Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,750 --> 00:00:03,990 There are two main ways to configure toll. 2 00:00:04,020 --> 00:00:08,840 One is through the guily in the main browser as you can see here. 3 00:00:08,970 --> 00:00:12,510 And the other is through configuration files. 4 00:00:12,510 --> 00:00:22,380 The main configuration file is the toc file that's spelled t r r c and making changes in the Dewey edits 5 00:00:22,440 --> 00:00:27,060 this file edits the talk file and sometimes other files as well. 6 00:00:27,120 --> 00:00:34,560 But the default configuration should work in most cases and I don't recommend you make any changes until 7 00:00:34,560 --> 00:00:37,500 you really understand what you're doing. 8 00:00:37,560 --> 00:00:40,490 And I've read through the tour documentation. 9 00:00:41,100 --> 00:00:48,420 Here we are in Windows and you'll find the toc file in the Tor browser browser. 10 00:00:48,750 --> 00:00:55,620 Tor browser data Tor folder and there is the toc file. 11 00:00:56,490 --> 00:00:59,450 And in Windows that's what it looks like. 12 00:00:59,730 --> 00:01:06,460 But in tale's For example this is what it looks like. 13 00:01:06,540 --> 00:01:12,200 What's more information in on OSX. 14 00:01:12,240 --> 00:01:19,910 If you want to find the toc file you need to go to your Applications folder then find your browser icon 15 00:01:19,990 --> 00:01:20,100 . 16 00:01:20,190 --> 00:01:31,230 They need to right click or control click Show package contents and then navigate through to Tor browser 17 00:01:31,560 --> 00:01:34,790 data Tor and then talk. 18 00:01:34,860 --> 00:01:38,730 So that's the full path there to it. 19 00:01:38,730 --> 00:01:40,590 And that's the file. 20 00:01:41,430 --> 00:01:45,290 And it looks like that pretty similar to the one in Windows. 21 00:01:45,330 --> 00:01:53,820 If you can find it on any of the operating systems just do a search for the toc file TiVo or see here 22 00:01:53,820 --> 00:02:01,770 on Linux you'll find the toc file where you installed it and then browse a browser data tool. 23 00:02:02,130 --> 00:02:04,470 And then there's the toc file. 24 00:02:04,830 --> 00:02:14,220 And if you have a look at the file we can see it looks like the windows and the Mac toc file also puts 25 00:02:14,220 --> 00:02:18,460 the toc file in user local ATC tool. 26 00:02:18,480 --> 00:02:31,410 If you compiled all from source and ATC Tor or ATC if you installed a prebuilt package to get familiar 27 00:02:31,410 --> 00:02:33,320 with the toc file and how to use it. 28 00:02:33,540 --> 00:02:43,110 There is a manual here and if you go down you can see the command line options here and a bit further 29 00:02:43,110 --> 00:02:43,470 down. 30 00:02:43,470 --> 00:02:46,500 You can also find the general options. 31 00:02:46,500 --> 00:02:50,980 These are the options used within the toc file. 32 00:02:51,750 --> 00:03:00,840 You can also man tall and there's a lot of information in there as well which is quite useful to also 33 00:03:00,840 --> 00:03:09,140 provides a sample Tor configuration file for common configurations which is quite useful. 34 00:03:09,200 --> 00:03:16,740 So if you're struggling maybe you have examples in here and it's got some good commentary as well. 35 00:03:17,370 --> 00:03:21,240 So I'll give you an example of editing the talk fine. 36 00:03:21,270 --> 00:03:29,850 One of the common changes that people make is to alter the geographic location of their entry or exit 37 00:03:29,850 --> 00:03:30,470 node. 38 00:03:30,630 --> 00:03:33,910 And here we are on the FAA queue. 39 00:03:34,350 --> 00:03:41,410 And we can see the entries that are required in order to change them so its entry nodes exit nodes. 40 00:03:41,670 --> 00:03:49,560 And if we go down here we actually need to put in the country code and as it says here is the ISO standard 41 00:03:49,560 --> 00:03:50,900 for country code. 42 00:03:51,190 --> 00:03:53,090 And so it's these the. 43 00:03:53,100 --> 00:03:54,860 For Germany for example. 44 00:03:55,050 --> 00:04:00,330 So that's going to Debian is it the top file 45 00:04:03,690 --> 00:04:11,070 that's going to force the Tor browser to go via a German node German entry node. 46 00:04:13,350 --> 00:04:19,680 And that's going to force it to go through the United Kingdom or Great Britain G-B to save them 47 00:04:23,350 --> 00:04:30,240 . 48 00:04:39,780 --> 00:04:41,180 And there we are. 49 00:04:41,310 --> 00:04:45,540 So we've gone through Germany exit and the United Kingdom. 