Tor Browser是由Tor Project推出的一款集成了TorFirefox ESR, Torbutton, TorLauncher, NoScript,和 HTTPS-Everywhere的瀏覽器。Tor Browser默認監聽91509151端口,通過Tor (anonymity network)實現匿名訪問,保障用戶隱私。

本文記錄如何在GNU/Linux中下載、校驗、安裝Tor Browser及在GNOME桌面中創建快捷圖標。

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked. – https://www.torproject.org/projects/torbrowser.html.en

OS Info

主機操作系統信息如下

item detail
OS Version Debian GNU/Linux 9.6 (stretch)
Kernel Version 4.9.0-7-amd64

Downloading

Tor Browser的下載頁面在Tor Browser Downloads,GPG簽名的校驗方法在Verify package signatures。Release信息可在其官方blog中查看鏈接

官方最新釋出版本信息

版本 日期 Release信息
8.0.4 Nov 17, 2018 Release Note

Release Version

可通過如下命令提取最新釋出版本信息

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
download_page='https://www.torproject.org/download/download.html'
download_redirect_page='https://dist.torproject.org'
download_tool='curl -fsL' # wget -qO-

# 最新釋出版本及日期
$download_tool "${download_page}" | sed -r -n '/>Tor Browser</{n;/Linux/{[email protected]^[^[:digit:]]+([^[:space:]]+)[[:space:]]*\(([^\)]+)\).*[email protected]\1|\[email protected];p}}'
# 8.0.4|2018-11-17

# 真實下載鏈接
$download_tool "${download_page}" | sed -r -n '/linux64-/{[email protected]^.*href="\.+/dist/([^"]+)">.*[email protected]'"${download_redirect_page}/"'\[email protected];p}'
# https://dist.torproject.org/torbrowser/8.0.4/tor-browser-linux64-8.0.4_en-US.tar.xz
# https://dist.torproject.org/torbrowser/8.0.4/tor-browser-linux64-8.0.4_en-US.tar.xz.asc

# Sha256sum digest
online_release_version=$($download_tool "${download_page}" | sed -r -n '/>Tor Browser</{n;/Linux/{[email protected]^[^[:digit:]]+([^[:space:]]+)[[:space:]]*\(([^\)]+)\).*[email protected]\[email protected];p}}')
online_release_pack_name="tor-browser-linux64-${online_release_version}_en-US.tar.xz"
$download_tool "${download_redirect_page}/torbrowser/${online_release_version}/sha256sums-unsigned-build.txt" | sed -r -n '/'"${online_release_pack_name}"'/{[email protected]^[[:space:]]*([^[:space:]]+).*@\[email protected];p}'
# b56ea98a1232ff34f683e484c75816bc72663cccf1658ab28f2d705226ee94c1

下載安裝包,此處定義下載路徑~/Downloads

Verification

Importing GPG Public Key

下載完成後進行校驗操作,參考官方文檔 Verify package signatures

注意:必須在操作系統中導入指定的公鑰,否則無法進行校驗工作

KeyId是0x4E2C6E8793298290

執行如下命令安裝公鑰

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#列出本機中的公鑰
gpg2 --list-keys
gpg2 --list-key 0x4E2C6E8793298290

#在keyserver中查詢指定的公鑰
gpg2 --keyserver keys.gnupg.net --search-keys 0x4E2C6E8793298290

#從keyserver下載指定的公鑰
gpg2 --keyserver keys.gnupg.net --recv-keys 0x4E2C6E8793298290

#查看公鑰及其指紋
gpg2 --fingerprint 0x4E2C6E8793298290

具體操作過程

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#列出本機中的公鑰
[[email protected] ~]$ gpg2 --list-key 0x4E2C6E8793298290
gpg: error reading key: No public key

#在keyserver中查詢公鑰
[[email protected] ~]$ gpg2 --keyserver keys.gnupg.net --search-keys 0x4E2C6E8793298290
gpg: data source: http://192.146.137.99:11371
(1)	Tor Browser Developers (signing key) <[email protected]>
	  4096 bit RSA key 4E2C6E8793298290, created: 2014-12-15, expires: 2020-08-24
Keys 1-1 of 1 for "0x4E2C6E8793298290".  Enter number(s), N)ext, or Q)uit > 1
sub  7017ADCEF65C2036
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sub  2E1AC68ED40814E0
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sub  2D000988589839A3
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
uid  Tor Browser Developers (signing key) <[email protected]> (reordered signatures follow)
sig!3        4E2C6E8793298290 2014-12-15  [self-signature]
sig!3        4E2C6E8793298290 2015-08-26  [self-signature]
sub  D1483FA6C3C07136
sig!         4E2C6E8793298290 2016-08-24  [self-signature]
sub  EB774491D9FF06E2
sig!         4E2C6E8793298290 2018-05-26  [self-signature]
key 4E2C6E8793298290:
70 duplicate signatures removed
210 signatures not checked due to missing keys
2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

