Tor Browser是由Tor Project推出的一款集成了TorFirefox ESR, Torbutton, TorLauncher, NoScript,和 HTTPS-Everywhere的瀏覽器。Tor Browser默認監聽91509151端口,通過Tor (anonymity network)實現匿名訪問,保障用戶隱私。

本文記錄如何在GNU/Linux中下載、校驗、安裝Tor Browser及在GNOME桌面中創建快捷圖標。

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked. – https://www.torproject.org/projects/torbrowser.html.en

OS Info

主機操作系統信息如下

item detail
OS Version Debian GNU/Linux 9.4 (stretch)
Kernel Version 4.9.0-5-amd64

Downloading && Verification

Tor Browser的下載頁面在Tor Browser Downloads,GPG簽名的校驗方法在Verify package signatures。Release信息可在其官方blog中查看鏈接

Download

官網當前提供的下載版本是7.5.3(Apr 11, 2018),release信息見 Tor Browser 7.5.3 is released

下載鏈接

1
2
3
4
https://www.torproject.org/dist/torbrowser/7.5.3/tor-browser-linux64-7.5.3_en-US.tar.xz

# GPG Signature File
https://www.torproject.org/dist/torbrowser/7.5.3/tor-browser-linux64-7.5.3_en-US.tar.xz.asc

此處定義下載路徑~/Downloads

Importing GPG Public Key

下載完成後進行校驗操作,參考官方文檔 Verify package signatures

注意:必須在操作系統中導入指定的公鑰,否則無法進行校驗工作

KeyId是0x4E2C6E8793298290

執行如下命令安裝公鑰

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
#列出本機中的公鑰
gpg --list-keys
gpg --list-key 0x4E2C6E8793298290

#在keyserver中查詢指定的公鑰
gpg --keyserver keys.gnupg.net --search-keys 0x4E2C6E8793298290

#從keyserver下載指定的公鑰
gpg --keyserver keys.gnupg.net --recv-keys 0x4E2C6E8793298290

#查看公鑰及其指紋
gpg --fingerprint 0x4E2C6E8793298290

具體操作過程

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#列出本機中的公鑰
[[email protected] ~]$ gpg --list-key 0x4E2C6E8793298290
gpg: error reading key: No public key

#在keyserver中查詢公鑰
[[email protected] ~]$ gpg --keyserver keys.gnupg.net --search-keys 0x4E2C6E8793298290
gpg: searching for "0x4E2C6E8793298290" from hkp server keys.gnupg.net
(1)	Tor Browser Developers (signing key) <[email protected]>
	  4096 bit RSA key 93298290, created: 2014-12-15, expires: 2020-08-24
Keys 1-1 of 1 for "0x4E2C6E8793298290".  Enter number(s), N)ext, or Q)uit > 1
gpg: requesting key 93298290 from hkp server keys.gnupg.net
gpg: key 93298290: public key "Tor Browser Developers (signing key) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

#從keyserver下載公鑰
[[email protected] ~]$ gpg --keyserver keys.gnupg.net --recv-keys 0x4E2C6E8793298290
gpg: requesting key 93298290 from hkp server keys.gnupg.net
gpg: key 93298290: "Tor Browser Developers (signing key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[[email protected] ~]$ gpg --list-key 0x4E2C6E8793298290
pub   4096R/93298290 2014-12-15 [expires: 2020-08-24]
uid                  Tor Browser Developers (signing key) <[email protected]>
sub   4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub   4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub   4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

#查看公鑰及其指紋
[[email protected] ~]$ gpg --fingerprint 0x4E2C6E8793298290
pub   4096R/93298290 2014-12-15 [expires: 2020-08-24]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
uid                  Tor Browser Developers (signing key) <[email protected]>
sub   4096R/F65C2036 2014-12-15 [expires: 2017-08-25]
sub   4096R/D40814E0 2014-12-15 [expires: 2017-08-25]
sub   4096R/C3C07136 2016-08-24 [expires: 2018-08-24]

