How to run multiple Tor processes at once with different exit IPs?

Question

I am brand new to Tor and I feel like multiple Tors should be considered. The multiple tors I mentioned here are not only multiple instances, but also using different proxy ports for each, like what has been done here http://www.howtoforge.com/ultimate-security-proxy-with-tor)

I am trying to get started with 4 Tors. However, the tutorial applies only to Arch Linux and I am using a headless EC2 ubuntu 64bits. It is really a pain going through the differences between Arch and Ubuntu. And here I am wondering is there anyone could offer some help to implement my idea simplicitly.

1. Four Tors running at the same time each with an individual port, privoxy or polipo or whatever are ok once it works. Like: 8118 <- Privoxy <- TOR <- 9050 8129 <- Privoxy <- TOR <- 9150 8230 <- Privoxy <- TOR <- 9250 8321 <- Privoxy <- TOR <- 9350

2. In this way, if I try to return the ip of 127.0.0.1:8118, 8129, 8230 and 8321, they should return four different ips, which indicates there are four different Tors running at the same time. Then, a few minutes later, check again, all four of them should have a new ips again.

I know my simple 'dream' could come true in many ways, however... I am not only new to Tor, but even also to bash and python... That is why I come here and see whether some of you could light me up.

These links might be useful:

http://blog.databigbang.com/distributed-scraping-with-multiple-tor-circuits/ https://www.torservers.net/wiki/setup/server#multiple_tor_processes Best,

btw, if I run $ ps -A | grep 'tor' i have several instances there, however with "?" under the tty column, what does that mean since I know tty means terminals?

Answer 1

Create four torrc files, say /etc/tor/torrc.1 to .4.

In each file, edit the lines:

SocksPort 9050
ControlPort 9051
DataDirectory /var/lib/tor

to use different resources for each torrc file, e.g. for for torrc.1:

SocksPort 9060
ControlPort 9061
DataDirectory /var/lib/tor1

for torrc.2,

SocksPort 9062
ControlPort 9063
DataDirectory /var/lib/tor2

and so on.

A configuration file containing only the above lines will work: you can delete every other line from the default template if you feel like it.

DataDirectory can also be relative to the current directory where tor is launched, e.g.:

DataDirectory d1

Then start tor like this:

tor -f /etc/tor/torrc.1  
tor -f /etc/tor/torrc.2

and so on for the other two files.

This will create four different Socks5 servers on the four ports. Each one will open a different circuit, which is what you want.

Answer 2

Chaining Tor is recommended against. You may get worse anonymity, not better anonymity.

Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed.

You can ​choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged.

You should only mess with Tor's routing algorithm, if you are more clever than the Tor developers.

The use of privoxy / polipo has been deprecated by The Tor Project long time ago. You are recommended to only use Tor Browser. Only Tor Browser gives you an unified web fingerprint and you won't stand out.

Since Tor version 0.2.3, different Socks,- Dns-, or TransPorts go through different circuits, therefore preventing identity correlation. The term for this is stream isolation. Do get this, you can add to torrc...

SocksPort 9050
SocksPort 9052
SocksPort 9053
SocksPort 9054
#...

...and they will all go thought different circuits.

When you are using Tor Browser, you can also use Tor Button's new identity feature. Click on Tor Button (the green onion) and choose new identity. This will reset all browser states and change Tor's circuit.

(And it's Tor, not TOR.)

Note, when using stream isolation, going through different circuits does not guarantee getting different Tor exit nodes. Sometimes Tor will only use a different entry guard or middle relay. This is normal.

Answer 3

I tried the torrc.1 ,torrc.2 etc...but it didn't work.

However this one worked:

1. Stop the tor process by : /etc/init.d/tor stop
2. Open gedit /etc/tor/torrc (If you are not root put sudo before it to access as root)
3. Search for SocksPort 9050
4. Now put whatever ports you want to be as stream ports (SocksPort 9060 ,SocksPort 9070,SocksPort 9080 ....etc.)
5. Search for ControlPort 9051
6. Now put whatever ports you want to be as stream ports (ControlPort 9061 ,ControlPort 9071,ControlPort 9081 ....etc.) NOTICE THAT CONTROL PORT IS ALWAYS SOCKSPORT+1
7. Start the tor process again : /etc/init.d/tor start
8. Check the tor status /etc/init.d/tor status

it should show something like that:

tor.service - Anonymizing overlay network for TCP
   Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2016-05-13 22:18:21 GST; 1s ago
  Process: 10259 ExecReload=/bin/kill -HUP ${MAINPID} (code=exited, status=0/SUCCESS)
  Process: 10319 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, status=0/SUCCESS)
  Process: 10317 ExecStartPre=/usr/bin/install -Z -m 02750 -o debian-tor -g debian-tor -d /var/run/tor (code=exited, status=0/SUCCESS)
 Main PID: 10322 (tor)
   CGroup: /system.slice/tor.service
           └─10322 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0

