Using Tor without the Tor Browser

First things first, this post is my personal opinion and is being posted on my professional blog. If you are in the information security field and are not aware of the following process, you should be. It is part of our professional responsibility to know how these things work. I’ll be using Fedora, thus the use of dnf. Everything else in this post should be distribution agnostic.

Using Tor as a SOCKS proxy might be a better title for this post. One issue I’d like to resolve using this method is in regard to accessing Tor via a bridge. To do that, using the Tor browser is recommended. Although, it should be possible to do this without requiring the use of the Tor browser. Otherwise, IMHO, that would not be very good software engineering with regard to freedom.

Install required packages, not a complete list.

sudo dnf install libevent libevent-devel asciidoc

Compile and install Tor

git clone
cd tor

The default branch is currently master. However, depending on your use case, you will likely want to use a specific version of Tor. To find out what versions are available, the following git commands can be used.

git tag

The Tor repository uses annotated tags. Annotated tags can be used checked out with
git checkout.

git branch

The branches aren’t as granular as the tags. You’ll want to use the tag when running git checkout.

To determine which version to use you can check a few things.

less ReleaseNotes

This files usually contains something similar to the following..

Changes in version - 2017-08-02
   Tor backports a collection of small-to-medium bugfixes
   from the current Tor alpha series. OpenBSD users and TPROXY users
   should upgrade; others are probably okay sticking with

You can also check the ChangeLog file.

I’ll be using Tor as a SOCKS proxy to the internet so I’ll be using in this example.

If you’ll be running a relay or bridge, you’ll want to make sure you compile the recommended release, usually latest stable release. In this example that would be but, as stated in the ReleaseNotes file, others are probably okay sticking with If the word ‘probably’ concerns you then just use and sleep a little bit better.

More information on running a relay is available at the following link.

Checking out a tag will put your repo in a detatched HEAD state. This is OK and is to be expected.

I’m going to install Tor into my ~/local/ directory. Modify this to suit your needs by using the


option to the configure script.

git checkout tor-
./configure --prefix=/home/$USER/local
make install

Confirm the verison that was just installed.

$ ~/local/bin/tor --version
Tor version (git-c33db290a9d8d0f9).

You can configure Tor be editing ~local/etc/tor/torrc, otherwise Tor
will try to use reasonable defaults.

I recommend not using the default port, 9050. An Nmap scan of that port will return the following

9050/tcp  filtered tor-socks

This is a clear indication that Tor is running on your machine. Using a port such as 8000 might be more acceptable.

cp ~/local/etc/tor/torrc.sample ~/local/etc/tor/torrc
vi ~/local/etc/tor/torrc

Modify the SOCKSPort line.

SOCKSPort 8000

An Nmap scan of port 8000 produces the desired result.

8000/tcp filtered http-alt

Now, configure your browser of choice to use the Tor SOCKS proxy listening at

**** Be sure to disable all JavaScript ****

Test your connection using the method of your choice. One option is below.

You can verify IPv6 address by using the host command.



Torifying Lynx with Torsocks

This is really just a fun example of using torsocks. However, when doing an malware, phishing, or similar investigation it can be desirable to obscure your location, especially when performing an investigation from the office or after hours from home. Two reasons for this are; 1. not to become a target ourselves and 2. so our networks don’t appear compromised (the individuals behind an attack may already know this.. but there’s no need to make their job any easier). A write-up of a better use case will be in an upcoming post.

Required software:


I chose to compile and install Tor into /opt/tor


– http://dccbbv6cooddgcrq.onion/torsocks.git


Once the required software is installed the following steps can be used to torify your lynx session.

– Verify your Tor configuration. Paying attention to SOCKSPort and SOCKSPolicy.

$ less /opt/tor/etc/tor/torrc

– Start Tor

$ /opt/tor/bin/tor

– In another terminal use Torsocks to start Lynx.

$ torsocks lynx –noreferer


Create a packet capture of a brief lynx session. Can you verify that all traffic is being sent through the Tor network?