{"id":13587392,"url":"https://github.com/orjail/orjail","last_synced_at":"2025-04-07T21:33:49.068Z","repository":{"id":21468129,"uuid":"92339127","full_name":"orjail/orjail","owner":"orjail","description":"a more secure way to force programs to exclusively use tor network","archived":false,"fork":false,"pushed_at":"2022-04-28T10:25:18.000Z","size":173,"stargazers_count":193,"open_issues_count":24,"forks_count":25,"subscribers_count":13,"default_branch":"master","last_synced_at":"2024-11-06T06:40:48.039Z","etag":null,"topics":["anonymity","anonymization","jail","namespace","network","network-namespace","tor","tor-network","torsocks"],"latest_commit_sha":null,"homepage":"https://orjail.github.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/orjail.png","metadata":{"files":{"readme":"README.md","changelog":"changelog.upstream","contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-05-24T21:41:58.000Z","updated_at":"2024-10-31T23:17:35.000Z","dependencies_parsed_at":"2022-07-22T19:03:17.389Z","dependency_job_id":null,"html_url":"https://github.com/orjail/orjail","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orjail%2Forjail","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orjail%2Forjail/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orjail%2Forjail/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/orjail%2Forjail/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/orjail","download_url":"https://codeload.github.com/orjail/orjail/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247732913,"owners_count":20986954,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymity","anonymization","jail","namespace","network","network-namespace","tor","tor-network","torsocks"],"created_at":"2024-08-01T15:06:11.361Z","updated_at":"2025-04-07T21:33:48.679Z","avatar_url":"https://github.com/orjail.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/orjail/orjail.svg?branch=master)](https://travis-ci.org/orjail/orjail)\n\n\u003e ### :warning: WARNING\n\u003e Security isn’t just about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.\n\n# orjail\n**orjail** is a tool that lets you create a jail around a program to force its network traffic through [Tor](https://www.torproject.org/). \nIt creates a hostile environment for anything trying to discover your real IP address.\n\n\n## Install\n##### From source\n```\ngit clone https://github.com/orjail/orjail.git\ncd orjail\nsudo make install\n```\n##### Debian / Ubuntu\nWe provide a `.deb` package you can download from\n[here](https://github.com/orjail/orjail/releases/latest) and install with a\nsimple:\n\n\n```\nsudo dpkg -i orjail*.deb\n```\n\n## Why?\nWe've tried to de-anonymize a program executed in a torsocks environment and that was not so difficult as torsocks uses LD_PRELOAD, so you only need to statically compile your stuff.\nAs [Whonix](https://www.whonix.org/) is sometimes too much, the idea is to experiment with [linux namespaces](http://man7.org/linux/man-pages/man7/namespaces.7.html) and learn by doing something useful (at least for us).\n\n## Requirements\n- Linux kernel supporting namespaces (you have it since 2008)\n- Tor installed\n- [firejail](https://firejail.wordpress.com/) (optional, but really suggested)\n\n## How it works\nIt creates a separated [network namespace](https://en.wikipedia.org/wiki/Linux_namespaces#Network_(net)) (using `ip netns`) with its own network\ninterface and a link to the host interface with some iptables rules (on host)\nthat forces traffic generated from inside orjail to only exit via Tor (including DNS).  \nInside **orjail** you'll be in another pid namespace (try `sudo orjail ps aux`) and another mount namespace (we use this to show a different /etc/resolv.conf).  \n\n**if you find a way to de-anonymize a program running inside orjail** (also a shell with root privileges) it would be nice to [share it with us](https://github.com/orjail/orjail/issues)\n\n\n## Additional info\n- orjail needs root permissions to run\n- orjail runs your command as your user\n- orjail will launch a Tor instance bound to orjail interface\n\n## Usage\n\u003e ```bash\n\u003e orjail [options] [command]\n\u003e ```\n\u003e **-u, --user** \\\u003cuser\u003e  \n\u003e Run command as \\\u003cuser\u003e (default **$USER**)\n\u003e\n\u003e **-f, --firejail**  \n\u003e Use [firejail](https://firejail.wordpress.com) as a security container\n\u003e\n\u003e **--firejail-args** \"\\\u003cargs\u003e\"  \n\u003e Set arguments to pass to firejail surrounded by quotes.  \n\u003e eg. \"--hostname=host --env=PS1=[orjail]\"\n\u003e\n\u003e\n\u003e **--host-torrc**  \n\u003e Include your torrc host\n\u003e\n\u003e **-t, --tor-exec** \\\u003ctorpath\u003e  \n\u003e Select a Tor executable to use. The path can be full, relative or be in $PATH (default **tor**)\n\u003e\n\u003e **-s, --shell**  \n\u003e Execute a shell (default **$SHELL**)\n\u003e\n\u003e\n\u003e **-k, --keep**  \n\u003e Don't delete namespace and don't kill tor after the execution.\n\u003e\n\u003e **-n, --name \u003cname\u003e**  \n\u003e Set a custom namespace name (default **orjail**)\n\n## Example\n\n##### An example to understand what are we talking about:\n```bash\n$ sudo orjail ifconfig\nout-orjail: flags=4163\u003cUP,BROADCAST,RUNNING,MULTICAST\u003e  mtu 1500\n        inet 10.200.1.2  netmask 255.255.255.0  broadcast 0.0.0.0\n        inet6 fe80::6439:afff:febc:c9b5  prefixlen 64  scopeid 0x20\u003clink\u003e\n        ether 66:39:af:bc:c9:b5  txqueuelen 1000  (Ethernet)\n        RX packets 6847  bytes 7488116 (7.1 MiB)\n        RX errors 0  dropped 0  overruns 0  frame 0\n        TX packets 6809  bytes 915088 (893.6 KiB)\n        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0\n```\n\n#### Get homepage content with curl via Tor\n`sudo orjail curl autistici.org \u003e autistici.org `\n\n#### Same as before with another user\n`sudo orjail -u another_user curl autistici.org`\n\n#### \"Resolve\" an onion address (not so useful, just to show that .onion resolving works)\n`sudo orjail dig wi7qkxyrdpu5cmvr.onion`\n\n#### Run a hidden service inside orjail (you'll find your address inside `examples/hostname`)\n`sudo orjail -v -H 8080 -d examples  \"python -m SimpleHTTPServer 8080\" `\n\n#### Get an onion webserver content via Tor:\n`sudo orjail curl wi7qkxyrdpu5cmvr.onion`\n\n#### Open a firefox that could reach internet via Tor only:\n`sudo orjail firefox -P /tmp/tmpprofile`\n\n\u003e ### :warning:\n\u003e firefox has a flag that blocks .onion resolution by default, change it in **about:config**/**network.dns.blockDotOnion**.  \n\u003e\n\u003e **running a browser inside orjail is not safe, please use [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en) instead**\n\n#### Get an anonymous shell\n`sudo orjail -s`\n\n#### Run pidgin in verbose mode\n`sudo orjail -v pidgin`\n\n#### Keep the namespace after exit so we can start another program in same ns \n`sudo orjail -k ls`\n\n#### Use `firejail` as a security sandbox to join orjail network namespace\n`sudo orjail -f thunderbird`\n\n## Known issues\n- dbus\n- X\n\n\n---\nMade with  :heart: by [_to hacklab](https://autistici.org/underscore)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forjail%2Forjail","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Forjail%2Forjail","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Forjail%2Forjail/lists"}