Privoxy intercept

I’ve crush on privoxy, there are a lot of useful configurations you can test. I’been testing some intercept options, here are some of my tests.

First complain about using privoxy was my service, (I know, I suck just to avoid ads over a great free service but give’me a chance to explain; it was just for testing proposes). At that point my grooveshark looks like this:


Yes, there is no ads (thanks privoxy), but also there is no music. As a first time privoxy user my configuration were set as follow:


After some reading, the next configuration make the job:


Grooveshark come alive again!!


By the way this post is about intercept, now let have fun with iptables and be bad asses intercepting http from OUR networks (yes OUR networks).

You can get the original script here, original was for squid but the concept is the same.


# ——————————————————————————————————————————

# See URL:

# (c) 2006, nixCraft under GNU/GPL v2.0+

# ——————————————————————————————————————————-

# remember SQUID = privoxy

# squid server IP


# Interface connected to Internet


# Interface connected to LAN

LAN_IN=”tun0” #yes i’m using a tunnel


# Squid port



# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

#Enable ip Forwardingecho 1 > /proc/sys/net/ipv4/ip_forward
# Setting default filter policyiptables -P INPUT DROPiptables -P OUTPUT ACCEPT
# Unlimited access to loop backiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPT
# Allow UDP, DNS and Passive FTPiptables -A INPUT -i $INTERNET -m state —state ESTABLISHED,RELATED -j ACCEPT
# set this system as a router for Rest of LANiptables —table nat —append POSTROUTING —out-interface $INTERNET -j MASQUERADE##iptables —append FORWARD —in-interface $LAN_IN -j ACCEPTiptables —append FORWARD -s $LAN_IN_SUB -j ACCEPT
# unlimited access to LAN (tun0)iptables -A INPUT -i $LAN_IN -j ACCEPTiptables -A OUTPUT -o $LAN_IN -j ACCEPT
# Intercept http and sent to privoxyiptables -t nat -A PREROUTING -s -m state —state NEW -p tcp —dport 80 -j DNAT —to $SQUID_SERVER:$SQUID_PORT
#Accept vpn (remember what I said before? yes i’m using a tunnel)iptables -A INPUT -m state —state NEW -p udp —dport 1196 -j ACCEPT
# DROP everything and Log itiptables -A INPUT -j LOGiptables -A INPUT -j DROP

So at this point you http trafic is inspected by privoxy!! yEAA!! good bye ads. (most of them ;)

Anonym Surfen mit Tor (Teil 1 - Installation)

Nicht immer möchte man z.B. beim Surfen seine IP-Adresse bekannt geben. TOR bietet eine gute Möglichkeit diese zu verstecken.

Zur installation:

su -c 'yum install tor privoxy'

Nun Muss noch eine Konfigurationsdatei angepasst werden. Den “.” nicht vergessen!

su -c 'vi /etc/privoxy/config'

Hier fofgendes einfügen:

forward-socks4a / .

Nun kann TOR und Privoxy gestartet werden:

su -c 'service tor start && service privoxy start'

Wenn man TOR und Privoxy nicht nach jedem Systemstart manuell starte möchte kann das auch automatisch geschehen:

su -c 'chkconfig --levels 35 tor on'
su -c 'chkconfig --levels 35 privoxy on'


Nun fehlt nur noch ein Plugin für den Firefox damit man mit einem Mausklick TOR an und aus schalten kann. Bewährt hat sich hier der Torbutton. Für den Firefox 5 die letzte Alpha von dieser Seite installieren:

Überprüfen kann man dans ganze auf diversen Webseiten wie z.B.

Viel Spass!

Tor-strong un script para automatizar la instalación de tor + polipo + privoxy + dnsmasq

Tor-strong un script para automatizar la instalación de tor + polipo + privoxy + dnsmasq

Según las estadísticas de mi blog los post más visitados son los relacionados con tor, es por eso que decidí crear un script que automatiza el proceso de instalación (en Debian y derivados) siguiendo el procedimiento explicado en los post anteriores.

