Connecting to Tor before a Proxy
Before combining Tor with other tunnels, be sure to read and understand the risks!
Too difficult? Consider purchasing Premium Support.
Warning! Take careful note of the following issues when using standard, common http(s)/SOCKS4(a)/5 proxies -- anonymizers that only use http(s)/SOCKS4(a)/5 as an interface  are exempt.
- Most problems with these proxies are not caused by Whonix ™.
- These problems are unspecific to Whonix ™.
- Tor exit relays and their ISPs can still monitor your connection to its destination.
- Be especially careful with http(s) proxies. Some of them send the
X-Forwarded-Forheader which discloses the IP address. http(s) proxies that do not send this header are sometimes called "elite" or "anonymous" proxies.
- When using
X-Forwarded-Forhttp(s) proxies, destination servers can determine the IP of your Tor exit relay.
For further detailed information on proxies, see: Tor vs. Proxies, Proxy Chains.
Comparison of Post-Tor Proxy Connection Methods
There are three different methods to connect to Tor before a proxy.
Table: Comparison of Post-Tor Proxy Connection Methods
|Proxy Settings Method||Proxifier Method||Transparent Proxying Method|
|Examples||Tor Browser proxy settings; foxyproxy||torsocks; proxychains||iptables; redsocks|
|Application requires no support for proxy settings||No||Yes||Yes|
|Likelihood of leaks  going
||Depends ||Depends ||Lower |
|Leak-shield possible in theory||No||No||Yes|
|DNS can be resolved by the same proxy||Yes||Yes||Needs extra DNS resolver |
|Does not need separate DNS server.||Yes||Yes||No|
|Per application configuration required||Yes||Yes||No|
|System wide configuration||No||No||Yes|
|Proxy chains possible||No||Yes, but see footnote. ||No, would require custom development. |
|Setup difficulty||Very difficult because different settings required for every application.||Initial setup very difficult. Afterwards similar usage for most applications.||Initial setup very difficult. Afterwards easy and reliable leak-shield.|
Proxy Settings Method
Transparent Proxying Method
- Like the Tor, JonDonym or I2P software.
- TCP or DNS
- Depends if the application has any proxy bypass bugs.
- Depends on how bug free the socksifier is.
- Because redirection happens at the iptables level, not at the application level.
- See Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method#DNS_resolution.
- Questionable if that adds anything. See: Aren't 10 proxies (proxychains) better than Tor with only 3 hops? - proxychains vs Tor
- Would require adding a proxy chains feature to redsocks.