#從keyserver下載公鑰
[[email protected] ~]$ gpg2 --keyserver keys.gnupg.net --recv-keys 0x4E2C6E8793298290
sub  7017ADCEF65C2036
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sub  2E1AC68ED40814E0
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sub  2D000988589839A3
sig!         4E2C6E8793298290 2015-08-26  [self-signature]
sig!         4E2C6E8793298290 2014-12-15  [self-signature]
uid  Tor Browser Developers (signing key) <[email protected]> (reordered signatures follow)
sig!3        4E2C6E8793298290 2014-12-15  [self-signature]
sig!3        4E2C6E8793298290 2015-08-26  [self-signature]
sub  D1483FA6C3C07136
sig!         4E2C6E8793298290 2016-08-24  [self-signature]
sub  EB774491D9FF06E2
sig!         4E2C6E8793298290 2018-05-26  [self-signature]
key 4E2C6E8793298290:
70 duplicate signatures removed
210 signatures not checked due to missing keys
2 signatures reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1


#查看公鑰及其指紋
# gpg2 --with-fingerprint --list-key 0x4E2C6E8793298290
[[email protected] ~]$ gpg2 --fingerprint 0x4E2C6E8793298290
pub   rsa4096 2014-12-15 [C] [expires: 2020-08-24]
      EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
uid           [ unknown] Tor Browser Developers (signing key) <[email protected]>
sub   rsa4096 2018-05-26 [S] [expires: 2020-09-12]

[[email protected] ~]$

Verifying GPG Signature

安裝公鑰後進行校驗,使用命令gpg2 --verify進行校驗

操作過程如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
#列出文件
[[email protected] ~]$ ls -lhF ~/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz*
-rw-r--r-- 1 maxdsre maxdsre 72M Jan 18 08:51 /home/maxdsre/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz
-rw-r--r-- 1 maxdsre maxdsre 801 Jan 18 08:51 /home/maxdsre/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz.asc

#校驗 校驗文件在前,源文件在後
[[email protected] ~]$ gpg2 --verify ~/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz{.asc,}
gpg: Signature made Mon 10 Dec 2018 10:15:40 AM EST
gpg:                using RSA key EB774491D9FF06E2
gpg: Good signature from "Tor Browser Developers (signing key) <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: 1107 75B5 D101 FB36 BC6C  911B EB77 4491 D9FF 06E2
[[email protected] ~]$

校驗結果中出現 >gpg: Good signature from “Tor Browser Developers (signing key) [email protected]

說明校驗成功,證明下載的文件是由Tor官方釋出,未經過第三方篡改,可以信任。

Installation

Tor Browser的安裝可參考官方文檔 Tor Installation guides

此處定義安裝路徑/opt/torBrowser,執行如下命令進行解壓

1
2
3
4
5
6
7
umask 022

#創建目標路徑
[[ ! -d /opt/torBrowser ]] && sudo mkdir -m 755 -pv /opt/torBrowser || sudo rm -rf /opt/torBrowser/*

#解壓壓縮包到目標路徑
sudo tar xf ~/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz -C /opt/torBrowser --strip-components=1

解壓完成後,進入目標路徑,執行

1
./start-tor-browser.desktop

出現

Launching ‘./Browser/start-tor-browser –detach’…

即可啓動Tor Browser

操作過程如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
[[email protected] ~]$ umask 022
[[email protected] ~]$ [[ ! -d /opt/torBrowser ]] && sudo mkdir -pv /opt/torBrowser
mkdir: created directory ‘/opt/torBrowser’
[[email protected] ~]$ sudo tar xf ~/Downloads/tor-browser-linux64-8.0.4_en-US.tar.xz -C /opt/torBrowser --strip-components=1
[[email protected] ~]$ cd /opt/torBrowser/
[[email protected] torBrowser]$ ls -lhF
total 8.0K
drwx------ 11 maxdsre root   4.0K Jan 18 08:53 Browser/
-rwx------  1 maxdsre maxdsre 1.7K Jan 18 08:53 start-tor-browser.desktop*