Tal y como lo menciona el titulo es script instala tor + polipo + privoxy + dnsmasq y lo pueden descargar desde su repositorio en github.


View On WordPress

Ad blocking done right

If you’re like me, you’ve probably been running adblock plus in Firefox for years. It’s not because you don’t want to support the sites you visit: maybe you specifically unblock domains that you know use unintrusive ads, like reddit. Rather, it is usually the implementation of most web ads that is problematic. Maybe they:

  • Are flash and play sound
  • Take up screen real-estate
  • Slow down your internet connection
  • Set hundreds of cookies and track your browsing
  • Slow your web browser, eating CPU cycles

Regardless of the reason, Adblock extensions to the web browser are a reasonable first step toward speeding up and maintaining control of your browsing experience. Ghostery and NoScript are two other fine extensions that take further steps toward this goal.

Why Adblock Plus isn’t good enough

Adblock Plus isn’t perfect. I don’t just mean its blocking abilities; the filter lists are very good. The problem is we are filtering content at our web browser. This impacts Firefox’s overall responsiveness, it is detectable (Adblock doesn’t replace ads, only removes them), and it is not very cross-browser. My Adblock Plus on Firefox and Adblock Plus on Chromium are not synchronized. If I block some content on one, I must either devise a system for them to automatically share filter lists (a waste of time) or manually synchronize them (a bigger waste of time).

It also is antithetical to what a web browser should be doing: browsing the web. Not filtering content. Filtering is simply not the job of the browser.

Moreover, I cannot implement Adblock Plus in any sort of gateway format. Maybe this doesn’t matter to you, but it impacts one of my future projects: my plan is to eventually use a powerful single-board computer in conjunction with a pair of Ethernet switches, openvpn, DNSMasq, and iptables to create a powerful, centralized filtering service for my network traffic. This lets me offload filtering services from my main computer, which needs its CPU power to compile things and crunch numbers with mathematica, not filter, secure, and log network traffic.

This is why Adblock Plus on Android is implemented as a local proxy and not any other design choice. It is simply more powerful that way, and it means Adblock does not care what the web browsers are doing, and the web browser does not care about the logic of the content filtering service.

A better adblock

I use a localized privoxy for my filtering. It is customizable and uses powerful regex-based filtering like Adblock does, but it is wholly separated from the guts of your web browsers. This means you can share the filter lists between browsers, choose which browsers use it and which don’t on the fly, use the same popular filter lists from Adblock Plus, and much, much more.

All content that enters your web browser is now at the mercy of your filtering software. This includes cookies, HTTP headers, and even DNS requests if you’re willing to go the SOCKS route.

Privoxy is completely customizable, in all of these areas, from both simple and well-documented configuration files or a web interface that is disabled by default. It offers multiple levels of default configurations, from basic, very safe settings to filtering-rich configuration to all-out complete control over HTTP behavior.

To use it, you just start the service, then change your browser’s proxy settings to point HTTP and HTTPS traffic to


Then you will want to edit the configuration files. Then, to configure blocking, you can use and set it as a cronjob if you want regular updates. Otherwise, Privoxy provides great defaults at the medium level of filtering, and user customizations can be added in the file


in the form of regex + actions as documented in the default action file. Ideas can be found in the various adblocking filterlists out there, but the final decisions are yours.

This is the method I use, since it forces me to regularly spend time in the privoxy configurations, tweaking and improving the more advanced features that are provided. I suggest playing around with Panopticlick and wireshark to get an all-around idea of how your browser is behaving, then adjusting the privoxy settings to taste.

If you are not willing to tinker with this software, then the improvement gained over Adblock Plus is worthwhile but minimal. But for the power user or system administrator, the difference is huge.

March Madness - Protect your Privacy

Your business and promoting your business is important.   So is your privacy.  You do not want competitors to know what you may be currently researching.  You do not want to provide any avenue where they could potentially find out what your plans are.  As a business, you may be interested to learn what your competitors are doing or what your customers think.  There remains the dilemma and conflict.

