Skip to main content

minitor - anonymizing internet traffic using private hosts (gui)

Project description

This program will let you forward local connections, redirect internet traffic and transfer files to, and issue commands on, a server without making a direct connection, which would undoubtedly compromise your privacy. This solution can only work when you or your peers own one or more servers as this program communicates with SSH servers.

How it works

Terminology:

  • Tunnel is an established connection.
  • Machine is any server to which these Tunnels connect to. Machines use these tunnels to send data and instructions to Agents.
  • Agent is a component running on servers. It performs various functions like gluing the Tunnels.

minitorgui uses minitorcorelib to create Tunnels and uses Machines to communicate with the Agent. Each Tunnel is responsible to transfer the Agent (through already established Tunnels) to a Machine. The Agent communicates directly with the operating system of the Machine on which it resides. The Agent is responsible to glue Tunnels, forward local connections (FOR mode), redirect internet traffic (TOR mode), put files (FILE mode), and issue commands (COMMAND mode).

../img/illustration_how_it_works_1.png

For more details, including illustrations with class names, please consult the minitor/corelib repository on GitHub.

Requirements (functional)

  • The solution only tested with Red Hat, CentOS and Fedora.
  • The solution doesn’t work with Windows, only on Linux.
  • The client and all servers have Python >3.6 as their default interpreter.
  • You need at least 1 server.
  • Every server needs a running SSH daemon.
  • Have the associated SSH identification file (i.e. the private key) for these servers.
  • Due to security reasons, SSH password login is not supported.
  • This program don’t require root privileges on client (to be confirmed).
  • Recommendation: 2 interfaces per server, so full anonymity can be guaranteed.

Requirements (software)

Install the following Linux package on the client.

  • Tk interface library

    • dnf install python3-tkinter

(Hopefully, in the next release, no installation of Proxychains will be necessary)

Installation

If you use the standard packet manager:

$ pip install minitorgui

or if you use pipx:

$ pipx install minitorgui

Usage

Issue this command to actually execute the program.

$ minitorgui

Minitorgui allows you to enter one of the modes listed below. This is done through a Configuration file.

  • TOR mode
  • FOR(warding) mode
  • COMMAND mode
  • FILE mode

In TOR mode, the last Machine acts as an exit node (in TOR terminology).

../img/illustration_tor.png

In FOR(warding) mode, connections are forwarded to the last Machine, on which, for example, an email server (e.g. Postfix) is running and a local email client want to connect to its listening ports.

../img/illustration_forwarding.png

In COMMAND mode, a rudimentary terminal interface is provided which enables the user to interact with the last Machine.

../img/illustration_command.png

In FILE mode, files are transferred from client to the last Machine.

../img/illustration_file.png

To enable TOR mode: Edit the JSON document in the configuration file to incorporate the keywords mode, proxies, destination, and optionally application. When application is specified, minitor will start the application of choice once the tunnel is ready. Please note, if an instance of that application (eg. Firefox) is already running, minitor will terminate immediately. In the example below, minitor drills through 3 servers and ends at server #4. Hitting ctrl + c in terminal will dismantle tunnel (and stop application)

Note: Each server has two interfaces. If your servers don’t have two interfaces, just use the ip address of “ip_in” for “ip_out”.

{
"mode":         "TOR",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"},
               {"ip_in": "10.10.2.92",
                "ip_out": "10.10.3.42 ",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.com"},
               {"ip_in": "10.10.3.52",
                "ip_out": "10.10.4.21",
                "identity_file": "/home/vincent/.ssh/id_rsa_es_vm",
                "hostname": "server.defiant.com"}],
"destination": {"ip_in": "10.10.4.31",
                "ip_out": "10.10.4.31",
                "identity_file": "/home/vincent/.ssh/id_rsa_gr_vm",
                "hostname": "server.voyager.com"},
"application": {"binary_name": "firefox",
                "binary_location": "/usr/bin/firefox"}
}

To enable FOR(warding) mode: Edit the JSON document to incorporate the keywords mode, proxies, destination, forwarders, and optionally application. When application is specified, then the program will start this application once the tunnel is ready. Please note, if an instance of that application (eg. Thunderbird) is already running, minitor will terminate immediately. Hitting ctrl + c in terminal will dismantle tunnel (and stop application)

{
"mode":         "FOR",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.only.com"}],
"forwarders": [{"local_port": 1995,
                "remote_interface": "[2a01:7c8:aac3:1e1:2a01:ffaa:a:241]",
                "remote_port": 995}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.art.it"}
}

To enable COMMAND mode: Edit the JSON document to incorporate the keywords mode, proxies, and destination. Hitting ctrl + c in terminal will dismantle tunnel.

{
"mode":         "COMMAND",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.it"}
}

To enable FILE mode: Edit the JSON document to incorporate the keywords mode, proxies, destination and files.