50 00:04:45,930 --> 00:04:53,040 You may have noticed here you can also specify the actual relays that you want to use on or different 51 00:04:53,040 --> 00:04:57,290 relays that you want to use by putting in their fingerprint here. 52 00:04:58,440 --> 00:05:07,560 If we have a look at the consensus here let's pick a relay at random kittens on tour and we're going 53 00:05:07,560 --> 00:05:15,660 to go to Atlas here which is Atlas dot Torv project dot all place that in 54 00:05:18,810 --> 00:05:25,290 and here we can see the relay and its ports some flags and when it does it's a fast one. 55 00:05:25,290 --> 00:05:32,010 Click on here and there's a fingerprint there so we could select that 56 00:05:37,690 --> 00:05:42,200 and thereby that relay instead. 57 00:05:42,310 --> 00:05:47,190 Now if you pick a relay it has to be the sort of relay that you're after. 58 00:05:47,190 --> 00:05:53,340 So it would have to work or function as a guard if you're going to have it as a guard. 59 00:05:53,400 --> 00:06:02,420 There may or may not be a benefit to changing the country or relay of the entry and or exit node. 60 00:06:02,500 --> 00:06:05,970 It all depends on the type of attack you're trying to mitigate. 61 00:06:06,090 --> 00:06:14,640 If your adversary is using secret deals with telcos to enable man on the side attacks then using relays 62 00:06:15,030 --> 00:06:21,840 out of their sphere of influence because they maybe can't get to that particular telco will definitely 63 00:06:21,840 --> 00:06:29,620 help you if on the other hand your adversary is performing some sort of simple attack in combination 64 00:06:29,620 --> 00:06:36,210 with a correlation attack where he can run his own relays is not going to help you. 65 00:06:36,420 --> 00:06:41,530 I'll talk more about Sibylle attacks and co-relation attacks in their own section. 66 00:06:41,620 --> 00:06:45,610 Tor chooses Sirk is based on net work load. 67 00:06:45,690 --> 00:06:51,950 If you make manual changes to the search kit this could make you stand out. 68 00:06:52,000 --> 00:06:58,320 I don't recommend you make manual changes to the suitcase unless you really know what you're doing. 69 00:06:58,710 --> 00:07:05,430 In order for the configuration within the TOC file to take effect you need to restart the Tor browser 70 00:07:06,420 --> 00:07:08,150 or alternative. 71 00:07:08,160 --> 00:07:15,700 You can also issue a kill minus sign up Tor which will have the same effect but usually it's better 72 00:07:15,690 --> 00:07:20,130 to just restart the Tor browser to finish off. 73 00:07:20,130 --> 00:07:27,870 I'm going to go through the example talk fire with you so you can get a better idea of the syntax and 74 00:07:27,880 --> 00:07:30,940 what it is you can do with the TOC file. 75 00:07:31,000 --> 00:07:35,350 So let's go down here we can see here these hashes. 76 00:07:35,430 --> 00:07:41,940 All of these hashes need to be removed for a command such as this to take effect. 77 00:07:41,940 --> 00:07:45,900 Hashes are just comments as they are in most documents. 78 00:07:45,900 --> 00:07:47,510 So here line 18. 79 00:07:47,580 --> 00:07:56,420 This tells tall to open a socks proxy on this post 1950 which is for all applications to use to send 80 00:07:56,460 --> 00:07:58,840 traffic via Tor. 81 00:07:59,380 --> 00:08:08,430 And here we are brining it to a specific IP address and port said it sucks port 0 if you're only running 82 00:08:08,460 --> 00:08:13,130 a relay and not sending traffic through the relay yourself. 83 00:08:13,170 --> 00:08:14,830 That might be a rare occasion. 84 00:08:14,820 --> 00:08:20,460 We're going to talk more about the socks port shortly and how you put other applications through it 85 00:08:20,460 --> 00:08:21,940 . 86 00:08:22,000 --> 00:08:30,250 These are the entry policies to allow or deny Sock's requests based on their IP address. 87 00:08:30,250 --> 00:08:38,070 And I think the syntax is pretty obvious that an X set and that is for this network with a slash 16 88 00:08:38,080 --> 00:08:42,360 subnet mask go down a little bit you can see here. 89 00:08:42,370 --> 00:08:51,880 This enables logging and enables notice level logging to this file and then we have a similar one here 90 00:08:51,880 --> 00:08:59,320 where we've got debug level logging to this file and then we can also send to CIS log as well. 91 00:08:59,380 --> 00:09:04,290 But warning you don't want to be doing logging if you're concerned about local forensics. 92 00:09:04,290 --> 00:09:13,450 This would only be for testing or if you don't care about local forensics 49 this is to run Tor as a 93 00:09:13,750 --> 00:09:16,060 demon process in the background. 