Last night I ran the high speed data on my AT&T burner dry. The plan doesn’t renew until the 30th so I get to live ten days with 128kbps - the speed I got back before the turn of the century when I was one of those rare folks who had an actual ISDN line for internet. That’s a scoff worthy bandwidth in 2023 by in 1997 always on internet that was consistently five to ten times faster than dialup was a revelation. Part of the reason I ran it dry was doing operating system updates on a Linux VM, so today I got up to some old school daemon summoning, revisiting proxy skills I’ve not needed much since cable modems became a thing.
Tethered Phone:
Every time you enable USB tethering on a phone Linux will create a random interface ID for it. This interface has to have a valid IP before it will be seen as available for a VirtualBox VM, so I wrote a little script that will do just that once it’s enabled. Once that’s done, you set the one active interface in the VM to Bridged Adapter and pick the shiny new long internet name to use.
MYINT=`dmesg | tail -1 | awk {'print $4'} | sed 's/://'`
ifconfig $MYINT inet 223.223.223.254/32
echo $MYINT
Pick A Proxy:
The word proxy is badly overloaded in 2023 so we’re going back to the old school definitions. Right at the start a proxy meant a service that lived on a nearby computer, which accepted browser connections, and then served content out of cache if it had it, otherwise the intermediary computer would contact the actual site. This was an http only sort of thing, but there were other needs, so the SOCKS standard came along a bit later. These days most proxies are SOCKS5, but that’s not always the best choice. The results of today’s work are three proxies running on my desktop. They are:
The Tor service will pick an exit at random, so using that equals hiding. The other two are pass through. Here are the minimal config files for each:
/etc/tor/torrc
SocksPort 9050
SocksPolicy accept 192.168.0.0/16
ExitPolicy reject *:*
/etc/danted.conf
internal: 0.0.0.0 port = 1080
external: 192.168.36.63
/etc/tinyproxy/tinyproxy.conf
Port 8888
#upstream socks5 127.0.0.1:1080
#upstream socks5 127.0.0.1:9050
Tinyproxy is just a plain HTTP thing, but it can use a SOCKS5 proxy as its upstream. Why would you need this?
Some browsers just HATE using SOCKS5, Chrome in particular, but it’ll act better with a plain HTTP proxy.
SOCKS5 may require a username/password and that gets under foot, so if you set Tinyproxy to use an upstream SOCKS5, set the user/pass in the config file, and you can avoid endless reentering of credentials.
Tor provides only SOCKS5, so uncomment the last line and systemctl restart tinyproxy.service, then your HTTP connections will use a Tor exit.
Avoid A Proxy:
The best known proxy out there is Squid, but it’s a great fat thing, full of features appropriate for protecting a whole office and conserving limited bandwidth. I’ve used it in the past. The configuration file is NOT two or three lines. It’s less useful to know than it once was, but if you’re curious don’t let me stop you.
Older Tor advice will mention using Polipo to provide HTTP proxy service. I went looking today and the home page says its discontinued. Using ChatGPT as a research assistant I looked at a couple of options; Tinyproxy met the all important “two or three line config file” and “install using apt or snap” requirements.
Virtual Machine Network:
The virtual machine will have its first interface bridged to the newly created ethernet that’s actually USB interface and it will get an IP address via DHCP. The other thing you’ll need is a Host-Only network in VirtualBox, which you create in the Host Network Manager. This is a virtual network that exists just on your machine so you can interface VMs to your workstation AND to each other.
Getting Updates:
Once you’ve got a virtual machine using the bridged cell phone as its default route AND a host only network providing a local connection to the proxy service, you need to configure apt so that it uses the proxy. This is the single line needed.
/etc/apt/apt.conf
Acquire::http::Proxy "http://192.168.56.1:8888";
Conclusion:
If the only instruction you received on this was “use a proxy for updates” you’d be wandering around for a whole weekend before you end up with something that works. Worse, at this point you probably still lack the network skills to ensure it’s doing what you want, rather than what you told it.
Now that you see how easy it is to make a proxy that provides HTTP or SOCKS5, and you know how to make them both use Tor rather than your home IP, what else can you do? Here are a couple things that come to mind immediately.
Tor comes with torsocks, which lets you wrap command line programs so they use a Tor exit. I do something like this at least a couple times a week:
torsocks wget http://shady.net/probably-malware.pdf
Check for open TCP ports on a system without letting them know who’s knocking can be done like so:
torsocks telnet dumpsterfire.com 80
And a final word to those of you who are on a hard technical path - if you want to be sure footed while doing this sort of stuff, you absolutely MUST purchase and read TCP/IP Illustrated, Volume 1. Yes, it was originally published in 1994 and then updated in 2011. But W. Richard Stevens was the man, he died twenty three years ago, and this book is still THE thing to read.
The only change I can suggest to the book is that when doing the exercises you avoid the tpcdump utility and take the time to install tshark, the command line companion of Wireshark. You should also get Wireshark on your desktop and get in the habit of looking at whatever random stuff you’re doing. A great American philosopher once said:
“You can observe a lot by just watching.”
And you should take that wisdom to heart.