settings.cfg

#!/bin/bash
#              ###########################################
#              ##########                       ##########
#              ##########        SPLITTER       ##########
#              ##########       Ver: 0.2.4      ##########
#              ##########                       ##########
#              ###########################################
#
#       Created By: Rener Alberto (aka Gr1nch) - DcLabs Security Team
#       E-Mail: rener.silva@protonmail.com
#       PGP Key ID: 0x65f912ed59949f8e
#       PGP Key FingerPrint: 7B7A 8E83 82D3 DACD 4B3B  CFE0 65F9 12ED 5994 9F8E
#       PGP KEY Download: https://pgp.mit.edu/pks/lookup?op=get&search=0x65F912ED59949F8E
#
#       BSD License - Do whatever you want with this script, but take the responsibility!
#       You are responsible for your actions.
#       The creator assume no liability and is not responsible for any misuse or damage.


#######################################################################################
#################################                     #################################
#################################  PRE CONFIGURATION  #################################
#################################                     #################################
#######################################################################################

#              PLEASE, READ BEFORE EXECUTE THIS SCRIPT!!!!
#
#
# This script is using TOR GEOIP to avoid create circuits or use the same coutry as TOR "ENTRY NODE" and TOR "EXIT NODE".
# In another words, we will always have "hops" in relays from different countries difficulting the correlation of events
# due to the high fragmentation of request among TOR INSTANCES running in different countries.
#
# Think about what is the effort necessary for your adversary to be able to compromise a TOR node in divergents countries like:
#    United States, Russia, Japan, China, North Korea, South Korea, Brazil, Sweden, Island, Ukraine etc.
# Those countries have different laws and legal bureaucracies. The legal privacy breach could not be so easy.
#
# Ok, but let's consider that your adversary could be able to compromise the entire TOR NETWORK. Now think about the effort necessary
# to your adversary be able to correlate all your requestes fragmented between all different TOR Instances running in different countries
# and using different TOR circuits for each request. Well... GOOD LUCK GUYS! Try harder!
#
#
# You can control the selection of countries and it will affect the choice of "ENTRY NODES" or the choice of "EXIT NODES".
# By default the script will specify the countries to be used as ENTRY NODES and will use any other country as "EXIT NODES"
# but never user the same country that was selected to be used as ENTRY NODE.
#
# If you need to bypass a GeoIP protection, you can define the countries that will be used as EXIT-NODES. In this mode you will always,
# hit your target using IP's from the specific countries.
#
# If you realy need a FAST connection, you can force the SCRIPT to use the SAME COUNTRY for all TOR NETWORK hops.
# It means that the script will create the TOR INSTANCE USING the SAME COUNTRY as ENTRY NODE, "INTERNAL TOR JUMP NODE" and EXIT NODE.
# In summary you're reducing the DELAY between the hops and ensuring the BEST SPEED PERFORMANCE of the TOR instance.
# CAUTION! This option is not considered a safe option, because your adversary can COMPROMISE the ENTRY and the EXIT node and correlate your
# internet traffic. In another hand you can use a high number of COUNTRIES to reduce the amount of data that your adversary will be able to collect.
#
# The options available are:
#  1) entry:     This is the default option and the best approach for security and anonimity.
#                      The load balancing algorithm for this option is: Static Round Robin.
#
#  2) exit :     This option is GOOD to bypass GeoIP protections. But reduce the number of EXIT NODES that TOR can use. Repeat the same exit node.
#                      The load balancing algorithm for this option is: Static Round Robin.
#
#  3) speed:  This option is the FASTEST option but reduces the security.
#                      Be carrefull and try to use a HIGH NUMBER OF COUNTRIES if you enable this one.
#                      The load balancing algorithm for this option is: Least Connections Round Robin.
#                      This option is good for downloading or media streaming, but it's not recomended for PENETRATION TESTING.
#                      Also, some contries doesn't have ENTRY GUARDS and EXIT NODES enougth to create valid circuits. Keep your eyes on the
#                      status/helth check URL Monitor to detect and avoid those countries. By default the helth check is: http://127.0.0.1:3129/status
#
#  3) none:  This option don't change the tor Behavior. The TOR algorithm it's free to generate the circuits using any country from the list of ACCEPTED_COUNTRIES.
#
# About the load balancing algorithms:
#    Round Robin:                   Each TOR INSTANCE is used in turns. If a TOR INSTANCE have no valid circuits available
#                                   the algorithm will consider this instance down and skip it until have a valid circuit open and ready to be used.
#                                   When the TOR INSTANCE manage to creat a valid circuit, the script will test it and immediately reintroduced into
#                                   the farm, once the full map is recomputed.
#
#    Least Connections Round Robin: The TOR INSTANCE with lowest number of connections receives the next connection.
#                                   Round-robin is performed to ensure that all servers will be used but the fastests TOR INSTANCES could receive
#                                   and process more request then the slow ones. It increase the chances of you use an compromised TOR circuit or in case
#                                   of penetration testing be detected for INTRUSION PREVENT SYSTEMS because you can HIT your target more times with the
#                                   same IP address, allowing the IPS to correlate the behavior and detect your attack.
#

