Module 1: BSWJ: TOR
Why use TOR?
Welcome to Breaking Stuff with Joe, where we review some of the most powerful cybersecurity tools available for use in Kali Linux. In this section, we will be discussing TOR, a freely available means of using the internet anonymously and accessing sites outside the “clear net”. TOR is extremely versatile, and has been used by government officials, hackers, and criminals alike. As a disclaimer: We do not advocate any illegal activity, and any TOR browsing should be done in a safe and controlled environment. You can learn more on this topic and countless others by creating an account on Cybrary, simply click the link at the top of this page.
Where does TOR come from?
Let’s start with some basic background: TOR was initially developed by the US government for the purpose of hiding and encrypting communications within the United States Intelligence Community. The United States Intelligence Community, known shorthand as the IC, comprises of 17 different intelligence organizations. This includes well-known intelligence organizations such as the Central Intelligence Agency (CIA) and the Intelligence Branch of the Federal Bureau of Investigation (FBI). Like many other crucial technologies, it was developed with government/military applications in mind and then applied towards private and illicit enterprises. Along with the fact that TOR was developed with backdoor monitoring capabilities for the government, this may surprise those who initially saw TOR as an anti-establishment means of bypassing surveillance.
How can we use TOR?
How can we use TOR on Kali Linux? First off, you do not want to use TOR in root-user mode. Kali Linux defaults to launching everything with root permissions as a matter of convenience. If a vulnerability is exploited in your TOR browser while using it with root permissions, your device can easily be compromised. In order to prevent this, create a new user without root permissions using this command in the terminal:
adduser --home /newuser newuser
Feel free to replace “newuser” with any username of your choice. Once you’ve created your non-root user, use these commands to install the browser, configure permissions, and launch:
apt install torbrowser-launcher
To configure permissions, allowing newuser to run the program:
To launch the web browser:
sudo –u newuser –H torbrowser-launcher
After some feedback messages in the terminal, the web browser should then launch and be ready to use. You can browse standard, “clear net” sites anonymously, or anonymously use standard sites to research and find .onion links that take you to the “dark net”. Be extremely careful when browsing .onion sites, as the “deep web” is full of illegal activity and unwanted intrusions outside the law. Just a few incautious clicks can easily put you at legal risk and ruin your life or career. Used wisely and with proper preparation, TOR can be a very valuable tool for anonymity and secure communications.
Teaching Assistant George Mcpherson and Vikramajeet Khatri
(Disclaimer: Breaking Stuff with Joe is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Joe' episode. However, you can still earn a certificate of completion for each episode completed.)