TOR : How To Switch To a New Identity Using PHP

TOR. Where would I be without it? TOR has helped me circumvent DNS issues and get around Google blocks more than once. I also use it in some of my programs/scripts. So here’s a simple PHP script that I use to switch TOR to a new identity.

Sidenote : In case you don’t know what TOR is, here are the important bits – it’s a free, volunteer-based netwok of anonymous proxies. There are three things I like about it – it’s free, it works, and it’s easy to switch to a new proxy chain – just get a “new identity”. No need to reconfigure your browser/whatever to use a new proxy address.

The PHP script itself is below, followed by an explanation on how to use it.

New Identity Script

/**
 * Switch TOR to a new identity.
 **/
function tor_new_identity($tor_ip='127.0.0.1', $control_port='9051', $auth_code=''){
	$fp = fsockopen($tor_ip, $control_port, $errno, $errstr, 30);
	if (!$fp) return false; //can't connect to the control port
	
	fputs($fp, "AUTHENTICATE $auth_code\r\n");
	$response = fread($fp, 1024);
	list($code, $text) = explode(' ', $response, 2);
	if ($code != '250') return false; //authentication failed
	
	//send the request to for new identity
	fputs($fp, "signal NEWNYM\r\n");
	$response = fread($fp, 1024);
	list($code, $text) = explode(' ', $response, 2);
	if ($code != '250') return false; //signal failed
	
	fclose($fp);
	return true;
}

/**
 * Load the TOR's "magic cookie" from a file and encode it in hexadecimal.
 **/
function tor_get_cookie($filename){
	$cookie = file_get_contents($filename);
	//convert the cookie to hexadecimal
	$hex = '';
	for ($i=0;$i<strlen($cookie);$i++){
		$h = dechex(ord($cookie[$i]));
		$hex .= str_pad($h, 2, '0', STR_PAD_LEFT);
	}
	return strtoupper($hex);
}

Basic Usage

tor_new_identity() takes three optional parameters –

  • $tor_ip – The IP address of the TOR server you want to access. Defaults to 127.0.0.1
  • $control_port – The TOR control port. Defaults to 9051.
  • $auth_code – The authentication code. Defaults to an empty string. See the next section for more details on this parameter.

The function returns TRUE if it successfuly sent the “new identity” command, FALSE otherwise. If your TOR proxy doesn’t require authentication you can force a new identity very easily :

if (tor_new_identity('127.0.0.01', '9051')) {
	echo "Identity switched!";
}

TOR Authentication

Depending on your configuration, the script may need to authenticate before it can signal TOR to switch to a new identity.

There are three authentication modes TOR supports :

  • None – no authentication required. You don’t need to set the third parameter of tor_new_identity().
  • Cookie – TOR stores a “magic cookie” in the control_auth_cookie file inside it’s data directory. You have to authenticate by sending this cookie encoded in hexadecimal form. You can use tor_get_cookie() to read and properly encode the cookie.
    Example :

      $cookie = tor_get_cookie('/path/to/tor/data/dir/control_auth_cookie');
     tor_new_identity('127.0.0.1', 9051, $cookie);
    
  • Password – your basic password authentication. To authenticate you will need to use the password in “quotes” or a hex-encoded version of the password.
    Example :

      tor_new_identity('127.0.0.1', '9051', '"secret_passw0rd"');
    
Related posts :

40 Responses to “TOR : How To Switch To a New Identity Using PHP”

  1. KronikHedaik says:

    Any ideas how this can be accomplished using VBA? I have programming experience, but certainly not a guru (obvious from the fact that I’m using VBA). I need to run some VBA from Excel and would like to change the identity every now and then – either in time increments or I’ll build it into my loop to change on every iteration. Thanks!

  2. jc says:

    does this still work on the latest tor version?

  3. White Shadow says:

    I haven’t tested it with the latest version, but it should.

  4. apoc says:

    Thanks for your posting it really helped me just now, anyways If you are able to execute shell commands you also can use this:

    echo 123456 > /var/lib/tor/control_auth_cookie
    echo -e ‘AUTHENTICATE “123456”\r\nsignal NEWNYM\r\nQUIT’ | nc localhost 9051

  5. […] http://w-shadow.com/blog/2008/06/20/tor-how-to-new-identity-with-php/ This entry was posted in linux and tagged tor by ares. Bookmark the permalink. […]

  6. Harry says:

    The Password must be surrounded by double quotes in the AUTHENTICATION part in line 8:

    correct code:
    fputs($fp, “AUTHENTICATE \”$auth_code\”\r\n”);

  7. Jānis Elsts says:

    As I already mentioned in the “Tor Authentication” section, the quotes are only required if you’re using a plaintext password. They’re not needed if you use the authentication cookie. If necessary, you can just add the quotes when passing the password to the tor_new_identity function (see example at the end of the post).

  8. julius says:

    function tor_new_identity() is great, thank you!

  9. Anon says:

    You can do it using netcat too: echo -e ‘AUTHENTICATE “auth_code”\nSIGNAL NEWNYM’ | nc 127.0.0.1 9051

  10. thierryotis says:

    And do we use this code to torify php script. When i ask my ip, i receive my real ip address.

  11. Skyul says:

    Thank you for this great piece of code, I am going to implement it into my server to give it a test run.

  12. Carlos says:

    Hi, I have tested this code and in my case it doesn’t function. It occurs some errors like ‘undefined offset in line 10’ when list($code, $text) = explode(‘ ‘, $response, 2);

    Now my code is running with exec(‘sudo /etc/init.d/tor restart’);

  13. Mk says:

    Hello, I test your code but always I obtain “authentication failed” I try to put a password, without password and nothing, always the same. What is the problem?

    Thanks

  14. popopupu says:

    Someone knows how to implement this code using wininet?

  15. David says:

    Hello, I am a complete noob, please tell me how to install this script on Windows 7 on my PC?

  16. Jānis Elsts says:

    Sorry, this script is probably too complicated for people who are not familiar with PHP.

  17. charles says:

    does anyone why fread($fp, 1024); return an empty string(on windows)?

  18. charles says:

    sorry my post was not complete: here is complete version:

    does anyone please know why

    fputs($fp, “SIGNAL NEWNYM\r\n”);
    $response = fread($fp, 1024);

    return an empty $response (on windows)? i can’t get it to work after 5 hours trying everything i use the code in:

    $fp = fsockopen(‘localhost’, 9051, $errno, $errstr, 30);
    $auth_code = ‘a-password’;
    if ($fp) {
    echo “Connected to TOR port”;
    }
    else {
    echo “Cant connect to TOR port”;
    }

    fputs($fp, “AUTHENTICATE \””.$auth_code.”\”\r\n”);
    $response = fread($fp, 1024);
    list($code, $text) = explode(‘ ‘, $response, 2);
    if ($code = ‘250’) {
    echo “Authenticated 250 OK”;
    }
    else {
    echo “Authentication failed”;
    }

    fputs($fp, “SIGNAL NEWNYM\r\n”);
    $response = fread($fp, 1024);

    it is my goal to have TOR usinga new ip for every request

  19. charles says:

    i found the sollution.
    Cause was that i was nog authenticated, due to missing “=” in $code = ‘250

Leave a Reply