PHP: Tor check not working

567 views Asked by At

I've installed a Tor relay and Nginx and created my .onion on my Linux server.

In torrc HiddenServicePort 80 127.0.0.1:8747

In nginx's default: listen 8747

I've modified TorDNSExitList's PHP Pear Net_DNS to use Net_DNS2. When I echo out the $ip, $myip, $myport I get:

ip = 127.0.0.1
my ip = 127.0.0.1
port = 8747

Thus it is picking the IP address as the local machine and not the Tor exit node's IP address. Is there another why to test if the page is access via the Tor network?

(I've also tried this suggestion)

1

There are 1 answers

0
TungstenX On BEST ANSWER

The solution is to check for 127.0.0.1 IP address, seeing that torrc points to 127.0.0.1. This works when accessing the website via the .onion path. But the full check still needs to be done as the website can be access via the full URL, e.g. http:// [IP Address]:[Port] - using a "normal" or Tor browser. My changes to the function below:

<?php include("Net/DNS2.php");
// torel_check ($ip, $port, $destip) queries the Tor DNS Exit List server.
//   The result of the query is one of the following:
//   -1 : DNS lookup failed to get a response, or other error occurred.
//    0 : $ip does not appear to be a Tor exit.
//    1 : $ip is a known Tor exit for the provided destination IP / port.
function revaddr ($ip) {
    list($a, $b, $c, $d) = split("[.]", $ip);
    return("${d}.${c}.${b}.${a}");
}

function torel_qh ($ip, $port, $destip) {
    $rsrcip = revaddr ($ip);
    $rdstip = revaddr ($destip);
    return("${rsrcip}.${port}.${rdstip}.ip-port.exitlist.torproject.org");
}

function torel_check ($ip, $port, $destip) {
    try{
        if($ip == "127.0.0.1") {
            //TX: Access via .onion path
            // is Tor exit
            return (1);
        }
        //TX: Access web site directly
        $ndr = new Net_DNS2_Resolver();
        $qh = torel_qh($ip, $port, $destip);

       // uncomment these two lines to query the server directly...
       //$ns = "exitlist-ns.torproject.org";
       //$ndr->nameservers( array($ns) );

       // tune DNS params accordingly.  this is just my preference.
       $ndr->retrans = 2;
       $ndr->retry = 3;
       $ndr->usevc = 0;

       // perform DNS query
       // TX: Old Net_DNS check $ndr->search($qh)
       if (! $pkt = $ndr->query($qh)) {
           if (strcmp($ndr->errorstring, "NXDOMAIN") == 0) {
               // response but no answer.  does not appear to be Tor exit.
               return (0);
           }
           // search failed: no response or other problem...
           return(-1);
       }
       if (! isset($pkt->answer[0])) {
           // response but no answer section.  does not appear to be Tor exit.
           // (this should only happen when authority sections are provided without answer)
           return(0);
       }
       // is Tor exit
       return(1);
   } catch(Net_DNS2_Exception $e) {
       return (-1);
   }
}

// get client request parameters from Apache or equiv server:
$ip = $myip = $myport = 0;
if (isset ($_SERVER["REMOTE_ADDR"])) { $ip = $_SERVER["REMOTE_ADDR"]; }
if (isset ($_SERVER["SERVER_ADDR"])) { $myip = $_SERVER["SERVER_ADDR"]; }
if (isset ($_SERVER["SERVER_PORT"])) { $myport = $_SERVER["SERVER_PORT"]; }

$istor = torel_check($ip, $myport, $myip);

TX: is my comments