On March 1st, Google added a unified privacy policy affecting data Google has collected on you prior to March 1st as well as data it collects on you in the future. Your Google Web History (your Google searches and sites visited) was cordoned off from Google’s other products. This protection was especially important because search data can reveal particularly sensitive information about you, including facts about your location, interests, age, religion, health, and more. If you want to keep Google out of your life by combing your Web History you may want to remove all items from your Web History and stop your Web History from being recorded.

Here’s how:

Sign into your Google account.

Go to

Click “remove all Web History.”

Click “ok.”

In the Six Tips to Protect Your Search Privacy, available from September 14, 2006 By Peter Eckersley, Seth Schoen, Kevin Bankston, and Derek Slater describes way to protect yourself.

The Electronic Frontier Foundation has developed the following search privacy tips. They range from straightforward steps to more complicated measures offering near-complete safety.

1. Don’t put personally identifying information in your search terms (easy)

Don’t search for your name, address, credit card number, social security number, or other personal information. These kinds of searches can create a roadmap right to your doorstep. They could also expose you to identity theft and other privacy invasions.

2. Don’t use your ISP’s search engine (easy)

Because your ISP knows who you are, it will be able to link your identity to your searches. It will also be able to link all your individual search queries into a single search history. So, if you are a Comcast broadband subscriber, for instance, you should avoid using

3. Don’t login to your search engine or related tools (intermediate)

Search engines sometimes give you the opportunity to create a personal account and login. In addition, many engines are affiliated with other services. When you log into the search engine or one of those other services, your searches can be linked to each other and to your personal account.

 •Install two different web browsers to separate your search activities from your other accounts with the search provider.

•For Google and its services, you can use the Mozilla Firefox web browser and the CustomizeGoogle plugin software. Go to and click “Install.” Restart Firefox and then select “CustomizeGoogle Options” from the “Tools” menu. Click on the “Privacy” tab and turn on “Anonymize the Google cookie UID.” You must remember to quit your browser after using GMail and before using the Google search engine. In addition, be sure not to select the “remember me on this computer” option when you log into a Google service.

If you are using a browser other than Firefox, you can use the GoogleAnon bookmarklet, which you can obtain at You will need to quit your browser every time you finish with a Google service. Unfortunately, we currently do not know of similar plugins for other search providers.

 4. Block “cookies” from your search engine (intermediate)

If you’ve gone through the steps above, your search history should no longer have personally identifying information all over it. However, your search engine can still link your searches together using cookies and IP addresses.

Cookies are small chunks of information that websites can put on your computer when you visit them. Among other things, cookies enable websites to link all of your visits and activities at the site. Since cookies are stored on your computer, they can let sites track you even when you are using different Internet connections in different locations. But when you use a different computer, your cookies don’t come with you.

Use the following steps to allow only “session cookies,” and remember to quit your browser at least once a day but ideally after each visit to your search provider’s site.

Mozilla Firefox - apply these settings:

• From the “Edit” menu, select “Preferences”

 • Click on “Privacy”

 • Select the “Cookies” tab

 • Set “Keep Cookies” to “until I close Firefox” 12

 • Click on “Exceptions,” type in the domains of all of your search sites, and choose “Block” for all of them

If you use Microsoft Internet Explorer to surf the web:

 • From the Internet Explorer “Tools” menu, select “Internet Options”

 • Click on the “Privacy” tab and then press the “Advanced” button

 • Click on “Override automatic cookie handling”

 • Set both “first party” and “third party” cookies to “Block”

 • Select “Always allow session cookies”

5. Vary your IP address (intermediate)

 When you connect to the Internet, your ISP assigns your computer an “IP address”  Search providers — and other services you interact with online — can see your IP address and use the number to link together all of your searches. IP addresses are particularly sensitive because they can be directly linked to your ISP account via your ISP’s logs. Unlike cookies, your IP address does not follow your computer wherever it goes; for instance, if you use your laptop at work, it will have a different IP address than when you use it at home.

6. Use web proxies and anonymizing software like Tor (advanced)

To hide your IP address from the web sites you visit or the other computers you communicate with on the Internet, you can use other computers as proxies for your own — you send your communication to the proxy; the proxy sends it to the intended recipient; and the intended recipient responds to the proxy. Finally, the proxy relays the response back to your computer. All of this sounds complicated, and it can be, but luckily there are tools available that can do this for you fairly seamlessly.

