Journey to anonymity. This article describes how to get a decent level of anonymity while browsing the Internet. It shows how to setup the Whonix gateway and how to configure Kali in order to route all traffic coming out of it through the Whonix gateway, and therefore through the TOR network. It also shows how to further your anonymity by adding a VPN connection to your setup.
User anonymity is not built-in by default when you browse the Internet as regular users do, most (if not all) all of your actions are somehow recorded or tracked; this can be acceptable for said users, as long as they are aware that their anonymity is, well, almost null.
There are, however, cases in which you need to stay as anonymous as possible, for instance, if you are on a penetration test engagement and suspect that your IP address may be blacklisted by an Intrusion Detection System (or similar). Also, if you simply want to stay anonymous because of your own reasons, that’s your right too.
In this case, we are going to see how to anonymize your Kali traffic in order to avoid been detected. The first thing you need to do is to download and install Kali on a VirtualBox VM.
Installing Kali
If you haven’t done so, get an instance of the Kali Linux environment on a virtual machine, in the link below you can see a step by step guide on how to do this:
Getting started with Whonix
Whonix “is a desktop operating system designed for advanced security and privacy“, it is a Debian based distribution with built in TOR capabilities, which gives you access to “an open network that helps you defend against traffic analysis“.
Whonix usually comes in two pieces, the Workstation for user activity and browsing and the Gateway, which redirects all the traffic through the Tor network. This is shown in the image below (taken from here):
The host machine will be running the two virtual machines, both are isolated and located within an internal network, meaning that neither of them will know the real IP address of the host system.
Unlike what’s shown in the image above, we will be switching the Whonix Workstation for our Kali VM, that way all the traffic coming out of Kali will be torified.
We only need to download the Whonix Gateway then, this comes as a virtual appliance.
Installing Whonix Gateway
With your .ova file at hand, open Virtualbox, head to the top right menu and select File > Import Appliance, navigate to the appliance and select it:
Click Next, then Import:
Now click Agree, the import will take some time. After completion, the new VM will be available, double click to start it. When prompted with the Setup Wizard (English and German), select Understood (twice) and then I am ready to start Tor, click Next until you get to the repository selection, make sure Whonix Stable Repository is selected:
Finish the setup and wait till the TOR network loads. Once completed, click on the Reload Tor button located in the desktop, this will give you a brand new identity:
Configuring Kali
If your Kali instance is running, turn it off and head to the Virtualbox screen, select the Kali VM, right click and select Settings, head to the Network tab and make sure only the first network adapter is enabled (Enable Network Adapter). On the Attached to dropdown select Internal Network and on the Name of the network select Whonix:
Start your Kali VM and let it boot. Now open a console and execute the next commands as root:
ifdown eth0
Now, we need to update the resolv.conf file to specify the Whonix Gateway as the nameserver. The file is located in /etc/resolv.conf, open it with your preferred text editor and set the nameserver to the Whonix Gateway’s IP address, I’m using nano:
nameserver 10.152.152.10
The next file we need to modify is the interfaces file, this one is located under /etc/network/ and it should have something like the following at the end of it:
iface eth0 inet static
address 10.152.152.11
netmask 255.255.192.0
gateway 10.152.152.10
When done, bring up the network adapter:
ifup eth0
Now, we want to check if the configuration was properly completed, to do this, open a browser and enter the next URL: https://check.torproject.org/, you should see something like the following:
Adding VPN for improved anonymity
Besides routing all Kali traffic through the TOR network, you can add another layer of protection by including a VPN connection to your setup. The easy way is to install and connect to the VPN from the host machine, that is, the computer running both VMs (Kali and Whonix Gateway)
However, to make sure not only the traffic is routed through TOR, but also that no leakages are possible, it is recommended to setup the VPN client on the Whonix Gateway and also use a tool like VPN Firewall to avoid your VPN from failing open (condition in which a VPN connection is interrupted and traffic will be send without VPN).
Now, if you want to get a decent VPN service you will most likely need to pay for it, instead of paying with your credit card (which deters your anonymity), pay with Bitcoin (or any other supported cryptocurrency for that matter) and boost your anonymity even further. It is also important to review the VPN provider’s privacy policy and make sure it adheres to your needs. After a quick Google search, a couple of options came out: ExpressVPN and PureVPN.
Conclusion
User anonymity is not built by default in the Internet, however, if you want to achieve a decent level of anonymity, you can do so using readily available tools like Kali Linux, Whonix Gateway and a good VPN provider; the idea is to connect to the VPN before connecting to the TOR network. Improve your anonymity by using a VPN provider that supports cryptocurrency payments.
Penetration testing basics & Kali Linux by Offensive Security.
Recent Comments