Whonix - anonymous OS for carding! Installation and configuration.

[Carder]

Before reading the article, please be patient, as the article itself is very voluminous and it will take quite a bit of time to set up.

So let's get started! What is Whonix? First, it is a Debian-based distribution, which consists of 2 parts. The first is the Whonix Gateway, which runs through TOR and forwards absolutely all local traffic. The second part is a completely isolated image that is configured in such a way that it only works through the Whonix Gateway.

Thus, Whonix Workstation does not have access to our main hardware and does not know the original IP address of the connection, which allows us to remain anonymous and not burn the IP address even if this very workstation is hacked.

Among the features of this distribution, the ability of each application to work on Whonix Workstation through the new TOR chain stands out, which perfectly mixes all traffic and makes us more invisible on the network.

Whonix is also most often compared to Tails, since both of these distributions were originally created for the anonymity of their users.

If you do not delve into the technical features of each of the distributions, then for a typical user, the fundamental difference between them will be that Tails is intended for use from USB-FLash drives (it is not recommended to put it on a virtual machine), and Whonix in most cases is put on a virtual machine. Also, the key difference is that Tails is "Amnesty", that is, it forgets absolutely everything after a reboot, while Whonix is not. Whonix, in turn, is more flexible in the settings of various "Chains" in particular, here you can find VPN - > Tor, VPN - > > Tor - > > VPN, VPN-Tor - > > > Proxy/SSH, and you can come up with a lot more. In Tails, this can't be done. In Tails, all traffic goes directly through the tor. In other words, you won't be able to put a VPN in front of the tor, only after.

How to install Whonix

1) the best way for us is to install Whonix on a virtual machine. This article will discuss exactly this method. This is the easiest and most convenient way for a carder to install Whonix. Our virtualization program will be VirtualBox. Almost any operating system can be used as a Host OS.

2) Qubes-Whonix. This is the second, also quite common way to send traffic through Whonix. The so-called Qubes OS is used as the host operating system, and Whonix-Gateway is installed as a virtual machine through the built-in virtualization tools in Qubes OS.

3) KVM Virtualization. The third method is to install Whonix. The qemu-kvm virtualizer or similar is used.

4) is it Possible to physically separate virtual machines, Whonix Gateway and Whonix Workstation

Installing Whonix

First you need to download Virtualbox. How to install this software, you can read in our article "Virtualbox-configuration and Use". Then download Whonix Gateway and Whonix Workstation from the official website.

Open virtualbox, click File - > Import Appliance. Select the downloaded Whonix Gateway image, click "Next". A window will appear with the settings, we leave everything by default, except for the RAM column, this column can be changed if desired. Click "Import" and wait.

We perform the same operation for Whonix Workstation. It is advisable to allocate at least 1024 MB of RAM for this image, since this is our working environment and all applications run on it.

After we have created two virtual machines and they are successfully displayed in Virtualbox - we start configuring them.

Press the left mouse button on the Whonix Gateway -> Settings -> System. On this page, we need to change the startup parameters. In the first place, we should have "Hard Disk", in the second "Optical". Then uncheck "Floppy" and "Optical" and leave it only opposite "Hard Disk". Now open the "Storage" tab, there on the Controller we put a tick "Use Host I/O Cache". We do exactly the same operation with the second virtual machine.

First launch of Whonix

Mandatory launch procedure: first Whonix Gateway, then Whoenix Workstation, and nothing else. Because if you run a Working environment in front of the gateway, then all our traffic will go from the main machine and this will lead to a leak of our IP (even if the VPN IP), as well as to a leak of our hardware indicators in case of hacking Whonix Workstation.

When you first launch Whonix Gateway, the agreement window will appear in front of you. After reading it, click "Understand" twice. It should be marked "Iam Ready to Enable Tor", wait for "Next" several times, then "Yes. Automatically install updates from the Whonix team", click "Next", select "Whonix Stable Repository" and then to the end (the same Windows will be when you start Whonix Workstation), so we do the same actions for the second image. After that, the so-called whonix check should automatically start on both virtual machines.

Whonixcheck-checks the system for connection to repositories and the TOR network. If there are any problems, we will see an inscription "Warning" indicating the problem of updating the system or connecting to the TOR.

