Merging KALI LINUX WITH TAILS : Improving Kali Linux system for Anonymity

Merging KALI LINUX WITH TAILS : Improving Kali Linux system for Anonymity ( TOR, RAM wipe,secure-delete, and LUKS+NUKE)

 

Hello everyone. This post is gonna be the result of a lot of work on different ways to improve your security while hacking.
Let's go ! If you wanna direct instructions, skip the next part. If you want a better in depth understanting, read the whole article

0 - Our goal

- Make Kali Linux get similars features to Tails
- Setup an encrypted LUKS partition with a NUKE feature

What is TAILS ?

https://tails.boum.org/

TAILS, also well known as the OS Edward Snowden used when he leaked NSA documents, is a TOR based secured linux.
This OS offers three major features (and is based on Debian) :
- Only runs in RAM so it leaves no traces on the hard drive, no swap is used, and RAM is WIPED at halt
- Routes all outgoing/incoming connection through TOR and uses OpenDNS
- Persistence only if asked at boot, Sudo ability only if asked at boot

Why don't we simply use TAILS and import Kali's tools in it ?

Believe me, I tried... I was starting on the idea of thoses two articles (yeah i like this guy) :
http://leaksource.info/2014/08/09/hack-back-a-diy-guide-for-those-without-the-patience-to-wait-for-whistleblowers/
http://leaksource.info/2014/11/09/recommendations-for-the-hacktivist-community/

I wanted to configure an Encrypted persistence, and get source/binaries from some most used hacking tool but
1) It's a pen in the ass
2) TAILS is damn slow
3) DNS !!! DNS in tails is made in a weird which uses tor and OpenDNS to make dns queries, and each time i tried to run a tool, i got a "Cound't resolve hostname".

I tried diggin, got discouraged, and forsake it.



So how will we get TAILS features in Kali ?
- Running in RAM only -> use Kali linux LIVE  Forensic's mode
- Leave no trace on the computer we use nor in the USB Key we use -> Kali linux forensic mode and a few script to wipe RAM, and securely delete all traces (
- Use a script to route everything through tor

What is LUKS and NUKE ?
- LUKS is linux standard for encryption
https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup
It provides a main password, which is then encrypted, and is used to re-encrypt a master-key, which encrypt your datas
- NUKE is a feature added, which allows you to setup an "autodestruction" passphrase : When you enter it, the masterkey is overwritten, makin decryption impossible. Just like if you wanted to crack a hashed password, but the hash would have been overwritten.




1 - Introduction to Paranoïa : Why "rm" and "halt are not enough

Do you know Cold Boot attacks ?
https://en.wikipedia.org/wiki/Cold_boot_attack

To make it simple : Even if your Hard Drive is encrypted, your system doesn't encrypt the RAM. Moreover, the RAM is a bit persistent : Once you halted your system, bits/bytes (which basically are only electrons flow) can persist in their state for around 5 minutes (though the information suffers from degradation)
The attack cools down the computer/RAM and boot it in a special way, not to overwrite RAM, to keep it state and save it.
In this way, an attacker/Law Enforcement can get sensitive data from your computer, which may compromise you

Is it realistic ? No. We haven't yet seen Law Enforcement/SWAT/Special Agents break into places with some liquid nitrogen or things like that.
BUT this is not reason to say, it can't happen

What will we do to prevent it ? Wipe the ram at shutdown. Overwrite the memory with Zeros, Random datas; Special datas; etc...


Why we dont want it to happen ? Maybe it'll leak some proofs of what illegal hack you were doing, maybe it'll leak a part of your LUKS encryption key ?

We'll use the same idea when deleting our files :
The simple "rm" only tells the system that the space allocated to the file is now available. The datas are still here, but not visible, it stays somewhere in the hard drive.

But, aren't we running already in RAM ? What's the point in wiping datas ?
We'll make sure that no traces will stay in RAM nor upon the USB stick - the idea stays the same : even if there's no persistences, the USB stick is used to run the system, so it WILL  leave traces. Just WIPE EVERYTHING.

