130n@calvinlai.com
  • About Calvin Lai (fkclai)
  • My Work
  • Cyber Security
    • Cyber Security Centre (CSC)
      • Why we need a CSC
      • CSC Team Structure: Roles, Functions, and Tools
        • Key Function & Role
        • Tools & Platforms
        • People
        • Outsource Strategy
      • HRMC Executive Paper
  • Detection and Response
    • Playbook: Threat Prioritization & Automated Response Strategies
      • Scenario: Detecting and Mitigating a Ransomware Attack
      • Scenario: DC Sync Attack Detected and Mitigated
      • Scenario: Pass-the-Hash (PtH) Attack Detected and Contained
      • Scenario: Phishing Campaign with Malware / Credential Theft Detected and Mitigated
  • Application Architecture
    • Comparison of MVC , N-tier and Microservice Architecture
  • Application Security
    • OAuth, SAML, and OpenID Connect: Key Differences and Use Cases
    • Secure Coding Principles
    • HTTP Header Security Principles
    • Mitigating Broken Object Level Authorization (BOLA)
    • Spring Boot Validation
    • Output Encoding in JavaServer Faces (JSF)
    • Session Management Security Issues
    • Common API Security Problems
      • Broken Authentication
      • Excessive Data Exposure
      • Lack of Resources & Rate Limiting
      • Broken Function Level Authorization
      • Unsafe Consumption of APIs
    • JAVA Exception Handling
    • File Upload Validation
    • OAuth 2.0 Security
      • Insecure Storage of Access Tokens
    • Microservice Security
      • Sample Coding Demo
        • Service Implementation
        • Client Interaction
      • Security Solution for Microservices Architecture
    • Modifying and Protecting Java Class Files
      • Modify a Class File Inside a WAR File
      • Direct Bytecode Editing
        • Steps to Directly Edit a Java Class File
          • Update: Java Bytecode Editing Tools
      • Techniques to Protect Java Class Files
        • Runtime Decryption in WebLogic
    • JAVA Program
      • Secure, Concurrent Web Access Using Java and Tor
      • Creating a Maven Java project in Visual Studio Code
  • Exploit/CVE PoC
    • ZeroLogon Exploit
    • Remote Retrieved Chrome saved Encrypted Password
    • Twitter Control an RCE attack
  • Hacking Report (HTB)
    • Hits & Summary
      • Tools & Cheat Sheet
    • Windows Machine
      • Love 10.10.10.239
      • Blackfield 10.10.10.192
      • Remote 10.10.10.180
      • Sauna 10.10.10.175
      • Forest 10.10.10.161
      • Sniper
      • Json
      • Heist
      • Blue
      • Legacy
      • Resolute
      • Cascade
    • Linux Machine
      • Photobomb 10.10.11.182
      • Pandora 10.10.11.136
      • BountyHunter 10.10.11.100
      • CAP 10.10.10.245
      • Spectra 10.10.10.229
      • Ready 10.10.10.220
      • Doctor 10.10.10.209
      • Bucket 10.10.10.212
      • Blunder 10.10.10.191
      • Registry 10.10.10.159
      • Magic
      • Tabby
  • Penetration Testing
    • Web Application PenTest
    • Network/System PenTest
    • Mobile Penetration Test
      • Certificate Pinning
        • Certificate Pinning Bypass (Android)
          • Root a Android Device
          • Setup Proxy Tool - Burp Suite
      • Checklist
  • Threat Intelligence
    • Advanced Persistent Threat (APT) groups
      • North Korean APT Groups
      • Chinese APT Groups
      • Russian APT Groups
      • Other APT
  • Red Team (Windows)
    • 01 Reconnaissance
    • 02 Privileges Escalation
    • 03 Lateral Movement
    • 04 AD Attacks
      • DCSync
    • 05 Bypass-Evasion
    • 06 Kerberos Attack
    • 99 Basic Command
  • Exploitation Guide
    • 01 Reconnaissance
    • 02 Port Enumeration
    • 03 Web Enumeration
    • 04 Windows Enum & Exploit
      • Windows Credential Dumping
        • Credential Dumping: SAM
        • Credential Dumping: DCSync
      • Kerberos Attack
      • RDP
    • 05 File Enumeration
    • 06 Reverse Shell Cheat Sheet
      • Windows Reverse Shell
      • Linux Reverse Shell
    • 07 SQL Injection
    • 08 BruteForce
    • 09 XSS Bypass Checklist
    • 10 Spring Boot
    • 11 WPA
    • 12 Payload list
  • Vuln Hub (Writeup)
    • MrRobot
    • CYBERRY
    • MATRIX 1
    • Node-1
    • DPwwn-1
    • DC7
    • AiWeb-2
    • AiWeb-1
    • BrainPan
  • CTF (Writeup & Tips)
    • CTF Tools & Tips
    • Hacker One
    • CTF Learn
    • P.W.N. University - CTF 2018
    • HITCON
    • Pwnable
      • 01 Start
  • Useful Command/Tools
    • Kali
    • Windows
    • Linux
  • Offensive Security Lab & Exam
    • Lab
    • Tools for an Offensive Certification
      • Strategy for an Offensive Exam Certification
        • CVEs
        • Privilege Escalation
        • Commands
        • Impacket
  • ISO 27001
    • Disclaimer
    • What is ISO 27001
      • Implementation
    • Documentation
    • Common Mistake
    • Q&A
      • Can internal audit to replace the risk assessment
      • Is it sufficient for only the IT department head to support the ISO 27001 program
      • Does the Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are the same?
    • ISO 27001 Controls and Domains
      • 1. Information Security Policies
      • 2. Organization of Information Security
      • 3. Human Resource Security
      • 4. Asset Management
      • 5. Access Control
      • 6. Cryptographic Controls
      • 7. Physical and Environmental Security
      • 8: Operational Security
      • 9. Communications Security
      • 10. System Acquisition, Development, and Maintenance
      • 11. Supplier Relationships
      • 12: Information Security Incident Management
      • 13. Information Security Aspects of Business Continuity Management
      • 14. Compliance
Powered by GitBook
On this page
  • Overview
  • Prerequisites
  • Step 1: Install Required Software
  • Step 2: Set Up Your Java Project
  • Step 3: Implement Tor Integration and Multi-threading

