How to use Wget with Tor Bundle in Linux

Question

I'm a Linux Mint (Lisa) and Tor Bundle user trying to use wget over Tor. After following the directions I found here, all I get when running wget is an output file saying, "514 Authentication required."

Here's what I did: I downloaded the latest version of Tor Bundle (Version 2.2.35-9) for Linux and extracted it. I ran ./start-tor-browser. Then in Vidalia I went into Setting -> Advanced, and uncheck "Configure ControlPort automatically." (Later I also tried changing "Authentication" to "None" but this still didn't work.) The IP address is set to localhost and the port is 9051.

From the terminal I said:

export http_proxy="http://127.0.0.1:9051"
wget -proxy=on www.whatismyip.com

This gave me an output file saying, "514 Authentication required" instead of www.whatismyip.com. Any ideas?

Answer 1

on Ubuntu or Debain, install package "torsocks"

sudo apt-get install torsocks

on Mac OS X install via homebrew

brew install torsocks

After that, use wget like this:

torsocks wget http://foo.onion/data.bar

Answer 2

Use Torify, which is a simple wrapper for torsocks and Tor, for example:

$ torify curl ifconfig.me
$ torify wget -qO- -U curl ifconfig.me

Before using, make sure your Tor server is up and running.

See also: How to anonymize the programs from the terminal? at Tor SE

Answer 3

Tor standalone only includes a SOCKS proxy for connecting to the Tor network, and the Tor browser bundle doesn't add any additional proxies.

The usual method of dealing with programs that require an HTTP proxy is to install one of your own, such as Privoxy or Polipo, then chain that proxy to Tor. For instance, in Privoxy's configuration, you would specify:

forward-socks5  /  127.0.0.1:9050 .

Privoxy then listens on port 8118 and you configure your HTTP proxy setting to http://localhost:8118.

Unfortunately it appears that Linux Mint doesn't carry either of these packages in its repositories. You might consider switching distributions, or compiling one yourself.

Answer 4

torify seemed to work for me:

 torify wget https://www.some_url.com

Here's the access.log entry from my webserver:

207.244.70.35 - - [13/Sep/2018:03:57:25 +0000] "GET / HTTP/1.1" 200 8446 "-" "Wget/1.17.1 (linux-gnu)" "207.244.70.35" response-time=0.02

207.244.70.35 is not my real IP and therefore this command works

Here is a python script that does the same thing that I found here

#! /usr/bin/python3
import subprocess
from subprocess import Popen, PIPE
import sys
import os


# use torify to make a wget 
class Wgettor():
    def __init__(self, url):
        if not self.__is_activated():
            print("Ensure Tor service is running")
            sys.exit()
        else:
            self.url = url
            self.wget()

    # ensure Tor service is running
    def __is_activated(self):
        service_cmd = "service --status-all | grep tor"
        p = subprocess.Popen(service_cmd,
                             shell=True,
                             stdout=PIPE).communicate()[0]
        return "+" in str(p)

    def wget(self):
        prox = [
            "torify", "wget", self.url
        ]
        os.system(" ".join(prox))


if __name__ == "__main__":
    Wgettor("https://www.some_url_here.com")

Answer 5

This is a summary of the excellent answer for the post
How can Wget be configured to work with Torify securely?

Here's how Tails does it:

#!/bin/sh
unset http_proxy
unset HTTP_PROXY
unset https_proxy
unset HTTPS_PROXY

exec torsocks /usr/lib/wget/wget --passive-ftp "$@"

This script is set as the default wget (through dpkg-divert, so that non-torified wget would be hard to accidentally run) and will wrap any call to wget.

The call to wget may need to be modified to the local operating system, for example /usr/bin/wget for Ubuntu.

Remarks:

1. Unsetting the http{,s}_proxy environment variables stops wget from using a proxy outside of Tor and to avoid using localhost resources that may cause torsocks failure.

2. Torsocks is a robust method for wrapping applications that don't natively support SOCKS5.

3. --passive-ftp on the command line (or passive_ftp = on in wgetrc) stops the use of "Active" FTP which might leak some local information to the remote party.

Regarding security, the User-Agent sent by wget will often provide some information that may allow to identify the versions of wget and the operating system. It may be faked with attention (since the server might behave differently for different clients).

Answer 6

proxychains also does the job, with the following configuration

socks5 127.0.0.1 9150

$proxychains curl ifconfig.me ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| ifconfig.me |S-chain|-<>-127.0.0.1:9150-<><>-4.2.2.2:53-<><>-OK |DNS-response| ifconfig.me is 219.94.235.40 |S-chain|-<>-127.0.0.1:9150-<><>-219.94.235.40:80-<><>-OK 178.63.97.34

Answer 7

Maybe www.whatismyip.com is checking X-Forwarded-For header and trigger an error.

I recommend you to test another one (this is my own, so I know there's no detections of any kind, just your public address) : http://sputnick-area.net/ip

Edit: I think you should remove -proxy switch while it's not in man wget. IIRC, wget can detect the proxy itself. :

wget -q -O - www.whatismyip.com