Moreover, this will let us wipe potentially sensitive data from our LUKS encrypted partition (but it is encrypted no ? Yes, but be paranoiac)

Oh and obviously, boot in live USB using KALI FORENSIC MODE



2 - The tools we'll use : secure-delete and cryptsetup

Secure-delete :
This package contains lot of useful utilities that allows a secure removal of files, folders, ram and swap.
Tools we'll use in this package : srm ; sdmem
They work on the same principle, overwrite with zeros, overwrite with random and special datas.
Advantage over 'shred' : srm is recursive, not shred 

Cryptsetup :
Standard utility for setting up LUKS encrypted partitions

Tor :
Seems obvious. If you're new to this -> https://www.torproject.org 


3 - Setting up the USB stick

a) Global Idea :
The USB Key will have three partitions :
Partition 1) Kali System
Partition 2) LUKS encrypted
Partition 3) A little non encrypted space

Cryptsetup and secure-delete packages aren't included by default in Kali's installation. We want to install them when we boot up, without the need to apt-get each time. So, we need a space to store the Debian Packages, and our setup scripts, that's why we need a little non encrypted space (partition 3)

b) Partitioning : 
Just run GPARTED and make sure there's three partitions.
- Let the first partition alone (Kali system)
- Set one great partition (2nd one) large enough
- Set the last one so we'll store packages and scripts there, a few Mb are enough (50 ~)

c) Downloading cryptsetup, tor and secure delete packages :
https://packages.debian.org/fr/squeeze/cryptsetup
https://packages.debian.org/sid/utils/secure-delete
https://packages.debian.org/squeeze/tor

Move them to your little unencrypted partition

Installing them :
dpkg -i [package name]

SCRIPT THAT !!
 

d) Setting up LUKS on partition 2
Check this blog :
http://martiensk.blogspot.fr

Here's the succession of commands, for more details check the above link :
(I copied/pasted the commands and some text, thanks for your cool write up man)

Set up the partition and password
cryptsetup --verbose --verify-passphrase -h sha512 luksFormat /dev/sdXX
(note the -h sha512 for more security) (type twice your password, honestly, make it long, hard, complicated....)

Cryptsetup mount it :
 cryptsetup luksOpen /dev/sdbXX my_usb  
To double check that it is indeed mounted, run ls /dev/mapper | grep usb if your teminal returns my_usb, the container is successfully mounted. 

Format and label it :
mkfs.ext4 -L persistence /dev/mapper/my_usb 
e2label /dev/mapper/my_usb persistence 


Mount it (for real this time ;) ):
mkdir -p /mnt/my_usb 
mount /dev/mapper/my_usb /mnt/my_usb

Umount it once done and close it : 
umount /dev/mapper/my_usb   
cryptsetup luksClose /dev/mapper/my_usb   

Set up NUKE feature :
cryptsetup luksAddNuke /dev/sdXX

You might want to set up a Backup to reverse the nuke ; but i don't want.



(Oh and By The Way, type LUKS in google image, you should also find a sexy  model)

Oh and i'll save you the time to type it on your keyboard : 





 4 - Automatic secure-delete and secure RAM wipe on halt

Before I begin, I'd introduce a little thing : 
I made my researches to make Kali Looks like TAILS. TAILS actually do not use "secure-delete (sdmem)" as way to wipe RAM, as they found a really minor flaw. They actually use kexec to boot into a "memtest86" iso that was patched to run on test and rewrite RAM securely.

https://tails.boum.org/blueprint/more_efficient_memory_wipe/memtest86plus/

Though I tried to patch memtest86's sources and kexec it, I failed multiple times, if you wanna try all is described above.

That's why i'll only use secure-delete's sdmem

a) Our goal :
Execute some instructions on halt : 
1) Wipe all RAM using sdmem
2) Delete root directory, and some /usr/share and /etc directories, to make sure no traces of the execution of our tools is left.

b) How to do it ?
Here's a simple explanation, if you want more infos, search for '/etc/init.d', '/etc/rc0.d', 'update-rc' and Linux runlevels

If you look closely when you halt your computer you'll see linux executing some commands, stopping services etc... These instructions are execute from scripts presents in '/etc/init.d/', and are symlinked to '/etc/rcXX'.

The 'XX' means one of the 6 rc directories (rc0.d rc1.d rc2.d...) which all are linked to a linux run level : example rc0.d is for halt, rc6.d is reboot...

In order to execute a script at halt, you have to put your script in /etc/init.d/, then symlink it to the right rcXX.d directory (or use update-rc)





The order of execution is Alphabetical dependent. But we don't want to follow an alphabetical order, we want to execute the RAM and file wipe just before the system cuts the power.

