Anonymizing Traffic for your Host System

Security Level: Light Purpose: To hide who you are while performing research through your browser. Benefits:

  • Hide your IP
  • Easy to set up
  • Can be run off of a USB stick

Drawbacks:

  • Drive-by attacks can still lead to the infection of your host system.
  • Can only hide traffic going out of HTTP port(s).
  • Not meant for malware analysis.
  • There are slight possibilities that your location might be discovered.

What you’ll need:

Situation:

You want to perform some malware research and are worried about being noticed and flagged by people who do not have your best interest in mind. You don’t plan on doing anything serious, just poking around.

What are we doing?

We are going to use a browser which sends all your traffic through a service which anonymizes your IP address.

How:

  1. Download the Tor Browser Bundle from the above link.
  2. Double click the self-extracting executable for Tor Browser Bundle
Tor Browser Executable Download
Tor Browser Executable
  • Optional: Connect your USB stick now if you want to use the Browser on-the-go
  • Select where you want to extract the files to (Recommend somewhere out of the way like C: or if you have specific drive for just applications, an external hard-drive, etc. Select your USB for you on-the-go people)
Tor Extractor Dialogue
You should be seeing this, if not…RUN!
  • Let it extract…
  • Use your file explorer to find the Tor Browser folder.
  • Click “Start Tor Browser”
Tor Browser Icon
Click Me!
  • You will automatically be connected to Tor and a new browser will pop up.
If you see this, you did it! Go have yourself a celebratory ice cream sandwich!
  • Click on the Tor Icon to configure various settings
  • You’re good to go and done! Happy researching!
    • Optional: If you want easy access, put a shortcut on your desktop to the “Start Tor Browser” link.

Explanations:

Q. What the hell is Tor!?

A.Tor, which is short for The Onion Router, is a network system which allows online anonymity by routing your traffic through the systems of worldwide volunteers in order to conceal your IP, location or usage from anyone who might be performing network analysis or monitoring on you. It also hides your true IP from bad guys who might notice when you start poking around their servers performing research. Here is a neat diagram I stole from Wikipedia!

Bob is the bad guy in this instance.

Tor can be exploited is if a person is one of the Tor nodes they can see where the user link (see diagram above) is originating from, if they use a specific method. However each packet of information you send through the network is always encrypted and encapsulated by multiple layers, so you know it’s safe.

Check out these sites for more info on Tor:

Summary:

Using the Tor Browser bundle is a great way to hide your IP and location from bad guys who might notice you performing research on them. Its biggest drawback is how slow it is, security and being anonymous has its price when it comes to speed. Tor was not just made for malware researchers; it was originally created as a method to preserve freedom of speech and a way for people to keep their identities safe in various sensitive situations. You can use it for whatever you want, be sure to tell your friends about it too!

ABOUT THE AUTHOR

Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.