{
"mode":         "FILE",
"proxies":    [{"ip_in": "10.10.1.72",
                "ip_out": "10.10.2.82",
                "identity_file": "/home/vincent/.ssh/id_rsa_be_vm",
                "hostname": "server.equinox.com"}],
"destination": {"ip_in": "10.10.2.92",
                "identity_file": "/home/vincent/.ssh/id_rsa_it_vm",
                "hostname": "server.enterprise.it"},
"files":      [{"source": "/home/vincent/amsterdam_de_jordaan.jpg",
                "destination": "/tmp"},
               {"source": "/home/vincent/amsterdam_nine_streets.jpg",
                "destination": "/tmp"}]
}

Planning

The format of the configuration file will be modified to include:

  • the MACHINE_DEPLOY_PATH (default: /tmp/)
  • the LOCAL_PROXY_PORT (default: 8080)
  • for mode FILE “direction”, which can have value UPLOAD|DOWNLOAD (note: only UPLOAD is available)

Also, in a next release, no installation of any Linux package will be necessary. All dependencies with OS binaries will be replaced by native code.

Development Workflow

The workflow supports the following steps

  • lint
  • test
  • build
  • document
  • upload
  • graph

These actions are supported out of the box by the corresponding scripts under _CI/scripts directory with sane defaults based on best practices. Sourcing setup_aliases.ps1 for windows powershell or setup_aliases.sh in bash on Mac or Linux will provide with handy aliases for the shell of all those commands prepended with an underscore.

The bootstrap script creates a .venv directory inside the project directory hosting the virtual environment. It uses pipenv for that. It is called by all other scripts before they do anything. So one could simple start by calling _lint and that would set up everything before it tried to actually lint the project

Once the code is ready to be delivered the _tag script should be called accepting one of three arguments, patch, minor, major following the semantic versioning scheme. So for the initial delivery one would call

$ _tag –minor

which would bump the version of the project to 0.1.0 tag it in git and do a push and also ask for the change and automagically update HISTORY.rst with the version and the change provided.

So the full workflow after git is initialized is:

  • repeat as necessary (of course it could be test - code - lint :) ) * code * lint * test
  • commit and push
  • develop more through the code-lint-test cycle
  • tag (with the appropriate argument)
  • build
  • upload (if you want to host your package in pypi)
  • document (of course this could be run at any point)

Important Information

This template is based on pipenv. In order to be compatible with requirements.txt so the actual created package can be used by any part of the existing python ecosystem some hacks were needed. So when building a package out of this do not simple call

$ python setup.py sdist bdist_egg

as this will produce an unusable artifact with files missing. Instead use the provided build and upload scripts that create all the necessary files in the artifact.

Documentation

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Authors

  • Vincent Schouten - Initial work - LINK

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

  • Costas Tyfoxylos
  • rofl0r (developer of proxychains-ng)
  • MisterDaneel (developer of pysoxy)

History

0.0.1 (30-01-2020)

  • First code creation

0.0.1 (30-01-2020)

  • redeployed a new cookiecutter template

0.0.8 (30-01-2020)

  • redeployed a new cookiecutter template

0.1.0 (19-02-2020)

  • business logic refactored, improved signalling between GUI and business logic improved

0.1.1 (20-02-2020)

  • almost all functions/methods have docstrings, bug fixed in business_logic(): the user was not able to exit the program normally unless the user opened a configuration file

0.1.2 (20-02-2020)

  • almost all functions/methods have docstrings, bug fixed in business_logic(): the user was not able to exit the program normally unless the user opened a configuration file

0.2.0 (21-02-2020)

  • api of corelib changed (start_application does not block anymore)

0.2.1 (21-02-2020)

  • scaling mechanism implemented (when run on Retina screen, scale will be increased)

0.3.0 (22-02-2020)

  • recently opened config file menu entry implemented, code related to scaling refactored, MainWindow and main() refactored to prevent window from closing when tunnel is running

0.3.1 (22-02-2020)

  • bug in config_file_dialog() fixed, thickness of lines of shapes modified

0.3.2 (22-02-2020)

  • entry_point in setup.py corrected

0.3.3 (22-02-2020)

  • directory settings added

0.3.4 (22-02-2020)

  • .gitignore added in settings dir

0.3.5 (23-02-2020)

  • constants about path proxychains added, renamed a few methods and attributes in MainWindow, call to TransferAgentFactory changed due to refactoring of that module

0.3.6 (24-02-2020)

  • the constants containing the path to the proxychains binary and associated config file added, and call to TunnelFactory changed due to refactoring of that module

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for minitorgui, version 0.3.6
Filename, size File type Python version Upload date Hashes
Filename, size minitorgui-0.3.6-py3.7.egg (85.5 kB) File type Egg Python version 3.7 Upload date Hashes View
Filename, size minitorgui-0.3.6.tar.gz (101.9 kB) File type Source Python version None Upload date Hashes View

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page