Was this helpful?

  1. Application Security
  2. JAVA Program

Secure, Concurrent Web Access Using Java and Tor

A Comprehensive Guide for developing a Secure, Concurrent Web Access Using Java and Tor:

PreviousJAVA ProgramNextCreating a Maven Java project in Visual Studio Code

Last updated 4 months ago

Was this helpful?

Overview

This guide details how to set up a Java environment to access websites using Tor for anonymity, implement multi-threading with 100 threads, introduce random delays, and save HTTP responses to a file. We will use the Tor Java Library (Orchid) and OkHttpClient.

Disclaimer

The source code provided here is for educational purposes only. While the Java source code compiles without errors, it is not configured to execute directly. You are encouraged to modify and adapt the code to suit your needs. Please note that any modifications or executions of the code are done at your own risk. The authors and distributors of this code are not responsible for any consequences resulting from its use.

Prerequisites

  1. Java Development Kit (JDK)

  2. Integrated Development Environment (IDE)

  3. Tor Browser

  4. Maven (Optional for dependency management)

Step 1: Install Required Software

1. Install Java Development Kit (JDK)

  • Download and install the JDK from the .

  • Set up the JAVA_HOME environment variable and add the JDK bin directory to your system's PATH.

2. Install an Integrated Development Environment (IDE)

  • Choose an IDE like IntelliJ IDEA, Eclipse, or Visual Studio Code.

  • Download and install your preferred IDE.

Step 2: Set Up Your Java Project

  1. Create a New Java Project in Your IDE:

    • Open your IDE and create a new Java project.

  2. Add Dependencies:

    • If you are using Maven, add the following dependencies to your pom.xml file:

      <dependencies>
    <dependency>
        <groupId>org.apache.httpcomponents</groupId>
        <artifactId>httpclient</artifactId>
        <version>4.5.13</version>
    </dependency>
    <dependency>
        <groupId>com.subgraph.orchid</groupId>
        <artifactId>orchid</artifactId>
        <version>1.0.0</version>
    </dependency>
</dependencies>

    • If you are not using Maven, download the JAR files for Apache HttpClient and the Tor Java Library (Orchid) and add them to your project’s build path.

    • Example pom.xml

Step 3: Implement Tor Integration and Multi-threading

  1. Implement Multi-threading with Delay and File Writing:

    • Use ExecutorService to manage a pool of threads.

