Hello everyone!

Today I going to make a quick self note on how to spoofing our IP address when connecting Freenode IRC using TOR services which is running in background as windows service.

(Tor + browser) - browser = Tor!

First of all, you need to download and install Tor which is now bundled together with custom firefox browser (but we won’t use the bundled browser), please open cmd, navigate deeper into Tor browser folder and find Tor binary file (eg: d:/NOPE/Tor Browser/Browser/TorBrowser/Tor) and execute Tor binary with -service install as parameter (just once).

$ ./tor.exe -service install
Running on a Post-Win2K OS, so we'll assume that the LocalService account exists.
    The Tor service will run under the account "NT AUTHORITY\LocalService".  This means
    that Tor will look for its configuration file under that
    account's Application Data directory, which is probably not
    the same as yours.
Done with CreateService.
Service installed successfully
Service started successfully

After that press win+r and type services.msc and press enter. Search Tor Win32 Service and check the service status

Please make sure Tor Win32 Service is started and running, so we will able to use it with HexChat IRC client.

If you want to check the service work or not, you can use curl command to check (if you have curl installed):

curl --socks5 localhost:9050 \
     --socks5-hostname localhost:9050 \
     -s https://check.torproject.org/ \
     | cat | grep -m 1 Congratulations | xargs

The output should be something like this Congratulations. This browser is configured to use Tor.

So now we don’t need to open Tor Browser everytime to connect with Tor network (all we need just Tor services).

Setup IRC with HexChat

Now, let connect to Freenode IRC (directly) using HexChat. I assume you already register IRC account under Freenode server, if you don’t have account then you need to register because it prerequisite to use hidden services on union network.

Just login as usual:

/nick <insert_your_username>
/msg NickServ IDENTIFY <insert_your_password>

Successfuly log in? OK, then open CMD (i prefer to use git-bash actually) and type cd %AppData%\HexChat\ and press enter, just create folder certs if you don’t have yet and navigate inside that folder.

C:\Users\r0x>cd %AppData%\HexChat\

 Volume in drive C is OS
 Volume Serial Number is 1337-7331

 Directory of C:\Users\r0x\AppData\Roaming\HexChat

27/11/2020  02:15 AM    <DIR>          .
27/11/2020  02:15 AM    <DIR>          ..
07/07/2017  10:39 PM    <DIR>          addons
26/11/2020  05:08 AM                12 addon_checksum.conf
27/11/2020  01:46 AM    <DIR>          certs <------------- CREATE THIS FOLDER!
27/11/2020  01:25 AM                 0 chanopt.conf
27/11/2020  02:15 AM             1,092 colors.conf
27/11/2020  02:15 AM             4,536 hexchat.conf
27/11/2020  01:25 AM                 0 ignore.conf
27/11/2020  12:19 AM    <DIR>          logs
27/11/2020  01:25 AM                 0 notify.conf
26/11/2020  06:26 PM            12,286 pevents.conf
27/11/2020  01:53 AM    <DIR>          scrollback
27/11/2020  02:05 AM             6,886 servlist.conf
27/11/2020  01:25 AM                 0 sound.conf
07/07/2017  10:39 PM    <DIR>          sounds
               9 File(s)         24,812 bytes
               7 Dir(s)  71,111,495,680 bytes free

C:\Users\r0x\AppData\Roaming\HexChat>cd certs

Now let generate certificate using this command openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem on your command line.

$ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem
Generating a RSA private key
writing new private key to 'freenode.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:MY
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

When finish, find the cert fingerprint and copy thus 40 chars output using command like example below:

$ openssl x509 -in ./freenode.pem -outform der | sha1sum -b | cut -d' ' -f1

Go back to your HexChat IRC client and add you cert fingerprint

/msg NickServ CERT ADD <insert_cert_fingerprint>
/msg NiclServ CERT LIST

Now let set our HEXCHAT to use proxy via HexChat (setting-> preference-> Network and Network setup).

Set proxy port to listen on 9050 and use proxy type SOCK5. For hostname set as localhost or Then press OK to comfirm.

Open network service menus (ctrl+S) and now add new server name. Lets put as “Freenode-TOR” then press OK. Click on “Freenode-TOR” and press Edit button.

Opt and tick “connect on selected server only”, “use SSL for all server on this network” and “accept invalid SSL certificate”.

Change login method to SASL EXTERNAL (cert) and add Freenode IRC hidden service server address (you may check here).

