How to run a web proxy with Tor
A web proxy may be useful for interested people, who want to have a look at hidden services without installing Tor first.
It is not helpful for anonymous surfing, because the admins of the web proxy can read all traffic, including SSL-encrypted traffic. Users have to trust the admins ultimately. This violates the concept of Tor.
Requirements for a tor web proxy:
- An SSL-secured web server offers an HTML form with a URL input box (for an example see below). Because the web proxy will be used mostly by non-freaks, you need a good SSL certificate trusted by most browsers.
- A running Tor client or Tor node is needed togehter with privoxy or polipo. Privoxy offers some filtering possibilities. It may be useful to fake some HTML header like Torbutton, to increase the anonymity of the users.
To put together the web server and privoxy + Tor, you need a CGI-proxy like nph-proxy http://www.jmarshall.com/tools/cgiproxy/. nph-proxy.cgi is written in Perl and needs the Perl module Net::SSLeay. You may install this modul with aptitude:
# aptitude install libnet-ssleay-perl
or from CPAN:
# perl -MCPAN -e shell cpan> install Net::SSLeay cpan> quit
In the next step you have to adapt some settings in head of the script nph-proxy.cgi, put the script in the cgi-bin of your web server and make it executable. See the detailed comments in the script and adapt the following settings:
1: Redirect all traffic to privoxy/Tor:
$HTTP_PROXY= 'localhost:8118' ; $SSL_PROXY= 'localhost:8118' ;
2: Block the access to the privoxy config:
@BANNED_SERVERS= ('p\.p$','config\.privoxy\.org$')If you do not want to provide access to some hidden services, you may insert these .onion URLs here too. You may contact Karsten N. https://www.awxcnx.de/awxcnx.msg for a list of possibly unwanted services.
That is all you have to edit. There are some more variables, to modify the behavour of your cgi-proxy. The following options can be zero, because filtering of content may be done by privoxy or by the user himself:
$REMOVE_COOKIES= 0; $REMOVE_SCRIPTS= 0; $FILTER_ADS= 0; $HIDE_REFERER= 0;
You may insert a small URL form on top of every page. It is possible, to modify the default form to match your corporate identity:
$INSERT_ENTRY_FORM= 1;
At least, create an HTML page with the URL form. A small example for the form:
<form name="URLform" action="/cgi-bin/nph-proxy.cgi/000110A/x-proxy/start" method="post"> <input name="URL" value="http://"> <input type=submit value="and go!"> </form>
Upload the HTML page and publish the URL.