whonix downloaded file location Whonix. Whonix is a desktop operating system setup designed for advanced security and privacy. This page describes how an Arch user may use a Whonix Gateway to route all traffic through Tor and receive many other the security benefits from compartmentalization as described below. Contents. Background on Whonix and Tor. The Whonix setup works by compartmentalizing two separate operating systems running inside of two separate virtual machines for greater security, while simultaneously routing all traffic through Tor. This greater security model provides several benifits: Only connections through Tor are permitted. Servers can be run, and applications used, anonymously over the internet. DNS leaks are impossible. Malware with root privileges cannot discover the user's real IP address. Threats posed by misbehaving applications and user error are minimized. The Whonix wiki provides many specific examples of attacks and software flaws that would normally pose a security and/or privacy problem, but are thwarted by this compartmentalization model. It also describes where this model may still fail so it's an important page to understand. The first operating system is "The Workstation" and is the OS you perform your normal everyday tasks in. The second is "The Gateway" that forces all traffic from the Workstation through Tor while providing the additional security benefits listed above. The main Whonix team provides both a Gateway and Workstation running on top of , but Arch users may enjoy using Arch as their main Workstation OS. This page describes how that can to be done. Downloading and Installing Whonix Gateway. You will not use the Gateway for everyday tasks. It only serves to compartmentalize your Workstation activity from the internet while routing all traffic through Tor. Download and install the Whonix Gateway. Go to the Whonix VirtualBox page, download the "Whonix-Gateway" using one of the download options available, then verify download using one of the methods described on that page. Make sure you also have VirtualBox installed. Next, import the Whonix-Gateway inside VirtualBox by going to, File > Import Appliance > Whonix-Gateway-.ova , to select the Gateway file just downloaded, then agree to the conditions that describe system requirements and security considerations for using Whonix. It may be helpful to follow the instructions provided on the Whonix download page previously linked . There are also video tutorials available demonstrating this process. After the appliance has been installed, start the Gateway using the start icon. Update the Whonix Gateway. Before we start Arch, we need to agree to the terms and ensure our Whonix Gateway has all up-to-date security patches. As with importing the appliance above, the terms you must agree to state that you understand the security considerations for running Whonix. After booting up the Gateway agree to these terms, state that you intend on using the stable repository and check "I am ready to enable TOR". After this, open a terminal. It will present you with information how to login as either root or a normal user. Log in inside of this terminal as root and run: Then reboot your Whonix Gateway. After rebooting, open a terminal and this time log in as the normal user. Run the whonix check: You may also run nyx: To monitor traffic through the gateway. Installation of Arch as a Whonix Workstation. Starting Arch inside VirtualBox. After you have installed the Whonix-Gateway, and while the Gateway is running, install an instance of Arch inside a separate VirtualBox instance. This is installation process is done as normal, save a few important steps described below, and so one should follow the Installation guide. After creating the Arch instance, and before starting, three important settings need to be selected. First, the network has to point to the running Whoinx-Gateway. To do this, select Settings > Network > Attached to > Internal Network > Whonix to select networking through Whonix. Also it is best if PAE is enabled so select Settings > System > Processor > Extended Features > Enable PAE/NX . Lastly, select the Arch installation iso you downloaded as your boot storage by going to Settings > Storage > Empty > Optical Drive > Choose Virtual Optical Disk File > archlinux-.iso . After these three settings have been selected, start your Arch VirtualBox instance. Connecting to internet during Arch install. This article or section needs language, wiki syntax or style improvements. See Help:Style for reference. When connecting a non-preset Workstation to the internet through a Whonix Gateway a few settings must be set manually as described here [dead link 2021-05-17 ⓘ] . The address must be set to 10.152.152.50, the netmask to 255.255.192.0, the gateway to 10.152.152.10 and the nameserver to 10.152.152.10. First, find your interface by running: and look for your ethernet interface. Something like eth0 or enp0s3 is common. Next, deactivate the interface with: Where interface is replaced with the name of the interface found above. Next we must configure the static network connection to use the values shown above. Perhaps