Title: How to use Tor only for onion addresses in a web browser
Author: Solène
Date: 12 June 2021
Tags: tor openbsd networking security privacy
Description:
# Introduction
A while ago I published about Tor and Tor hidden services. As a quick
reminder, hidden services are TCP ports exposed into the Tor network
using a long .onion address and that doesn't go through an exit node
(it never leaves the Tor network).
If you want to browse .onion websites, you should use Tor, but you may
not want to use Tor for everything, so here are two solutions to use
Tor for specific domains. Note that I use Tor but this method works
for any Socks proxy (including ssh dynamic tunneling with ssh -D).
I assume you have tor running and listening on port 127.0.0.1:9050
ready to accept connections.
# Firefox extension
The easiest way is to use a web browser extension (I personally use
Firefox) that will allow defining rules based on URL to choose a proxy
(or no proxy). I found FoxyProxy to do the job, but there are
certainly other extensions that propose the same features.
(HTM) FoxyProxy for Firefox
Install that extension, configure it:
- add a proxy of type SOCKS5 on ip 127.0.0.1 and port 9050 (adapt if
you have a non standard setup), enable "Send DNS through SOCKS5 proxy"
and give it a name like "Tor"
- click on Save and edit patterns
- Replace "*" by "*.onion" and save
In Firefox, click on the extension icon and enable "Proxies by pattern
and order" and visit a .onion URL, you should see the extension icon to
display the proxy name. Done!
# Using privoxy
Privoxy is a fantastic tool that I forgot over the time, it's an HTTP
proxy with built-in filtering to protect users privacy. Marcin
Cieślak shared his setup using privoxy to dispatch between Tor or no
proxy depending on the url.
The setup is quite easy, install privoxy and edit its main
configuration file, on OpenBSD it's /etc/privoxy/config, and add the
following line at the end of the file:
```privoxy config line
forward-socks4a .onion 127.0.0.1:9050 .
```
Enable the service and start/reload/restart it.
Configure your web browser to use the HTTP proxy 127.0.0.1:8080 for
every protocol (on Firefox you need to check a box to also use the
proxy for HTTPS and FTP) and you are done.
(HTM) Marcin Cieślak mastodon account (thanks for the idea!).
# Conclusion
We have seen two ways to use a proxy depending on the location, this
can be quite useful for Tor but also for some other use cases. I may
write about privoxy in the future but it has many options and this will
take time to dig that topic.
# Going further
(HTM) Duckduck Go official Tor hidden service access
(HTM) Check if you use Tor, this is a simple but handy service when you play with proxies
(HTM) Official Duckduck Go about their Tor hidden service
# TL;DR on OpenBSD
If you are lazy, here are instructions as root to setup tor and privoxy
on OpenBSD.
```shell commands
pkg_add privoxy tor
echo "forward-socks4a .onion 127.0.0.1:9050 ." >> /etc/privoxy/config
rcctl enable privoxy tor
rcctl start privoxy tor
```
Tor may take a few minutes the first time to build a circuit (finding
other nodes).