########################################################################
#Accepted Countries whith (EXIT) and (ENTRY GUARDS) can be used to force entry or exit:
#curl -k "https://onionoo.torproject.org/details?search=flag:Exit%20flag:valid%20running:true%20flag:guard" | sed 's|},|},\n|g' | egrep 'Exit||Fast||Guard||Running' | sed "s|,|\n|g" | grep '"country":' | cut -d ':' -f 2 | sed 's|^\"|\{|g' | sed 's|"$|\}|g' | sort | uniq -c | sort -nr
###
# ONLY UP TO 10 (EXIT or GUARD)
# Amount / Country
#    420 {us}
#    324 {de}
#    168 {lu}
#    142 {nl}
#     77 {at}
#     65 {se}
#     52 {ro}
#     44 {ch}
#     36 {fr}
#     29 {pl}
#     21 {no}
#     21 {gb}
#     18 {ua}
#     18 {md}
#     18 {dk}
#     15 {fi}
#     14 {is}
#     14 {ca}
#     13 {hr}
#     10 {lv}
#     10 {bg}
###
# {us},{de},{lu},{nl},{at},{se},{ro},{ch},{fr},{pl},{no},{gb},{ua},{md},{dk},{fi},{is},{ca},{hr},{lv},{bg}
###

MY_COUNTRY_LIST="RANDOM"


# The official list of SPLITTER ACCEPTED_COUNTRIES only consider contries which have ENTRY-GUARDS and EXIT relays.
# Countries that doesn't have at least 1(one) ENTRY-GUARD and EXIT relay "at same time" it's not considered on the official list.
# Source: https://metrics.torproject.org/rs.html#aggregate/cc/flag:valid%20flag:exit%20flag:guard%20flag:fast%20
# Updated: 26th June 2020 -- Total of countries with EXIT NODES and ENTRY-GUARDS: 43
#
# To be considered the country must have the following flags:
#    VALID: The TOR relay is valid and was checked by TOR PROJECT.
#    GUARD: The GUARD is an extra proctetion from TOR project to avoid you use an compromised TOR relays.
#    FAST:  The relays is fast enough for fast connection.
#    EXIT:  The relays of the country allow your connect "EXIT" the tor network and hit the target website.
EXIT_COUNTRIES="{us},{de},{lu},{nl},{at},{se},{ro},{ch},{fr},{pl},{no},{gb},{ua},{md},{dk},{fi},{is},{ca},{hr},{lv},{bg}"

ACCEPTED_COUNTRIES="{us},{de},{lu},{nl},{at},{se},{ro},{ch},{fr},{pl},{no},{gb},{ua},{md},{dk},{fi},{is},{ca},{hr},{lv},{bg}"

ENTRY_COUNTRIES="{us},{de},{lu},{nl},{at},{se},{ro},{ch},{fr},{pl},{no},{gb},{ua},{md},{dk},{fi},{is},{ca},{hr},{lv},{bg}"

BLACKLIST_COUNTRIES="{im},{ph},{mu},{kh},{sa},{ae},{mn},{az},{gh},{vn},{ec},{ke},{ar},{mt},{kg},{eg},{ve},{ge},{id},{kr},{ng},{mk},{pk},{tw},{th},{rs},{kz},{eu},{si},{ly},{cl},{tr},{in},{sk},{ba},{br},{mc},{al},{ru},{my}"

# This option will keep on the display the current list of countries that are in use.
# The status show the following details:
# <TOR_PID_PROCESS>, <TOR_INSTANCE_NUMBER>, <CURRENT_COUNTRY>, <TOR_CONFIG_FILE>
# Output Sample:
#       _14744,1,{se},/tmp/splitter/tor1/tor_1.cfg
#       _12594,2,{ca},/tmp/splitter/tor2/tor_2.cfg
#       _13334,3,{at},/tmp/splitter/tor3/tor_3.cfg
SHOW_STATUS="yes"