We don't have to write a brand new script, we can just modify the halt script locate in /etc/init.d/halt and symlinked to /etc/rc0.d/K13halt
(K13 is the last to execute).
Or better, we can just remove the /etc/init.d/ halt script, replace it with ours, and chmod it 755

That's what we'll do, and here's my halt script, maybe you'll modify it, it was originally designed to be an emergency script, so it lessens the WIPE security for more (much more) speed :

#! /bin/sh
### BEGIN INIT INFO
# Provides:          halt
# Required-Start:
# Required-Stop:
# Default-Start:
# Default-Stop:      0
# Short-Description: Execute the halt command.
# Description:
### END INIT INFO

NETDOWN=yes

PATH=/sbin:/usr/sbin:/bin:/usr/bin
[ -f /etc/default/halt ] && . /etc/default/halt

. /lib/lsb/init-functions

do_stop () {
    if [ "$INIT_HALT" = "" ]
    then
        case "$HALT" in
          [Pp]*)
            INIT_HALT=POWEROFF
            ;;
          [Hh]*)
            INIT_HALT=HALT
            ;;
          *)
            INIT_HALT=POWEROFF
            ;;
        esac
    fi

    # See if we need to cut the power.
    if [ "$INIT_HALT" = "POWEROFF" ] && [ -x /etc/init.d/ups-monitor ]
    then
        /etc/init.d/ups-monitor poweroff
    fi

    # Don't shut down drives if we're using RAID.
    hddown="-h"
    if grep -qs '^md.*active' /proc/mdstat
    then
        hddown=""
    fi

    # If INIT_HALT=HALT don't poweroff.
    poweroff="-p"
    if [ "$INIT_HALT" = "HALT" ]
    then
        poweroff=""
    fi

    # Make it possible to not shut down network interfaces,
    # needed to use wake-on-lan
    netdown="-i"
    if [ "$NETDOWN" = "no" ]; then
        netdown=""
    fi
   
    log_action_msg "Wipping RAM"
        sdmem -fllv

    srm -llrvz /root /usr/share/apache2 /usr/share/armitage /usr/share/arp-scan /usr/share/arpwatch /usr/share/beef-xss /usr/share/dirbuster /usr/share/dns* /usr/share/dsniff /usr/share/fierce /usr/share/gcc /usr/share/gdb /usr/share/hashcat* /usr/share/hydra /usr/share/iceweaselisr-evilgrade /usr/share/java* /usr/share/joomscan /usr/share/macchanger /usr/share/metasploit-framework /usr/share/mozilla /usr/share/mysql /usr/share/nano /usr/share/ncap* /usr/share/ncat-w32 /usr/share/nikto /usr/share/ollydbg /usr/share/openvas /usr/share/openvpn /usr/share/p0f /usr/share/perl* /usr/share/php5 /usr/share/postgresql /usr/share/postgresql-common /usr/share/power* /usr/share/python* /usr/share/samba /usr/share/sqlmap /usr/share/ssl* /usr/share/w3m /usr/share/w3af /usr/share/vlc /etc

    log_action_msg "Will now halt"
    halt -d -f $netdown $poweroff $hddown
}

case "$1" in
  start)
    # No-op
    ;;
  restart|reload|force-reload)
    echo "Error: argument '$1' not supported" >&2
    exit 3
    ;;
  stop)
    do_stop
    ;;
  *)
    echo "Usage: $0 start|stop" >&2
    exit 3
    ;;
esac

:
 
Notice the "srm" and all the directories listed. Modify it according to your needs, and to what tools you use most
Also modify the srm and sdmem options to give more security.

Commands to copy it :
rm /etc/init.d/halt
cp myhaltscript /etc/init.d/halt
chmod 755 /etc/init.d/halt


Let's recap this with a little script :

echo "Installing Cryptsetup and SD-tools"
dpkg -i cryptsetup_1.1.3-4squeeze2_i386.deb
dpkg -i secure-delete_3.1-6_i386.deb

echo "Removing original /etc/init.d/K13halt"
rm /etc/init.d/halt
echo "Copying improved halt"
cp K13halt_emergency2 /etc/init.d/halt
chmod 755 /etc/init.d/halt



 5 - Routing ALL traffic through TOR

Seems like we've secured our local system. What should we now ? Route everything through TOR, and use some proxies/VPN for a bit higher security

Lots of tutorials are on the web on "how to use nmap through TOR" or any other tool, using privoxy. Here i'm showing you a better way, to be sure to route EVERYTHING through tor, and avoid DNS leaks.

