How to anonymize traffic programmatically by using PHP/Curl and Tor network

Tor is a free software that prevents people from learning your location or browsing habits by letting you communicate anonymously on the Internet. Over the years, I have seen TOR installed in a variety of different environments, and I think it’s important to mention that outside of using Tor Browser for anonymous web browsing, there are various other ways of using TOR. In the following article, I outline one of these TOR options.

One of the very favorite ways of using the TOR network is to use it in a service setup, in which TOR is installed as a service on a web server. This allows us to programmatically configure our Internet application to communicate with outside world by sending and receiving the Internet traffic through TOR. For those applications that require enhanced traffic anonymity, this is likely the easiest way to achieve the goal.

Just out of curiosity, for the purposes of this article, I’ve decided to install TOR on my Centos 7 server and see how hard it would be to communicate programmatically with TOR.

In Centos 7, it was as simple as running the following two commands:

– yum install tor (to install Tor service)
– systemctl start tor (to start Tor service)

 

Tor has created a proxy at http://localhost:9050 which can receive and forward traffic from my server to Tor network nodes. Voila, it worked, now my server can use Tor network.

In the next step, I wrote a simple PHP Curl function, which emulates a Chrome browser and retrieves the content of any Internet page through Tor service.

This is what it looked like:


The next step was to execute the above function in PHP. But to test that I am truly programmatically accessing the remote content through Tor service, I’ve decided to test it on an API that shows which IP address am I connecting to Internet from. The API that shows external IP address is available from https://api.ipify.org?format=json

So, I have executed the function first without going through Tor service, like this. Note that the zero passed to a function will ensure that I will not use Tor:

It worked. My current local IP address is the output of the function from the server:

Checking the IP’s location at https://www.iplocation.net/ confirmed that it’s my home address:

 

Now, decided to run the same command, but by leveraging the Tor service, like this:

Note the ‘1’ at the end, which enables the Tor proxy in PHP Curl function.

That leads to a different result, the IP address shown in the result is as follows:

So, to see where Tor is taking me, I’ve also checked this IP’s location at https://www.iplocation.net/, this was the output:

This is a solid proof that my application traffic is now going through a Tor node located in Paris, France.

This example shows, that it’s fairly easy to programmatically anonymize the traffic through Tor and if we had a requirement to send the information to and from our application, we could easily do so by using TOR’s safety services and anonymity of TOR nodes.

Comments

comments