# You need define the Upstream proxy option. All TOR connections will be created using this PROXY.
# If you leave this option empty UPSTREAM PROXY will not be used.
# Expected Format: IP:PORT
# Sample: 172.17.0.1:63541
# Tor will make all its OR (SSL) connections through this host:port (or host:443 if port is not specified), via HTTP CONNECT rather than connecting directly to servers.
# You may want to set FascistFirewall to restrict the set of ports you might try to connect to, if your HTTPS proxy only allows connecting to certain ports.
UPSTREAM_SPLITTER_NETWORK_PROXY=""

# UPSTREAM PROXY: Authentication
# If defined, Tor will use this username:password for Basic HTTPS proxy authentication, as in RFC 2617. This is currently the only form of HTTPS proxy authentication that Tor supports
#Expected format:
# username:password
# If you leave this option empty authentication will not be used to access your upstream proxy.
UPSTREAM_SPLITTER_NETWORK_PROXY_AUTH=""


#To increese the security, by default this script will change the country related with the TOR INSTANCE.
#It's a good strategy to reduce even more the chances of still using the same compromised TOR RELAY.
#In summary this option will reduce even more the total amount of date that your adversary will be able to collect on his compromised TOR RELAY.
#Set this options to "NO" if you do not expect change the countries. It's usefull for specific cases of GeoIP bypass.
CHANGE_COUNTRY_ONTHEFLY="YES"

# Select a ramdom country and change all instances related with this country every "X" seconds.
# This option defines de delay in seconds between the changes of countries.
# The script will select a ramdm instance and change the current country of this instance selecting a ramdom country from your "ACCEPTED COUNTRIES LIST".
# This reduces even more the chances of your adversary intercept and correlate your actions, because will set a different country for the new circuits.
# The script will change only 1 instance per time, respecting the delay of this option.
# Considering that every instance is already changing the circuit every 10 seconds. You can consider a minimum value for this options like 30 seconds.
# This will make the script use the same country for at least 3 times before change to another country.
# Don't set a number lower than 180 seconds. The TOR need at least 40 seconds to start a new TOR INSTANCE
CHANGE_COUNTRY_INTERVAL="200"
KEEP_SAME_COUNTRY_FOR_AT_LEAST="170"
SAME_TIME_CHANGING_LIMIT="3"
SHOW_CURRENT_INSTANCE_STATUS_EVERY="215"

#Number of times that the script will retry to connect and send your request.
#It will try the request this number of time for each TOR INSTANCE until succeed.
RETRIES="10"

#HTTP Request Timeout from the LoadBalancer --> TOR --> Your Target Server
#Suggestion: Do not set it lower than 10 seconds. I would suggest 30 seconds.
MINIMUM_TIMEOUT="15"

#TOR DNS Request Timeout. Default 3 seconds
DNS_TIMEOUT="4"

#Maximum Concurrent Conections per TOR INSTANCE
#By default This script is using 20.
MAX_CONCURRENT_REQUEST="20"

#First sock port to bind. The script will increase this number for each instance.
#The number will increase according to the number of TOR INSTANCES in execution.
#In another words, if you are running 7 instances in 7 different countries you'll have 49 intances and total amount of ports
#considering the default settings is: (7x7=49 instances) --> 8.999+49(instances) = 9.048
#Considering the previos example, you should check if all ports between 8.999 and 9.048 are free!
START_SOCKS_PORT="4999"

#First control port to bind. The script will increase this number for each instance.
#The number will increase according to the number of TOR INSTANCES in execution.
#In another words, if you are running 7 instances in 7 different countries you'll have 49 intances and total amount of ports
#considering the default settings is: (7x7=49 instances) --> 4.999+49(instances) = 5.048
#Considering the previos example, you should check if all ports between 4.999 and 5.048 are free!
START_CONTROL_PORT="5999"


#First local DNS port to bind. The script will increase this number for each instance.
#The number will increase according to the number of TOR INSTANCES in execution.
START_DNS_PORT="5299"

#Firt local HTTP Port to bind. The script will increase this number for each instance.
#The number will increase according to the number of TOR INSTANCES in execution.
TOR_START_HTTP_PORT="5199"

#Firt local Transparent Proxy-Port to bind. The script will increase this number for each instance.
#The number will increase according to the number of TOR INSTANCES in execution.
TOR_START_TransPort="5099"

#Catch the TOR binary path
#TORPATH="/usr/local/bin/tor"
TORPATH="/usr/sbin/tor"

#TOR Binary Path
HAPROXY_PATH="/usr/sbin/haproxy"

