Network Management, as its name implies, is the person who manages the network every day and tries every means to restrict our Internet access. Various rules are established on the Internet, including no downloading, no im, and no access to restricted websites. This prevents us from enjoying the fun brought by the Internet. Do you want to break through these restrictions without knowing how to freely access the Internet under the eyes of the network administrator? Using the Onion Router (TOR) can help you achieve this.
I. Analysis on the working principle of tor
First, we will introduce how tor works. Just like when we go out, we have to go to the East Side, and to the west side to go to the West Side to go to the west city gate. Our software also needs to contact others through the gate (port). For example, when you chat via QQ, you type a line in QQ and choose to send, QQ will send this line of text into a data package to the side of the city wall (firewall or gateway server), then he will look for gate 8,000th (port) and pass through the city gate, send data to your friends. However, if the hacker does not want you to use QQ chat, he can close the gate 8,000th so that your data package will be blocked by the gate and your chat information will not be sent out. To solve this problem, a friendly person (proxy server) has appeared on the Internet to help forward the package ). For example, if we set the proxy server address in QQ to 202.106.0.20 and port to 8080, QQ will send the package to the side of the city wall when sending the message via QQ, instead of going to the gate of gate 8000 to eat a closed door, I switched to the gate of gate 8080 and sent the package to the machine whose network address is 202.106.0.20, the machine then transfers the information to your friends through its own gate 8000. This machine is called a proxy server.
However, for network administrators with a higher level, the packet filtering function can be added to the port. That is, he will arrange for the sentinel to guard the gates on all the walls (firewall or gateway server ports) and they will not allow you to ship data packages out of the city. However, all parcels that pass through the city gate must pass their inspection and they will take all the packages apart, check whether there is any sensitive data in it (for example, QQ data packages may contain Tencent). All packages containing sensitive data will be intercepted by these sentinns, even if you use a proxy server, and cannot escape the detection of the Sentinel.
To solve these problems, tor was born. Tor's work 1 is shown. In the figure, the machines marked with "+" are the TOR's forwarding points, which form an internal loop, and the data packages between these machines are encrypted. After you install the TOR client software on the machine, the QQ chat process becomes. Your QQ first sends the data package to the TOR proxy server on the machine, tor will encrypt and protect the data packages and then send them to the gate guarded by the Sentinel. As the data packages are encrypted, the Sentinel will not be able to see the sensitive information in the packages, so he has to release them. Because the package is encrypted and cannot be directly sent to your friends, the TOR will first send it to a forwarding node in the TOR loop and the node will continue forwarding. After several forwarding times, the last tor forwarding point will translate your data package into plain text and send it to your friends. The reply information of your friends will be returned based on the original path.
Figure 1 tor operation
Tor's Working Mechanism brings us two benefits: Tor automatically maintains the forwarding nodes in the network, and you don't need to spend any time looking for available proxy servers on the network; in addition, because data transmission is encrypted, the Overlord Network Manager cannot block you or know the specific content of the data you send.
Ii. installing and configuring tor
After understanding the principle, let's start to practice it. The TOR is divided into the client and server. The server is the forwarding point we mentioned above, and the client is used to connect to the server, it is also a good helper for anonymous Internet access.
1. Install tor
If you only use the TOR client, the configuration is very simple. Run the downloaded installation package and install it very easily. After installation is complete, double-click the "tor" shortcut on the desktop, A command line Prompt window is displayed, as shown in figure 2. Wait a moment to see the prompt that the TOR has successfully established a loop.
Figure 2 prompt for successful tor running
At this time, the TOR usually connects to three forwarding nodes on the network and opens the SOCKS5 service on the local port 9050. Of course, the number of connected servers and IP addresses will change over time. If you think it is difficult to open such a black window, you can run the TOR service in the future. Select Start> Run and Enter cmd, press enter to open the command line Prompt window, and then locate the TOR installation directory. Take the default installation as an example, enter: cd c: \ "Program Files" \ tor or press Enter, then enter:
Tor-install
Tor-service start
After this setting, every time you start the system,ProgramWill run in the background, you can enter: services. MSC. Check the running status of the ToR service. Enter tor-stop to stop the service. Enter tor-remove to cancel running the service, however, you must stop the manual service first.
