Transform your Android device to the Tor transparent gateway

Until now I haven’t found a suitable ‚how-to‘ to transform your phone/tablet to the Tor transparent gateway, therefore I’ve decided to write this short manual how you can do it really fast and easily.

Goal:

Use your Android mobile phone (or tablet) as a Tor transparent gateway, so all wifi clients connecting to your phone (as wifi AP) are transparently routed through anonymous Tor network (with no leak).

Requirements:

• USB, Bluetooth or wifi tethering
• rooted Android device
• Orbot (Proxy with) Tor
• Terminal Emulator
• optionally SSHDroid or any other SSH server for Android

Steps:

1. Install all above-mentioned Android applications.
2. Enable USB, Bluetooth or wifi tethering (depending how you want to connect to the Internet through Tor)
3. Run Terminal Emulator as root (type ‚su‘ or ‚sudo‘) or connect to your Android device using SSH.
4. Focus on the Tor configuration file /data/data/org.torproject.android/shared_prefs/org.torproject.android_preferences.xml and check the value of pref_dnsport, pref_transportand pref_transparent_tethering parameters:

   # egrep "(pref_dnsport|pref_transport|pref_transparent_tethering)"
/data/data/org.torproject.android/shared_prefs/org.torproject.android_preferences.xml 
<boolean name="pref_transparent_tethering" value="false" />
<string name="pref_transport">9040</string>
<string name="pref_dnsport">5400</string>

   By default, the parameter pref_transport should have value 9040 and pref_dnsport 5400.

5. Change the value of pref_transparent_tethering from false to true (use vim or sed).
6. As root, add the following iptables rules (to redirect all DNS requests to the secure Tor DNS server, all TCP connections to the Tor SOCKS proxy and reject all ICMP requests – in order not to reveal your true IP address):

   On the local Android device, you can create the file tor_tunnel.sh with the above-mentioned 3 rules and put it to the startup scripts.

   • iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 5400
   • iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
   • iptables -A FORWARD -p udp --dport 53 -j ACCEPT
   • iptables -A FORWARD -p udp -j DROP
   • iptables -A FORWARD -p icmp -j REJECT

7. Be aware that if you want to use USB tethering (instead of wifi tethering), use ‚usb0‚ device instead of ‚wlan0‚. Similarly if you use bluetooth tethering.
8. Run the Orbot application and press the main button for at least 2 seconds – from this point all your wifi clients will be connected through your Android device (phone/tablet) directly to the Tor network.
9. Make sure your identity is NEVER REVEALED through your browser application fingerprint (use NoScript or completely disable javascript, change your User Agent in Firefox or Chrome), always check your current browser fingerprint here.