Now open the gateway console and enter the following OS update code:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

You will need to enter your password.

Standard username-user
Password from user-changeme
Root password-changeme
After entering the password, we expect a full system update. If an update error occurs, enter this command again.

If the update was successful, launch whonixcheck from the desktop shortcut or use the "whonixcheck" command in the console. If it says "success" everywhere, then our system is ready to work. If there is a "Warning", then we update the system again.

Now on the Workstation, we need to download/update the tor Browser. Launch Tor Browser Downloader from the shortcut on the slave. the table or enter the update-torbrowser in the terminal. The process will start and you will be asked to select the tor version of the Browser to download. After downloading-install TOR Browser by clicking on the ' Yes ' button or write "y" in the terminal and press enter.

To change the password, enter the following code in the console:

sudo -i

Enter a standard password. Now we are working as root and can change the password:

passwd root

Enter our password for "ROOT" twice. Now we also change it for "USER".

passwd user

Enter our password twice. Now the user password has changed.

We perform this operation on both virtual machines and do not forget that our passwords are different for our own security.

Now we update the Locales with the following code:

sudo dpkg-reconfigure locales

A graphical window appears in the console. Navigate up and down using the arrow keys on the keyboard. Looking for it . Mark by pressing the space bar. By pressing Tab, we switch to. Now select the default language in the system. We can keep English (which I recommend to you) or change it to Russian.

Install the software packages with the following command:

sudo apt-get install htop git openvpn openssl nmap psi-plus etherape openssh-client

htop-Console task manager

git - Git

nmap port Scanner

psi-plus-Jabber client. You can use pidgin instead

etherape - software for graphical monitoring of network traffic

openssh-client — SSH Client

We also recommend installing this group of packages for optimal performance

sudo apt-get install build-essential pkg-config make automake autoconf

Configuring the Work Station for your work

The first thing we need is RDP connection software. We will use rdesktop. Enter two commands in the console.

sudo apt update

Then install the software itself

sudo apt install rdesktop

To connect to a remote computer, use the command

rdesktop-z-P -GW-u USERNAME -p PASSWORD SERVER_IP

-z Enables stream compression
-P Caching
-g Sets the window geometry
- u user Name on the server
- p Password on the server.

The implementation of chains of anonymity

There are many chains for maintaining anonymity, but let's first start with the most convenient and practical one for us.

First of all, we need to be aware of the concept of our profession and therefore we need to think through a secure chain of our traffic in order to protect ourselves.

It looks something like this: we install a vpn on the main machine and already connect to the Whonix Gateway, that is, our gateway to TOR is not from a personal IP address, but from the server address of our VPN, which allows us to hide the connection to the onion network from the provider. Then we connect from Whonix Workstation to the remote computer. If this is a rented RDP on which we have Antidetect, whether it is a sphere or any other, then we change our ipishnik for any reason by connecting via an ssh tunnel or socks4, socks5 proxy. That is, the entire chain briefly looks like this:

Our IP VPN is TOR-RDP-SOCKS5 / SSH. This chain is more than reliable for driving in gifts or clothing items. Since do not forget that we hide our main hardware by connecting to RDP not directly but through an isolated Whonix image.

At the same time, if you think that this is not enough, then you can also connect to the VPN on the Work Station. To do this, we need to download the ".ovpn" configuration file from our VPN provider. Tor cannot work over UDP, so the VPN provider must provide us with a configuration file that works with the VPN server over TCP. The config file should contain the line "proto tcp " instead of"proto udp". Connecting to the VPN

sudo openvpn --config <path_k_. ovpn><path_k_. ovpn>

Don't forget to change the file path

In this way, we will connect to the VPN server and when working with Firefox, we will have a clean IP address without the "TOR"tag. Now almost all our app traffic goes through VPN - > Tor - > > VPN - > > > Internet. Why "almost all apps"? Because Whonix is designed in such a way that some applications will bypass this VPN on the Work Station and connect directly to Tor. At the same time, access to the TOR network will still be via our VPN on the main machine.

