Connecting to Tor before a Proxy
User
→ Tor
→ Proxy
→ Internet
Introduction[edit]
Before combining Tor with other tunnels, be sure to read and understand the risks!
Advertisement:
Too difficult? Consider purchasing Premium Support.
Proxy Warning[edit]
Warning!
Take careful note of the following issues when using standard, common http(s)/SOCKS4(a)/5 proxies -- anonymizers that only use http(s)/SOCKS4(a)/5 as an interface [1] are exempt.
- Most problems with these proxies are not caused by Whonix ™.
- These problems are unspecific to Whonix ™.
- Tor exit relays and their ISPs can still monitor your connection to its destination.
- Be especially careful with http(s) proxies. Some of them send the
X-Forwarded-For
header which discloses the IP address. http(s) proxies that do not send this header are sometimes called "elite" or "anonymous" proxies. - When using
X-Forwarded-For
http(s) proxies, destination servers can determine the IP of your Tor exit relay.
For further detailed information on proxies, see: Tor vs. Proxies, Proxy Chains.
Comparison of Post-Tor Proxy Connection Methods[edit]
There are three different methods to connect to Tor before a proxy.
User
→ Tor
→ Proxy
→ Internet
Table: Comparison of Post-Tor Proxy Connection Methods
Proxy Settings Method | Proxifier Method | Transparent Proxying Method | |
---|---|---|---|
Examples | Tor Browser proxy settings; foxyproxy | torsocks; proxychains | iptables; redsocks |
Application requires no support for proxy settings | No | Yes | Yes |
Likelihood of leaks [2] going user → Tor → Internet
|
Depends [3] | Depends [4] | Lower [5] |
Leak-shield possible in theory | No | No | Yes |
DNS can be resolved by the same proxy | Yes | Yes | Needs extra DNS resolver [6] |
Does not need separate DNS server. | Yes | Yes | No |
Per application configuration required | Yes | Yes | No |
System wide configuration | No | No | Yes |
Proxy chains possible | No | Yes, but see footnote. [7] | No, would require custom development. [8] |
Setup difficulty | Very difficult because different settings required for every application. | Initial setup very difficult. Afterwards similar usage for most applications. | Initial setup very difficult. Afterwards easy and reliable leak-shield. |
Proxy Settings Method[edit]
Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Proxy_Settings_Method.
Proxyfier Method[edit]
Moved to Tunnels/Connecting to Tor before a proxy/Proxyfier Method.
Transparent Proxying Method[edit]
Moved to Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method.
Footnotes[edit]
- ↑ Like the Tor, JonDonym or I2P software.
- ↑ TCP or DNS
- ↑ Depends if the application has any proxy bypass bugs.
- ↑ Depends on how bug free the socksifier is.
- ↑ Because redirection happens at the iptables level, not at the application level.
- ↑ See Tunnels/Connecting_to_Tor_before_a_proxy/Transparent_Proxying_Method#DNS_resolution.
- ↑ Questionable if that adds anything. See: Aren't 10 proxies (proxychains) better than Tor with only 3 hops? - proxychains vs Tor
- ↑ Would require adding a proxy chains feature to redsocks.