[[email protected] ~]$

Verifying GPG Signature

安裝公鑰後進行校驗,使用命令gpg --verify進行校驗

操作過程如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
#列出文件
[[email protected] ~]$ ls -lhF ~/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz*
-rw-r--r-- 1 maxdsre maxdsre 68M Feb  3 14:54 /home/maxdsre/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz
-rw-r--r-- 1 maxdsre maxdsre 801 Feb  3 14:50 /home/maxdsre/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz.asc

#校驗 校驗文件在前,源文件在後
[[email protected] ~]$ gpg --verify ~/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz{.asc,}
gpg: Signature made Tue 24 Jan 2017 09:42:49 AM EST using RSA key ID C3C07136
gpg: Good signature from "Tor Browser Developers (signing key) <[email protected]>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
     Subkey fingerprint: A430 0A6B C93C 0877 A445  1486 D148 3FA6 C3C0 7136
[[email protected] ~]$

校驗結果中出現 >gpg: Good signature from “Tor Browser Developers (signing key) [email protected]

說明校驗成功,證明下載的文件是由Tor官方釋出,未經過第三方篡改,可以信任。

Installation

Tor Browser的安裝可參考官方文檔 Tor Installation guides

此處定義安裝路徑/opt/torBrowser,執行如下命令進行解壓

1
2
3
4
5
#創建目標路徑
[[ ! -d /opt/torBrowser ]] && sudo mkdir -m 755 -pv /opt/torBrowser || sudo rm -rf /opt/torBrowser/*

#解壓壓縮包到目標路徑
sudo tar xf ~/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz -C /opt/torBrowser --strip-components=1

解壓完成後,進入目標路徑,執行

1
./start-tor-browser.desktop

出現 >Launching ‘./Browser/start-tor-browser –detach’…

即可啓動Tor Browser

操作過程如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[[email protected] ~]$ [[ ! -d /opt/torBrowser ]] && sudo mkdir -pv /opt/torBrowser
mkdir: created directory ‘/opt/torBrowser’
[[email protected] ~]$ sudo tar xf ~/Downloads/tor-browser-linux64-7.5.3_en-US.tar.xz -C /opt/torBrowser --strip-components=1
[[email protected] ~]$ cd /opt/torBrowser/
[[email protected] torBrowser]$ ls -lhF
total 8.0K
drwx------ 11 maxdsre root   4.0K Apr 11 12:22 Browser/
-rwx------  1 maxdsre maxdsre 1.7K Apr 11 12:21 start-tor-browser.desktop*

