sniff-and-cry

Tor container playground

Find a file

wxifze 663f7f3f48 changed payload user from root to guest		2025-10-31 19:39:53 +03:00
captures	tor runs, sniffer sniffs	2025-09-20 13:56:28 +03:00
payload	changed payload user from root to guest	2025-10-31 19:39:53 +03:00
sniffer	added paylod container	2025-10-27 18:51:21 +03:00
tor-proxy	added hidden service	2025-10-31 19:30:30 +03:00
compose.yaml	added hidden service	2025-10-31 19:30:30 +03:00
README.md	added hidden service to readme	2025-10-31 19:32:46 +03:00

README.md

About

Multi-container application template with Tor.

It can be useful to:

analyze Tor censorship
run sensitive traffic over Tor isolated from the host network
debug C Tor configurations

Architecture

architecture-beta
    group app(cloud)[Playground]

    service isolated(internet)[Isolated] in app
    service exposed(internet)[Exposed] in app

    service tor-proxy(server)[Tor Proxy] in app
    service sniffer(server)[Sniffer] in app
    service payload(server)[Payload] in app
    service hidden-service(server)[Hidden Service] in app

    group host(server)[Host]

    service internet(internet)[Internet] in host
    service captures(disk)[Captures] in host

    isolated:T -- B:tor-proxy
    exposed:R -- L:internet
    exposed:B -- T:tor-proxy
    tor-proxy:R -- L:sniffer
    sniffer:R -- L:captures
    hidden-service:R -- L:isolated
    payload:L-- R:isolated

Containers

`tor-proxy`

C Tor runs as a proxy.

It exposes:

DNS resolver at tor-proxy:53
SOCKS5 proxy at tor-proxy:9050
HTTP CONNECT proxy at tor-proxy:9051

`sniffer`

tcpdump captures all traffic within tor-proxy container. The captures get stored in captures directory.

`hidden-service`

nginx runs with the default configuration. It is isolated from the host and can only access isolated network with tor-proxy in it.

`payload`

This container contains an arbitrary payload utilizing internet access over Tor network. It is isolated from the host and can only access isolated network with tor-proxy in it.