Updated: August 24th, 2013
torsocks --- Library for intercepting outgoing network connections and
redirecting them through the Tor SOCKS proxy.
Torsocks library overloads the libc symbols use for Internet communication such
as connect(2) system call. Using that technique, the library sends
everything through the Tor network including DNS resolution done by the
For DNS, gethostbyname(3) family functions are rerouted through Tor.
Please note that the ISC res_* API is currently not supported.
Here is an example on how to use torsocks library with ssh(1):
$ LD_PRELOAD=/path/to/libtorsocks.so ssh -l kalexander -p 1234 prism.nsa.gov
Set LD_PRELOAD to load the library then use applications as normal. The syntax
to force preload of the library for different shells is specified below:
Bash, Ksh and Bourne shell:
$ export LD_PRELOAD=/path/to/libtorsocks.so
$ setenv LD_PRELOAD=/path/to/libtorsocks.so
This process can be automated (for Bash, Bourne and Korn shell users) for a
single command or for all commands in a shell session by using the
You can also setup torsocks(1) in such a way that all processes
automatically use it, a very useful configuration. Please refer to the torsocks
script documentation for more information.
This environment variable overrides the default location of the torsocks
configuration file. This variable is not honored if the program torsocks is
embedded in is setuid.
Enable logging level of torsocks library. By default, warnings and errors are
printed (level 3). Note that each level includes the lower ones except the 1
which disables any possible logging. (default: 3)
No log at all.
Control whether or not the time is added to each logging line. (default: 1)
If set, torsocks will log in the file set by this variable. (default: stderr)
Set the username for the SOCKS5 authentication method. Password MUST be set
also with the variable below.
Set the password for the SOCKS5 authentication method. Username MUST be set
also with the variable above.
Set the Tor address. (default: 127.0.0.1)
Set the Tor port. (default: 9050)
Allow inbound connections so the application can accept and listen for
Set the username and password for the SOCKS5 authentication method to a
PID/current time based value automatically. Username and Password MUST NOT
Torsocks is not able to send DNS queries through Tor since UDP is not
supported. Thus, any UDP socket is denied. However, DNS queries that can be
intercept are sent to Tor and sent back to the caller.
Torsocks might generate error messages and print them to stderr when there are
problems with the configuration file or the SOCKS negotiation with the Tor
daemon. The TORSOCKS_LOG_LEVEL environment variable controls that behavior as
well as the log file option. Keep in mind that this library can output on the
stderr of the application.
Outgoing TCP connections can only be proxified through the Tor network.
Torsocks forces the libc resolver to use TCP for name queries, if it does this
it does it regardless of whether or not the DNS to be queried is local or not.
This introduces overhead and should only be used when needed.
Torsocks uses ELF dynamic loader features to intercept dynamic function calls
from programs in which it is embedded. As a result, non-ELF executables, or
executables that make system calls directly with the system call trap (int
0x80) are not supported.
/etc/tor/torsocks.conf - default torsocks configuration file
David Goulet <email@example.com