Developers of the project Tor introduced the utility oniux , designed for the forced direction of the traffic of individual applications through the Tor network. According to its purpose, Oniux resembles a previously accessible Torsocks program and is used to use the Network Namespace spaces provided by the Linux nucleus, instead of replacing the functions of the standard library through the LD_PRELOAD mechanism. The utility code is written in Rust and is distributed under the licenses of Apache 2.0 and mit.
Oniux allows you to create an isolated container for any application, the traffic from which is forcibly redirected only through the Tor network. To send traffic from the container, a tunnel based on onionmasq , inside the container, looks like a virtual network interface (tun). Access to the mainly surrounded network interfaces is blocked at the level of use of the network stack in a separate space of names.
Compared to Torsocks, the new utility is not limited to the substitution of library functions and blocks all possible leakage channels (for example, redirecting through Torsocks can be circumvented through a direct appeal to the systemic nucleus). The program also protects against leaks caused by errors when setting ups-proxy, directing traffic to the Tor network. At the cost of more rigid isolation is the loss of multifaceted – Oniux can only work in Linux.
The ONIUX utility is self -sufficient and does not require a separate Tor background process to work. Interaction with the Tor network in Oniux is built using the library developed by the Arti project, while Torsocks is based on ctor and uses SOCKS-proxy. The ONIUX utility may be useful for launching applications and services that are critical in terms of confidentiality.
The use is reduced to adding the call of the ONIUX utility before launching the desired program. For example, to send a request through Curl on top of Tor, you can perform
The “Oniux Curl URL” command, and to send through the TOR any requests inside the session with the command interpreter – “Oniux Bash”. The insulation of graphic applications is maintained.