negards/tatoo
negards
/
tatoo
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Tails tools
6 Commits 1 Branch 0 Tags 54 KiB
Shell 96.1%
Python 3.9%
Go to file
Christopher R. Bastian f8f1318c70
add tbselenium 		2022-08-22 08:55:44 +00:00
tests add ecryptfs_storage.sh and tests 2022-08-18 18:12:41 +00:00
.gitignore add hidden_service.sh and its tests 2022-08-18 16:35:02 +00:00
LICENSE Initial commit 2022-08-18 16:01:42 +02:00
README.md add tbselenium 2022-08-22 08:55:44 +00:00
configure_tbselenium.sh add tbselenium 2022-08-22 07:39:42 +00:00
ecryptfs_storage.sh add ecryptfs_storage.sh and tests 2022-08-18 18:12:41 +00:00
hidden_service.sh add hidden_service.sh and its tests 2022-08-18 16:35:02 +00:00
tails_tbselenium.py add tbselenium 2022-08-22 08:55:44 +00:00

README.md

tatoo

Tails tools: hidden services, bridge checking, etc.

Hidden Service

Tails Hidden Service configuration.

  • It is not exposing itself listening to localhost. I like UNIX Sockets. That's why lighttpd.
  • lighttpd is chrooted. I'm not sure I did it properly, though.
  • It stores secret key encrypted. Also, it can use previously saved and encrypted secret key (e.g., generated via mkp224o).
  • GnuPG encryption for secret key and pages.
  • Strict permissions to prevent exposure.

Usage

Create and store service secret key:

sudo bash hidden_service.sh ${ServiceName} ${ServiceTag} ${EncryptedServicePagesTAR} ${EncryptedServiceSecretKey} store

Use previously created secret key:

sudo bash hidden_service.sh ${ServiceName} ${ServiceTag} ${EncryptedServicePagesTAR} ${EncryptedServiceSecretKey} get

eCryptFS

Tails eCryptFS configuration.

Why eCryptFS?

It is good for encrypted git repos. Other instruments (e.g., git-crypt) change encrypted files after every commit even if they were not actually changed.

Usage

All encryption parameters are stored GPG encrypted. Signature should be created before storage configuration:

ecryptfs-add-passphrase

>> Passphrase: qwerty
>> Inserted auth tok with sig [a0bff6831f049d9c] into the user session keyring

Create and encrypt via GPG key file:

Passphrase="qwerty"
Signature="a0bff6831f049d9c"
KeyBytes=32
Cipher="aes"

Mount storage:

sudo bash ecryptfs_storage.sh mount ${Directory} ${KeyFile}

Unmount after you finished your business:

sudo bash ecryptfs_storage.sh umount ${Directory}

tbselenium

tbselenium marionette configuration.

tbselenium is a Python package to handle Tor Browser via script.

  • It downloads geckodriver and checks its signature.
  • It uses internal Tor Browser of Tails and its default profile.
  • I fixed tbselenium for now: geckodriver port is not random, so you don't have to open a new port after every start.

Usage

bash configure_tbselenium.sh
source /home/amnesia/miniconda3/bin/activate
python3

>> from tails_tbselenium import *
>> engine = StartEngine()
>> do_stuff()