We are almost done, now just close everything and exit HexChat. Start (open) HexChat again and try connect to Freenode-TOR

* Looking up ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion
* Looking up localhost
* Connecting to MY_COMPUTER (::1:9050)
* * Subject: /O=Digital Signature Trust Co./CN=DST Root CA X3
* * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
* * Subject: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
* * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
* * Subject: /CN=zettel.freenode.net
* * Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
* * Certification info:
*   Subject:
*     CN=zettel.freenode.net
*   Issuer:
*     C=US
*     O=Let's Encrypt
*     CN=Let's Encrypt Authority X3
*   Public key algorithm: rsaEncryption (4096 bits)
*   Sign algorithm sha256WithRSAEncryption
*   Valid since Nov 23 04:35:37 2020 GM to Feb 21 04:35:37 2021 GM
* * Cipher info:
*   Version: TLSv1/SSLv3, cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
* * Verify E: Failed to validate hostname? (-1) -- Ignored
* Connected. Now logging in.
* *** Looking up your hostname...
* *** Couldn't look up your hostname
* Capabilities supported: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl tls
* Capabilities requested: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl 
* Capabilities acknowledged: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl 
* Authenticating via SASL as rnm (EXTERNAL)
* You are now logged in as RNM.
* SASL authentication successful
* *** Spoofing your IP
* Welcome to the freenode Internet Relay Chat Network RNM
* Your host is zettel.freenode.net[], running version ircd-seven-1.1.9
* This server was created Thu Dec 19 2019 at 20:31:25 UTC
* zettel.freenode.net ircd-seven-1.1.9 D
* CHANTYPES=# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQScgimnprstuz CHANLIMIT=#:120 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=freenode STATUSMSG=@+ CALLERID=g CASEMAPPING=rfc1459 :are supported by this server
* CNOTICE WHOX ETRACE KNOCK MONITOR=100 :are supported by this server
* There are 97 users and 83320 invisible on 32 servers
* 41 :IRC Operators online
* 2 :unknown connection(s)
* 43647 :channels formed
* I have 307 clients and 1 servers
* 307 326 :Current local users 307, max 326
* 83417 90930 :Current global users 83417, max 90930
* Highest connection count: 327 (326 clients) (185221 connections received)
* - zettel.freenode.net Message of the Day - 
* - Welcome to zettel.freenode.net, our tor hidden service.
* - Welcome to freenode - supporting the free and open source
* - software communities since 1998.
* -  
* - By connecting to freenode you indicate that you have read and
* - accept our policies and guidelines as set out on https://freenode.net
* -  
* - In the event that you observe behaviour that contravenes our policies,
* - please notify a volunteer staff member via private message, or send us an
* - e-mail to complaints@freenode.net -- we will do our best to address the
* - situation within a reasonable period of time, and we may request further
* - information or, as appropriate, involve other parties such as channel operators 
* - Group Contacts representing an on-topic group.
* -  
* - freenode runs an open proxy scanner.
* -  
* - If you are looking for assistance, you may be able to find a list of 
* - volunteer staff on '/stats p' (shows only on-call staff) or by joining 
* - #freenode and using the '/who freenode/staff/*' command. You may message
* - any of us at any time. Please note that freenode predominantly provides 
* - assistance via private message, and while we have a network channel the 
* - primary venue for support requests is via private message to a member 
* - of the volunteer staff team.
* -  
* - From time to time, volunteer staff may send server-wide notices relating to
* - the project, or the communities that we host. The majority of such notices
* - will be sent as wallops, and you can '/mode <yournick> +w' to ensure that you
* - do not miss them. Important messages relating to the freenode project, including
* - notices of upcoming maintenance and other scheduled downtime will be issued as
* - global notices.
* -  
* - Representing an on-topic project? Don't forget to register, more information
* - can be found on the https://freenode.net website under "Group Registration".
* -  
* - Thank you also to our server sponsors for the sustained support in keeping the
* - network going for close to two decades.
* -  
* - Thank you for using freenode!
* End of /MOTD command.

Look great! Yeay! Let check our whois

* [RNM] (~rnm@gateway/tor-sasl/rnm): realname
* [RNM] #ubuntu-my #ubuntu-meeting #ubuntu #spring #python #myoss #mambang #malaysia #lowyat-foss #lineageos #laravel #kde-welcome #kde #hexchat #fedora-qa #fedora-my #fedora-meeting #fedora-kde #fedora-devel #fedora #debian ##coronavirus ##unavailable 
* [RNM] zettel.freenode.net :Tor
* [RNM] is using a secure connection
* [RNM] has client certificate fingerprint 12345bd20a7c708b123453e1e61234588f412345
* [RNM] is connecting from *@gateway/tor-sasl/rnm
* [RNM] idle 01:54:51, signon: Fri Nov 27 02:20:04
* [RNM] is logged in as RNM
* [RNM] End of WHOIS list.

Now your IP are spoofed on Tor network. Let me know if you have some error or problem :)