Exploring Tor with carml

carml is a command-line, pipe-friendly tool for exploring and controlling a running Tor daemon. Most of the sub-commands will be interesting to developers and tinkerers; a few of these will be interesting to end users. This post concentrates on the developers and tinkerers.

carml is a Python program written using Twisted and my library txtorcon. If you're familiar with Python, create a new virtualenv and pip install carml. There are more verbose install instructions available. Once this works, you should be able to type carml and see the help output.

Connecting to Tor

carml works somewhat like git, in that a normal invocation is carml followed by some global options and then a sub-command with its own options. The most-useful global option is --connect <endpoint> which tells carml how to connect to the control-port. Technically this can be any Twisted client endpoint-string but for Tor will be one of tcp:<port> (or simply a port) or unix:/var/run/tor/control for a unix-socket.

For Tor Browser Bundle, use carml --connect 9151. Typically a "system" Tor is reachable at carml --connect 9051 or carml --connect unix:/var/run/tor/control. You may need to enable the control-port in the configuration and re-load (or re-start) Tor. More details are in the documentation.

Start Exploring

The most interesting general purpose command is probably carml monitor -- try running it for a while and you can see what your Tor client is doing. This gives some good insight into Tor behavior.

A (very basic) usage graph is available via carml graph to see what bandwidth you're using (this needs work on the scaling -- PRs welcome!)

Explicit Circuits

Sometimes, you want to use a particular circuit. For example, you're trying to confirm some possibly-nefarious activity of an Exit. We can combine the carml circ and carml stream commands:

carml circ --build "*,*,4D08D29FDE23E75493E4942BAFDFFB90430A81D2"

This means make a 3-hop circuit through any entry-guard, any middle and then one particular exit (identified by ID). You can*= identify via name (only if it's unique!) but hashes are highly recommended. Of course, you could explicitly choose the other hops as well. Note that the stars still leave the selection up to carml / txtorcon which cannot (and does not) use Tor's exact selection algorithm.

Next, you'll want to actually attach circuits to that stream. It will have printed out something like "Circuit ID 1234". Now we can use carml stream:

carml stream --attach 1234

This will cause all new streams to be attached to circuit 1234 (until we exit the carml stream command). In another terminal, try torsocks curl https://www.torproject.org to visit Tor Project's web site via your new circuit. Once you kill the above carml stream command, Tor will select circuits via its normal algorithm once again.

Note that it's not currently possible to attach streams destined for onion services (this is a Tor limitation, see connection_edge.c).

Debugging Tor

The control protocol reveals all Tor events, which includes INFO and DEBUG logging events. This allows you to easily turn on DEBUG and INFO logging via the carml events command:

carml events INFO DEBUG

This can of course be piped through grep or anything else. You can give a --count to carml events, which is useful for some of the other events.

For example, if you want to "do something" every time a new consensus document is published, you could do this:

carml events --once NEWCONSENSUS

This will wait until exactly one NEWCONSENSUS event is produced, dump the contents of it to stdout (which will be the new consensus) and exit. Using a bash script that runs the above (maybe piped to /dev/null) you can ensure a new consensus is available before continuing.

Events that Tor emits are documented in torspec section 4.1. You can use carml to list them, with carml events --list.

Another example might be that you want to ensure your relay is still listed in the consensus every hour. One way would be to schedule a cron-job shortly before the top of each hour which does something like:

carml events --once NEWCONSENSUS | grep 
# log something useful if grep didn't find anything

Raw Commands

You can issue a raw control-port command to Tor via the carml cmd sub-command. This takes care of authentication, etc. and exits when the command succeeds (or errors). This can be useful to test out new commands under development etc (as the inputs / outputs are not in any way validated).