The script below is taken from Parrot OS scripts. Parrot os is another nice security focused distro.
Source : https://github.com/EclipseSpark/anonsurf/blob/master/anonsurf.sh

This script is a modification of the original Backbox anonymous script :
https://github.com/raffaele-forte/backbox-anonymous

#!/bin/bash

### BEGIN INIT INFO
# Provides:          anonsurf
# Required-Start:
# Required-Stop:
# Should-Start:
# Default-Start:
# Default-Stop:
# Short-Description: Transparent Proxy through TOR.
### END INIT INFO

# AnonSurf is inspired by the homonimous module of PenMode, developed by the "Pirates' Crew" in
# order to make it fully compatible with
# Parrot  OS and other debian-based systems, and it is part of
# parrot-anon package.
#
#
# Devs:
# Lorenzo 'EclipseSpark' Faletra <eclipse@frozenbox.org>
# Lisetta 'Sheireen' Ferrero <sheireen@frozenbox.org>
# Francesco 'mibofra'/'Eli Aran'/'SimpleSmibs' Bonanno <mibofra@ircforce.tk> <mibofra@frozenbox.org>
#
#
# anonsurf is free software: you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# You can get a copy of the license at www.gnu.org/licenses
#
# anonsurf is distributed in the hope that it will be
# useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Parrot Security OS. If not, see <http://www.gnu.org/licenses/>.


export BLUE='\033[1;94m'
export GREEN='\033[1;92m'
export RED='\033[1;91m'
export RESETCOLOR='\033[1;00m'

# Destinations you don't want routed through Tor
TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"

# The UID Tor runs as
# change it if, starting tor, the command 'ps -e | grep tor' returns a different UID
TOR_UID="debian-tor"

# Tor's TransPort
TOR_PORT="9040"


function notify {
 if [ -e /usr/bin/notify-send ]; then
  /usr/bin/notify-send "AnonSurf" "$1"
 fi
}

export notify


function init {
 echo -e -n " $GREEN*$BLUE killing dangerous applications"
 killall -q chrome dropbox iceweasel skype icedove thunderbird firefox chromium xchat transmission
 notify "dangerous applications killed"
 
 echo -e -n " $GREEN*$BLUE cleaning some dangerous cache elements"
 bleachbit -c adobe_reader.cache chromium.cache chromium.current_session chromium.history elinks.history emesene.cache epiphany.cache firefox.url_history flash.cache flash.cookies google_chrome.cache google_chrome.history  links2.history opera.cache opera.search_history opera.url_history &> /dev/null
 notify "cache cleaned"
}




function starti2p {
 echo -e -n " $GREEN*$BLUE starting I2P services"
 service tor stop
 cp /etc/resolv.conf /etc/resolv.conf.bak
 touch /etc/resolv.conf
 echo -e 'nameserver 127.0.0.1\nnameserver 199.175.54.136\nnameserver 23.94.123.134' > /etc/resolv.conf
 echo -e " $GREEN*$BLUE Modified resolv.conf to use localhost and FrozenDNS"
 sudo -u i2psvc i2prouter start
 iceweasel http://127.0.0.1:7657/home &
 notify "I2P daemon started"
}

function stopi2p {
 echo -e -n " $GREEN*$BLUE stopping I2P services"
 sudo -u i2psvc i2prouter stop
 if [ -e /etc/resolv.conf.bak ]; then
  rm /etc/resolv.conf
  cp /etc/resolv.conf.bak /etc/resolv.conf
 fi
 notify "I2P daemon stopped"
}



function ip {

 echo -e "\nMy ip is:\n"
 sleep 1
 wget -qO- http://frozenbox.org/ip
 echo -e "\n\n----------------------------------------------------------------------"
}

function iceweasel_tor {
 directory="/dev/shm/.mozilla/firefox/profile/a6mpn2rf.default"
 profile="profile_for_tor.tar.gz"

