torsocks — Library for intercepting outgoing network connections and
redirecting them through the Tor SOCKS proxy.
Torsocks library overloads the libc symbols use for Internet communication such
system call. Using that technique, the library sends
everything through the Tor network including DNS resolution done by the
For DNS, gethostbyname(3)
family functions are rerouted through Tor.
Please note that the ISC res_* API is currently not supported.
Here is an example on how to use torsocks library with ssh(1)
$ LD_PRELOAD=/path/to/libtorsocks.so ssh -l kalexander -p 1234 prism.nsa.gov
Set LD_PRELOAD to load the library then use applications as normal. The syntax
to force preload of the library for different shells is specified below:
Bash, Ksh and Bourne shell:
$ export LD_PRELOAD=/path/to/libtorsocks.so
$ setenv LD_PRELOAD=/path/to/libtorsocks.so
This process can be automated (for Bash, Bourne and Korn shell users) for a
single command or for all commands in a shell session by using the
You can also setup torsocks(1)
in such a way that all processes
automatically use it, a very useful configuration. Please refer to the
torsocks script documentation for more information.
- This environment variable overrides the default location of
the torsocks configuration file. This variable is not honored if the
program torsocks is embedded in is setuid.
- Enable logging level of torsocks library. By default,
warnings and errors are printed (level 3). Note that each level includes
the lower ones except the 1 which disables any possible logging. (default:
||No log at all.
- Control whether or not the time is added to each logging
line. (default: 1)
- If set, torsocks will log in the file set by this variable.
- Set the username for the SOCKS5 authentication method.
Password MUST be set also with the variable below.
- Set the password for the SOCKS5 authentication method.
Username MUST be set also with the variable above.
- Set the Tor address. (default: 127.0.0.1)
- Set the Tor port. (default: 9050)
- Allow inbound connections so the application can accept and
listen for connections.
- Set the username and password for the SOCKS5 authentication
method to a PID/current time based value automatically. Username and
Password MUST NOT be set.
Torsocks is not able to send DNS queries through Tor since UDP is not supported.
Thus, any UDP socket is denied. However, DNS queries that can be intercept are
sent to Tor and sent back to the caller.
Torsocks might generate error messages and print them to stderr when there are
problems with the configuration file or the SOCKS negotiation with the Tor
daemon. The TORSOCKS_LOG_LEVEL environment variable controls that behavior as
well as the log file option. Keep in mind that this library can output on the
stderr of the application.
Outgoing TCP connections can only be proxified through the Tor network.
Torsocks forces the libc resolver to use TCP for name queries, if it does this
it does it regardless of whether or not the DNS to be queried is local or not.
This introduces overhead and should only be used when needed.
Torsocks uses ELF dynamic loader features to intercept dynamic function calls
from programs in which it is embedded. As a result, non-ELF executables, or
executables that make system calls directly with the system call trap (int
/etc/tor/torsocks.conf - default torsocks configuration file
David Goulet <email@example.com>