    • Add a random delay between starting new threads.

    • Save each HTTP response to a file.

package com.example;

import java.io.BufferedWriter;
import java.io.FileWriter;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.Socket;
import java.util.Random;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;

import com.subgraph.orchid.TorClient;

import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

public class MultiThreadedTorProxy {
    private static final String TARGET_URL = "http://127.0.0.1:8080";
    private static final int NUM_THREADS = 1;

    public static void main(String[] args) {
        // Initialize Tor
        TorClient torClient = new TorClient();
        System.out.println("Starting Tor client...");
        String torProxyHost = "127.0.0.1";
        int torProxyPort = 9050;

        try {
            torClient.start();
            torClient.enableSocksListener(torProxyPort); // Default SOCKS port
        } catch (Exception e) {
            e.printStackTrace();
        }

        // Ensure Tor is fully started
        while (!isSocksPortOpen(torProxyHost, torProxyPort)) {
            try {
                System.out.println("Waiting for Tor to start...");
                Thread.sleep(1000); // Check every 1 second
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }
        }
        System.out.println("Tor proxy is running on port 9050");

        // Set up ExecutorService for multithreading
        ExecutorService executor = Executors.newFixedThreadPool(NUM_THREADS);
        Proxy proxy = new Proxy(Proxy.Type.SOCKS, new InetSocketAddress(torProxyHost, torProxyPort));
        Random random = new Random();

        for (int i = 0; i < NUM_THREADS; i++) {
            // Introduce a random delay between 5 to 15 seconds
            try {
                int delay = 5000 + random.nextInt(10000);
                System.out.println("Thread " + i + " sleeping for " + delay + " ms");
                Thread.sleep(delay);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
            }

            // Submit tasks to the executor
            executor.submit(() -> {
                OkHttpClient client = new OkHttpClient.Builder()
                        .proxy(proxy)
                        .build();

                Request request = new Request.Builder()
                        .url(TARGET_URL)
                        .get()
                        // .post(RequestBody.create(
                        // MediaType.parse("application/json"),
                        // "{\"loginid\":\"yourLoginId\", \"password\":\"yourPassword\",
                        // \"queryId\":\"yourQueryId\"}"))
                        .build();
                System.out.println(request);
                try (Response response = client.newCall(request).execute()) {
                    if (response.body() != null) {
                        System.out.println(response.headers());
                        String content = response.body().string();
                        saveResponseToFile(content);
                    } else {
                        System.out.println("fail empty respond");
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                }
            });
        }

        // Shutdown the executor
        executor.shutdown();
        try {
            if (!executor.awaitTermination(60, TimeUnit.SECONDS)) {
                executor.shutdownNow();
            }
        } catch (InterruptedException e) {
            executor.shutdownNow();
            Thread.currentThread().interrupt();
        }

        // Stop Tor client
        torClient.stop();
    }

    private static void saveResponseToFile(String content) {
        try (BufferedWriter writer = new BufferedWriter(new FileWriter("responses.txt", true))) {
            writer.write(content);
            writer.newLine();
            writer.newLine(); // Separate each response with a new line
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    private static boolean isSocksPortOpen(String host, int port) {
        try (Socket socket = new Socket(host, port)) {
            return true;
        } catch (IOException e) {
            return false;
        }
    }
}

```

Step 4: Compile and Run the Application

  1. Compile Your Java Project:

    • Ensure that all dependencies are properly included and compile your project.

  2. Package the Application:

  • Package your application into a JAR file if necessary.

mvn clean package

  1. Run the Application:

  • Execute the compiled Java application. It will start the Tor client and make concurrent HTTP requests through the Tor network.

java -cp path/to/your/project.jar MultiThreadedTorProxy

Summary

  • Java Development Kit (JDK): Download and install from the Oracle website.

  • Integrated Development Environment (IDE): Install IntelliJ IDEA, Eclipse, or VS Code.

  • Tor Browser: Download and install from the Tor Project website.

  • Dependencies: Add Tor Java Library (Orchid) to your project.

  • Multi-threading: Use ExecutorService to manage 100 threads with random delays and save HTTP responses to a file.

Oracle website
3KB
pom.xml
3KB
demo-1.0-SNAPSHOT.jar