May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.860 [notice] Tor v0.2.6.10 (git-71459b2fe953a1c0) running on Linux with Li... 1.2.8.
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.860 [notice] Tor can't help you if you use it wrong! Learn how to be safe ...warning
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.860 [notice] Read configuration file "/usr/share/tor/tor-service-defaults-torrc".
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.860 [notice] Read configuration file "/etc/tor/torrc".
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.863 [notice] Opening Socks listener on 127.0.0.1:9050
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.863 [notice] Opening Socks listener on 127.0.0.1:9060
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.863 [notice] Opening Control listener on 127.0.0.1:9051
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.863 [notice] Opening Control listener on 127.0.0.1:9061
May 13 22:18:20 momen-Lenovo tor[10322]: May 13 22:18:20.863 [notice] Opening Control listener on /var/run/tor/control
May 13 22:18:21 momen-Lenovo systemd[1]: Started Anonymizing overlay network for TCP.

Hint: Some lines were ellipsized, use -l to show in full.

Answer 4

Make a tor configuration directory:
$> mkdir -p ~/configuration_files/tor
$> config=~/configuration_files/tor
$> cd "${config}"

Copy the /etc/tor/torrc to the configuration directory and make as many copies as you need: E.g. 10
printf "torrc_%0.2s\n" {1..10} | xargs -I {} /bin/cp /etc/tor/torrc "${config}{}"

Copy the /etc/torsocks.conf to the configuration directory and make as many copies as you need: e.g. same as above 10
printf "torsocks_%0.2s.conf\n" {1..10} | xargs -I {} /bin/cp /etc/torsocks.conf "${config}/{}"

Make new data directories and fix ownership/permissions:
$> sudo mkdir /var/lib/tor{1..10}

Edit the configuration files to have non colliding corresponding port numbers:

for i in {1..10}; do 
 sed -i "s/^#SocksPort 9050.*/SocksPort $((9050+${i}))/;s|^#DataDirectory /var/lib/tor|DataDirectory /var/lib/tor${i}|" torrc_${i}
 sed -i "s/server_port = 9050/server_port = $((9050+${i}))/" torsocks_${i}.conf
 sudo chmod -R --reference /var/lib/tor /var/lib/tor${i}
 sudo chown -R CHANGETHIS:CHANGETHIS /var/lib/tor${i} 
done 

Note: Changing the CHANGETHIS to the user/group of the user who plans to use it.

After that its easy to get going, you start up the individual instances of tor using the corresponding configuration file E.g. /usr/bin/tor -f "${config}/torrc_3"

To use it all you need to do is export the variable TORSOCKS_CONF_FILE to point to the corresponding torsocks.conf file:
E.g. $> export TORSOCKS_CONF_FILE="${config}/torsocks_3.conf"

Next you can torify / torsocks any application from that particular shell and it will use the torsocks_3.conf proxy.
Try: $> torify bash
$> curl www.ipmango.com/api/myip

To change to another proxy simply start up the corresponding tor using its torrc file and export the TORSOCKS_CONF_FILE variable to point to the new configuration.

Here is a simple alias that does the job, after you've set it up as above and you have roxterm installed. It will check netstat to see if the proxy is up already and if not it will start it up in a separate shell window.

alias prox='_(){ proxy=${1:-1}; config_base="~/configuration_files/tor"; port=$((9050+${proxy})); netstat -an | { ! grep -q "127.0.0.1:${port}"; } && roxterm -e bash -c "/usr/bin/tor -f \"${config_base}/torrc_${proxy}\"; bash"; export TORSOCKS_CONF_FILE="${config_base}/torsocks_${proxy}.conf"; }; _'

To use it:

$> prox 4 
$> torify bash 

Answer 5

1. Download Tor Browser for Windows from the official website
2. Extract Tor Browser multiple times (Change the Destination folder name each time)
3. Skip the First Tor Browser and Follow the step number 4-6 for the remaining tor browser instances.
4. Start Tor Browser, Search for about.config in the search bar
5. Search for extensions.torlauncher.start_tor in the configuration window of tor-browser
6. Change the value of start_tor from TRUE to FALSE
7. Follow step number 8 for all the tor browser instances except for the Last one.
8. Goto TorBrowser, Data, Tor, torrec-defaults. Add "SocksPort 9153" at the end of the file and save the file. Increment 9153 by one for each new tor browser instance.