2. Configure the TOR Interface
If you think the black and white windows facing the command line are too boring, you can also try to use some tor interface plug-ins, such as: Tor tray. download the software and copy it to the TOR installation directory, double-click "run" to view the TOR icon in the lower right corner. 3. Right-click the icon to choose "run" or "Stop tor.
Figure 3 tor tray run or stop tor
If you think Tor tray is too simple, you can also try to use tor control panel, which is a graphical control interface of Tor. You can view the detailed running status of Tor and traffic information, the installation process is also very simple. The only thing that needs to be set is to specify the TOR installation path to the software, as shown in figure 4. After installing the software, you can see the TOR running log, as shown in Figure 5.
Figure 4. Tor installation path
Figure 5 tor control panel displays detailed tor logs
After setting, we can use the proxy function provided by tor to access the Internet. Take the setting of MSN as an example, open MSN Messenger, and select "Tools → options ", select "Connect" on the left side of the displayed interface, click "Advanced Settings", enter 127.0.0.1, port 9050, and click "test" in "Socks, test whether the connection is successful. If a prompt is displayed, Your MSN can use tor to access the Internet.
3. a good guide-tor auxiliary tool
It is depressing that tor only supports the socks proxy protocol, while many of our network software does not support the SOCKS protocol, or simply does not support any proxy protocol, in this case, we need to use some auxiliary tools to expand tor functions.
1. Add an HTTP proxy for the tor
Privoxy appears first. It helps us convert the HTTP Proxy protocol to the socks proxy protocol. The settings are very simple. First, install Privoxy and run the software, select option → edit main configration and enter: forward-socks4a/localhost: 9050 at the top of the pop-up configuration page. (Note that there is an English period behind 9050, which cannot be omitted). Restart Tor and Privoxy after setting. Then open the network software that supports the HTTP Proxy Protocol, for example, Firefox. in the address bar, enter 127.0.0.1. Port 8118 is supported. To test whether the TOR + Privoxy combination takes effect, visit the website: Principal.
Privoxy records every time you access the network in its logs. If your traffic volume is large, the log files will not generate large volumes, we can turn off the log record in it. The specific operation method is to select "option → edit main configration" and search for the logfile Privoxy in it. log and jarfile jar. log field. Add # to the front of the two fields so that Privoxy will not automatically record the log.
2. Allow all network software agents
However, not all network software supports the proxy protocol. Many network programs simply do not support any proxy. This requires that sockscap be launched. It allows any network program that does not support proxy to use the socks proxy protocol. The specific method is to install and run the software, and then select "File> Settings ", in SOCKS Server, enter 127.0.0.1 and port 9050. Then, drag the network program icon that needs to be used as a proxy to the program window, as shown in 6, and select "New Application ID... ", click" OK "in the pop-up window, sockscap will create a shortcut for the network program in its window, and double-click the network program in sockscap, it will access the network through the socks proxy.
Figure 6 set the program to use socks proxy
Note:
Tor is very powerful. It can help us break through almost all network restrictions, but we 'd better follow certain rules when using it: first, you should not use it for P2P applications such as BT downloads. Aside from its legitimacy, Tor's forwarding nodes are established by volunteers on the network using their own servers and network bandwidth, if the TOR network is used to transmit huge amounts of data, it is really not a good deal. The junk email and Tor encryption function can help send anonymous emails, please do not use this function to send spam, which may cause troubles to others. Malicious attacks are difficult to detect due to encryption and layer-by-layer forwarding, so that the TOR can always serve us, please do not use it for such illegal activities. Of course, tor also considered these issues at the beginning of design. Network activities with the above features may be filtered out in the internal loop of Tor and will not be sent to the Internet.
So far, the main usage of Tor has been introduced. If you think the above settings are troublesome, you can download the three-in-one version of Tor + Privoxy + sockscap, which is very simple to use, double-click Run. bat, without any other installation and configuration, the above three software will be installed and run, very simple.
(E129)