.*.*/ .
forward 127.*.*.*/ .
Then started privoxy
privoxy /etc/privoxy/config
Ran the command to check if privoxy was working:
netstat -atnp | egrep privoxy
Output showed that privoxy was running (Notice tcp6 which is IPv6 - I didn't pay attention to that initially, but this was the problem):
tcp6 0 0 ::1:8118 :::* LISTEN 3881/privoxy
Then set the SSL and HTTP proxy to 127.0.0.1:8118 and I got the error when surfing internet sites, "The proxy chosen is refusing connections"
Fix:
On reading the privoxy config file carefully, the listen-address stanza displays the following information.
Some operating systems will prefer IPv6 to IPv4 addresses even
if the system has no IPv6 connectivity which is usually not
expected by the user. Some even rely on DNS to resolve
localhost which mean the "localhost" address used may not
actually be local.
**It is therefore recommended to explicitly configure the
intended IP address instead of relying on the operating
system, unless there's a strong reason not to.**
Appears that KALI was preferring to bind to the IPv6 localhost [::1] than IPv4 local host 127.0.0.1 even though I had no IPv6 connectivity.
So I changed listen-address line from
listen-address localhost:8118
to
listen-address 127.0.0.1:8118
and restarted privoxy...
pkill privoxy # kills all processes with privoxy in their name
privoxy /etc/privoxy/config
I then set the SSL, HTTP proxies to 127.0.0.1:8118 and the SOCKS proxy to 127.0.0.1:9050 (Socks 4) in ICEWEASEL. And voila! I was able to connect to internet sites.
For verification, I ran netstat and nmap which showed that privoxy was binding to IPv4 localhost IP..
> netstat -atnp | grep privoxy
tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 3934/privoxy
> nmap 127.0.0.1 -p 8118
PORT STATE SERVICE
8118/tcp open privoxy
> nmap -6 localhost -p 8118
PORT STATE SERVICE
8118/tcp closed privoxy
Note:
My /etc/hosts file also has the entry for the localhost:
127.0.0.1 localhost

It works for me. Please try downloading a binary version of Firefox:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/17.0.8esr/linux-i686/en-US/
Following your exact instructions above with this binary on Gentoo worked for me. I'd surmise that you have an off version of Firefox.

Related

Accessing local dns from local devices using dnsmasq

I got a webserver running on my Mac on localhost:3000 and I am trying to set a local DNS with dnsmasq and to be able to access that DNS from local devices (iPhone / iPad) for test purpose.
I followed this previous post:
iPhone: add entry to /etc/hosts without jailbreaking
I am looking to redirect all *.localhost here
dnsmasq.conf:
/etc/resolver/localhost:
dig google.com:
The Mac Network DNS config:
On my phone, on the same network, adding the Mac Local IP as DNS:
Wi-Fi is connected to xxxxxx and has the IP address 192.168.1.11.
I am able to connect to myapp.localhost:3000 successfully on the Mac but getting Server cannot be found on the iPhone.
Must be missing something there.
EDIT #0: 2021/07/08
netstat -anvp tcp | grep '\b192.168.1.11.53\b' output:
open a terminal and use netstat to check if your dnsmasq is open on 192.168.1.11
if the result is similar to
root#dns-01:~# sudo netstat -tnlp
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA 13376/dnsmasq
it means that it will only accept queries from the local machine, not from your network.
to query from your network you must see something like
tcp 0 0 192.168.1.11:53 0.0.0.0:* OUÇA 13376/dnsmasq
or
tcp 0 0 0.0.0.0:53 0.0.0.0:* OUÇA 104287/dnsmasq