Tips for working with Whonix

• To surf the Internet, it is recommended to use the already installed Tor Browser and not download it from external repositories.
• Don't delete apps that you didn't install yourself - this may cause errors in the system.
• Be careful when performing apt-get autoremove, sometimes for unknown reasons, important Whonix packages or configs that are needed for normal operation are deleted.
• It is not advisable to change repositories from Stable to Testing for system updates. You will have to do apt-get dist-upgrade, which can lead to a system crash.
• If you need to install a package that is not in the Stable repositories, then we search on the official program site, download and build it manually, or we search for the ".deb" package on the Debian site, download and install it via dpkg-i.

 

[BadB]

Complete online anonymity with Whonix
When we talk about complete anonymity on the web, we most often mean projects such as Tor, I2P, Tor Browser, DNSCrypt and Live CD TAILS, which includes all of the above. However, there is a less well-known, but very interesting Whonix, which uses virtualization as a means of isolating the workstation from the global network and is able to protect your anonymity even after hacking.

What is complete anonymity on the web?
To ensure the anonymity of your stay on the Network, it is not enough to install Tor and wrap all outgoing traffic in it. You need to take care of such things as DNS leaks, detecting your geographical location based on time zone settings, user name leaks (via SSH, for example), IP address leaks inherent in some network protocols, and overcome the problem of identifying a machine at Tor exit nodes by comparing traffic types.
You can do all this yourself, but it is better to take a proven ready-made solution, namely the TAILS distribution. It includes many pre-configured applications, a properly configured Tor and firewall, so in general it is a fairly reliable system in terms of maintaining anonymity and privacy, which Edward Snowden himself did not disdain to use.

However, TAILS has two major limitations. First, it is a Live CD, initially positioned as "one-time": TAILS does not know how to remember its state between shutdowns and does not leave any traces on the machine. As a tool for leaking secret NSA documents several times in a lifetime, it is an excellent tool, as a daily used system-terrible. Secondly, by running TAILS on bare metal, the user automatically opens a serious hole in their anonymity. After all, the PC configuration also allows you to identify a person.

Plus, TAILS is not protected from system compromise in any way. Anyone who has hacked your machine will immediately deanonymize both your IP address and yourself. To avoid this, it is planned to place key system services in sandboxes but only in version 3.0, which is unclear when it will be released, and this will not provide one hundred percent protection.

To solve all these problems, the Whonix Linux distribution is designed, which pursues the same goals, but achieves them in a slightly different way.

Virtualization to protect anonymity.
TAILS is distributed in the form of an unmodified Live CD not only to protect against Trojans and possible leaks of confidential data when obtaining physical access to the machine, but also for banal "fool protection". Developers can't be sure that the user will correctly configure every application they install and won't trigger a data leak or reveal their IP address. And if the system cannot be changed, then the problem disappears by itself.
Whonix, on the other hand, was originally developed with an eye to the possibility of modifying the system and "customizing for yourself", so in addition to the methods used in TAILS to protect against leaks and fingerprinting, it implements a rather interesting architecture using virtualization. Whonix is distributed in two VirtualBox images: one acts as a gateway to the global network via Tor, and the second is a working machine with a browser, chat, email clients, and other software, including what can be installed from repositories. Both images are based on Debian.

The only way to go to the outside world the world for a working machine is a gateway, the only way for traffic to get to the outside world the world from the gateway and back-via the Tor network. It doesn't matter how leaky the software is if you install it on a working machine, it still won't give you away. The app will not be able to access the Internet bypassing Tor. The IP address will only be local, the user name will simply be user (the developers do not recommend changing it), and the hardware information will be the standard VirtualBox configuration.
The most interesting feature of the system is that it does not require you to use a working Whonix machine at all. The main component here is a gateway to which you can pick up any other OS running in a virtual machine, whether it's Ubuntu, Windows, or OS X, and get almost the same level of protection from tracking (see the official docs. "Almost the same" because, in addition to the graphical environment and a set of applications, the Whonix working machine includes a set of tools and settings that allow you to protect yourself from tracking by comparing traffic types at the output nodes of Tor (Tor identity correlation through circuit sharing) and define the settings of your hours and uptime'and via NTP and time stamp the TCP/ICMP (all this is described in detail on

The first problem here is solved by isolating the streams (stream isolation), all supplied with a working machine ACCORDING to a pre-configured to use different ports (Tor SocksPort) and uwt wrapperthat redirects traffic to different Tor ports if the application itself does not provide such feature (used to apt-get, cURL, Git, and other tools console). Therefore, the traffic of all applications goes through different chains of Tor nodes to different output nodes. The second problem is solved using sdwdate, which synchronizes the clock not via NTP, but by accessing randomly selected servers.

