Hello,
How do I get the external IP address of the current Tor exit node (the one which is in use) without using external services/websites (through curl or otherwise) but only through the Tor control port functionality (using bash or python3).
*I have also asked on https://stackoverflow.com/q/59923289
On 1/27/20 05:47, Mike wrote:
Hello,
How do I get the external IP address of the current Tor exit node (the one which is in use) without using external services/websites (through curl or otherwise) but only through the Tor control port functionality (using bash or python3).
*I have also asked on https://stackoverflow.com/q/59923289
stem's get_circuits() function on a controller.
https://stem.torproject.org/api/control.html#stem.control.Controller.get_cir...
You'll get a list of circuit objects, which each have a path. For each circuit that is built for the purpose of carrying your traffic to a non-onion destination, the last item in the path is an exit node.
It's all in the stem documentation. I would familiarize yourself with it. Also, this is a mailing list for Tor relay operators to talk about relay operation stuff. tor-talk@ might have been a better place for this.
Note your misconception that there is only **one** circuit or **one** exit at a time. Not true. Tor may choose to open new circuits for a wide variety of reasons. The remainder of this email is a copy/paste response I use on Reddit when people seem to have this misconception.
The mental model of "Tor gives you a new IP address every 10 minutes" is very inaccurate. There's a tiny grain of truth, but there's a pile of reasons it isn't really true.
What you're thinking of is the `MaxCircuitDirtiness` torrc option, which indeed defaults to 10 minutes. Once you start using circuit A, Tor will no longer attach new streams to it automatically after 10 minutes. That's what it means more or less.
But there are so many reasons why you might have more than one circuit for user traffic, each with a different exit node (or none at all, for onion service circuits).
- Each unique onion service you visit needs its own circuit. - Maybe you have some very long lived connections (SSH, IRC, etc.) that are still hanging around on older circuits while your active browsing is using a newer one. - Maybe for whatever reason, Tor doesn't think a connection will work over the "current" circuit (e.g. the exit's `ExitPolicy` or something dumb and impossible to explain about Tor's internal logic). If this is the case, it isn't afraid to build a new one.
And that's just talking about Tor. What about Tor Browser?
Tor Browser intelligently separates both the state you receive from various websites and the connections you make to websites.
If I have https://facebook.com open in tab 1, 2, and 3, all its state *regardless of the domain it comes from* goes into a single bucket and all the connections use one (or more) circuits reserved for this bucket's traffic. If I have https://amazon.com open in tabs 4, 5, and 6, all its state goes into a different single bucket and all the connections use a different circuit(s) for their traffic.
So just by browsing multiple websites at the same time, I have more than one circuit open, and therefore more than one IP.
Hi Matt,
On Mon, 27 Jan 2020 08:56:32 -0500 Matt Traudt wrote:
stem's get_circuits() function on a controller.
https://stem.torproject.org/api/control.html#stem.control.Controller.get_cir...
You'll get a list of circuit objects, which each have a path. For each circuit that is built for the purpose of carrying your traffic to a non-onion destination, the last item in the path is an exit node.
Thanks for the reply.
The reference to get_circuits seems to imply the first answer linked in my S.O. question - a short python code which lists all circuits:
https://stackoverflow.com/a/17130011
To get the IP address of the current Tor exit node (the one which would be used if I attempt a connection to a non-onion destination) I use one of these:
(1) torsocks curl https://ipinfo.io/ip (2) torsocks dig @resolver1.opendns.com ANY myip.opendns.com +short
Both these commands give the same IP address but it is the same as the last one listed by python script given above (which uses get_curcuits). Am I doing something wrong?
It's all in the stem documentation. I would familiarize yourself with it.
I am trying to but as I am still new to Python, so it is still beyond my level.
Also, this is a mailing list for Tor relay operators to talk about relay operation stuff. tor-talk@ might have been a better place for this.
It is the first time I use these lists, so please forgive me. Should I stop posting here instantly and re-post the original question to tor-talk?
Note your misconception that there is only **one** circuit or **one** exit at a time. Not true. Tor may choose to open new circuits for a wide variety of reasons. The remainder of this email is a copy/paste response I use on Reddit when people seem to have this misconception.
Perhaps if I should have clarified my global goal:
I want to be able to receive a new **different** IP address for different connections which a bash script makes. Suppose (simplified):
---------- #!/bin/bash
torsocks curl http://site1.com get-new-tor-ip torsocks curl http://site2.com get-new-tor-ip ... ----------
Currently I get-new-tor-ip like this (simplified):
---------- oldip=$(torsocks dig @resolver1.opendns.com ANY myip.opendns.com +short) newip="${oldip}" while [ "${newip}" == "${oldip}" ] do newip= ... # As described in http://vt5hknv6sblkgf22.onion/faq.html#how-do-i-request-a-new-identity-from-... done ----------
I am willing to avoid the call to an external service.
I understand the rest of your explanations but I am afraid I am not clever enough to find the answer to my goal in them.
Can you help?
Again: if it is inappropriate to ask here, I can repeat the question in tor-talks. Just let me know please. Thanks.
On 1/27/20 13:28, Mike wrote:
Perhaps if I should have clarified my global goal:
I want to be able to receive a new **different** IP address for different connections which a bash script makes. Suppose (simplified):
Yeah that's a completely different question. No wonder you didn't get the answer you were expecting.
A key phrase you're looking for is "stream isolation." Or keep asking Tor for a new identity. Both can be rather wasteful. Perhaps the best answer is to just build the circuits yourself, but if you're new to programming/python, that isn't going to be obtainable.
As those docs you linked to say:
Tor does not have a method for cycling your IP address. This is on
purpose, and done for a couple reasons. The first is that this capability is usually requested for not-so-nice reasons such as ban evasion or SEO. Second, repeated circuit creation puts a very high load on the Tor network, so please don't!
At this time, this is all I think I should say. It sounds a lot like you're trying to do some of those things that hurt Tor: either by unfairly consuming its resources for your personal gain (e.g. yet another hobby Tor-powered web crawler or SEO), or by harming its reputation by "ethically" hacking or vulnerability scanning the web.
You can email me off-list with actual information about what you're working on if you think it's a good use of Tor and I will help further. Otherwise for further questions I suggest tor-talk@.
On Tue, Jan 28, 2020 at 08:25:06AM -0500, Matt Traudt wrote:
I want to be able to receive a new **different** IP address for different connections which a bash script makes. Suppose (simplified):
[...] It sounds a lot like you're trying to do some of those things that hurt Tor: either by unfairly consuming its resources for your personal gain (e.g. yet another hobby Tor-powered web crawler or SEO), or by harming its reputation by "ethically" hacking or vulnerability scanning the web.
Thanks Matt. I agree that most people who want to automate connections through Tor using many different exits are probably not doing it with the sustainability of the Tor network in mind. That is, maybe they think of the Tor network as this magic huge anonymous thing that they can do anything over, but the reality is that sustainability is a huge deal since ISPs and websites form opinions about Tor based on their experiences with folks who make bulk automated requests.
And see also https://blog.torproject.org/call-arms-helping-internet-services-accept-anony... for the same issue from the other side.
So: Mike, please think deeply about whether your planned activities would be spoiling the party for all the other Tor users out there, who want to be doing ordinary web browsing and not get punished when websites freak out and try to block your requests.
Thanks, --Roger
As I have explained to Matt in an off-list message (as suggested by him) my intentions are not malicious. Looking forward to his answer.
tor-relays@lists.torproject.org
-
Matt Traudt -
Mike -
Roger Dingledine