Enable Intercept Proxy Requests

Add, the following to privoxy's configuration file:

accept-intercepted-requests 1

then, you can redirect traffic to privoxy using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT 8118

Speed Tweaks

privoxy cannot be tweaked too much, a good idea is to not use its filtering system and go with either polipo or (if you must) dansguardian. privoxy's filtering system, while very advanced, is also perceivably slow. Use privoxy for filtering only as a last resort - polipo performs faster when filtering a long list of domains.

Thus, disable all filters:

## Privoxy is slow, disable filters.
#actionsfile default.action   # Main actions file
#filterfile default.filter
#actionsfile user.action

Forwarding

One of the best uses for privoxy is to use it as a proxy relay, for example:

## Forward everything that does not match to polipo
## for content filtering and fast fetching of websites.
forward /       127.0.0.1:8123

## Browse the .onion network by sending any requests 
## to URLs that end in .onion to the tor proxy.
forward-socks4a .onion  127.0.0.1:9050 .

## Get around ISP censorship and redirect traffic to 
## censored websites through tor. 
forward-socks4a .thepiratebay.sx        127.0.0.1:9050 .

## Fetching local websites (from a local apache server) 
## directly, without sending the request through either
## polipo or tor - development websites should not be cached.
forward mypage.com  .

Anonymity / Censoring Headers

In the privoxy main configuration file /etc/privoxy/config, enable the match-all.action file:

actionsfile match-all.action

Open the default actions file /etc/privoxy/match-all.action and amend it with:

{ \
+change-x-forwarded-for{block} \
+hide-from-header{block} \
+hide-referrer{conditional-block} \
+hide-accept-language{en-us} \
+hide-if-modified-since{-60} \
+overwrite-last-modified{randomize} \
+crunch-if-none-match \
+session-cookies-only \
+fast-redirects{check-decoded-url} \
+hide-user-agent{Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36} \
}
/ # Match all URLs

For a list of user-agent strings, you can try the browsercap.org ini files for list of user agents. If you are a google.com user, it is generally a good idea to pick a Chrome user-agent string. This is because some services on the Internet adapt their websites according to the user-agent string, ie: a BSD/X11 user-agent string will make google.com look as it was 10-20 years ago, with some features disabled.

Do not pick a user-agent string of a browser that has less capabilities than the sites you browse.

Redirect Google Search to Bing Search

First enable the user-filter by editing /etc/privoxy/config:

actionsfile user.action

Then edit /etc/privoxy/user.action to add the following lines:

# Redirect Google Search to Bing Search
{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/search?q=$1@}}
www.google.*/search

# Redirect Google Image Search to Bing Image Search
{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/images/search?q=$1@}}
images.google.*/search

The regex [^/]*/.*?[&,\?]q=([^&]*).* extracts the query parameter from the google search URL, stores the group and forwards the query to bing.com.

Another option is:

# Redirect Google to Bing (URL)
{+redirect{http://www.bing.com}}                   
www.google.*

Split Configuration for Clearnet and Multiple Deep-Web Services

In order to configure privoxy to allow you to browse both clearnet and the deep web, the following configuration should do the trick:

forward-socks4a    /       torclear.int:9030    .
forward-socks4a    .onion  toronion.int:9030    .
forward-socks4a    .i2p    i2p.int:8456         .
  • the first line forwards everything through a tor proxy with the hostname torclear.int on the port 9030
  • the second line forwards requests for .onion addresses to a tor proxy with the hostname toronion.int on the port 9030
  • the third line forwards requests for .i2p addresses to an i2p tunnel with the hostname i2p.int on the port 8456

It is also possible to change the configuration in order to use the same tor instance for both clearnet and .onion addresses such that torclear.int and toronion.int could be the same server instead of being split.

Testing

Given the configuration from the previous section; to reiterate:

forward-socks4a    /       torclear.int:9030    .
forward-socks4a    .onion  toronion.int:9030    .
forward-socks4a    .i2p    i2p.int:8456         .

the following must be verified:

  • Browsing clearnet should go through the torclear.int forward proxy. To determine your connecting tor IP address you can use a service such as with.co. The IP address should be a tor outproxy IP address.
  • All darknet links should go through the toronion.int forward proxy - you could check the tor logs on the toronion.int machine and verify that links to .onion websites are always requested from that machine.
  • All links to the i2p darknet should go through the i2p.int forward proxy. To verify, check the i2p web interface and look for the access logs.

With this configuration in place, no websites should be accessed directly but only via the configured upstream proxies.


fuss/privoxy.txt ยท Last modified: 2017/11/10 16:14 by Wizardry and Steamworks

Access website using Tor


For the copyright, license, warranty and privacy terms for the usage of this website please see the license and privacy pages.