Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

torstorm.org: how to use it, discussion, etc.

To stay ahead of new and evolving threats, cryptostorm has always looked out past standard network security tools. Here, we discuss and fine-tune our work in bringing newly-created capabilities and newly-discovered knowledge to bear as we keep cryptostorm in the forefront of tomorrow's network security landscape.
User avatar

Topic Author
cryptostorm_support
ForumHelper
Posts: 296
Joined: Sat Jan 26, 2013 4:31 am
Contact:

torstorm.org: how to use it, discussion, etc.

Postby cryptostorm_support » Thu Dec 04, 2014 2:57 pm

Please do read the how torstorm works post first, before deciding to use torstorm. It has alot of important reminders about torstorm's status as a beta/in-public-testing service, and you need to know that before you decide you want to use it at all, and doubly so for security-intensive applications.

Once you have done that, only two steps are required:

1. Connect to cryptostorm, via any nodes or clusters, using either full-capacity token-based service or capped cryptofree.me free service. You must be connected to cryptostorm (or cryptofree) in order to make use of torstorm, and to receive the full security of the service itself.

2. Enter into your browser's address bar the .onion site you want to visit, with the following format:


That's it. If you see any bugs or unexpected responses, please do let us know!

Thanks,

cryptostorm_support

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Thu Dec 04, 2014 4:13 pm

@OP

Many thanks for making this service available. I've just tried connecting to the Onion URL Repository at 32rfckwuorlf4dlv.torstorm.org, while connected to both Brisa and Cantus, and the connection simply hangs. Connecting directly using Tor only works fine. I assume there's maintenance being carried out. :)

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

beta launch countdown...

Postby Pattern_Juggled » Thu Dec 04, 2014 5:12 pm

parityboy wrote:Many thanks for making this service available. I've just tried connecting to the Onion URL Repository at 32rfckwuorlf4dlv.torstorm.org, while connected to both Brisa and Cantus, and the connection simply hangs. Connecting directly using Tor only works fine. I assume there's maintenance being carried out. :)


It's not actually, officially launched yet :-)

We put the forum post up so a few folks we know could poke at it and make sure we aren't missing bit bit of needed info, before the "official" rollout of the beta. We'll make that clearer, so folks aren't frustrated - apologies for that.

Should be any hour now, from what I've heard.

Cheers,

    ~ pj

User avatar

Graze
Posts: 247
Joined: Mon Dec 17, 2012 2:37 am
Contact:

project logos - "thanks for trying" pile

Postby Graze » Thu Dec 04, 2014 5:19 pm

These project logo ideas were submitted, but are unlikely to end up with any official status,

Always an adventure, around here.User avatar

severide
Posts: 27
Joined: Sun Nov 10, 2013 1:09 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby severide » Thu Dec 04, 2014 11:40 pm

Thanks team! This is really cool and interesting. I'll test it out when it's live.
cryptofree via iOS
CS Node List
CS Wiki maintained by vpnDarknet
PGP
Bitmessage: BM-2cUCkRBnNEhhW3qyNoEpRK6LtQjUs281wT

User avatar

df
Site Admin
Posts: 261
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby df » Fri Dec 05, 2014 4:46 am

Seems like it's up now. https://32rfckwuorlf4dlv.torstorm.org/ works :-E

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Fri Dec 05, 2014 2:35 pm

@df

Not for me it doesn't. I'm currently connected to Brisa, and it's doing nothing. I assume it's down again?

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Fri Dec 05, 2014 3:00 pm

@PJ

This is the case because, absent end-to-end Tor session mechanics, traffic coming through the Tor-internet gateway comes across a plane that requires protocol transition. During that transition, it is definitionally possible for root to have access to plaintext surreptitiously, if it so chooses. Of course, we are not doing this - however this cannot be formally proven to an outside observer, and that is different than end-to-end Tor sessions.


Agreed. Changing this would require a secure version of the SOCKS protocol (the interface presented to a client - like a web browser - by the local Tor relay) to be implemented into the Tor relay software; I found this, but it's a draft spec for SSL 3.0, as opposed to TLS 1.x.

Since most Tor client mode installations are local and under the control of the user, this work will no doubt remain a long way off, at least until services like torstorm and tor2web become more popular.

User avatar

marzametal
Posts: 496
Joined: Mon Aug 05, 2013 11:39 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby marzametal » Fri Dec 05, 2014 3:11 pm

Didn't do nothing for me either, I am on Chili... maybe the hidden service is too controversial?

User avatar

Tealc
ForumHelper
Posts: 283
Joined: Tue Jan 28, 2014 12:38 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby Tealc » Sat Dec 06, 2014 12:29 am

It doesn't work for me either, I belived that this kind of "service" would be easy to configure if CS deploy their own DNS server...

Or maybe I'm wrong, but I've done something like this in OpenWRT with dnsmasq :-D

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Sat Dec 06, 2014 6:25 am

@Tealc

Deploying their own DNS server would make no difference in this case. As you know, Tor Hidden Services end in ".onion". From what I can see, HTTP requests going to the tor2web proxy get the FQDN from the HTTP request stripped of the "torstorm.org" domain and then appended with ".onion" before being passed on to the local Tor relay (running in client-only mode) via the SOCKS interface.

I may build one of these proxies myself in a VM just to see how to do it...whether it would ever go into production is another matter...

