OnionComms is a repository of script to run an onion server and guides to configure client side applications to connect to any onion service that uses the same protocol, therefore, onion communications.
Read the README inside the folder of the program you want to use, the scripts are non-interactive unless a password needs to be set. They were designed for Debian and derived systems.
TORIFICATION.MD is a must read on how to do properly torifications of applications. In short:
- application proxy settings may fail and leak DNS requests and IP address (per application)
- enforce proxy with a wrapper may also fail if not using the libc and leak DNS requests and IP address (torsocks, orbot)
- transparent proxy has huge security problems, it does not protect agains protocol leaks but the IP address will never be revealed (Tails)
- isolating proxy is the best solution as no leaks occur but it requires two host (virtual or physical) (Whonix)
The client guides are intended for plain Debian users, therefore application proxy settings and enforcing a proxy with a wrapper is the only solution, which isn't great but it is what is available.
Transparent proxy is hard to configure system wide and isolating proxy requires advanced configuration of creating a network between two hosts, these methods already route everything through Tor, so you don't need to configure the client to have onion routing, as all the traffic already does. What may change are simple configurations such as enforcing TCP mode or "hardening" by removing some "bad features" that leaks protocol information.
| Application | Client | Server |
|---|---|---|
| tor | yes | yes |
| torsocks | yes | no |
| Tor Browser | yes | no |
| Orbot | yes | no |
| Application | Client | Server |
|---|---|---|
| OpenSSH client | yes | no |
| OpenSSH server | no | yes |
| Remmina | yes | yes |
TODO: Remmina guide is incomplete.
| Application | Client | Server |
|---|---|---|
| Magic-wormhole | yes | no |
| OnionShare | no | yes |
| Application | Client | Server |
|---|---|---|
| Newsboat | yes | no |
| QuiteRSS | yes | no |
| Application | Client | Server |
|---|---|---|
| Mumble | yes | no |
| Mumble-server | no | yes |
| Application | Client | Server |
|---|---|---|
| Prosody | no | yes |
| Ejabberd | no | yes |
| Pidgin | yes | no |
| Dino IM | yes | no |
TODO: Every XMPP client guide is incomplete.
| Application | Client | Server |
|---|---|---|
| Hexchat | yes | no |
| Irssi | yes | no |
| Application | Client | Server |
|---|---|---|
| apt | yes | no |
| wget | yes | no |
| cURL | yes | no |
| git | yes | no |
| gpg | yes | no |
| Ricochet-refresh | yes | yes |
| TEG | yes | no |
TODO: TEG guide is incomplete.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent