Openbsd, Tor, Privoxy and the browsers.

Privoxy, add a new friend to the battle.

So, we've got now three browsers using three differents socks port to access the Tor network, and the last of ours browsers building a special doble circuit in the tor network combining different countries (this is not bad at all). Remember, we were here .
But...the situation is so difficult...we've to protect us with more layers.

Let's introduce the layer 7 firewall Privoxy.

What is a layer 7 firewall? It's a firewall that work at the last layer of the ISO/OSI network stack, that in no technical user speaking is the URI, www.facebook.com, steemit.com/@npna ...

Matryoshka are sexis

.

We like Russia, and we like матрёшка.

In this case we're doing the exact thing, encapsulate layer after layer our information to protect it from the privacy cannibals.
Our dolls start from the navigator, go through privoxy and the will be routed to the Tor network.
Let install privoxy from the OpenBSD precompiled packages with a simple command:

$ doas pkg_add -U privoxy

It will install those files and binaries:

$ pkg_info -L privoxy
Information for inst:privoxy-3.0.26
Files:
/usr/local/bin/privoxy-log-parser.pl
/usr/local/bin/privoxy-regression-test.pl
/usr/local/bin/uagen.pl
/usr/local/bin/url-pattern-translator.pl
/usr/local/man/man1/privoxy.1
/usr/local/sbin/privoxy
/usr/local/share/doc/privoxy/AUTHORS
/usr/local/share/doc/privoxy/ChangeLog
/usr/local/share/doc/privoxy/LICENSE
/usr/local/share/doc/privoxy/README
/usr/local/share/examples/privoxy/config
/usr/local/share/examples/privoxy/default.action
/usr/local/share/examples/privoxy/default.filter
/usr/local/share/examples/privoxy/match-all.action
/usr/local/share/examples/privoxy/regression-tests.action
/usr/local/share/examples/privoxy/templates/blocked
/usr/local/share/examples/privoxy/templates/cgi-error-404
/usr/local/share/examples/privoxy/templates/cgi-error-bad-param
/usr/local/share/examples/privoxy/templates/cgi-error-disabled
/usr/local/share/examples/privoxy/templates/cgi-error-file
/usr/local/share/examples/privoxy/templates/cgi-error-file-read-only
/usr/local/share/examples/privoxy/templates/cgi-error-modified
/usr/local/share/examples/privoxy/templates/cgi-error-parse
/usr/local/share/examples/privoxy/templates/cgi-style.css
/usr/local/share/examples/privoxy/templates/client-tags
/usr/local/share/examples/privoxy/templates/connect-failed
/usr/local/share/examples/privoxy/templates/connection-timeout
/usr/local/share/examples/privoxy/templates/default
/usr/local/share/examples/privoxy/templates/edit-actions-add-url-form
/usr/local/share/examples/privoxy/templates/edit-actions-for-url
/usr/local/share/examples/privoxy/templates/edit-actions-for-url-filter
/usr/local/share/examples/privoxy/templates/edit-actions-list
/usr/local/share/examples/privoxy/templates/edit-actions-list-button
/usr/local/share/examples/privoxy/templates/edit-actions-list-section
/usr/local/share/examples/privoxy/templates/edit-actions-list-url
/usr/local/share/examples/privoxy/templates/edit-actions-remove-url-form
/usr/local/share/examples/privoxy/templates/edit-actions-url-form
/usr/local/share/examples/privoxy/templates/forwarding-failed
/usr/local/share/examples/privoxy/templates/mod-local-help
/usr/local/share/examples/privoxy/templates/mod-support-and-service
/usr/local/share/examples/privoxy/templates/mod-title
/usr/local/share/examples/privoxy/templates/mod-unstable-warning
/usr/local/share/examples/privoxy/templates/no-server-data
/usr/local/share/examples/privoxy/templates/no-such-domain
/usr/local/share/examples/privoxy/templates/show-request
/usr/local/share/examples/privoxy/templates/show-status
/usr/local/share/examples/privoxy/templates/show-status-file
/usr/local/share/examples/privoxy/templates/show-url-info
/usr/local/share/examples/privoxy/templates/show-version
/usr/local/share/examples/privoxy/templates/toggle
/usr/local/share/examples/privoxy/templates/toggle-mini
/usr/local/share/examples/privoxy/templates/untrusted
/usr/local/share/examples/privoxy/templates/url-info-osd.xml
/usr/local/share/examples/privoxy/user.action
/usr/local/share/examples/privoxy/user.filter
/etc/rc.d/privoxy

We've only a little problem respect to Tor with privoxy. To concatenate three privoxy ports to three Tor ports we've to launch three differents privoxy instances. But with OpenBSD and to his clearness this is very simple.
Let's go deep in the configuration:

• cd to the privoxy configuration directory:
  • $ cd /etc/privoxy
• copy default config file into three diferentes:
  • $ doas cp config firefox && doas cp config chrome && doas cp config torbrowser
• go to the OpenBSD rc.d directory:
  • $ cd /etc/rc.d
• copy the default privoxy init script in three diffents:
  • $ doas cp privoxy privoxyfirefox && doas cp privoxy privoxychrome && doas cp privoxy privoxytorbrowser

Ok all it's simple and without complications. Good, i love OpenBSD.
The privoxy main configuration file is full of options and you have to dedicate a couple of ours to understand all the voices, or to simply read it. For now we use this basic configuration (in ours next chapters probably we will do some changes to it). Let's see together the one that will be used in the firefox environment:

Ok simply change admin-addressand hostname with the yours.
Privoxy send in every configuration file the http proxy port to a distinct socks port.
To create the others two execute this command:

# sed s/privoxyfirefox/privoxychrome/g privoxyfirefox | sed s/9900/9901/g > privoxychrome
# sed s/privoxychrome/privoxytorbrowser/g privoxychrome | sed s/9901/9902/g > privoxytorbrowser    

Now create the missing logs files with:

$ doas touch /var/log/privoxy/privoxyfirefox.log
$ doas touch /var/log/privoxy/privoxychrome.log
$ doas touch /var/log/privoxy/privoxytorbrowser.log

And enable all the three at boot:

$ doas rcctl enable privoxyfirefox
$ doas rcctl set privoxyfirefox user _privoxy
$ doas rcctl set privoxyfirefox flags /etc/privoxy/firefox
$ doas rcctl enable privoxychrome
$ doas rcctl set privoxychrome user _privoxy
$ doas rcctl set privoxychrome flags /etc/privoxy/chrome
$ doas rcctl enable privoxytorbrowser
$ doas rcctl set privoxytorbrowser user _privoxy
$ doas rcctl set privoxytorbrowser flags /etc/privoxy/torbrowser

At last start the three daemons:

$ doas rcctl start privoxyfirefox
$ doas rcctl start privoxychrome
$ doas rcctl start privoxytorbrowser

Browsers configurations

Now we've got the correct setup of privoxy, but remember without any rule of layer 7 firewalling, that we will see in our next chapter.
We've to change the configuration of the three browsers to use privoxy and not directly the tor socks.

1. Firefox:
   
2. Chrome: simply change --proxy-server="socks5://127.0.0.1:9901"with -proxy-server="http://127.0.0.1:8801"
3. Torbrowser:
   

Preparing the chicken soup

Ok, the cooking is started, but one last little hackto disturb our favorites cannibals. Let's eliminate the HTTP header Refer:

# cat  >> /etc/privoxy/user.filter << EOF
{ +crunch-client-header{Referer:} }
/
EOF

And yes...for today is EOF

thank you and #changeNOW . please.