Connecting to Tor before a Proxy
Donate
Instructions on how to connect to Tor before a proxy.
User → Tor → Proxy → Internet
Introduction[edit]
Before combining Tor with other tunnels, be sure to read and understand the risks!
Advertisement:
Too difficult? Consider purchasing Premium Support.
Proxy Warning[edit]
Warning!
Take careful note of the following issues when using standard, common http(s)/SOCKS4(a)/5 proxies -- anonymizers that only use http(s)/SOCKS4(a)/5 as an interface [1] are exempt.
- Most problems with these proxies are not caused by Whonix.
- These problems are unspecific to Whonix.
- Tor exit relays and their ISPs can still monitor your connection to its destination.
- Be especially careful with http(s) proxies. Some of them send the
X-Forwarded-Forheader which discloses the IP address. http(s) proxies that do not send this header are sometimes called "elite" or "anonymous" proxies. - When using
X-Forwarded-Forhttp(s) proxies, destination servers can determine the IP of your Tor exit relay.
For further detailed information on proxies, see: Tor vs. Proxies, Proxy Chains.
Comparison of Post-Tor Proxy Connection Methods[edit]
There are three different methods to connect to Tor before a proxy.
User → Tor → Proxy → Internet
Table: Comparison of Post-Tor Proxy Connection Methods
| Proxy Settings Method | Proxifier Method | Transparent Proxying Method | |
|---|---|---|---|
| Examples | Tor Browser proxy settings; foxyproxy | torsocks; proxychains | iptables; redsocks |
| Application requires no support for proxy settings | No | Yes | Yes |
Likelihood of leaks [2] going user → Tor → Internet
|
Depends [3] | Depends [4] | Lower [5] |
| Leak-shield possible in theory | No | No | Yes |
| DNS can be resolved by the same proxy | Yes | Yes | Needs extra DNS resolver [6] |
| Does not need separate DNS server. | Yes | Yes | No |
| Per application configuration required | Yes | Yes | No |
| System wide configuration | No | No | Yes |
| Proxy chains possible | No | Yes, but see footnote. [7] | No, would require custom development. [8] |
| Setup difficulty | Very difficult because different settings required for every application. | Initial setup very difficult. Afterwards similar usage for most applications. | Initial setup very difficult. Afterwards easy and reliable leak-shield. |
Proxy Settings Method[edit]
Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Proxy_Settings_Method.
Proxyfier Method[edit]
Moved to Tunnels/Connecting to Tor before a proxy/Proxyfier Method.
Transparent Proxying Method[edit]
Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method.
Footnotes[edit]
- ↑ Like the Tor, JonDonym or I2P software.
- ↑ TCP or DNS
- ↑ Depends if the application has any proxy bypass bugs.
- ↑ Depends on how bug free the socksifier is.
- ↑ Because redirection happens at the iptables level, not at the application level.
- ↑ See Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method#DNS_resolution.
- ↑ Questionable if that adds anything. See: Aren't 10 proxies (proxychains) better than Tor with only 3 hops? - proxychains vs Tor
- ↑ Would require adding a proxy chains feature to redsocks.
The most watertight privacy operating system in the world.
At Whonix we value freedom and trust, supporting Open Source and Freedom Software
2012-2023 ENCRYPTED SUPPORT LP
We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!