[[email protected] torBrowser]$ ls -lhF Browser/
total 95M
-rw------- 1 maxdsre root    440 Dec 31  1999 application.ini
drwx------ 6 maxdsre root    126 Dec 31  1999 browser/
-rw------- 1 maxdsre root      0 Dec 31  1999 chrome.manifest
drwx------ 3 maxdsre root     18 Dec 31  1999 defaults/
-rw------- 1 maxdsre root    144 Dec 31  1999 dependentlibs.list
drwxr-xr-x 2 maxdsre maxdsre    6 Apr 11 12:21 Desktop/
drwx------ 2 maxdsre root     40 Dec 31  1999 dictionaries/
-rwx------ 1 maxdsre root    284 Dec 31  1999 execdesktop*
-rwx------ 1 maxdsre root   147K Dec 31  1999 firefox*
drwx------ 2 maxdsre root   4.0K Dec 31  1999 fonts/
drwx------ 2 maxdsre root     25 Dec 31  1999 icons/
-rw------- 1 maxdsre root    11M Dec 31  1999 icudt58l.dat
-rwx------ 1 maxdsre root   507K Dec 31  1999 libfreeblpriv3.so*
-rwx------ 1 maxdsre root   121K Dec 31  1999 liblgpllibs.so*
-rwx------ 1 maxdsre root   1.6M Dec 31  1999 libmozavcodec.so*
-rwx------ 1 maxdsre root   207K Dec 31  1999 libmozavutil.so*
-rwx------ 1 maxdsre root   163K Dec 31  1999 libmozsandbox.so*
-rwx------ 1 maxdsre root   674K Dec 31  1999 libmozsqlite3.so*
-rwx------ 1 maxdsre root   213K Dec 31  1999 libnspr4.so*
-rwx------ 1 maxdsre root   978K Dec 31  1999 libnss3.so*
-rwx------ 1 maxdsre root   625K Dec 31  1999 libnssckbi.so*
-rwx------ 1 maxdsre root   119K Dec 31  1999 libnssdbm3.so*
-rwx------ 1 maxdsre root   167K Dec 31  1999 libnssutil3.so*
-rwx------ 1 maxdsre root    19K Dec 31  1999 libplc4.so*
-rwx------ 1 maxdsre root    15K Dec 31  1999 libplds4.so*
-rwx------ 1 maxdsre root   139K Dec 31  1999 libsmime3.so*
-rwx------ 1 maxdsre root   220K Dec 31  1999 libsoftokn3.so*
-rwx------ 1 maxdsre root   259K Dec 31  1999 libssl3.so*
-rwx------ 1 maxdsre root    73M Dec 31  1999 libxul.so*
-rw------- 1 maxdsre root   5.6M Dec 31  1999 omni.ja
-rw------- 1 maxdsre root     48 Dec 31  1999 platform.ini
-rwx------ 1 maxdsre root   131K Dec 31  1999 plugin-container*
-rw------- 1 maxdsre root    99K Dec 31  1999 precomplete
-rw------- 1 maxdsre root    707 Dec 31  1999 removed-files
-rwx------ 1 maxdsre root   8.8K Dec 31  1999 run-mozilla.sh*
-rwx------ 1 maxdsre root    13K Dec 31  1999 start-tor-browser*
-rwx------ 1 maxdsre root   1.7K Dec 31  1999 start-tor-browser.desktop*
drwx------ 6 maxdsre root     59 Apr 11 12:22 TorBrowser/
-rwx------ 1 maxdsre root   126K Dec 31  1999 updater*
-rw------- 1 maxdsre root    689 Dec 31  1999 updater.ini
-rw------- 1 maxdsre root    138 Dec 31  1999 update-settings.ini

[[email protected] torBrowser]$

Create Desktop For GNOME

如果要在GNOME中爲Tor Browser創建快捷圖標,可通過在目錄/usr/share/applications/中創建.desktop文件實現。

start-tor-browser.desktop

查看啓動腳本start-tor-browser.desktop,內容如下

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env ./Browser/execdesktop
#
# This file is a self-modifying .desktop file that can be run from the shell.
# It preserves arguments and environment for the start-tor-browser script.
#
# Run './start-tor-browser.desktop --help' to display the full set of options.
#
# When invoked from the shell, this file must always be in a Tor Browser root
# directory. When run from the file manager or desktop GUI, it is relocatable.
#
# After first invocation, it will update itself with the absolute path to the
# current TBB location, to support relocation of this .desktop file for GUI
# invocation. You can also add Tor Browser to your desktop's application menu
# by running './start-tor-browser.desktop --register-app'
#
# If you use --register-app, and then relocate your TBB directory, Tor Browser
# will no longer launch from your desktop's app launcher/dock. However, if you
# re-run --register-app from inside that new directory, the script
# will correct the absolute paths and re-register itself.
#
# This file will also still function if the path changes when TBB is used as a
# portable app, so long as it is run directly from that new directory, either
# via the shell or via the file manager.

[Desktop Entry]
Type=Application
Name=Tor Browser
GenericName=Web Browser
Comment=Tor Browser is +1 for privacy and -1 for mass surveillance
Categories=Network;WebBrowser;Security;
Exec=sh -c '"/opt/torBrowser/Browser/start-tor-browser" --detach || ([ !  -x "/opt/torBrowser/Browser/start-tor-browser" ] && "$(dirname "$*")"/Browser/start-tor-browser --detach)' dummy %k
X-TorBrowser-ExecShell=./Browser/start-tor-browser --detach
Icon=/opt/torBrowser/Browser/browser/icons/mozicon128.png
StartupWMClass=Tor Browser

根據該文件中的內容創建定製化的.desktop文件

Custom Create torbrowser.desktop

Tor Browser的logo圖片可下如下路徑中找到

1
2
3
#cd /opt/torBrowser/
./Browser/browser/chrome/icons/default/
./Browser/browser/icons/mozicon128.png