#Catch the user logged
USER_ID=$(id | cut -d ")" -f 1 | cut -d "(" -f 2)
USER_UID=$(id | sed "s|(|\n|g" | sed "s|) |\n|g" | grep "=" | grep "uid" | cut -d "=" -f 2)
USER_GID=$(id | sed "s|(|\n|g" | sed "s|) |\n|g" | grep "=" | grep "gid" | cut -d "=" -f 2)

# CAUTION! CAUTION! CAUTION!!!
# This directory will be complete deleted if already exist!
#By default the script will keep all temporary and config files inside /tmp/ramdon_tor.
#Even inside the /tmp directory, this script will set the permissions in this directory ONLY for the root and the current user.
TOR_TEMP_FILES="/tmp/splitter"

#Define the TOR sockets to listen only for the localhost
LISTEN_ADDR="127.0.0.1"

#DNS Loadbalance Listen
DNSDIST_SERVER_LISTEN="0.0.0.0"

#DNS LoadBalance Port
DNSDIST_SERVER_PORT="5353"

#Define the TOR DNS to listen only for the localhost
TOR_DNS_LISTEN="127.0.0.1"

# By default the logs are disabled! No logs, no crime!
# If you want's to enable logs for debug reasons, locate it in the lines bellow and remove the comment.
LOGDIR="${TOR_TEMP_FILES}"

# By default logs are disabled! No logs, no crime!
# If you want's to enable logs for debug reasons, locate it in the lines bellow and remove the comment.
LOGNAME="tor_log_"

#Generate a random string to use for TOR control password and HAPROXY stats password.
RAND_PASS=$(dd if=/dev/urandom bs=40 count=1 2> /dev/null | base64)

#Using TOR to HASH the RAND_PASS generated before.
TORPASS=$($TORPATH --hash-password "${RAND_PASS}"|grep "16:")

#Set the PRIVOXY binary path
PRIVOXY_PATH="/usr/sbin/privoxy"

#Set the path for the PRIVOXY config file!
#This script will create the config file and execute the PRIVOXY using this config.
PRIVOXY_FILE="${TOR_TEMP_FILES}/privoxy_splitter_config_"

#Set the path for the HAPROXY config file!
#This script will create the config file and execute the HAPROXY using this config.
MASTER_PROXY_CFG="${TOR_TEMP_FILES}/splitter_master_proxy.cfg"

#Set the PRIVOXY to listen only for the local host.
#If you want to share your RANDOM TOR connection with everyone, set it to 127.0.0.1
PRIVOXY_LISTEN="127.0.0.1"

#Set the HAPROXY to listen only for the local host.
#If you want to share your RANDOM TOR connection with everyone, set it to 127.0.0.1
MASTER_PROXY_LISTEN="0.0.0.0"

#Set Which port HAPROXY will bind to HTTP client connections.
#You will use this same port in the proxy settings of your brownser.
MASTER_PROXY_SOCKS_PORT="63536"

#Set Which port HAPROXY will bind to HTTP client connections.
#You will use this same port in the proxy settings of your brownser.
MASTER_PROXY_HTTP_PORT="63537"

#Set Which port HAPROXY will bind to HTTP client connections.
#You will use this same port in the proxy settings of your brownser.
MASTER_PROXY_TRANSPARENT_PORT="63538"

#Set the MASTER PROXY STATUS to listen only for the local host.
MASTER_PROXY_STAT_LISTEN="0.0.0.0"

#Set the stats port for HAPROXY.
#You can connect to this port to check the statistics about the COUNTRIES
MASTER_PROXY_STAT_PORT="63539"

#Set the HAPROXY stats URI
#You can access the status page using:
MASTER_PROXY_STAT_URI="/splitter_status"

#Set the MASTER PROXY Status Password
MASTER_PROXY_STAT_PWD="${RAND_PASS}"

#Set Which port the PRIVOXY will bind to the SUB-PROXY or COUNTRY PROXIES.
#The Master proxy will use this increase port numbers as FORWARD PROXIES.
#The number will increase according to the number of TOR INSTANCES in execution.
#In another words, if you are running 7 instances in 7 different countries you'll have 49 intances and total amount of ports
#considering the default settings is: (7x7=49 instances) --> 10999+49(instances) = 11,048
#Considering the previos example, you should check if all ports between 10.999 and 11.048 are free!
PRIVOXY_START_PORT="6999"

#Proxychains config file.
#	The first place where proxychains will lookup for the config file is in the current directory.
#	The second place is inside the directory .proxychains locate inside the "home" directory of the current user.
#	The third place is the default /etc/proxychains.conf
#This script assumes that this directory already exists inside the "home" directory of the user.
PROXYCHAINS_FILE="${HOME}/.proxychains/proxychains.conf"

