TOR (windows services),hexchat and freenode hidden service
Update on year 2021
Don’t use Freenode because they are SUCK, please use Libera.Chat server for IRC
Today I going to make a quick self note on how to spoofing our IP address when connecting Freenode IRC using TOR services which is running in background as windows service.
(Tor + browser) - browser = Tor!
First of all, you need to
download and install Tor
which is now bundled together with custom firefox browser (but we won’t use the bundled browser), please open
cmd, navigate deeper into Tor browser folder and find Tor binary file (eg:
d:/NOPE/Tor Browser/Browser/TorBrowser/Tor) and execute Tor binary with
-service install as parameter (just once).
$ ./tor.exe -service install Running on a Post-Win2K OS, so we'll assume that the LocalService account exists. IMPORTANT NOTE: The Tor service will run under the account "NT AUTHORITY\LocalService". This means that Tor will look for its configuration file under that account's Application Data directory, which is probably not the same as yours. Done with CreateService. Service installed successfully Service started successfully
After that press win+r and type
services.msc and press enter. Search
Tor Win32 Service and check the service status
Please make sure
Tor Win32 Service is started and running, so we will able to use it with HexChat IRC client.
If you want to check the service work or not, you can use
curl command to check (if you have
curl --socks5 localhost:9050 \ --socks5-hostname localhost:9050 \ -s https://check.torproject.org/ \ | cat | grep -m 1 Congratulations | xargs
The output should be something like this
Congratulations. This browser is configured to use Tor
So now we don’t need to open Tor Browser overtimes to connect with Tor network (all we need just Tor services).
Setup IRC with HexChat
Now, let connect to Freenode IRC (directly) using HexChat. I assume you already register IRC account under Freenode server, if you don’t have account then you need to register because it prerequisite to use hidden services on
Just login as usual:
/nick <insert_your_username> /msg NickServ IDENTIFY <insert_your_password>
Successfuly log in? OK, then open CMD (i prefer to use git-bash actually) and type
cd %AppData%\HexChat\ and press enter, just create folder
certs if you don’t have yet and navigate inside that folder.
C:\Users\r0x>cd %AppData%\HexChat\ C:\Users\r0x\AppData\Roaming\HexChat>dir Volume in drive C is OS Volume Serial Number is 1337-7331 Directory of C:\Users\r0x\AppData\Roaming\HexChat 27/11/2020 02:15 AM <DIR> . 27/11/2020 02:15 AM <DIR> .. 07/07/2017 10:39 PM <DIR> addons 26/11/2020 05:08 AM 12 addon_checksum.conf 27/11/2020 01:46 AM <DIR> certs <------------- CREATE THIS FOLDER! 27/11/2020 01:25 AM 0 chanopt.conf 27/11/2020 02:15 AM 1,092 colors.conf 27/11/2020 02:15 AM 4,536 hexchat.conf 27/11/2020 01:25 AM 0 ignore.conf 27/11/2020 12:19 AM <DIR> logs 27/11/2020 01:25 AM 0 notify.conf 26/11/2020 06:26 PM 12,286 pevents.conf 27/11/2020 01:53 AM <DIR> scrollback 27/11/2020 02:05 AM 6,886 servlist.conf 27/11/2020 01:25 AM 0 sound.conf 07/07/2017 10:39 PM <DIR> sounds 9 File(s) 24,812 bytes 7 Dir(s) 71,111,495,680 bytes free C:\Users\r0x\AppData\Roaming\HexChat>cd certs C:\Users\r0x\AppData\Roaming\HexChat\certs>
Now let generate certificate using this command
openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem on your command line.
$ openssl req -x509 -sha256 -new -newkey rsa:4096 -days 1000 -nodes -out freenode.pem -keyout freenode.pem Generating a RSA private key writing new private key to 'freenode.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:MY State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) : Email Address :
When finish, find the cert fingerprint and copy thus 40 chars output using command like example below:
$ openssl x509 -in ./freenode.pem -outform der | sha1sum -b | cut -d' ' -f1 12345bd20a7c708b123453e1e61234588f412345
Go back to your HexChat IRC client and add you cert fingerprint
/msg NickServ CERT ADD <insert_cert_fingerprint> /msg NiclServ CERT LIST
Now let set our HEXCHAT to use proxy via HexChat (setting-> preference-> Network and Network setup).
Set proxy port to listen on
9050 and use proxy type
SOCK5. For hostname set as
127.0.0.1. Then press OK to comfirm.
Open network service menus (ctrl+S) and now add new server name. Lets put as “Freenode-TOR” then press OK. Click on “Freenode-TOR” and press Edit button.
Opt and tick “connect on selected server only”, “use SSL for all server on this network” and “accept invalid SSL certificate”.
