Torpark Enhanced
Just a quick update: I’ve made a few updates to my previous post on the Torpark “anonymous” browser. This is now a more detailed review of the product.
Also to save time and effort for those interested, I’ve put all the changes recommended in that post together into a self-extracting archive called “Torpark Enhanced”:
Torpark Enhanced.exe(md5sum) Removed: see below
This is the Topark self-extracting archive from the official Torpark site with the following changes:
- Set the Torpark start page to blank.
- Unchecked firefox setting “Allow cookies”.
- Enabled the included NoScript extension to block Javascript, Java, flash and other plugins. You can selectively enable these on a site-by-site basis in the settings of the extension.
- Installed the Modify headers extension and configured it to change HTTP_USER_AGENT to Opera 9.0 on a Macintosh (“Opera/9.0 (Macintosh; PPC Mac OS X; U; en)”)
- Installed the RefControl extension and configured the default action to “FORGE: send root of this site”. You can selectively customize this on a site-by-site basis using the settings of the extension.
These changes make the Torpark browser much more effective at protecting privacy. No warranties though… use at your own risk.
Update: Torpark has been updated and renamed XeroBank Browser by the original authors. The default settings are much better so there is no longer a need for Torpark Enhanced. Please download XeroBank Browser instead.
Related posts:
- Torpark is now XeroBank Browser
- Torpark anonymous web browser: a good start that needs help
- Finding the real address of Tor clients
14 Responses to “Torpark Enhanced”:
November 10th, 2006 at 3:33 am
Thanks for the enhanced version of Torpark, however, it will not work on my computer, from either the hard drive or from a USB stick.
I have tried the author’s version, your version and another version which comes with an installer.
None of them work, so I have no idea whether it is a good thing, or not. Double click on the icon produces nothing unless I have Firefox open, in which case I get a window which asks whether to turn it off and continue, click yes and it closes Firefox but then apparently does nothing (for very long periods of time).
If I bring up the progress window with Torpark.exe, after a short time I get a message which tells me it has opened a circuit, but then it still just sits there.
Perhaps my ISP has a blocker on this kind of thing?
All in all, it is a dismal failure for me.
Bob
November 10th, 2006 at 6:23 pm
Hmm. After clicking torpark.exe you should immediately get a disclaimer dialog box, then a dialog with a progress meter saying “establishing circuit”
If the network you’re on has most outbound ports blocked, it can take a very long time to connect to a Tor exit node. For example, if you’re on a network that only allows ports 80 and 443, be prepared for a long wait. Sometimes Tor will not be able to connect at all.
If you’re up for a little slogging through log files, edit file ‘torrc’ in the tor subdirectory and change the line
log notice file tor\debug.log
to read:
log info file tor\debug.log
Restart torpark and the file debug.log will have more technical info on what’s happening with the tor connection.
November 12th, 2006 at 4:08 am
I get no disclaimer dialog box or anything else after double click on the Torpark.exe icon.
Clicking on tor.exe in the folder gets me the window telling me it has opened a circuit (not Torpark.exe as I erroneously mentioned previously, sorry).
I am not on a network, just a single desktop computer with WindowsXP and a broadband connection at 256kbps, via com3.
Tried changing the torrc file as suggested, which made no difference, apparently. The information in the window that comes up after clicking tor.exe icludes \Application data\tor\torrc not present, using reasonable defaults. It says the same whether with the torrc file as original or with the suggested alteration.
The last line says Tor has successfully opened a circuit. Looks like client functionality is working.
I have no idea how to go about getting at the debug log.
I think I have a lot of company, judging from the FAQs on the Torpark site!
Filing it in the Too Hards basket.
Bob
November 13th, 2006 at 1:29 am
Hi.
Great work! I’m curious how you went about it. I don’t suppose you have any sort of howto on hacking Torpark?
Questions:
(1) What do you need, other than 1.5.0.7.nsi, in order to compile the .nsi script into the executable?
(2) Did you just pull the App and Data directories from a previous “installation,” then modify them to add your cleverness?
(3) Any thoughts on the difficulty of building tor.exe from source (or at least using a verified binary from the Tor download site)?
(4) For the “packaging” step, did you just create a self-extracting archive? What did you use?
Thanks!
-poser
November 12th, 2006 at 11:04 pm
Bob:
Torpark is supposed to make running a Tor client easier. You only need to run torpark.exe… no need to run tor.exe or anything else in any of the subdirectories (if you have been clicking on anything else, do a full reboot of your machine and try running torpark.exe again)
Perhaps the virus scanner on your machine is mangling your downloads (possibly some AV products see tor as malware) or a personal firewall running on your machine is blocking something. The torpark forums at http://www.torrify.com/forum/ might yield a few clues.
November 13th, 2006 at 11:11 am
poser:
Thanks. It was a low-tech hack: I just unpacked the original torpark archive, installed the additional extensions and changed settings, then repacked the whole thing with 7-zip back into a self-extracting EXE. No compiling needed.
Tor compiles well on Linux and other Unices, but I’ve never bothered to compile it under Windows. No point really since the main Tor site offers precompiled windows binaries that are signed. Too bad torpark downloads are not signed… there’s no way to be sure they haven’t been tampered with.