User avatar

df
Site Admin
Posts: 261
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby df » Sat Dec 06, 2014 6:32 am

Yea, the box is back up, went down (along with the IPMI) probably due to hardware issues. After much tweaking it seems functional right now, but while I'm in here, I'm gonna try to use nginx's sub_filter to have it where if a .onion page has any .onion links, it'll automagically replace them with .torstorm.org.

Otherwise you'll be able to goto any .onion site but if that place has absolute URLs then you'll have to manually put .torstorm.org in your address bar to get there (same goes for images), which is lame.

If I can't get that working tho, I'll just release it as-is.

User avatar

df
Site Admin
Posts: 261
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby df » Sat Dec 06, 2014 8:19 am

meh, I suck at filtering. It kinda half works right now, probably non-functional just on gzip encoded sites. But webmasters who want to support torstorm.org or tor2web.org or any other place using tor2web should stop using absolute URLs on their HS pages. That'll mean visitors using one of these torstorm-like services will have to manually edit links as they go, annoying!

Anyways, the service should be back up. I redid most of the services under separate accounts with alot of limitations just to keep the damn box from crashing again. If it does, it's definitely a hardware issue and we'll just load this onto a different server.

If it dies again by the time parityboy tries it, it's because he broke it! =P

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Sat Dec 06, 2014 5:34 pm

@df

Well, I didn't (completely) break it, but i take your point about the filtering; the pages look as if they're are half-finished, as opposed to browsing directly using Tor. Perhaps the CSS is being stripped?

Oh and if you're finished monkeying with the filters, can you fix Brisa (again)? :P

User avatar

df
Site Admin
Posts: 261
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby df » Mon Dec 08, 2014 2:44 am

We ditched the python Tor2web and went with something else that we can use alongside nginx for more flexibility & stability, and since I strongly suspect hardware problems on torstorm.org, I moved it to a free IP on emerald. Seems fine for the last 12 or so hours.

Oh and doing it this way DOES correctly replace .onion links in pages to .torstorm.org. So going to a place like that TORCH search engine @ https://xmh57jrzrnw6insl.torstorm.org/c ... cmd=Search! will no longer show a bunch of .onion links that you have to manually change, they'll be automagically changed to .torstorm.org.

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby parityboy » Mon Dec 08, 2014 4:05 am

@df

What's the "something"? :D Last night I spun up an Ubuntu VM and installed I2P, then tried putting Apache in front of it with mod_rewrite and mod_proxy; admittedly my regex-fu isn't good, but I'm wondering if those modules will at all let me achieve the same thing as tor2web...

User avatar

df
Site Admin
Posts: 261
Joined: Thu Jan 01, 1970 5:00 am

Re: cryptostorm <--> Tor HS/.onion = torstorm.org

Postby df » Mon Dec 08, 2014 4:30 am

Something = a LUA script that does the same thing as tor2web :-)

I forget the exact syntax for Apache, but in nginx it's a simple proxy_pass to get it to access the backend Tor2web server. Apache can do the same thing with a similar directive (google around for "apache reverse proxy").

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: torstorm.org: how to use it, discussion, etc.

Postby parityboy » Mon Dec 08, 2014 6:43 pm

@df

Yeah, I got the proxy stuff working, that was easy enough. That LUA script must then strip the hostname and then append ".onion" before passing it to the proxy. I can only assume that mod_rewrite can do the same before passing it to the proxy. Will have to experiment further.

Cheers. :D


UPDATE

After testing torstorm from the various raw exit nodes to DuckDuckGo (https://3g2upl4pq6kufc4m.torstorm.org), these are my findings:

89.26.243.109 (Brisa) . IP address rejected.
46.165.222.248 (Cantus). Works but is very slow.
212.129.34.154 (Cryptofree). Works, and much more responsive than other working nodes, although that might be a lucky Tor circuit selection.
23.19.35.14 (Emerald). IP address rejected.
79.134.235.133 (Fenrir). Works.
212.83.167.81 (Onyx). Works.

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: torstorm.org: how to use it, discussion, etc.

Postby parityboy » Mon Dec 29, 2014 2:08 am

@staff

I've just tried to use torstorm and every Tor address redirects to the torstorm landing page. Can you confirm that the site is in maintenance mode, or is this a misconfig?

User avatar

Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

https://allcatmmbyhbvihr.torstorm.org/

Postby Pattern_Juggled » Mon Dec 29, 2014 11:48 am

parityboy wrote:I've just tried to use torstorm and every Tor address redirects to the torstorm landing page. Can you confirm that the site is in maintenance mode, or is this a misconfig?


When you visit this test onion, do you get redirected?

https://allcatmmbyhbvihr.torstorm.org/

We're going thru to make sure all the new IPs from new nodes are wrapped in the torstorm service; that's most likely what folks are seeing in terms of loads that act as if they're off-net (off-net folks wildcard redirect to the landing page of torstorm.org from any torstorm URL the enter).

Cheers,

    ~ pj

User avatar

parityboy
Site Admin
Posts: 989
Joined: Wed Feb 05, 2014 3:47 am

Re: torstorm.org: how to use it, discussion, etc.

Postby parityboy » Tue Dec 30, 2014 4:29 am

@PJ

Nope, I get connected correctly to the target site, along with the DuckDuckGo .onion address and other Tor URIs. It's working correctly again. :)


Return to “cryptostorm reborn: voodoo networking, stormtokens, PostVPN exotic netsecurity”

Who is online

Users browsing this forum: No registered users and 2 guests

Login