Connecting to Tor before a Proxy

From Whonix
Jump to navigation Jump to search

Instructions on how to connect to Tor before a proxy.



Before combining Tor with other tunnels, be sure to read and understand the risks!

Too difficult? Consider purchasing Premium Support.

Proxy Warning[edit]

Whonix first time users warning Warning! Take careful note of the following issues when using standard, common http(s)/SOCKS4(a)/5 proxies -- anonymizers that only use http(s)/SOCKS4(a)/5 as an interface [1] are exempt.

  • Most problems with these proxies are not caused by Whonix.
  • Tor exit relays and their ISPs can still monitor your connection to its destination.
  • Be especially careful with http(s) proxies. Some of them send the X-Forwarded-For header which discloses the IP address. http(s) proxies that do not send this header are sometimes called "elite" or "anonymous" proxies.
  • When using X-Forwarded-For http(s) proxies, destination servers can determine the IP of your Tor exit relay.

For further detailed information on proxies, see: Tor vs. Proxies, Proxy Chains.

Comparison of Post-Tor Proxy Connection Methods[edit]

There are three different methods to connect to Tor before a proxy.


Table: Comparison of Post-Tor Proxy Connection Methods

Proxy Settings Method Proxifier Method Transparent Proxying Method
Examples Tor Browser proxy settings; foxyproxy torsocks; proxychains iptables; redsocks
Application requires no support for proxy settings No Yes Yes
Likelihood of leaks [2] going userTorInternet Depends [3] Depends [4] Lower [5]
Leak-shield possible in theory No No Yes
DNS can be resolved by the same proxy Yes Yes Needs extra DNS resolver [6]
Does not need separate DNS server. Yes Yes No
Per application configuration required Yes Yes No
System wide configuration No No Yes
Proxy chains possible No Yes, but see footnote. [7] No, would require custom development. [8]
Setup difficulty Very difficult because different settings required for every application. Initial setup very difficult. Afterwards similar usage for most applications. Initial setup very difficult. Afterwards easy and reliable leak-shield.

Proxy Settings Method[edit]

Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Proxy_Settings_Method.

Proxyfier Method[edit]

Moved to Tunnels/Connecting to Tor before a proxy/Proxyfier Method.

Transparent Proxying Method[edit]

Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method.


  1. Like the Tor, or I2P software.
  2. TCP or DNS
  3. Depends if the application has any proxy bypass bugs.
  4. Depends on how bug free the socksifier is.
  5. Because redirection happens at the iptables level, not at the application level.
  6. See Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method#DNS_resolution.
  7. Questionable if that adds anything. See: Aren't 10 proxies (proxychains) better than Tor with only 3 hops? - proxychains vs Tor
  8. Would require adding a proxy chains feature to redsocks.

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!