All posts by lagos

tor in android

Here some links on possible solutions to add Tor services in an Android device.
Stackoverflow:
https://stackoverflow.com/questions/48194604/android-java-how-to-use-tor-onion-proxy-library

A little android web server

Recently, browsing the net for some info for an android project I’m involved, I bumped into this intresting article for a little lightweight simple web server written in java.
Android-er :
http://android-er.blogspot.com/2014/08/implement-simple-http-server-running-on.html
Stackoverflow :
https://stackoverflow.com/questions/6329468/how-to-create-a-http-server-in-android

Building a host-to-host VPN IPsec connection (Ubuntu 16.04)

Scenario

We own two Ubuntu machines running Ubuntu Mate server 16.04 operating system. Those two machines belong to the same sub net behind a NAT network. We wish to encrypt traffic between them, so if an advert logged in on our network won’t be able to identify the communication of those two machines.

Let’s call one machine ubuntu-red with an assigned IP address  192.168.1.60/24. Other machine is called ubuntu-blue with an assigned IP address 192.168.1.61/24.

Step 1

We have to Install strongswan and ipsec tools on both machines. On  Ubuntu this is done with the following command.

sudo apt-get install strongswan ipsec-tools

After the installation we should be able to check strongswan by executing the following command

sudo ipsec status

Step 2 – setting ubuntu-red

Edit the following files to setup the proper connection between the two machines. First we editing the ipsec.conf file that holds the variables that shape the connection. We add the following lines at the end of the file leaving the commented variables as they are.

sudo nano /etc/ipsec.conf

conn host-host

     authby=secret

     auto=route

     left=192.168.1.60

     right=192.168.1.61

     type=transport

     mobike=no

     keyexchange=ikev2

Step 3 – setting ubuntu-red

Editing the file that contains the secret of the connection. Setting up the connection with a pre-shared key (PSK).

sudo nano /etc/ipsec.secret

192.168.1.60 192.168.1.61 : PSK “secretpasswordhere”

Step 4 – setting ubuntu-blue

Edit the ipsec.conf file for the other side of the connection, ubuntu-blue. We add the following lines.

sudo nano /etc/ipsec.conf

conn host-host

     authby=secret

     auto=route

     left=192.168.1.61

     right=192.168.1.60

     type=transport

     mobike=no

     keyexchange=ikev2

Step 5 – setting ubuntu-red

Editing the file that contains the secret of the connection. Setting up the connection with a pre-shared key (PSK).

sudo nano /etc/ipsec.secret

192.168.1.60 192.168.1.61 : PSK “secretpasswordhere”

Step 6 – starting the connection

After each editing of the proper files we do a restart of the  IPsec connection by:

sudo ipsec restart

And then establish the connection by calling the host-host connection (the connection is named in the ipsec.conf file).

sudo ipsec up host-hot

You can check the status of the connection by giving the following command afterwards

sudo ipsec status

The connection between two machines is now encrypted and secured.

Source : example https://www.strongswan.org/testing/testresults/swanctl/host2host-cert/

wiki introduction to strong swan : https://wiki.strongswan.org/projects/strongswan/wiki/IntroductionTostrongSwan#Host-to-Host-Configurations

Host-to-host vpn connection with ecdsa certificates: https://www.gypthecat.com/easyish-ipsec-vpn-with-shared-ecdsa-certificates-for-host-to-host-connections

Torify: anonymizing applications

Scenario

We aim to establish a secure SSH connection between two Ubuntu based machines over the Tor network. We have already setup Tor on both machines running SSH as a hidden service.

Connection can be ‘torified’ to work over the Tor circuit. SSH is one of the services that can.

Step 1

We have to be sure that a Tor circuit is running and has been established. We can open up a terminal and run the tor command. After Tor service has been started you should see something like this.

Dec 18 10:29:28.216 [notice] Tor 0.2.9.14 running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2g and Zlib 1.2.8.
Dec 18 10:29:28.217 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Dec 18 10:29:28.218 [notice] Read configuration file “/etc/tor/torrc”.
Dec 18 10:29:28.225 [notice] Opening Socks listener on 127.0.0.1:9050
Dec 18 10:29:28.225 [notice] Opening Control listener on 127.0.0.1:9051
Dec 18 10:29:28.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Dec 18 10:29:28.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Dec 18 10:29:28.000 [notice] Bootstrapped 0%: Starting
Dec 18 10:29:29.000 [notice] Bootstrapped 5%: Connecting to directory server
Dec 18 10:29:29.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Dec 18 10:29:29.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Dec 18 10:29:30.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Dec 18 10:29:30.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Dec 18 10:29:31.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Dec 18 10:29:31.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Dec 18 10:29:32.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Dec 18 10:29:33.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Dec 18 10:29:33.000 [notice] Bootstrapped 100%: Done

Step 2

On an another terminal we are giving the following command to establish a secure SSH tunnel between the two machines. The following command binds the local port (9999) to the remote port (9999), creating a secure tunnel between the two ports. After the successful execution all the traffic aimed to the local port (9999) is redirected to the remote port (9999) through a secure SSH tunnel.

torify ssh -L 9999:localhost:9999 teacher@xxxxxxxxxxxxxxxx.onion

You can find the onion address of the Ubuntu machine saved in the following file (if the hidden services files are set to the default location) /var/lib/tor/other_hidden_service/hostname or /var/lib/tor/hidden_service/hostname

Information:

https://linuxaria.com/howto/how-to-anonymize-the-programs-from-your-terminal-with-torify