I can not open certain ports via firwall rules in Google Cloud Platform

les
I created the instance from boot image.
but always can not open port 7000 via firewall rules...and egress is (allow all), anybody knows where the problem is?
System: Debian 10
ssh in terminal and
sudo natstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 458/sshd
tcp6 0 0 :::22 :::* LISTEN 458/sshd
Is there any way to turn the port 7000 on ?
Encoutered the same issue when tring to open other ports like 5678...etc.
First of all you need to set the GCP firewall rule as "ingress".
Ingress is needed to allow incoming connections to the instance.
Regarding the ports, it does not open or activate by itself or in automatic, you need to have a service listening on that port.
However there are some tools used which allows you to activate the port by some time for testing purposes.
You can use tools like iperf3 to activate the port.
Install iperf3 for your vm with the command below.
sudo apt-get install iperf3
Once you have installed iperf3 you need to run the command below. ("-s" indicates your instance is in "server" mode, the "-p" is to set the port you prefer)
iperf -s -p 7000
On your remote machine (Client) you also need to install iperf3, if it is also a linux machine you can try the same command I mentioned earlier.
Once you have installed iperf3 use the below comamnd to reach the VM pointing the port 7000. ("-c" indicates client mode,the "-p" is to set the port the server is listening).
iperf -c [server ip address] -p 7000
Please refer to iperf
Another useful tool is netcat

How to Use sshuttle on Windows WSL2

We have a Jenkins server which is accessible only from within the VPC on the cloud. On Mac and Linux I use sshuttle to make a ssh connection to the bastion instance (to act a proxy) and open the Jenkins console in the browser. Everything works fine.
Now I'm on Windows and trying to do the same on WSL2. If I'm not mistaken previously, sshuttle didn't work on WSL1 (failed with some error message), but I managed to run it on WSL2 without any issue. The ssh connection is established and I can access my Jenkins (using curl).
Then I tried to access my Jenkins on Windows via WSL2:
1. I found the IP address of WSL2 and the port the ssh tunnle:
# lsof -i -n | grep ssh
sshuttle 1234 rad 5u IPv4 39270 0t0 TCP *:socks (LISTEN)
ssh 5678 rad 3u IPv4 40252 0t0 TCP 172.25.236.84:57578->bastion:ssh (ESTABLISHED)
2. I configured network proxy setting of Firefox (v77) to use my ssh tunnle:
Manual proxy configuration
SOCK host: 172.25.236.84
Port: 1080
SOCKS V5 (tested with V4 as well)
But loading the page fails with "The connection was reset" error on Firefox. I tested via Powershell that the SOCKS port is open and responding (using Test-NetConnection).
1. Any idea what the problem is? How to make it work?
2. If it's not gonna work, is there any other solution (e.g. Docker, etc)?
Thanks.
I'm not sure, but my guess is that sshuttle doesn't actually act as a SOCKS proxy and that's why the connection gets reset.
I managed to access my Jenkins on Windows machine using ssh SOCKS proxy: ssh -D 0.0.0.0:1080 rad#bastion and configured Firefox to use the SOCKS proxy.
Interestingly, for this you don't even need WSL. It seems Windows 10 has OpenSSH and you can use it. Just open CMD and type ssh -D 1080 rad#bastion and setup Firefox to use localhost as the proxy.
If there's any better solution or any comment/concern (apart from DNS over SOCKS) with this approach, please share.
Thanks.
As alternative on WSL(2) you can run a regular SSH tunnel.
Eg:
ssh -N -L 127.0.0.1:5432:some_domain_to_forward:5432 user#jumpbox_ip
and then just connect to 127.0.0.1:5432