the easiest way is to copy the static example file: Then replace the contents of that file with: Where you should use replace enp0s3 with your interface found above. The /18 is CIDR notation for the above netmask. Then edit /etc/resolv.conf : Then edit /etc/environment to prevent potential tor over tor problems: Now enable the Whonix network connection: And bring your interface back up: Where once again interface should be replaced with your interface. Next, confirm that the address 10.152.152.50/18 now shows up under your interface using: If this is checks out, try pinging your favorite website such as: If this ping successfully shows bytes of data transferred than internet is working through Whonix. Running "nyx" inside the Gateway as described above will further confirm that the packets are being sent across the Gateway. Mapping files over to your arch-chroot installation environment. Once these files have been edited and your internet is working, proceed with the normal Arch installation process. Preparing drives, formatting, etc. Then after you run pacstrap, but before you arch-chroot into your installation chroot, you need to copy the files you created above over. Then perform the standard arch-chroot and enable your network settings there: Make sure you are still connected to the internet, and complete your Arch installation as you would normally. Set up root password, boot loader, etc. It is important that you set your timezone to UTC to match the Gateway. Once the installation is done, reboot. Tor Check. Once your installation is completed, you have rebooted into Arch, and verified the Whonix Gateway is running, you should be able to access the internet routed through Tor. You can verify traffic is being routed through Tor by installing your favorite web browser and performing the Tor Check. This Tor Check should explicitly say you are using Tor. (Optional) Post-Installation considerations. Installing Tor Browser. The standard web-browsers one would install in Arch will be forced to route all traffic through Tor and will receive all the benefits of Whonix compartmentalization. This can easily easily be checked by performing the Tor Check as well as other DNS tests described below. However, some might like to use the official Tor browser that comes with extra add-ons and security audits for use with Tor. To install the Tor browser, download the browser from here and extract it into. After the Tor Browser is installed we need to set the configuration to access Tor properly through the Whonix Gateway which is done by editing the following file: Now start the Tor Browser. The Tor Check should verify both that you are using Tor and the Tor Browser. DNS Leak Tests. There are several Leak Tests one can preform to verify no traffic is leaking outside of tor: These are also helpful for verifying that no location or other identifying information is being leaked. The Whonix DNS Leak Test Wiki has other helpful leak tests that can be performed in addition to checking websites. Familiarize yourself with the strengths and weaknesses of both the Whonix model and Tor. As suggested above, familiarize yourself with how the Whonix model works, the specific cases it provides extra security and privacy benefits in comparison with other approaches, how Tor works along with the benefits it provides, and the Tor project suggestions for making Tor work more reliably. There is no silver bullet to security and privacy, but understanding these concepts may bring many additional benefits when used properly. Keeping time synced between Workstation and Gateway. It is helpful to keep the exact time between the Workstation and Gateway in sync. If they are not, an attacker may suspect you are running a Whonix setup through time mis-matches. The official Whonix Workstation comes with software to force these to be in sync but as of yet I have not figured out how to implement this with Arch. Any suggestions here are welcome. Whonix tor downloaded file location. Featured at AT&T Cybersecurity blog. All activity in a virtual machine, all internet traffic through the Tor® network. Whonix is the best way to use Tor® and provides the strongest protection of your IP address. Applications are reviewed and pre-configured. Tor Browser OnionShare Thunderbird KeePassXC HexChat VLC Terminal Electrum Bitcoin Monero. Fully Featured and Advanced Security Features. Impossible to leak IP address. Connections are forced through Tor®. DNS leaks are impossible, and even malware with root privileges cannot discover the user's real IP address. Leak tested through corridor (Tor® traffic whitelisting gateway) and other leak tests. Live Mode. Booting into VM Live Mode is as simple as choosing Live Mode in the boot menu. Alternatively Debian, Kicksecure and perhaps other Debian- based hosts can boot their existing host operating system into Host Live Mode. Based on Kicksecure ™ Whonix ™ is based on Kicksecure ™ which is a security-hardened distribution. Based on Tor® Whonix utilizes Tor®, which provides an open and distributed relay network to defend against network surveillance. Unlike Virtual Private Networks (VPN), Tor provides anonymity