須將logo圖片複製或創建符號鏈接至路徑/usr/share/pixmaps/

執行如下命令創建定製化的.desktop文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
[[ -f /usr/share/pixmaps/torbrowser.png ]] && sudo rm -f /usr/share/pixmaps/torbrowser.png
sudo cp -a /opt/torBrowser/Browser/browser/chrome/icons/default/default48.png /usr/share/pixmaps/torbrowser.png

sudo tee /usr/share/applications/torbrowser.desktop <<-'EOF'
[Desktop Entry]
Encoding=UTF-8
Name=Tor Browser
GenericName[en]=Web Browser
Comment=Tor Browser is +1 for privacy and -1 for mass surveillance
Type=Application
Categories=Network;WebBrowser;Security;
Exec=sh -c '/opt/torBrowser/Browser/start-tor-browser --detach' dummy %k
X-TorBrowser-ExecShell=/opt/torBrowser/Browser/start-tor-browser --detach
Icon=TorBrowser.png
Terminal=false
StartupWMClass=Tor Browser
MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;
EOF

Applications -> Internet 中即可看到Tor Browser的圖標,點擊該圖標可正常啓動Tor Browser。

連接到Tor Network需要一段時間,請耐心等待。

連接成功後,可通過如下地址檢測Tor瀏覽器是否正常工作

1
https://check.torproject.org/

Setting Custom Bridge

Tor Bridges Configuration 設置過程中,可配置custom bridges。具體解釋說明見官方文檔 Tor: Bridges

custom bridges可通過如下鏈接獲取

1
2
3
https://bridges.torproject.org

https://bridges.torproject.org/options

也可通過給[email protected]發送題爲 get bridges 的郵件獲取,但只支持Gmail,Riseup,Yahoo。

You can also get bridges by sending mail to [email protected] with the line “get bridges” by itself in the body of the mail. You’ll need to send this request from a Gmail, Riseup!, or Yahoo! account, though — we only accept these providers because otherwise we make it too easy for an attacker to make a lot of email addresses and learn about all the bridges. – https://www.torproject.org/docs/bridges.html.en#FindingMore

獲取到的custom bridges格式如下

1
2
3
4
5
6
7
8
9
#type 1
23.229.18.162:8584 107316EC0170228DADE8F5FD521B4987FB0C93A8
13.54.46.194:8443 A9B168022DDF6B0AA7D728CD233C6E42617A58C0
91.219.68.181:443 53935564E40B358BADDF9169ABBDEDB237C7EA59

#type2
obfs4 89.177.136.11:45423 9CD55E88DA7B9D861EEFB6156D74E369BF964C70 cert=LjPVCVAsil6PFjaa8/VbfcMQ90I33NN5H1KIgVgSbdp1zICsX6LG8PTD9Q+21/yIYYq8Qg iat-mode=0
obfs4 37.218.246.32:33081 B9B43048D75BF880DCC25606B0E10CFCDEDCB161 cert=ZnlWh5pqbNzc4HOON0rDQ+t+6a42FustCCJx45iKRLTLl/JKytbyK4ccQItjoZ86yV2MMA iat-mode=0
obfs4 185.101.218.42:41758 E3BBFDD00B287113C7A1EB2A2C2EC1D9D6A80218 cert=ePT0ASv45frcpQ9pSzQ3Ae/wNMufga/x5jGdqdZpLGLbHdYKm3s5QQGhPkQKivRwz/Csfg iat-mode=0

在如下文本框中填寫即可

Snapshots About Anonymous Connection

此處使用本地代理連接成功,以下是操作過程截圖

Network Setting

Tor Bridge Connection

Local Proxy Connection

Connecting To The Tor Network

Welcome Page

IP Status

References

Bibliography

Change Logs

  • 2016.12.22 17:24 Thu Asia/Shanghai
    • 初稿完成
  • 2017.02.03 15:02 Fri America/Boston
    • 添加custom bridges配置
  • 2018.04.11 11:55 Wed America/Boston
    • 勘誤,遷移到新Blog