Change login method to
SASL EXTERNAL (cert) and add Freenode IRC hidden service server address (you may check
We are almost done, now just close everything and exit HexChat. Start (open) HexChat again and try connect to
* Looking up ajnvpgl6prmkb7yktvue6im5wiedlz2w32uhcwaamdiecdrfpwwgnlqd.onion * Looking up localhost * Connecting to MY_COMPUTER (::1:9050) * * Subject: /O=Digital Signature Trust Co./CN=DST Root CA X3 * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3 * * Subject: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3 * * Subject: /CN=zettel.freenode.net * * Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 * * Certification info: * Subject: * CN=zettel.freenode.net * Issuer: * C=US * O=Let's Encrypt * CN=Let's Encrypt Authority X3 * Public key algorithm: rsaEncryption (4096 bits) * Sign algorithm sha256WithRSAEncryption * Valid since Nov 23 04:35:37 2020 GM to Feb 21 04:35:37 2021 GM * * Cipher info: * Version: TLSv1/SSLv3, cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits) * * Verify E: Failed to validate hostname? (-1) -- Ignored * Connected. Now logging in. * *** Looking up your hostname... * *** Couldn't look up your hostname * Capabilities supported: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl tls * Capabilities requested: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl * Capabilities acknowledged: account-notify away-notify cap-notify chghost extended-join identify-msg multi-prefix sasl * Authenticating via SASL as rnm (EXTERNAL) * You are now logged in as RNM. * SASL authentication successful * *** Spoofing your IP * Welcome to the freenode Internet Relay Chat Network RNM * Your host is zettel.freenode.net[127.0.6.10/17110], running version ircd-seven-1.1.9 * This server was created Thu Dec 19 2019 at 20:31:25 UTC * zettel.freenode.net ircd-seven-1.1.9 D * CHANTYPES=# EXCEPTS INVEX CHANMODES=eIbq,k,flj,CFLMPQScgimnprstuz CHANLIMIT=#:120 PREFIX=(ov)@+ MAXLIST=bqeI:100 MODES=4 NETWORK=freenode STATUSMSG=@+ CALLERID=g CASEMAPPING=rfc1459 :are supported by this server * CHARSET=ascii NICKLEN=16 CHANNELLEN=50 TOPICLEN=390 DEAF=D FNC TARGMAX=NAMES:1,LIST:1,KICK:1,WHOIS:1,PRIVMSG:4,NOTICE:4,ACCEPT:,MONITOR: EXTBAN=$,ajrxz CLIENTVER=3.0 SAFELIST ELIST=CTU CPRIVMSG :are supported by this server * CNOTICE WHOX ETRACE KNOCK MONITOR=100 :are supported by this server * There are 97 users and 83320 invisible on 32 servers * 41 :IRC Operators online * 2 :unknown connection(s) * 43647 :channels formed * I have 307 clients and 1 servers * 307 326 :Current local users 307, max 326 * 83417 90930 :Current global users 83417, max 90930 * Highest connection count: 327 (326 clients) (185221 connections received) * - zettel.freenode.net Message of the Day - * - Welcome to zettel.freenode.net, our tor hidden service. * - Welcome to freenode - supporting the free and open source * - software communities since 1998. * - * - By connecting to freenode you indicate that you have read and * - accept our policies and guidelines as set out on https://freenode.net * - * - In the event that you observe behaviour that contravenes our policies, * - please notify a volunteer staff member via private message, or send us an * - e-mail to email@example.com -- we will do our best to address the * - situation within a reasonable period of time, and we may request further * - information or, as appropriate, involve other parties such as channel operators * - Group Contacts representing an on-topic group. * - * - freenode runs an open proxy scanner. * - * - If you are looking for assistance, you may be able to find a list of * - volunteer staff on '/stats p' (shows only on-call staff) or by joining * - #freenode and using the '/who freenode/staff/*' command. You may message * - any of us at any time. Please note that freenode predominantly provides * - assistance via private message, and while we have a network channel the * - primary venue for support requests is via private message to a member * - of the volunteer staff team. * - * - From time to time, volunteer staff may send server-wide notices relating to * - the project, or the communities that we host. The majority of such notices * - will be sent as wallops, and you can '/mode <yournick> +w' to ensure that you * - do not miss them. Important messages relating to the freenode project, including * - notices of upcoming maintenance and other scheduled downtime will be issued as * - global notices. * - * - Representing an on-topic project? Don't forget to register, more information * - can be found on the https://freenode.net website under "Group Registration". * - * - Thank you also to our server sponsors for the sustained support in keeping the * - network going for close to two decades. * - * - Thank you for using freenode! * End of /MOTD command.
Look great! Yeay! Let check our
* [RNM] (~rnm@gateway/tor-sasl/rnm): realname * [RNM] #ubuntu-my #ubuntu-meeting #ubuntu #spring #python #myoss #mambang #malaysia #lowyat-foss #lineageos #laravel #kde-welcome #kde #hexchat #fedora-qa #fedora-my #fedora-meeting #fedora-kde #fedora-devel #fedora #debian ##coronavirus ##unavailable * [RNM] zettel.freenode.net :Tor * [RNM] is using a secure connection * [RNM] has client certificate fingerprint 12345bd20a7c708b123453e1e61234588f412345 * [RNM] is connecting from *@gateway/tor-sasl/rnm 255.255.255.255 * [RNM] idle 01:54:51, signon: Fri Nov 27 02:20:04 * [RNM] is logged in as RNM * [RNM] End of WHOIS list.
Now your IP are spoofed on Tor network. Let me know if you have some error or problem :)