Whonix supports all types of Tor traffic tunneling via VPN/ SSH (or vice versa). This feature can be very useful if your ISP blocks Tor (in this case, the VPN client is installed on the gateway and Tor uses it to communicate with other nodes), or to hide traffic after it has left the Tor exit node (the VPN client is installed on the working machine, so Tor routes already encrypted traffic).

Testing Whonix for complete online anonymity issues
So, Whonix is two pre-configured images for VirtualBox or Linux KVM. Therefore, the system can be run on any operating system that has an official version of VirtualBox, which is Linux, Windows, OS X, and Solaris. All you need to do is download both images (a total of 3.5 GB) and then import them to VirtualBox using the File Import Appliance menu.

Next, launch Whonix-Gateway and wait for it to load. After the desktop appears (yes, the gateway has a graphical interface, so even the smallest ones will understand), the system will offer to accept the disclaimer, launch Tor and update packages, then the whonixcheck utility will start, which will check the connection to Tor and the correctness of the system settings, and at the same time the sdwdate time synchronization service will work with it.

I will immediately say about two non-obvious points. The Whonix gateway and workstation never connect directly to the Internet and use Tor even to update packages from network repositories. So immediately get ready for a rather significant drop in speed (I got an incredibly slow 500 Kb / s by today's standards).

The second point is that the gateway does not have to be launched with a graphical interface, which will waste RAM. Moreover, there is a mechanism that automatically loads the gateway in text mode, if you select 192 MB in the virtual machine settings. To do this, just right-click on Whonix-Gateway, select Settings, and on the System tab, slide the slider to 192.

After the gateway is loaded, you can start the desktop. The sequence of actions here is almost the same: we start the virtual machine, agree with the disclaimer, agree to update packages, wait for the end of checking the connection to Tor and time synchronization. Then you can start working. True, there are a lot of pre-installed applications here. Of the daily necessities, only Tor Browser, XChat IRC client and KGpg are needed. Moreover, the first one is not even installed; after clicking on the icon, the installer starts, which offers to download the browser via Tor.

You can install the rest of the necessary software from the repositories using the standard "sudo apt-get install application" command. In response to the password request, enter changeme and, of course, change the password using the passwd command.

STREAM ISOLATION
When installing third-party software in Whonix, you will immediately encounter a problem called identity correlation through Tor circuit sharing. I will not dare to translate this term, I will just say that by default, the left software uses the system settings of the SOCKS proxy, and this is a single standard Tor (TransPort) port. The problem with this setup is that by simply comparing traffic types and their temporal relationship (for example, you can use Telegram simultaneously with WhatsApp), the output node can establish a connection between different app usage sessions and identify you (but not your IP or geographical location).

To combat this type of attack, Tor has a mechanism called stream isolation, which allows you to separate the traffic of different applications by directing it to different Tor node chains. Using it is quite simple - you just need to create several additional SOCKS ports in the Tor settings and configure the applications themselves so that they use different ports. Whonix already has these settings: pre-installed software uses ports 9100-9149. It also has a set of free ports for third-party software:

• 9153-9159 - available;
* 9160-9169 - free with the IsolateDestAddress option;
* 9170-7179 - free with the IsolateDestPort option;
* 9180-9189 - with both options.

All that remains is to configure the software to use the address 10.152.152.10 and any of these ports as the address of the SOCKS server. Moreover, I would not recommend using ports with the IsolateDestPort and/or IsolateDestAddr options. They even separate the traffic of the same application based on the remote port address or address. In most cases, this is redundant and very expensive (imagine if a torrent client or web browser uses different Tor node chains for all connections).

CONCLUSIONS
Whonix, for all its oddities and ambiguities, is definitely worth the attention of anyone who wants to ensure complete anonymity on the Web. By default, this is just a system for running Tor Browser, but if you have hands and free time from Whonix, you can make a full-fledged working system, and the need to run the system in a virtual machine does not prevent this at all. And of course, it is worth remembering that there is no absolute anonymity in the network. If necessary, they'll find you. Watch yourself, be careful.