Last week I received a typical run of the mill phishing email littered with the usual bad Engrish making the instructions far from believable but being bored I decided to take a look at the link they were pushing.
They had created a believable enough looking Paypal form asking clueless punters to enter their credit card details in order to avoid having their account being suspended. After playing around with the form for awhile in Firebug I decided to create a quick script to poison their data by submitting a new fake 16 digit VISA number along with random card holder name, CVV number and expiry date every couple of seconds.
After running this script for half an hour I decided that the script while it did the job would be a lot better if the posted data was coming from an anonymous IP address. Here I will run you through the process of setting up TOR & Polipo on a machine to add an element of anonymity to the data being sent and received by your CURL based script using.
Installation & Configuration
I am going to use Debian 6 in my examples although getting everything working on your distro of choice shouldn’t be too complicated.
apt-get install tor polipo
TOR is very easy to use and should straight run out of the box without any configuration, but if you plan on running Polipo on a different box to the TOR service or want to run the service on a different port to the default 9050 you will need to edit the config file at /etc/tor-tsock.conf.
The Polipo configuration is a little more in-depth with a few changes that will have to be made so that the service can forward incoming requests to TOR. Edit the Polipo config file:
Uncomment line 17 with the “proxyAddress” directive and add the external IP address of your machine, mine is set to:
proxyAddress = “192.168.20.123”
Go down to line 23 uncomment the “allowedClients” directive and edit to suit your needs in my case its:
allowedClients = 127.0.0.1, 192.168.20.0/24
Also edit line 40 with the directive “socksParentProxy” and change it to point at your TOR service mine is:
socksParentProxy = “localhost:9050”
Uncomment line 41 with the “socksProxyType” directive and also uncomment lines 115 & 116 for a bit more security.
Restart the Polipo service so your changes to the configuration file take effect:
Its now time to test the set-up and see if its working correctly. I find this test is performed easiest using a browser, simply configure your browser to use your Polipo proxy and visit the site whatismyip.com. With any luck you will appear to be coming from a completely different IP to your normal network gateway address.
Protip: If you want to use the proxy for anonymous browsing as well, I recommend using the Foxy Proxy plugin for Firefox as it makes switching between your normal gateway and proxies a breeze.
By now you should have a configured and tested proxy service now its just a case of fo configuring your script to use the proxy. To use a proxy from CURL you simply need to add the CURLOPT_PROXY option to your script with the IP address and port of your proxy service i.e
curl_setopt($ch, CURLOPT_PROXY, ‘http://192.168.20.123:8123’);
Installing TOR On Ubuntu 8.04