 if [ -d "$directory" ] ; then
  echo -e "\n[$CYAN nfo$RESETCOLOR ]$GREEN Please wait ...$RESETCOLOR\n"
  notify "Please wait ..."
  sleep 0.7
  echo -e "\n[$CYAN nfo$RESETCOLOR ]$GREEN The profile was loaded in the ram.$RESETCOLOR\n"
  notify "The profile was loaded in the ram."
  sleep 0.4
  killall -q iceweasel firefox
  iceweasel -profile /dev/shm/.mozilla/firefox/profile/a6mpn2rf.default &
  exit
 else
  echo -e "\n[$CYAN nfo$RESETCOLOR ]$GREEN Please wait ...$RESETCOLOR\n"
  notify "Please wait ..."
  sleep 0.3
  cd /opt/anonsurf/
  cp $profile /dev/shm/ #> /dev/null
  sleep 0.3
  cd /dev/shm/
  tar xzvf $profile #> /dev/null
  sleep 0.3
  echo -e "\n[$CYAN nfo$RESETCOLOR ]$GREEN The profile was loaded in the ram.$RESETCOLOR\n"
  notify "Starting browser in RAM-only mode"
  sleep 0.4
  killall -q iceweasel firefox
  iceweasel -profile /dev/shm/.mozilla/firefox/profile/a6mpn2rf.default &
  exit
 fi
}






function start {
 # Make sure only root can run this script
 if [ $(id -u) -ne 0 ]; then
  echo -e -e "\n$GREEN[$RED!$GREEN] $RED R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  exit 1
 fi
 
 # Check defaults for Tor
 grep -q -x 'RUN_DAEMON="yes"' /etc/default/tor
 if [ $? -ne 0 ]; then
  echo -e "\n$GREEN[$RED!$GREEN]$RED Please add the following to your /etc/default/tor and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'RUN_DAEMON="yes"'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
  exit 1
 fi 
 
 # Check torrc config file
 grep -q -x 'VirtualAddrNetwork 10.192.0.0/10' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
 exit 1
 fi
 grep -q -x 'AutomapHostsOnResolve 1' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
  exit 1
 fi
 grep -q -x 'TransPort 9040' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
 exit 1
 fi
 grep -q -x 'SocksPort 9050' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
 #exit 1
 fi
 grep -q -x 'DNSPort 53' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
  exit 1
 fi
 grep -q -x 'RunAsDaemon 1' /etc/tor/torrc
 if [ $? -ne 0 ]; then
  echo -e "\n$RED[!] Please add the following to your /etc/tor/torrc and restart service:$RESETCOLOR\n" >&2
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR"
  echo -e 'VirtualAddrNetwork 10.192.0.0/10'
  echo -e 'AutomapHostsOnResolve 1'
  echo -e 'TransPort 9040'
  echo -e 'SocksPort 9050'
  echo -e 'DNSPort 53'
  echo -e 'RunAsDaemon 1'
  echo -e "$BLUE#----------------------------------------------------------------------#$RESETCOLOR\n"
  #exit 1
 fi
 
 echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Starting anonymous mode:$RESETCOLOR\n"
 
 if [ ! -e /var/run/tor/tor.pid ]; then
  echo -e " $RED*$BLUE Tor is not running! $GREEN starting it $BLUE for you\n" >&2
  echo -e -n " $GREEN*$BLUE Service " 
  service resolvconf stop
  service dnsmasq stop
  service nscd stop
  sleep 4
  service tor start
  sleep 6
 fi
 if ! [ -f /etc/network/iptables.rules ]; then
  iptables-save > /etc/network/iptables.rules
  echo -e " $GREEN*$BLUE Saved iptables rules"
 fi
 
 iptables -F
 iptables -t nat -F
 
 cp /etc/resolv.conf /etc/resolv.conf.bak
 touch /etc/resolv.conf
 echo -e 'nameserver 127.0.0.1\nnameserver 199.175.54.136\nnameserver 23.94.123.134' > /etc/resolv.conf
 echo -e " $GREEN*$BLUE Modified resolv.conf to use Tor and FrozenDNS"

 # set iptables nat
 iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
 iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53
 iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 53
 iptables -t nat -A OUTPUT -p udp -m owner --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 53
 
 #resolve .onion domains mapping 10.192.0.0/10 address space
 iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
 iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040
 
 #exclude local addresses
 for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/10; do
  iptables -t nat -A OUTPUT -d $NET -j RETURN
 done
 
 #redirect all other output through TOR
 iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TOR_PORT
 iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-ports $TOR_PORT
 iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-ports $TOR_PORT
 