by design and removes trust from the equation. Keystroke Anonymization. Keystrokes can be used to track users. To prevent this, Whonix comes with kloak installed by default. Time Attack Defenses. Time attacks are defeated by Boot Clock Randomization and secure network time synchronization through sdwdate (Secure Distributed Web Date). Secure Command Line / Tor Browser Downloads. Frequently users will want to download files from the Internet in order to achieve desired aims. Secure downloading of files is a complex subject and the potential security implications are often poorly understood. Contents. Downloads with scurl - SSL Command Line Downloader [ edit ] Introduction [ edit ] Note: This is for advanced users. In all cases avoid downloading files over plain HTTP. When using the command line to download files or webpages, resorting to the simple wget command is ill-advised because it is buggy [archive] . For example, if users do not force a request to use SSL encryption, wget can fail silently [archive] . Even when SSL is enforced with a command line option, this can break interoperability with some sites [archive] that use self-signed, expired or invalid certificates. Users could potentially ignore certificate verification warnings and proceed with downloads where the site's authenticity is in question. To provide greater security when downloading, scurl [archive] comes pre-installed in Whonix ™ and provides a simple wrapper around curl [archive] : [archive] simply adds --tlsv1.2 --proto =https to all curl instances to enforce strong encryption. [archive] additionally adds --location to follow redirects as well as --remote-name to use the filename suggested by the server. [1] Stream Isolation is enforced in Whonix ™, because /usr/bin/curl is a uwt wrapper symlink ed to /usr/lib/uwtwrapper , which will ultimately run /usr/bin/curl.real . scurl is not vulnerable to SSLstrip [archive] . This is a man-in-the-middle attack which forces a user's browser to communicate with the adversary in plain-text over HTTP (poisoning the download). At present, scurl is available in Whonix ™ and the command will generally not work in other distributions. How-to: Invoke scurl-download [ edit ] Note: In the examples below, the file will be saved in the user's current working directory. If the file should be saved elsewhere, change the current working directory before running scurl. To invoke scurl-download to download a file, simply run (replace the https:// example with the actual file location). This will download tor-browser-linux64-9.5_en-US.tar.xz to the current working directory. Figure: scurl Command in Whonix ™ To invoke scurl-download to download a web page, run (replace the https:// example with the actual webpage). All other curl/Linux features continue to work, such as storing the input inside of a file (change index.html to the desired file name). scurl Errors [ edit ] As expected, attempting scurl with plain HTTP will fail. This will result in the following output. Similarly, scurl fails with the following attempt. Returning the following output. Running scurl against a self-signed or invalid SSL certificate also fails. This results in an error, for example. Secure Downloads with Tor Browser [ edit ] Preventing SSLStrip Attacks [ edit ] If clicking or pasting a download link, make sure it is http s :// . The s in http s :// stands for "secure". Users often mistakenly believe that a secure, green padlock and a http s :// URL makes any download from that particular website secure. This is not the case because the website might be redirecting to http . In fact, an SSLstrip attack [archive] might succeed if a link is pasted or typed into the address bar without the https:// component (e.g. torproject.org instead of https://torproject.org [archive] ). [2] In this instance, it is impossible to confirm if the file is being downloaded over https:// . Potentially, a SSLstrip attack might have made the download take place over plain http . The reason is a padlock is not visible; it just appears empty. To avoid this risk and similar threats, always explicitly type or paste https:// in the URL / address bar . The SSL certificate button or padlock will not appear in this instance, but that is nothing to be concerned about. Unfortunately, few users follow this sage advice; instead most mistakenly believe pasting or typing www.torproject.org into the address bar is safe. Other Precautions [ edit ] For even greater safety, download files from onion services ( .onion addresses) whenever possible. Improved security is provided by onion service downloads, since the connection is encrypted end-to-end (with PFS), targeting of individuals is difficult, and adversaries cannot easily determine where the user is connecting to or from. Also, if files are already available in repositories, then prefer mechanisms which simplify and automate software upgrades and installations (like - get functions), rather than download Internet resources. Avoid installing unsigned software and be sure to always verify key fingerprints and digital signatures of signed software from the Internet, before importing keys or completing installations. For