Source: How to run Multiple Tor Browsers with different IPs

Answer 6

Single setup script tested on Ubuntu 23.04, Tor 0.4.7.13

This is a slightly streamlined and simplified version of https://stackoverflow.com/a/34213834/895245

tor-army

#!/usr/bin/env bash
set -eux
n=${1:-10}
config_dir=~/etc/tor
rm -rf "$config_dir"
mkdir -p "$config_dir"
cd "${config_dir}"
for i in `seq $n`; do
  cp /etc/tor/torrc torrc_$i
  sed -i "s/^#SocksPort 9050.*/SocksPort $((9050+${i}))/;s|^#DataDirectory /var/lib/tor|DataDirectory /var/lib/tor${i}|" torrc_$i
  cp /etc/tor/torsocks.conf torsocks_$i.conf
  sed -i "s/server_port = 9050/server_port = $((9050+${i}))/" torsocks_${i}.conf
  sudo mkdir -p /var/lib/tor$i
  sudo chmod -R --reference /var/lib/tor /var/lib/tor${i}
  sudo chown -R $USER:$USER /var/lib/tor${i}
done
for i in `seq $n`; do
  nohup tor -f "${config_dir}/torrc_$i" >$i.log 2>&1 &
done

Usage: launch 10 separate tor instances likely with different IPs:

tor-army 10

Tor ports are assigned sequentially from 9051 onwards. The stdout of each instance goes to a file ~/etc/tor/1 for 9051, 2 for 9052 and so on.

E.g. use with torsocks mentioned at https://superuser.com/questions/404732/how-to-use-wget-with-tor-bundle-in-linux and check our IP with checkip.amazonaws.com as per https://unix.stackexchange.com/questions/22615/how-can-i-get-my-external-ip-address-in-a-shell-script/250794#250794 :

torsocks -P 9051 curl http://checkip.amazonaws.com
torsocks -P 9052 curl http://checkip.amazonaws.com

and each one should produce a different value.

Get new IPs for all instances as per How to change the Tor exit node programmatically to get a new IP?

killall -HUP tor

or to change the circuit just for the tor listening on a given port:

port=9051
pid="$(netstat -nlp | awk '$4~":'"$port"'"{ gsub(/\/.*/,"",$7); print $7 }')"
kill -HUP "$pid"

Stop all tor instances:

pkill tor

Note that as of 2023, there are only about 2k Tor exit notes according: https://metrics.torproject.org/relayflags.html so it's not like you can get one million IPs from it! You'd need a proper botnet for that.

Here's a sample usage skeleton of such tor army for IP throttling evasion purposes. It attempts to balance load across the Tor network without being too greedy, and switches circuits for an instance nodes if any errors are found.

#!/usr/bin/env bash

ntor=${2:-100}

dowork() (
  i=$1
  j=0
  out=out$i
  out_err=err$i
  out_err_log=log$i
  port=$((9050 + $i))
  pid="$(netstat -nlp 2>/dev/null | awk '$4~":'"$port"'"{ gsub(/\/.*/,"",$7); print $7 }')"
  while IFS= read -r inval; do
    response="$(torsocks -P "$port" curl -s --connect-timeout 10 -w "%{http_code}" https://TARGETSITE.com/key=$inval 2>&1 )"
    if [ "$?" -ne 0 ]; then
      echo $i $j $inval err
      echo $inval >> "$out_err"
      echo $inval >> "$out_err_log"
      echo $response >> "$out_err_log"
      kill -HUP $pid
    else
      http_code=$(tail -n1 <<< "$response")
      content=$(sed '$ d' <<< "$response")
      echo $i $j $inval $http_code
      if [ $http_code -eq 200 ]; then
        if [ -n "$content" ]; then
          echo "$content" >> "$out"
        fi
      else
        echo "$inval" >> "$out_err"
        if [ $http_code -eq 429 ]; then
          kill -HUP $pid
        fi
      fi
    fi
    j=$((j+1))
    sleep 1
  done < input$i.txt
)
for i in `seq $ntor`; do
  dowork $i &
done
wait
trap "trap - SIGTERM && kill -- -$$" SIGINT SIGTERM EXIT