Tor ( is a software product that encrypts then sends your Internet traffic through a series of randomly selected computers, thus obscuring the source and route of your requests. It allows you to communicate with another computer on the Internet without that computer, the computers in the middle, or eavesdroppers knowing where or who you are. Tor is not perfect, but it would take a sophisticated surveillance effort to thwart its protections.

You also need to make sure your messages don’t reveal who you are. Privoxy ( helps with this, because it strips out hidden identifying information from the messages you send to web sites. Privoxy also has the nice side benefit of blocking most advertisements and can be configured to manage cookies. (Privoxy comes bundled with Tor downloads.)

You can also use web proxies like Anonymizer’s ( Anonymous Surfing. This option is more user-friendly but possibly a less effective method of anonymizing your browsing. Anonymizer routes your web surfing traffic through their own proxy server and hides your IP address from whatever web sites you visit.

Tor and Privoxy downloads and instructions can be found here:

Privoxy & ssh.

Are you concern about you privacy or some big corporation sneaking your web browsing trying to “match” ad-words?. I found privoxy pretty useful, but it is more useful if you try with an extra-encryption option like a ssh tunnel.

Here is my recipe, feel free to adjust your own configuration (RTFM at and

I’m a Ubuntu user so my setup is apt-get’ed, it wouldn’t fail (most of times ;) , I’m assuming you already have a PC with internet access and ssh server with valid log in. 

Here is some kind of diagram so don’t get lost:


Step 1. Install privoxy on the PC2:

$sudo apt-get install privoxy

By default you can connect to privoxy at localhost:8118

Step 2. At PC1 download putty and configure a tunneled connection:


Don’t forget the log in info ;)


Step 3. Connect your ssh session and configure your web browser proxy as follow:


Note: privoxy only works with HTTP and HTTPS protocols.

Step 4. Enjoy your freedom (almost?)

Two words:

1. Did I mention now you are avoiding HTTP based web-filtering? You should be aware there are proxy/firewalls that inspects ssl’ed connections (like BlueCoat or Fortigate).

2. If your internet provider filters DNS query’s this configuration may not work 4 u.

3. Take your time to know how privoxy works, I would post more about it.

4. Remember have fun and respect other people privacy. 

Tor + polipo + privoxy

Tor + polipo + privoxy

Navegar a través de tor puede ser una experiencia anónima mas no necesariamente rápida, para mejorar un poco la velocidad y aumentar la seguridad vamos a utilizar dos programas.

El primero se llama polipo, el cual es un proxy ligero que hará un pequeño cache de las paginas visitadas a través de tor mejorando así la velocidad de carga la próxima vez que visitemos el sitio.

El segundo se llama…

View On WordPress

I think Yahoo got this wrong

I think Yahoo got this wrong

For a while I’ve been getting nags to stick my mobile no on my email. This is from both Google and Yahoo. I haven’t done this – why should I take the trouble to do the NSA’s (and every other hacker’s) work for them.

The Yahoo services is now a particularly difficult service to use. It’s full of ads that I can’t be bothered to suppress – I use Privoxy without which I’d never go on Facebook, or…

View On WordPress

Setting up privoxy proxy server for browsing

I wanted to setup proxy server for browsing. Tried felt cumbersome to configure though it has advanced features.

Finally decided to setup I assume you have personal server where all the requests are forwarded.


Server Config

sudo apt-get install privoxy

sudo vim /etc/privoxy/config

look for listen-address and add ip:port listen-address

To enable logging for all requests uncomment debug 1(you will need to rotate log file using cronjob).Done with server config.

Client Config

Firefox users using ubuntu Edit -> Preferences->Network->Connection->Settings, choose manual proxy and enter ip address and port.

Chromium/Chrome uses system proxy, Sytem->Network look for Configure HTTP Proxy and enter details.

For command line use, add HTTP_PROXY=http://ip:port to ~/.bashrc.