 #accept already established connections
 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 #exclude local addresses
 for NET in $TOR_EXCLUDE 127.0.0.0/8; do
  iptables -A OUTPUT -d $NET -j ACCEPT
 done
 
 #allow only tor output
 iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
 iptables -A OUTPUT -j REJECT

 echo -e "$GREEN *$BLUE All traffic was redirected throught Tor\n"
 echo -e "$GREEN[$BLUE i$GREEN ]$BLUE You are under AnonSurf tunnel$RESETCOLOR\n"
 notify "Global Anonymous Proxy Activated"
 sleep 4
}





function stop {
 # Make sure only root can run our script
 if [ $(id -u) -ne 0 ]; then
  echo -e "\n$GREEN[$RED!$GREEN] $RED R U DRUNK?? This script must be run as root$RESETCOLOR\n" >&2
  exit 1
 fi
 echo -e "\n$GREEN[$BLUE i$GREEN ]$BLUE Stopping anonymous mode:$RESETCOLOR\n"

 iptables -F
 iptables -t nat -F
 echo -e " $GREEN*$BLUE Deleted all iptables rules"
 
 if [ -f /etc/network/iptables.rules ]; then
  iptables-restore < /etc/network/iptables.rules
  rm /etc/network/iptables.rules
  echo -e " $GREEN*$BLUE Iptables rules restored"
 fi
 echo -e -n " $GREEN*$BLUE Service "
 if [ -e /etc/resolv.conf.bak ]; then
  rm /etc/resolv.conf
  cp /etc/resolv.conf.bak /etc/resolv.conf
 fi
 service tor stop
 sleep 4
 service resolvconf start
 service nscd start
 service dnsmasq start
 sleep 1
 
 echo -e " $GREEN*$BLUE Anonymous mode stopped\n"
 notify "Global Anonymous Proxy Stopped"
 sleep 4
}

function change {
 service tor reload
 sleep 4
 echo -e " $GREEN*$BLUE Tor daemon reloaded and forced to change nodes\n"
 notify "Identity changed"
 sleep 1
}

function status {
 service tor status
}

case "$1" in
 start)
  init
  start
 ;;
 stop)
  init
  stop
 ;;
 change)
  change
 ;;
 status)
  status
 ;;
 myip)
  ip
 ;;
 iceweasel_tor)
  iceweasel_tor
 ;;
 starti2p)
  starti2p
 ;;
 stopi2p)
  stopi2p
 ;;
 restart)
  $0 stop
  sleep 1
  $0 start
 ;;
   *)
echo -e "
Parrot AnonSurf Module (v 1.3.1)
 Usage:
 $RED┌──[$GREEN$USER$YELLOW@$BLUE`hostname`$RED]─[$GREEN$PWD$RED]
 $RED└──╼ \$$GREEN"" anonsurf $RED{$GREEN""start$RED|$GREEN""stop$RED|$GREEN""restart$RED|$GREEN""change$RED""$RED|$GREEN""status$RED""}
 
 $RED start$BLUE -$GREEN Start system-wide anonymous
    tunneling under TOR proxy through iptables   
 $RED stop$BLUE -$GREEN Reset original iptables settings
    and return to clear navigation
 $RED restart$BLUE -$GREEN Combines \"stop\" and \"start\" options
 $RED change$BLUE -$GREEN Changes identity restarting TOR
 $RED status$BLUE -$GREEN Check if AnonSurf is working properly
 ----[ I2P related features ]----
 $RED starti2p$BLUE -$GREEN Start i2p services
 $RED stopi2p$BLUE -$GREEN Stop i2p services
 
$RESETCOLOR" >&2
exit 1
;;
esac

echo -e $RESETCOLOR
exit 0

Just start it with ./parrotscript start (or stop or restart or status...)

BUT remember : tor is funded (80%) by US government... (and vpn collaborate too...)

 

6 - Conclusion

Goals reached ?
- System running in RAM only
- RAM wiped at halt
- Files securely deleted
- LUKS encryption and NUKE feature
- All traffic through tor

Script it !  
And don't forget to macchange





 










2 commentaires:

  1. Nice try, but lots of missing info and broken links...

    RépondreSupprimer
  2. As I have no Linux knowledge but would like to use this system as described I like to know if someone has a completeted version.

    RépondreSupprimer