Able to open TCP port but not listening

Using Add rule in windows firewall, I was able to open TCP port 15537. When i am trying to executing command netstat -ano on terminal windows, this port is not listed. I tried to execute telnet command on terminal window (e.g. telnet IP port) but getting
Connecting To localhost...Could not open connection to the host, on port 15537: Connect failed
Then I downloaded PortQry application and execute it from different machine, this machine is also in the same network, the result I received was
"Not Listening".
I already spent more than 2 days and asked internal group but could not find solution.
Note: both machines are having Windows 10 OS.
No solution is needed as no problem is indicated in the question. You have opened a TCP port successfully. You have not made any attempt to cause anything to listen to that TCP port.
It's not clear what results you expected, but you got the results that you should have expected. Nothing is wrong. The port is open because you opened it. Nothing is listening on that port because you didn't set anything to listen on that port.
There may be some forwarding rules? Since the purpose of access is not on the local machine, the netstat command cannot see the port on listening, but it can see the next action based on this port, usually to do some forwarding
I am not very familiar with windows firewall configuration, but I know that if there is a forwarding rule in linux, like
-p tcp -m tcp --dport 8080 -j {other forwading chain}
we can not see 8080 listening on this host (netstat -tunpl), but telnet host:8080 may see connected
Use nmap instead of netstat for detecting opening port
nmap -p your_port_number your_local_ip
Run service on that port
For eg- In my case,in order to open port,I use
"service ssh start" or "service apache2 start "and it's open port 22 and 80 for connection respectively in my linux machine.
On using nmap in my lan network both ports opened.
Hope it help

Access Docker forwarded port on Mac

There is a related post here: Port mapping in Docker on Mac OSX installed with Docker Toolbox
but it didn't work for me
Get ports for container
docker port 485186e65a5e
8080/tcp -> 0.0.0.0:33360
8088/tcp -> 0.0.0.0:33359
19888/tcp -> 0.0.0.0:33358
50070/tcp -> 0.0.0.0:33357
50075/tcp -> 0.0.0.0:33356
8042/tcp -> 0.0.0.0:33361
Check that someone listens to ports in container
bash-4.1# netstat -alnpt | grep 19888
tcp 0 0 127.0.0.1:19888 0.0.0.0:* LISTEN 1094/java
Do wget in container
bash-4.1# wget 127.0.0.1:19888
--2016-04-11 14:16:54-- http://127.0.0.1:19888/
Connecting to 127.0.0.1:19888... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://127.0.0.1:19888/jobhistory [following]
--2016-04-11 14:16:54-- http://127.0.0.1:19888/jobhistory
Reusing existing connection to 127.0.0.1:19888.
HTTP request sent, awaiting response... 200 OK
Length: 6763 (6.6K) [text/html]
Saving to: `index.html'
100%[================================================================================================================================================================================>] 6,763 --.-K/s in 0s
2016-04-11 14:16:54 (182 MB/s) - `index.html' saved [6763/6763]
Try to access forwarded port from host, no luck... :(((
$docker-machine ip default
192.168.99.100
$ wget 192.168.99.100:33358
--2016-04-11 16:18:04-- http://192.168.99.100:33358/
Connecting to 192.168.99.100:33358... failed: Connection refused.
What do I do wrong?
Omg, desired service started on 127.0.0.1 in container, that is why it wasn't visible from outside world. I've modified service config to start on 0.0.0.0 and now I can access forwarded container port
I had the same problem and was able to fix it by specifying the host that the server within the container uses.
NOTE: when using host below, it means a web server host. When I use host-machine, I mean the main operating system I'm using, (i.e. not a container or a web server, just my laptop as a machine)
The Problem
Running web servers on the container like webpack-dev-server and http-server automatically run the app using a host of http://localhost. Typically you will see that in the output when you start the server. Something like :
Project is running at http://localhost:8080
or
Server available at http://127.0.0.1:8080
On most machines, localhost and 127.0.0.1 are the same thing. This host is not publicly viewable. As a result, your host machine can't see anything, even though it's looking in the right place.
Solution
You should specify a public host when you run the server inside your container.
webpack-dev-server --port 8080 --host 0.0.0.0
or
http-server -p 8080 -a 0.0.0.0
Because the 0.0.0.0 address is viewable to any outside machine, you should be able to see your app working as expected from your host machine.
NOTE: This works for any server, like Python's SimpleHTTPServer, etc. Just look up how to change the host for your chosen server in the documentation
Resources/Nods
(how to run webpack-dev-erver with a publicly accessible host)[How to make the webpack dev server run on port 80 and on 0.0.0.0 to make it publicly accessible?

Resources