09-09-2020, 04:12 PM
So in light of recent events I thought I'd show you a quick way to setup a Tor MiTM Relay, this was done on Debian Buster (10.5)
Let's install Tor (You can get the latest packages by adding the Tor repo to your /apt/sources.list
When those packages have finished installing Tor will automatically start running so let's stop that
Now remove the default Tor config
Now create a new torrc file and paste the following
Remember to change the HASHED CONTROL PASSWORD with the following and the Nickname with whatever you want
Now we are ready to run Tor if you have kept your torrc file under /etc/tor/torrc this will be the default config now run the following (not as root!)
Wait until Tor finishes connecting and open a new root terminal now it's time to install ettercap (You could probably use another tool if you wanted)
Now our relay is up and running so how do we start sniffing the traffic ? with one simple command
This is now a Tor relay which is sniffing all the traffic going through it, you could probably add a filter to modify traffic on the fly. (Currently trying to get this working with a regex, if anyone has any ideas about this then send me a PM I've already got the filter ready just needs a little tweaking) The filter for replacing text is below adding something like this (^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$) to the script below would allow you to replace any Bitcoin address as yours (In theory)
Let's install Tor (You can get the latest packages by adding the Tor repo to your /apt/sources.list
Hidden Content
When those packages have finished installing Tor will automatically start running so let's stop that
Hidden Content
Now remove the default Tor config
Hidden Content
Now create a new torrc file and paste the following
Hidden Content
Hidden Content
Remember to change the HASHED CONTROL PASSWORD with the following and the Nickname with whatever you want
Hidden Content
Now we are ready to run Tor if you have kept your torrc file under /etc/tor/torrc this will be the default config now run the following (not as root!)
Hidden Content
Wait until Tor finishes connecting and open a new root terminal now it's time to install ettercap (You could probably use another tool if you wanted)
Hidden Content
Now our relay is up and running so how do we start sniffing the traffic ? with one simple command
Hidden Content
This is now a Tor relay which is sniffing all the traffic going through it, you could probably add a filter to modify traffic on the fly. (Currently trying to get this working with a regex, if anyone has any ideas about this then send me a PM I've already got the filter ready just needs a little tweaking) The filter for replacing text is below adding something like this (^[13][a-km-zA-HJ-NP-Z1-9]{25,34}$) to the script below would allow you to replace any Bitcoin address as yours (In theory)
Hidden Content