Using Tor Browser's SOCKS Port

I use an application which uses the http protocol for communication between instances.

I set up an onion site for one side of it.

Tor Browser shows it and can interact with it. But I want the local binary to communicate with the binary at the onion site.

The app in question can connect to an http proxy but not SOCKS. :frowning:

Using only nc and/or ssh (I don’t have socat or netcat) can someone please show how to forward a port to Tor Browser’s SOCKS port?

I thought I’d run nc or ssh and have it listen on an open port, say 8008. Then the app would connect to 127.0.0.1:8008 and the connection would go over tor to the instance at the onion site.

I was hoping I could use nc to both listen and send that to the SOCKS port.
nc -l -k 33330 | nc -n -X 5 -x 127.0.0.1:9150 $site $port

Then in another terminal window I’d run my program and point it at http://127.0.0.1:33330. But the above nc line tells me ‘nc: connection failed, SOCKSv5 error: Connection refused.’

Reading online I saw a variation:

mkfifo pip
nc -l -k 33330 < pip | nc -n -X 5 -x 127.0.0.1:9150 $site $port > pip

And just in case those < > file redirection operators were backwards, I turned them around > <. Same problem.

Thanks in advance.

1 Like

Tor browser does not start an HTTP proxy by default, but you can add HTTPTunnelPort 127.0.0.1:9152 to the torrc file to enable it.
https://manpages.debian.org/experimental/tor/tor.1.en.html

HTTPTunnelPort [address :]port|auto [isolation flags]

Open this port to listen for proxy connections using the “HTTP CONNECT” protocol instead of SOCKS. Set this to 0 if you don’t want to allow “HTTP CONNECT” connections. Set the port to “auto” to have Tor pick a port for you. This directive can be specified multiple times to bind to multiple addresses/ports. If multiple entries of this option are present in your configuration file, Tor will perform stream isolation between listeners by default. See SocksPort for an explanation of isolation flags. (Default: 0)

2 Likes

Thank you @Protium_serratum, I tried this but it didn’t work. The other software was expecting an HTTP proxy versus HTTP CONNECT.

Thankfully tor reports this to the software attempting the connection, so I was able to figure out it wouldn’t work.

I’ve used nc’s SOCKS proxy option before, to GET myself short messages. So I know that works.

Maybe have a look at this piece of software: https://tinyproxy.github.io/

Or Privoxy if you are on windows [instructions], but should work on Linux too.

1 Like

Thank you @Protium_serratum for recommending HTTPTunnelPort.

For years I have used Polipo (deprecated) and currently Privoxy to provide an HTTP proxy pointing to Tor’s SOCKS5 port, and these worked well. Privoxy provides advanced filtering capabilities so I used that to create an additional whitelisting proxy server to keep an old Windows virtual machine in check.

I like the stream isolation advantage of HTTPTunnelPort, and I began testing HTTPTunnelPort with wget. I am using shell variables to only adjust the proxy for wget, but I noticed something unexpected.

HTTPTunnelPort appears to only work as an https_proxy…not as an http_proxy.

For example, this works as expected:
export https_proxy=“http://127.0.0.1:9100/” && wget (insert URL here)

For example, this does not work as expected:
export http_proxy=“http://127.0.0.1:9100/” && wget (insert URL here)

The version of wget I am using (1.21.2) does not support SOCKS5. I think that was a recent development.

I think the version of wget I am using either prefers an https_proxy, does not work with http_proxy, or HTTPTunnelPort provides https_proxy.

Hopefully these notes will help @abc in troubleshooting.

1 Like

Personally, I wouldn’t mess around with the Socks- and ControlPort of the TorBrowser tor binary, but would install tor for the OS.

Sure it works on Linux/UNIX :grinning: for over 20 years.
I’ve chained privoxy with tor to test (my) .onion sites in any browser.

1 Like

Thank you @atari I’ll look at those. But I’m mainly trying to figure out a routine for non-tech folks to use, so involving software that’s not part of a default OS install is going to be a challenge.

Maybe there’s a trustworthy crate which can go into arti to provide it with a more robust HTTP Proxy capability.