TOR : How To Switch To a New Identity Using PHP

TOR. Where would I be without it? TOR has helped me circumvent DNS issues and get around Google blocks more than once. I also use it in some of my programs/scripts. So here’s a simple PHP script that I use to switch TOR to a new identity.

Sidenote : In case you don’t know what TOR is, here are the important bits – it’s a free, volunteer-based netwok of anonymous proxies. There are three things I like about it – it’s free, it works, and it’s easy to switch to a new proxy chain – just get a “new identity”. No need to reconfigure your browser/whatever to use a new proxy address.

The PHP script itself is below, followed by an explanation on how to use it.

New Identity Script

/**
 * Switch TOR to a new identity.
 **/
function tor_new_identity($tor_ip='127.0.0.1', $control_port='9051', $auth_code=''){
	$fp = fsockopen($tor_ip, $control_port, $errno, $errstr, 30);
	if (!$fp) return false; //can't connect to the control port
	
	fputs($fp, "AUTHENTICATE $auth_code\r\n");
	$response = fread($fp, 1024);
	list($code, $text) = explode(' ', $response, 2);
	if ($code != '250') return false; //authentication failed
	
	//send the request to for new identity
	fputs($fp, "signal NEWNYM\r\n");
	$response = fread($fp, 1024);
	list($code, $text) = explode(' ', $response, 2);
	if ($code != '250') return false; //signal failed
	
	fclose($fp);
	return true;
}

/**
 * Load the TOR's "magic cookie" from a file and encode it in hexadecimal.
 **/
function tor_get_cookie($filename){
	$cookie = file_get_contents($filename);
	//convert the cookie to hexadecimal
	$hex = '';
	for ($i=0;$i<strlen($cookie);$i++){
		$h = dechex(ord($cookie[$i]));
		$hex .= str_pad($h, 2, '0', STR_PAD_LEFT);
	}
	return strtoupper($hex);
}

Basic Usage

tor_new_identity() takes three optional parameters –

  • $tor_ip – The IP address of the TOR server you want to access. Defaults to 127.0.0.1
  • $control_port – The TOR control port. Defaults to 9051.
  • $auth_code – The authentication code. Defaults to an empty string. See the next section for more details on this parameter.

The function returns TRUE if it successfuly sent the “new identity” command, FALSE otherwise. If your TOR proxy doesn’t require authentication you can force a new identity very easily :

if (tor_new_identity('127.0.0.01', '9051')) {
	echo "Identity switched!";
}

TOR Authentication

Depending on your configuration, the script may need to authenticate before it can signal TOR to switch to a new identity.

There are three authentication modes TOR supports :

  • None – no authentication required. You don’t need to set the third parameter of tor_new_identity().
  • Cookie – TOR stores a “magic cookie” in the control_auth_cookie file inside it’s data directory. You have to authenticate by sending this cookie encoded in hexadecimal form. You can use tor_get_cookie() to read and properly encode the cookie.
    Example :

      $cookie = tor_get_cookie('/path/to/tor/data/dir/control_auth_cookie');
     tor_new_identity('127.0.0.1', 9051, $cookie);
    
  • Password – your basic password authentication. To authenticate you will need to use the password in “quotes” or a hex-encoded version of the password.
    Example :

      tor_new_identity('127.0.0.1', '9051', '"secret_passw0rd"');
    
Related posts :

40 Responses to “TOR : How To Switch To a New Identity Using PHP”

  1. Adam says:

    Hey,

    Just came across your blog, I’m looking to do something similar in Perl but I’ve not used TOR at all.

    Google kept killing my script after the 2nd page of results, very dull..

    Anyway looks like you have some interesting code snippets so I’m going to have a browse around.

    Cheers [:

  2. dizzle says:

    Thank You…I was having trouble finding the command to change ident on a nix server. You answered that and give me the function . ++++ for you

    Are there more commands to pass?

  3. White Shadow says:

    Yes, there are various commands available. See this exhaustive and not very helpful description : TOR control protocol.

  4. crux says:

    i… don’t understand how to use this. at all.