[[email protected] torBrowser]$ ls -lhF Browser/
total 106M
-rwx------ 1 maxdsre root    14K Jan 18  1999 abicheck*
-rw------- 1 maxdsre root    440 Jan 18  1999 application.ini
drwx------ 5 maxdsre root    113 Jan 18  1999 browser/
-rw------- 1 maxdsre root      0 Jan 18  1999 chrome.manifest
drwx------ 3 maxdsre root     18 Jan 18  1999 defaults/
-rw------- 1 maxdsre root    157 Jan 18  1999 dependentlibs.list
drwx------ 2 maxdsre root     40 Jan 18  1999 dictionaries/
drwx------ 2 maxdsre maxdsre    6 Jan  18 16:31 Downloads/
-rwx------ 1 maxdsre root    279 Jan 18  1999 execdesktop*
-rwx------ 1 maxdsre root   1.4K Jan 18  1999 firefox*
-rwx------ 1 maxdsre root   203K Jan 18  1999 firefox.real*
drwx------ 2 maxdsre root   4.0K Jan 18  1999 fonts/
drwx------ 2 maxdsre root     26 Jan 18  1999 gtk2/
drwx------ 2 maxdsre root     25 Jan 18  1999 icons/
-rwx------ 1 maxdsre root   515K Jan 18  1999 libfreeblpriv3.so*
-rwx------ 1 maxdsre root    67K Jan 18  1999 liblgpllibs.so*
-rwx------ 1 maxdsre root   1.8M Jan 18  1999 libmozavcodec.so*
-rwx------ 1 maxdsre root   231K Jan 18  1999 libmozavutil.so*
-rwx------ 1 maxdsre root   6.2K Jan 18  1999 libmozgtk.so*
-rwx------ 1 maxdsre root   143K Jan 18  1999 libmozsandbox.so*
-rwx------ 1 maxdsre root   853K Jan 18  1999 libmozsqlite3.so*
-rwx------ 1 maxdsre root   245K Jan 18  1999 libnspr4.so*
-rwx------ 1 maxdsre root   649K Jan 18  1999 libnss3.so*
-rwx------ 1 maxdsre root   468K Jan 18  1999 libnssckbi.so*
-rwx------ 1 maxdsre root   143K Jan 18  1999 libnssdbm3.so*
-rwx------ 1 maxdsre root   183K Jan 18  1999 libnssutil3.so*
-rwx------ 1 maxdsre root    19K Jan 18  1999 libplc4.so*
-rwx------ 1 maxdsre root    15K Jan 18  1999 libplds4.so*
-rwx------ 1 maxdsre root   176K Jan 18  1999 libsmime3.so*
-rwx------ 1 maxdsre root   264K Jan 18  1999 libsoftokn3.so*
-rwx------ 1 maxdsre root   336K Jan 18  1999 libssl3.so*
-rwx------ 1 maxdsre root    92M Jan 18  1999 libxul.so*
-rw------- 1 maxdsre root   5.1M Jan 18  1999 omni.ja
-rwx------ 1 maxdsre root   2.2M Jan 18  1999 pingsender*
-rw------- 1 maxdsre root     48 Jan 18  1999 platform.ini
-rwx------ 1 maxdsre root   199K Jan 18  1999 plugin-container*
-rw------- 1 maxdsre root    99K Jan 18  1999 precomplete
-rw------- 1 maxdsre root      0 Jan 18  1999 removed-files
-rwx------ 1 maxdsre root    13K Jan 18  1999 start-tor-browser*
-rwx------ 1 maxdsre root   1.7K Jan 18  1999 start-tor-browser.desktop*
-rw------- 1 maxdsre root     82 Jan 18  1999 tbb_version.json
drwx------ 6 maxdsre root     59 Jan  18 16:30 TorBrowser/
-rwx------ 1 maxdsre root   174K Jan 18  1999 updater*
-rw------- 1 maxdsre root    689 Jan 18  1999 updater.ini
-rw------- 1 maxdsre root    138 Jan 18  1999 update-settings.ini

[[email protected] torBrowser]$

Desktop In GNOME

如果要在GNOME中爲Tor Browser創建快捷圖標,可通過在目錄/usr/share/applications/中創建.desktop文件實現。

start-tor-browser.desktop

查看啓動腳本start-tor-browser.desktop,內容如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env ./Browser/execdesktop
#
# This file is a self-modifying .desktop file that can be run from the shell.
# It preserves arguments and environment for the start-tor-browser script.
#
# Run './start-tor-browser.desktop --help' to display the full set of options.
#
# When invoked from the shell, this file must always be in a Tor Browser root
# directory. When run from the file manager or desktop GUI, it is relocatable.
#
# After first invocation, it will update itself with the absolute path to the
# current TBB location, to support relocation of this .desktop file for GUI
# invocation. You can also add Tor Browser to your desktop's application menu
# by running './start-tor-browser.desktop --register-app'
#
# If you use --register-app, and then relocate your TBB directory, Tor Browser
# will no longer launch from your desktop's app launcher/dock. However, if you
# re-run --register-app from inside that new directory, the script
# will correct the absolute paths and re-register itself.
#
# This file will also still function if the path changes when TBB is used as a
# portable app, so long as it is run directly from that new directory, either
# via the shell or via the file manager.

