Java socks/proxy in applets to visualize Tor

Questions about programming languages and debugging
Post Reply
User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1624
Joined: 28 Aug 2005, 16:00
18

Java socks/proxy in applets to visualize Tor

Post by maboroshi »

Java socks/proxy in applets to visualize Tor

This is an example of remotely loading an image from a Tor Hidden Service into a Java applet to display for a user not using the Tor Client.

Let's start with the web server set up. This is where the applet and Tor Client/Privoxy will be hosted.

Step 1) With a web server of your choosing Apache, Nginx, PHP, install and configure a Tor Client and Privoxy Service on this web server. This is what our applet will use to access the image on the .onion service.

Code: Select all

apt-get install tor
apt-get install privoxy
Edit /etc/privoxy/config add the following

Code: Select all

forward-socks4a / localhost:9050 .
Also change the listen-address for privoxy to the webserver IP.

Code: Select all

listen-address  xx.xxx.xxx.xxx:8118
Step 2) Configure a Tor hidden web service on another system preferably another network and place an image that will be requested by the applet.

You will need the .onion domain address for the applet. See the Tor docs on configuring a Tor hidden service.

Step 3) On your development system compile and self sign the Java code (the code will be posted below).

Quick guide to self sign the code

Code: Select all

javac LoadImage.java
jar cvf LoadImage.jar LoadImage.class
keytool -genkey -validity 3650 -keystore pKeyStore -alias keyName
keytool -selfcert -keystore pKeyStore -alias keyName -validity 3650
jarsigner -keystore pKeyStore LoadImage.jar keyName
Upload and embed the jar file in an html page on the web server. View the web page and accept any security issues that occur by self signed applets. You will likely need to approve the IP/Domain for the web server the applet will be hosted on in your JRE security settings. To do this Go To *Start Menu >> Java >> Configure Java >> Security >> Edit site list >> copy and paste your web server IP/Domain with http

LoadImage.java

Code: Select all

import java.awt.Image;
import javax.imageio.*;
import java.io.*;
import java.net.*;
import javax.swing.ImageIcon;
import javax.swing.JApplet;
import javax.swing.JFrame;
import javax.swing.JLabel;
import java.awt.Dimension;
import java.awt.image.BufferedImage;
import java.lang.*;

public class LoadImage extends JApplet 
{
	Image image;
	public LoadImage()
	{
		try {	
			SocketAddress address = new InetSocketAddress("xx.xx.xxx.xx", 8118);
			Proxy proxy = new Proxy(Proxy.Type.HTTP, address);
		
			URL url = new URL("http://1234ABCD.onion/mabo/static/mountains.png");
			URLConnection conn = url.openConnection(proxy);
            
			InputStream inStream = conn.getInputStream();
                        BufferedImage image = ImageIO.read(inStream);
			
			JLabel label = new JLabel(new ImageIcon(image));
			label.setMinimumSize(new Dimension(200, 200));
			
			this.add(label);
			setVisible(true);
		}
		catch (Exception e) {
                        e.printStackTrace();
                }
	}
}
The HTML code used to display the jarred applet

Code: Select all

<applet archive="LoadImage.jar" codebase="http://tofolderwithapplet/cryaboutit/static/" code="LoadImage.class" width="420" height="280"></applet>

*cheers

:-)

Thanks to Gogeta and Cats for there assistance and support in figuring this out.

-----------------------

:D

This link will expire but here is a temporary example: Link Expired
Top
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
19
Location: In your eye floaters.
Contact:
Contact bad_brain

Re: Java socks/proxy in applets to visualize Tor

Post by bad_brain »

=D>

did you ran into problems with the latest (and most silly) Java feature where applets have to be signed? :-k
Image
Top
User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:
Contact ayu

Re: Java socks/proxy in applets to visualize Tor

Post by ayu »

bad_brain wrote:=D>

did you ran into problems with the latest (and most silly) Java feature where applets have to be signed? :-k
I bet he did >_>

I know I did when I wanted to write an applet a few weeks ago.
However I asked myself the question "what the hell I'm I doing?" rather quickly and went to do something else instead XD
"The best place to hide a tree, is in a forest"
Top
User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1624
Joined: 28 Aug 2005, 16:00
18

Re: Java socks/proxy in applets to visualize Tor

Post by maboroshi »

Yes I did the only work around is to approve the IP/Domain the applet is hosted on in the Java Control Panel as well as self signing the applet and it still warns you of "serious" "possible" security risk. So next step will be to do this with actionscript. From what I understand actonscript has ability to make socket connections :-)

*cheers
Top
User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1624
Joined: 28 Aug 2005, 16:00
18

Re: Actionscript socks/proxy in Flash - Tor

Post by maboroshi »

Here is the updated code using Actionscript which is more inline with my original ambitions.

Code: Select all

package 
{
	
	import flash.display.Sprite;
	import flash.display.Loader;
	
	import flash.net.URLLoader;
	import flash.net.URLRequest;
	import flash.net.URLLoaderDataFormat;

	import flash.events.Event;
	import flash.events.ProgressEvent;
	import flash.events.IOErrorEvent;
	
	import flash.utils.ByteArray;

	import flash.system.Security;

	
	public class Main extends Sprite 
	{
		Security.loadPolicyFile('http://xx.xx.xxx.xxx/cryaboutit/static/crossdomain.xml');
		Security.allowDomain('xx.xx.xxx.xxx');
		Security.allowDomain('xx.xx.xxx.xxx:8118');
		
		public var loader:URLLoader = new URLLoader();
		public var proxy:String = "http://xx.xx.xxx.xxx/cryaboutit/mab_request?url=";
		
		public function Main():void 
		{
			
			loader.dataFormat = URLLoaderDataFormat.BINARY;
			loader.load(new URLRequest(proxy + "http://yl4ifez2n2hellxz.onion/mabo/static/bike.png"));
			
			loader.addEventListener(IOErrorEvent.IO_ERROR, ioError_handler, false, 0, true);
			loader.addEventListener(ProgressEvent.PROGRESS, loadProgress);
			loader.addEventListener(Event.COMPLETE, loadComplete);
			
		}

		
		public function ioError_handler(e:IOErrorEvent):void
		{
			trace(e.toString());
		}
		
		
		public function loadProgress(e:ProgressEvent):void
		{
			var percentLoaded:Number = Math.round((e.bytesLoaded/e.bytesTotal) * 100);
			trace("Loading: " + percentLoaded + "%");
		}
		
		
		public function loadComplete(e:Event):void
		{
			var img_loader:Loader = new Loader();
			img_loader.loadBytes(loader.data);
			addChild(img_loader);
		}	
	}
}
then using PyCURL/CURL as an interface between actionscript and the Privoxy Server

Code: Select all


import pycurl
import cStringIO

def mab_request():
    re_url = str(request.get_vars["url"])
    buf = cStringIO.StringIO()
    c = pycurl.Curl()
    c.setopt(pycurl.URL, str(re_url))
    c.setopt(pycurl.PROXY, "xx.xx.xxx.xxx")
    c.setopt(pycurl.PROXYPORT, 8118)
    c.setopt(pycurl.PROXYTYPE, pycurl.PROXYTYPE_HTTP)
    c.setopt(pycurl.HTTPPROXYTUNNEL, 1)
    c.setopt(pycurl.WRITEFUNCTION, buf.write)
    c.perform()
    return buf.getvalue()
Also the crossdomain XML file.

Code: Select all

<?xml version="1.0" ?>
<cross-domain-policy>
	<allow-access-from domain="xx.xx.xxx.xxx" />
</cross-domain-policy>
Top
Post Reply

Return to “Coding”