94 00:09:16,120 --> 00:09:22,030 For example if you don't want the Tor browser running at the same time this does not work in Windows 95 00:09:22,050 --> 00:09:24,910 as it says here. 96 00:09:25,050 --> 00:09:35,070 This is the control port set it 90 50 warm applications can remotely controlled Tor by issuing commands 97 00:09:35,080 --> 00:09:43,150 to this port and you can establish authentication with these and as default is set up for authentication 98 00:09:43,230 --> 00:09:45,090 using cookee authentication. 99 00:09:45,100 --> 00:09:48,120 At least it is on the ones I've seen. 100 00:09:48,120 --> 00:09:50,060 Move down a little bit. 101 00:09:50,790 --> 00:09:58,240 If you're wanting to run a hidden service that means a service that is on the dark web or a dot on your 102 00:09:58,250 --> 00:10:03,090 own server this is part of how you would start to enable it. 103 00:10:03,220 --> 00:10:09,640 So here this is how you set the directory for what people will connect to. 104 00:10:10,290 --> 00:10:16,290 And this is how you set the port to redirect to local host and then port 80. 105 00:10:16,330 --> 00:10:19,240 And here we have other examples. 106 00:10:19,650 --> 00:10:27,700 As I've said I recommend Debian and or nix for setting up hidden services or relays or bridges and for 107 00:10:27,690 --> 00:10:32,760 setting or relays we have the options here for how you do that. 108 00:10:32,790 --> 00:10:36,460 The Allport here set at nine thousand one. 109 00:10:36,480 --> 00:10:41,290 This is the poor use to advertise for incoming Tor connections. 110 00:10:41,320 --> 00:10:48,690 If you are a relay if you're wondering what ports are used to connect to by default install or what 111 00:10:48,690 --> 00:10:51,130 port you might need to open on a firewall. 112 00:10:51,150 --> 00:10:59,030 Well two attempts to connect on any port that is advertised in the directory as an or port for making 113 00:10:59,040 --> 00:11:04,510 toll connections or a D R port for fetching updates to the directory. 114 00:11:04,530 --> 00:11:07,300 There are a variety of these ports. 115 00:11:07,380 --> 00:11:15,660 Many of them are running on port 80 for 4:03 9000 wan and nine thousand thirty but many other ports 116 00:11:15,660 --> 00:11:16,310 are used. 117 00:11:16,420 --> 00:11:22,490 And as you can see here you can configure this to be whatever port it is that you want. 118 00:11:22,600 --> 00:11:33,850 You can here set up the DNS name for your relay and here you can set up the nickname for your relay 119 00:11:33,860 --> 00:11:34,610 . 120 00:11:35,380 --> 00:11:41,410 Then you've got a whole bunch of bandwidth options for limiting bandwidth throttling traffic allowing 121 00:11:41,400 --> 00:11:44,500 bursty traffic. 122 00:11:44,730 --> 00:11:52,210 This is what port advertised for directory connections which we mentioned just a second ago and here 123 00:11:52,210 --> 00:11:54,980 are your exit policy rules. 124 00:11:55,380 --> 00:12:00,340 So here for example as it says here is allowing I.R.S. ports. 125 00:12:00,340 --> 00:12:04,440 These are the IOC ports on IPV for an IP V-6 126 00:12:07,340 --> 00:12:10,140 here accepting and a.p pause. 127 00:12:10,150 --> 00:12:22,620 News groups here accepting and reports that on IPV for only and this is IP V-6 only an exit is allowed 128 00:12:22,750 --> 00:12:23,000 . 129 00:12:23,080 --> 00:12:25,830 You get an idea of the kind of syntax. 130 00:12:26,010 --> 00:12:34,690 Now if you want to set up your relay as a bridge with this command here and if you want to run a private 131 00:12:34,680 --> 00:12:45,920 bridge and this command here the TOC dash defaults file contains the default settings for Tor. 132 00:12:45,930 --> 00:12:49,370 This is a file not intended to be edited. 133 00:12:49,380 --> 00:12:56,420 The TOC file is what should be edited but this shows you what TOR is essentially set up to do. 134 00:12:56,520 --> 00:13:03,870 And here we can see we have our SoCs port open on 9 1 5 show allowing IPV 6 traffic etc.. 135 00:13:03,930 --> 00:13:11,700 Our control port here there is the cookie authentication for the control pool and these are the pluggable 136 00:13:11,700 --> 00:13:17,130 transports that are available for this Tor configuration. 137 00:13:17,220 --> 00:13:21,210 As I said you do not edit that file you know edit this file. 138 00:13:21,210 --> 00:13:22,650 You would add it. 139 00:13:22,650 --> 00:13:29,000 The TOC file which is this one and that would override the default file. 140 00:13:29,040 --> 00:13:30,700 So that's the TOC file. 141 00:13:30,690 --> 00:13:32,440 Hope that has helped. 15110