
Show HN: Darknet.py – A TOR Transparent Proxy Written in Python - multiversecoder
https://github.com/multiversecoder/darknet.py
======
mike-cardwell
What additional functionality does this provide over just using Tor's built in
transparent proxy functionality, which you can use by just turning on the
DNSPort and TransPort options in Tor and redirecting traffic using iptables,
skipping any need for socks.

Also, the Tor project highly discourages this kind of use of its network as
per the disclaimer at the top of
[https://trac.torproject.org/projects/tor/wiki/doc/Transparen...](https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy)
\- Is it worth adding a similar disclaimer to this project?

~~~
multiversecoder
darknet.py provides ease of use and security that in some cases is not easy to
recreate by simply using torrc.

Features:

\- Compatible with any SystemD based Linux

\- Makes TOR work with SELinux on RHEL distro

\- Secures Linux Kernel preventing IPv4 Forwarding, etc...

\- Makes DNS leaks almost impossible

\- Redirects all traffic thought TOR

\- Works Out of the Box

\- MAC Address Spoofing

This software was created to have a Transparent Proxy based on TOR as an
alternative to VPN and easy to use in any Linux distribution mainly,
especially those based on RHEL or with SELINUX.

Another reason for its creation is that it can be easily combined with i2p
increasing the anonymity of the latter network.

As for the article, I know it, in fact, I relied on it for the creation of
darknet.py, and the text clearly states that it is not a discouraged only
method but rather a method to be reproduced only if you have knowledge and
ability to limit the Packet Forwarding of the Linux Kernel, Dropping packages
that could create a leaky situation and other practices that could compromise
anonymity.

Currently, there are few cases where it is possible to have a DNSLeak with
darknet.py and obliviously, it's up to the end user to take the right
precautions for their need for anonymity.

darknet.py is an experimental yet stable software that will surely be subject
to improvements over time, one on all the different rules of IPTables that are
currently good but not excellent.

For any improvement I am at your disposal.

------
multiversecoder
22/02/2020 Update: \- I have fixed some typos. \- I have fixed some
compatibility issues in RHEL distributions using SELinux. \- Improved the
exclusion of addresses that should not be routed via TOR. \- DNS port 53 to
5353 \- Started a parallel project to support other Unix like distributions
like BSD.

