When it comes to penetration testing the first preference is online anonymity. Hackers use services such as VPN or TOR, comparatively tor offers more security and anonymity on the web and in addition it allow access to the dark web. I personally prefer tor over vpn.
Tor is configured in such a way that a combination of three relays or nodes. First one the entry guard – the server where user is allowed to communicate first with a 3 layer encryption. Second one middle relay – TOR’s internal server the data from first relay is sent to the exit relay, but the origin of traffic is unknown. Third one exit relay – the node that communicates with the target server thus this node is visible to outside world. This node keeps on changing periodically and its more secure.
Tor allows you to change the exit relay, which is very useful for a hacker while attacking a highly secured target. This reduces the risk of being busted.
NOTE: Automated script available TORGHOST
How it works
since tor is running as a service like simple proxy mechanism we can control the tor using telnet and command it through its control port. Telnet establish a connection to tor using terminal which allows you command it or simply controlling it. When a request to change the exit node is made the middle node automatically switches to a random exit node. Note that the minimum timeout is 10 seconds i.e. you can only request for new circuit every 10 seconds.
Edit torrc file
you have to enable control port and select authentication method. Control port supports two authentication method, hashed password authentication and cookie authentication. Here we are using hashed password method.
open the torrc file from terminal
In gedit find the “#ControlPort 9051” line and remove the # tag, this will enable the control port access. Also remove the # from “#HashedControlPassword…” In this line you can find a long hashed password “16:9CA54AA…” this is the default password in hash form. You have to replace this hash with your new password hash. we cannot use a raw password so hash it. open another terminal.
this will output the hash of your new password,now copy that and paste it on the torrc file, save and exit.
Kill all tor services
Open tor in a new terminal simple command “tor”. wait until it loads don’t close it so that you can monitor all logs in real-time so, keep it aside.
Requesting new circuit
Connected to 127.0.0.1.
Escape character is ‘^]’.
AUTHENTICATE “your new password”
If it returns the code 250, its working fine now you have access to the control port. Request for new circuit with the command “SIGNAL NEWNYM“.
New tor circuit will be loaded instantly. Change your IP like a boss 😉 Any question or doubts? post in the commend section below.