I haven’t tried it, but I suppose you use the signed binaries from the Tor website to overwrite those provided in the Torpark archive. But anyone technical enough to do that would just use a full Tor/Privoxy setup and a normal web browser. The point of torpark is to make Tor easier to use for non-technical users.
November 19th, 2006 at 10:08 pm
Thakns for the response.
Didn’t even have to rebuild the .nsi, huh? Great. I’ll poke around a bit.
> Too bad torpark downloads are not signed…
True. He does provide a checksum, but I’m more interested in the integrity of the enclosed bits and pieces.
> I haven’t tried it, but I suppose you use the signed binaries from
> the Tor website to overwrite those provided in the Torpark archive.
I’ll probably try that, if the files themselves do not match.
> But anyone technical enough to do that would just use a full
> Tor/Privoxy setup and a normal web browser. The point of torpark
> is to make Tor easier to use for non-technical users
It’s true that some of TorPark’s appeal comes from its ease-of-use, but its portability is important as well.
Thanks for your help! I’ll let you know if I come up with anything interesting.
-poser
December 8th, 2006 at 6:08 pm
Thanks for Tor Enhanced. I put in on a USB key and am able to circumvent our corporate hardware “Barney Box” and surf the web anonymously from work. Our purple “Barney Box” in a rack system keeps blacklists and prevent use of anonymouse web proxies and many other sites too. I used to subscribe to Primedius, but the subscription rate got a bit steep $99 and the service was terrible.
I used your enhanced tips for Tor on my home system as well.
Thank you for your efforts.
Will from U.S.
December 10th, 2006 at 6:01 pm
Glad to hear it helped you out… though circumventing your organization’s firewall isn’t exactly why we created Torpark Enhanced. Bypassing security mechanisms is probably contrary to your employer’s acceptable use policy and could be detrimental to your continued employment.
Bypassing content filters opens the org to any manner of nastiness from malicious web pages. There are plenty of those out there and they are not that easy to avoid. Using Torpark Enhanced with Javascript, Java and Flash will prevent the majority from working, but even Firefox has holes (especially considering Torpark and Torpark Enhanced still use Firefox 1.5.0.7 which has a few known security issues).
Personally I prefer to promote “change from within” … if your employer has Internet access policies that hinder you doing your job, it’s your duty to let them know. Maybe management is intractable, but if enough employees speak up about how the policies are hurting their job performance the decision makers will likely make changes.
December 13th, 2006 at 6:42 am
I was wondering what kinds of privacy gains that the Modify headers extension and the RefControl extension add to Torpark Enhanced.
From a security design standpoint, I have two questions:
Why the choice of Opera 9 as the http user agent? Why not an Internet Explorer fingerprint (due to it’s greater popularity as a browser)?
What particular sort of attack did you have in mind where it would be useful to block/obscure referrers?
I’m trying to weigh the usefulness of the plugins against the potentially unneccessary complexity.
Good posts about this though – I’m currently playing around with the application myself.
Cheers,
-J
December 13th, 2006 at 10:00 am
I picked Opera on Mac just to be different from the common platform, but you’re right… it would make you stand out in web server logs. From a privacy viewpoint IE 6 on Windows XP would be a better choice to blend in with the crowd.
From the security side of things, however, some malicious sites use user_agent info to determine what attacks to use. Specifying a different platform and browser from what you’re actually using offers some protection (not complete, however… passive fingerprinting of your network packets can also identify your OS and browser. e.g. via something like Pof or SinFP)
As for referrer, as explained in the article it identifies the URL you clicked on to get to a destination web site. When you manually type in a URL in the address bar in your browser or pick one from your bookmarks no referrer is sent. But clicking on a URL in my del.icio.us bookmarks, for example, sends a referrer like this:
Now the web site knows your del.icio.us username, and that account could reveal quite a lot about you. Links in web mail and many other applications send similarly identifying URLs in the referrer.
Once on the destination web site the referrer can be used to build a “click trail” of your visit, revealing your activity on that site and even personal preferences that can be used to profile what type of person you are.
What I see all the time in my server logs are referrer URLs of internal company web sites, where they’ve linked to this site from an intranet web site. Potentially valuable internal info to an attacker, especially when the referrer URL is from a web app and includes usernames, internal IP addresses, or formats that identify the platform being used (e.g. Oracle and Lotus Notes URLs tend to be quite distinct).
December 13th, 2006 at 7:44 pm
Thanks for the response.
The referrer plugin makes a lot more sense now. It helps you to rely less on the privacy security built-in at the sites you visit (like your del.icio.us example).
I’m gonna spend some time analyzing some of my own logs and let you know if I come across anything else interesting while playing with Torpark/Torpark Enhanced. Thanks for your feedback.
-J
July 12th, 2007 at 1:21 am
Hi,
I would like to say great work, but in fact I didn’t start using it till now, because I’m working behind a proxy and there is a note asking me to edit the torrc file, but i don’t know what i have to do after editing this file… can you help me please … many thanks
July 13th, 2007 at 4:48 pm
@Marwa:
If you’re attempting to use Torpark in a corporate environment or other place that severely restricts outbound connections, bypassing those restrictions might violate the network’s terms of use. Bypassing network protections is not wise.
Also, Torpark Enhanced is obsolete now that Torpark has been replaced by XeroBank Browser. I strongly recommend using that instead (a review of Xerobank coming soon).
Finally, info about configuring torrc for networks with limited outbound ports is found here: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FirewalledClient