Anonymity with Tor
Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world. To launch our attacks through the TOR network, we will use the socat program.
Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Let’s assume that the IP address of our target machine is 192.168.1.5.
We execute socat this way:
socat TCP4-LISTEN:3333,fork SOCKS4a:127.0.0.1:192.168.1.5:80,socksport=9050
The above command sets up a socat proxy listening on our local system 127.0.0.1 on port 3333 and forward any TCP requests to 192.168.1.5 (port 80) via the SOCKS TOR proxy that is listening on 127.0.0.1 on port 9050.
Now, to launch our attacks via tor and exploit the machine at IP address 192.168.1.5, we have to set the target IP to 127.0.0.1 (RHOSTS) and remote port to 3333 (RPORT).