[Desktop Entry]
Type=Application
Name=Tor Browser
GenericName=Web Browser
Comment=Tor Browser is +1 for privacy and -1 for mass surveillance
Categories=Network;WebBrowser;Security;
Exec=sh -c '"/opt/torBrowser/Browser/start-tor-browser" --detach || ([ !  -x "/opt/torBrowser/Browser/start-tor-browser" ] && "$(dirname "$*")"/Browser/start-tor-browser --detach)' dummy %k
X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
Icon=/opt/torBrowser/Browser/browser/icons/mozicon128.png
StartupWMClass=Tor Browser

根據該文件中的內容創建定製化的.desktop文件

Custom Create torbrowser.desktop

Tor Browser的logo圖片可下如下路徑中找到

1
/opt/torBrowser/Browser/browser/chrome/icons/default/

須將logo圖片複製或創建符號鏈接至路徑/usr/share/pixmaps/

執行如下命令創建定製化的.desktop文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[[ -f /usr/share/pixmaps/torbrowser.png ]] && sudo rm -f /usr/share/pixmaps/torbrowser.png
sudo cp -a /opt/torBrowser/Browser/browser/chrome/icons/default/default128.png /usr/share/pixmaps/torbrowser.png

sudo tee /usr/share/applications/torbrowser.desktop <<-'EOF'
[Desktop Entry]
Encoding=UTF-8
Name=Tor Browser
GenericName[en]=Web Browser
Comment=Tor Browser is +1 for privacy and -1 for mass surveillance
Type=Application
Categories=Network;WebBrowser;Security;
Exec=sh -c '/opt/torBrowser/Browser/start-tor-browser --detach' dummy %k
X-TorBrowser-ExecShell=/opt/torBrowser/Browser/start-tor-browser --detach
Icon=TorBrowser.png
Terminal=false
StartupWMClass=Tor Browser
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;
EOF

Applications -> Internet 中即可看到Tor Browser的圖標,點擊該圖標可正常啓動 Tor Browser。

連接到Tor Network需要一段時間,請耐心等待。

連接成功後,可通過如下地址檢測Tor瀏覽器是否正常工作

1
https://check.torproject.org/

Setting Custom Bridge

Tor Bridges Configuration 設置過程中,可配置custom bridges。具體解釋說明見官方文檔 Tor: Bridges

custom bridges可通過如下鏈接獲取

1
2
3
https://bridges.torproject.org

https://bridges.torproject.org/options

也可通過給[email protected]發送題爲 get bridges 的郵件獲取,但只支持Gmail,Riseup,Yahoo。

You can also get bridges by sending mail to [email protected] with the line “get bridges” by itself in the body of the mail. You’ll need to send this request from a Gmail, Riseup!, or Yahoo! account, though — we only accept these providers because otherwise we make it too easy for an attacker to make a lot of email addresses and learn about all the bridges. – https://www.torproject.org/docs/bridges.html.en#FindingMore

獲取到的custom bridges格式如下

1
2
3
4
5
6
7
8
9
#type 1
78.47.234.125:443 C763B28152B776D428009317D8498AC08668203D
68.45.52.117:443 3C89FB56CDEE23F0F16FDF86086866E33EAB24D8
66.244.213.93:9001 1AB7A590D5814E1E030442FF707DF22CB9D255FF

#type2
obfs4 68.45.52.117:40365 3C89FB56CDEE23F0F16FDF86086866E33EAB24D8 cert=s0SmVQop+pZPZxlHunrXQL6MW4uVOZS55XjDVaBYkaSSoN9FEZOif/dxxrufg6ZnskRkSw iat-mode=0
obfs4 66.244.213.93:45697 1AB7A590D5814E1E030442FF707DF22CB9D255FF cert=mw9i1vKXC2KGCcgdGjQukjOREQ6HbOrkSopJ2Bh7ZXQI/Oe9V5lZAp6V9cwmYb5CyHERRw iat-mode=0
obfs4 207.148.26.164:465 58DB46EA61A0D64152C2ED2F80BFFC3C8F3101C4 cert=8ILLfrEf5k17472N9yl3QdJqkhqxoLzxnSIUVzcCOS3mMOyF8AzRpfl6MOcB+W8k6AdeEQ iat-mode=0

在如下文本框中填寫即可

Snapshots About Anonymous Connection

此處使用本地代理連接成功,以下是操作過程截圖

Network Setting

Tor Bridge Connection

Local Proxy Connection

Connecting To The Tor Network

Welcome Page

IP Status

References

Bibliography

Change Logs

  • 2016.12.22 17:24 Thu Asia/Shanghai
    • 初稿完成
  • 2017.02.03 15:02 Fri America/Boston
    • 添加custom bridges配置
  • 2018.04.11 11:55 Wed America/Boston
    • 勘誤,遷移到新Blog
  • 2019.01.18 09:02 Fri America/Boston
    • 版本更新至8.0.4,增加下載鏈接提取命令