    My problem is, I just installed the Vidalia bundle, and once I ran Tor, I clicked Start. But it keeps asking me for a password. After going to the settings and trying all 3 options (no pass, cookie, pass), it never worked. The “Use A New Identity” button is black, and I can’t find any way to get this started.

    “There are three things I like about it – itโ€™s free, it works, and itโ€™s easy to switch to a new proxy chain – just get a ‘new identity’.” –yeah, right.

  5. White Shadow says:

    You have to restart TOR after you change the authentication settings. Though you probably tried that already, right? Frankly, I’m not a TOR “guru” (if such a thing even exists), so I think you’d have better luck finding an answer in the TOR documentation.

  6. dizzle says:

    Do you know which command will let me choose the exit node country. I know there must be a way, cause the GUI based vadalia will let you do it.

    Im using straight linux, php, and tor.

    Can you help?

  7. White Shadow says:

    Nope, I don’t know. I’m afraid you’ll have to do your research yourself ๐Ÿ˜›

  8. dizzle says:

    ^ lies… JK

    I have been scouring the docs and command and cannot find it..

    Thanks

  9. […] WShadows TOR switch in php – Small but invaluable, Long live tor. […]

  10. Dwayne Charrington says:

    Hi,

    I am currently developing a bot script for a freelance project, and I am having an issue with Tor and getting a new identity.

    You see instead of using fopen, I am using cURL to connect and I know this is probably easy and trivial and staring at me right in the face, but how do I send the change identity header string to Tor via cURL?

    Thanks,

    Dwayne.

  11. White Shadow says:

    I’m using fsockopen which is not the same as fopen. Doing this with cURL would be extremely hard (if not impossible) because cURL is intended for work with HTTP and not raw sockets. Id’d stick with the fsockopen version if I were you.

  12. Jon says:

    I am trying to send the new identity command from a .NET application using the .NET Socket library. When I connect to the control port with a socket connection, I get the error: [Warning] Socks version 115 not recognized. (Tor is not an http proxy.) in the Tor Message Log.

    Any thoughts? I think the socket library is IPV6. And runs a TCP connection.

  13. White Shadow says:

    Sorry, I’ve never used .NET for anything so I’ve got no idea about why you get that error. Maybe you could use a network sniffer to see what’s actually going on between you app. and TOR; that could provide some clues.

  14. VB.NET says:

    Thank you very much for the script!

    TOR installs with “Randomly Generate” password option set automatically (in the Advanced tab in the settings of Vidalia). For this to work, you need to either specify a password, or specify Authentication as “None”. You MUST restart Vidalia in order for the settings to take effect.

    To see that it works, browse to a site like “whatsmyipaddress.com” and note the IP address. you can optionally TELNET into the control port, type “AUTHENTICATE” then press “enter” (for the nopassword option), then type “signal newnym” and press “enter”. Refresh your browser (that has been set to point to TOR’s proxy server) and notice that your IP address has changed!

    I’m going to rewrite this script in VB.NET so I can do other t’ings.

    Thanks again!

  15. pierre says:

    Hi! Thanks a lot for the piece of code. Just on more thing, about the password auth. On my MAC i need to tune a bit your code and change the
    fputs($fp, “AUTHENTICATE $auth_code\r\n”);
    to
    fputs($fp, “AUTHENTICATE \””.$auth_code.”\”\r\n”);

    cheers!

  16. Thank you for the script.
    So we can force TOR to change identity, but next question is how to ask TOR what new identity is and/or what new trace?

  17. White Shadow says:

    Take a look at the TOR control protocol spec. It’s not exactly a light read, but I’m pretty sure you’ll find your answer in there, somewhere.

  18. boaty says:

    Thanks for this, I haven’t yet tried it out, but it looks simple and straight-forward.

    Excellent! ๐Ÿ˜€

  19. 3mp7y says:

    hello, i would love to integrate a change identity button in a html page so google brought me here. However I have no knowledge of php and such and i must admit i don’t understand your script and I have no idea on how i can use it even if i red all you wrote carefully. Could you please help me?

    Sorry for my not so good english.

    regards

  20. White Shadow says:

    Well, do you have any programming experience at all? If not, this script probably won’t be something you can easily integrate in a page.

Leave a Reply