more on this topic, see: Installing Software Best Practices. Finally, consider using Multiple Whonix-Workstation ™ when downloading and installing additional software, to better compartmentalize user activities and minimize the threat of misbehaving applications. Whonix: The Beginner’s Guide. Whonix is a desktop operating system designed for advanced security and privacy. Whonix mitigates the threat of common attack vectors while maintaining usability. Online anonymity is realized via fail-safe, automatic, and desktop-wide use of the Tor network. A heavily reconfigured Debian base is run inside multiple virtual machines, providing a substantial layer of protection from malware and IP address leaks. Commonly used applications are pre-installed and safely pre-configured for immediate use. The user is not jeopardized by installing additional applications or personalizing the desktop. Whonix is under active development and is the only operating system designed to be run inside a VM and paired with Tor. Jump over the break to learn how to get whonix up and running…. What you need: 2. Whonix Gateway and Whonix Workstation ( you need both ) Whonix. It now comes as one .ova file for both Gateway and Workstation. Just download it and import it as shown below. How to: 1. Download and install VirtualBox. 3. Select the Whonix Gateway image and click “Continue” 4. Do not change anything, just click “Import” 6. Wait for Whonix-Gateway.ova to be imported. 7. Repeat the same import steps for Whonix-Workstation.ova. 7.1 What is Whonix Gateway and Whonix Workstation? Whonix Gateway is what configures the whole machine and route all traffic through the Tor network. You will need to run it while running the Whonix Workstation but you will have little to no interaction with it. Whonix Workstation is where you operate as a user. Basically the OS. NOTE: remember you need to run both Gateway and Workstation. 8. In VirtualBox open both Whonix Gateway and Whonix Workstation. This is done by either selecting them and clicking on start button ( one with the green arrow ) or double-clicking on them. NOTE: ALWAYS start Gateway first and Workstation second. 9. Once Whonix Gateway is loaded, it will ask you to connect to the Tor Network. This is easily done through the wizard. Click Next on both screens and wait for Gateway to connect. 10. Once Gateway connects to Tor, it will start looking for update and will display this message. Click OK. 11. Open the terminal ( first icon next to Applications on the bottom left corner ) and type sudo apt-get update && sudo apt-get upgrade . When prompted, type in the password. The default password is changeme. You will want to change the password but for now use the default one. 12. Now on the Workstation window, it might’ve started checking for updates too. If not, go to Application ( bottom left corner ) > System > WhonixCheck. When done it will display this message. 13. Open terminal and type sudo apt-get-update-plus dist-upgrade. . Same process as with the Gateway. 14. Now let’s change those passwords. By default the password is “changeme” 15. To change the password in the terminal type: sudo su type default password if prompted ( remember, default password is changeme ) type passwd enter your new Administrator password. you need to enter it twice ( you won’t see that you’re typing ) type passwd user type your user password twice. You’re pretty much done. A few notes: 1. Make sure you run a system check on both Gateway and Workstation regularly. Keep both of them updated. 2. Never maximize the browser to full screen. If you need to make it bigger manually adjust the window size. 3. Open Tor ( browser ) and, on the main page, first do an IP Check to see if be browser is configured to use Tor and most importantly click on Docs and do some heavy reading. SUPPORT. FSM has no ads or affiliate links. Your support would simply pay for our servers, domain and maintanance. If there's any leftover change, we'll get some coffee and a slice of pizza. Problems with browsing hidden services with Custom Workstation. I just installed a Whonix Gateway VM on VirtualBox and setup my Debian VM to use the Whonix Gateway to connect to the internet. So far all good. When I visit check.torproject.org it tells me I´m using Tor. But somehow I am not able to access tor hidden services. For instance I am not able to visit the hidden wiki page through the web browser on my Debian VM. My thought was as my connections are going through the Tor network anyways, it should be obvious I am able to connect to the hidden services. Why is it not working (curl is saying 'Empty reply from server') and what do I have to do to make it work? 2 Answers 2. I've yet to find a better way to do it, but the problem is that Firefox either can't resolve .onion domains, or resolution of .onion is blocked in newer versions of Firefox. You'll need to configure your browser to use Tor's SOCKS proxy to surf .onion domains ( Preferences >> Advanced >> Network >> Settings ). In your case, 127.0.0.1 might not be the SOCKS host, and would be the IP of your Whonix gateway server (and you'll need to see what port SOCKS is listening on).