Differences

This shows you the differences between two versions of the page.

--- fuss:privoxy [2017/11/10 16:06]
office [Anonymity / Censoring Headers]
+++ fuss:privoxy [2017/11/10 16:14] (current)
office [Split Configuration for Clearnet and Multiple Deep-Web Services]
@@ Line 1: / Line 1: @@
+====== Enable Intercept Proxy Requests ======
+Add, the following to privoxy's configuration file:
+<code>
+accept-intercepted-requests 1
+</code>
+then, you can redirect traffic to ''privoxy'' using ''iptables'':
+<code bash>
+iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT 8118
+</code>
+====== Speed Tweaks ======
+''privoxy'' cannot be tweaked too much, a good idea is to not use its filtering system and go with either ''polipo'' or (if you must) ''dansguardian''. ''privoxy'''s filtering system, while very advanced, is also perceivably slow. Use ''privoxy'' for filtering only as a last resort - ''polipo'' performs faster when filtering a long list of domains.
+Thus, disable all filters:
+<code>
+## Privoxy is slow, disable filters.
+#actionsfile default.action   # Main actions file
+#filterfile default.filter
+#actionsfile user.action
+</code>
+====== Forwarding ======
+One of the best uses for ''privoxy'' is to use it as a proxy relay, for example:
+<code>
+## Forward everything that does not match to polipo
+## for content filtering and fast fetching of websites.
+forward /       127.0.0.1:8123
+## Browse the .onion network by sending any requests
+## to URLs that end in .onion to the tor proxy.
+forward-socks4a .onion  127.0.0.1:9050 .
+## Get around ISP censorship and redirect traffic to
+## censored websites through tor.
+forward-socks4a .thepiratebay.sx        127.0.0.1:9050 .
+## Fetching local websites (from a local apache server)
+## directly, without sending the request through either
+## polipo or tor - development websites should not be cached.
+forward mypage.com  .
+</code>
+====== Anonymity / Censoring Headers ======
+In the privoxy main configuration file ''/etc/privoxy/config'', enable the ''match-all.action'' file:
+<code>
+actionsfile match-all.action
+</code>
+Open the default actions file ''/etc/privoxy/match-all.action'' and amend it with:
+<code>
+{ \
++change-x-forwarded-for{block} \
++hide-from-header{block} \
++hide-referrer{conditional-block} \
++hide-accept-language{en-us} \
++hide-if-modified-since{-60} \
++overwrite-last-modified{randomize} \
++crunch-if-none-match \
++session-cookies-only \
++fast-redirects{check-decoded-url} \
++hide-user-agent{Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.2 Safari/537.36} \
+}
+/ # Match all URLs
+</code>
+For a list of user-agent strings, you can try the  [[http://browscap.org|browsercap.org ini files for list of user agents]]. If you are a google.com user, it is generally a good idea to pick a Chrome user-agent string. This is because some services on the Internet adapt their websites according to the user-agent string, ie: a BSD/X11 user-agent string will make google.com look as it was 10-20 years ago, with some features disabled.
+//Do not pick a user-agent string of a browser that has less capabilities than the sites you browse.//
+====== Redirect Google Search to Bing Search ======
+First enable the user-filter by editing ''/etc/privoxy/config'':
+<code>
+actionsfile user.action
+</code>
+Then edit ''/etc/privoxy/user.action'' to add the following lines:
+<code>
+# Redirect Google Search to Bing Search
+{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/search?q=$1@}}
+www.google.*/search
+# Redirect Google Image Search to Bing Image Search
+{+redirect{s@^http://[^/]*/.*?[&,\?]q=([^&]*).*@http://www.bing.com/images/search?q=$1@}}
+images.google.*/search
+</code>
+The regex ''[^/]*/.*?[&,\?]q=([^&]*).*'' extracts the query parameter from the google search URL, stores the group and forwards the query to bing.com.
+Another option is:
+<code>
+# Redirect Google to Bing (URL)
+{+redirect{http://www.bing.com}}
+www.google.*
+</code>
+====== Split Configuration for Clearnet and Multiple Deep-Web Services ======
+In order to configure privoxy to allow you to browse both clearnet and the deep web, the following configuration should do the trick:
+<code>
+forward-socks4a    /       torclear.int:9030    .
+forward-socks4a    .onion  toronion.int:9030    .
+forward-socks4a    .i2p    i2p.int:8456         .
+</code>
+  * the first line forwards everything through a tor proxy with the hostname ''torclear.int'' on the port ''9030''
+  * the second line forwards requests for ''.onion'' addresses to a tor proxy with the hostname ''toronion.int'' on the port ''9030''
+  * the third line forwards requests for ''.i2p'' addresses to an i2p tunnel with the hostname ''i2p.int'' on the port ''8456''
+It is also possible to change the configuration in order to use the same tor instance for both clearnet and ''.onion'' addresses such that ''torclear.int'' and ''toronion.int'' could be the same server instead of being split.
+====== Testing ======
+Given the configuration from the previous section; to reiterate:
+<code>
+forward-socks4a    /       torclear.int:9030    .
+forward-socks4a    .onion  toronion.int:9030    .
+forward-socks4a    .i2p    i2p.int:8456         .
+</code>
+the following must be verified:
+  * Browsing clearnet should go through the ''torclear.int'' forward proxy. To determine your connecting tor IP address you can use a service such as [[https://wiht.co/wm-ua|with.co]]. The IP address should be a tor outproxy IP address.
+  * All darknet links should go through the ''toronion.int'' forward proxy - you could check the tor logs on the ''toronion.int'' machine and verify that links to ''.onion'' websites are always requested from that machine.
+  * All links to the i2p darknet should go through the ''i2p.int'' forward proxy. To verify, check the i2p web interface and look for the access logs.
+With this configuration in place, no websites should be accessed directly but only via the configured upstream proxies.