Every argument after cmd is joined back together with spaces before being sent to Tor so you don't have to quote things.

carml cmd getinfo info/names
carml cmd ADD_ONION NEW:BEST Port=1234

End-User Commands

Briefly, the commands intended to be "end-user useful" are:

carml pastebin: create a new hidden service and serve a directory, single file, or stdin at it. You can combine with carml copybin or simply torsocks curl ... on the other side. Still an "exercise to the reader" to securely distribute the address.

carml tbb: download, verify and run a new Tor Browser Bundle. This pins the public-key of torproject.org and bundles the keys of likely suspects that sign the bundles. It is less useful now that TBB auto-updates.

carml newid: sends the NEWNYM signal, which clears the DNS cache and causes Tor to not re-use any existing circuits for new requests.

carml monitor shows you what Tor is doing currently. Similarly, carml graph shows you just the current in/out bandwidth.

Pure Entertainment

Commands that can provide hours of entertainment include:

  • carml xplanet
  • carml tmux

I hope you find carml useful. Suggestions, bugs, and fixes all welcome on carml's GitHub page.

See Also

There is also a curses-based Tor tool called ARM (blog post). This is being re-written as "Nyx" currently.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

"Suggestions, bugs, and fixes all welcome on carml's GitHub page."

I think the link here is wrong.

Yes, you are right, thanks! Now fixed :)

Very interesting, thanks for this blog post! :)

Sounds great, but I hvae a question about SSL for:

https://carml.readthedocs.io/en/latest/installation.html

Are you really using SSl3 DHE RSA AES 128/256 SHA? Those are deprecated, yes?

That's a third party service. So ask them? (https://readthedocs.org/)

For Tor, keeping files under third party protection is like accepting "secure" (bugged!) office space from Google. Or even worse, a US military base. Tor Project has done the first but I hope not the second. Although I worry a lot about RU/CN intentions towards TP, one must also worry even more about USG intentions towards TP.

I use ReadTheDocs because it saves me a ton of time self-hosting documentation.

If you're worried about trusting ReadTheDocs, you have two options: you can build the docs yourself (type make html in the docs/ directory) or you can use the hidden-service hosted docs (although they tend to be "not as up-to-date" as the ReadTheDocs ones -- typically they get updated when I do a release but don't track master like ReadTheDocs do).

ReadTheDocs has no more authority over the Git repository than you do (i.e. they have read-only clone access).

"or you can use the hidden-service hosted docs"

Any reason you did not include the .onion link?

I understand, but this habit (not only yours!) worries me since it means devs are not using the tools we have to provide authentication/security.

Cool project, BTW!

Thanks for replying.

I can't tell if you mean the "habit of not using HTTPS" or the "habit of using Web services run by others" ... in either case you should be getting the actual software from Git (which has signed tags) or from PyPI (which uses HTTPS and has signatures). I agree it would be nice if ReadTheDocs used TLS.

I was thinking of another project (txtorcon) when talking about the hidden-service hosted docs. Sorry about that!

However, this spurred me to turn on a hidden-service for carml as well, and it is now at: carmlion6vt4az2q.onion/.

>Or even worse, a US military base.
What's wrong with US military base? I think that military base is more secure than a civil facility because if it was bugged, it will harm base's owner, so it is checked for bugs. Own bugs can be reused by foreign spuies, so no own bugs, they have enough living people there for surveillance. TorProject source codes are open, there is no harm if anyone saw it. The main concern are backdoors. But if US wanted backdoors in TP, they would be already there. They can secretly tamper with your hardware. But they don't. It's more profitable to pay universities for hacking your Tor, since Russia, China, North Korea, Iran, Syria, Nigeria and Cuba are not as advanced and just can't do the same.

I noticed I more often receive an error with the ssl certificates, when I switch the circuit the warning disappers

Getting TLS certificate warnings from one circuit but not another could indicate something fishy going on with an exit-node. You can use carml to see which exit you're currently using (with, e.g., carml monitor). If you do believe you've got some good evidence that an exit is misbehaving, you can alert the Tor project via one of their contact methods.

Post new comment

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content Syndicate content