#TOR CIRCUIT HEALTH CHECK TARGET DOMAIN
#The script will try to access this address using TOR to check if the TOR circuit is alive and have no DNS resolution related problems.
#Use only server with HTTPS support! Remove the https:// like the sample.
#Samples:
#1) HEALTH_CHECK_URL="protonirockerxow.onion"
#2) HEALTH_CHECK_URL="www.google.com"
HEALTH_CHECK_URL="www.google.com"

#Define the interval between the checks of HELTH CHECK.
#Default: HEALTH_CHECK_INTERVAL="5"
HEALTH_CHECK_INTERVAL="1"
HEALTH_CHECK_INTERVAL_SOCKS="1"

#How many times the HEALTH check can fail before consider the TOR INSTANCE DOWN?
#If you need to ensure a better stability you need to keep this number very low.
#Consider the TOR INSTANCE DOWN IF the following number of HEALTH check request fail.
HEALTH_CHECK_MAX_FAIL="1"

#How many time the HEALTH check need to succeed before consider the TOR INSTANCE UP?
#Consider the TOR INSTANCE UP if the following number of HEALTH check request succeed.
HEALTH_CHECK_MININUM_SUCESS_SOCKS="20"
HEALTH_CHECK_MININUM_SUCESS="3"

#Please keep the value below updated!
#The script will remove any User-Agent sent by your brownser or your applications and replace for this one.
#The adversary can check if you are using a different User-Agent and identify you.
#This feature will make your traffic more similar with all other TOR users.
#Check out the current TOR Brownser user agent and keep this value updated.
TOR_BROWNSER_USER_AGENT="Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0"

#This proxy will not be used to, by default TOR do not accept these networks:
DO_NOT_PROXY="127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,0.0.0.0/8,100.64.0.0/10,169.254.0.0/16,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,198.18.0.0/15,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,240.0.0.0/4,255.255.255.255/32"


#########################################################
################ TUNNING CONFIGS SESSION ################
#########################################################

# You can configure how long time each "layer" of proxies should wait before the timeout.
# The suggestions bellow are aiming the best performance/stability.
# The explanation about each parameter is based on the original documentation.
# These options will define define the TOR tunning options.
#
#  ####################
#  #### CAUTION!!! ####
#  ####################
#	Please read the description of each option to understand and perform your own tunning if you're using a slow internet connection.
#	The use of TOR BRIDGE defeat the propose of this script for this reason I'm not considering the TOR BRIDGE as one option for this script.
#	Also, the main idea of my TOR infrastructure is to keep this script running in a VPS which uses a VPN as default gateway. In another words.
#	It's not safe to use conect directly to the TOR without a VPN connection.
# 	All setting related with TOR are trying to respecting and follow the DEFAULT settings but focused in security.
#	You don't need to change nothing bellow this line to have a good TOR experience. All setting below are focused in the best approach for
#   security and privacy.
############################################################################################################################

## Level 1: TOR Settings

#	RejectPlaintextPorts		 		 --> Like WarnPlaintextPorts, but instead of warning about risky port uses,
#            Tor will instead refuse to make the connection.
#           (TOR Default is: None, because they are assuming that you are running tor with TOR BROWNSER with plugin
#             'HTTPS Everywhere' enabled to blocks unecrypted web sites).
#            Suggestion: By default this options is not enabled! But you can block the traffic for unecripted ports.
# This option is not recomended if you're using hidding services(sites from deepweb), but if you will not access hidden services and will
# not use this script for penetration test propose, you can enable it.
# Please, be aware that many websites and java scripts still sending data unecrypted using the port 80. By enable this option
# you will only send and receive data using encrypted ports. All data send or received at unecrypted ports will be dropped.
# It's a good security approach but can broke the functionality of many websites and scripts that only send unecrypted data.
# It's recomended include the port 80 on this list.
RejectPlaintextPorts="21,23,25,109,110,143"

#	WarnPlaintextPorts					 --> Tells Tor to issue a warnings whenever the user tries to make an anonymous connection to one of these ports.
#            This option is designed to alert users to services that risk sending username and passwords in the clear.
#            (TOR Default is: 23,109,110,143)
#            Suggestion: This options will not block! But will include a "warning" message inside the TOR LOG file, about data beeing send using
# unecrypted ports. Can be use to detect if a specific website is sending data unecrypted.
#WarnPlaintextPorts="21,23,25,80,109,110,143"

#	CircuitBuildTimeout 		 --> Try for at most NUM seconds when building circuits. If the circuit isn’t open in that time, give up on it.
#             (The TOR Default is 60 seconds)
CircuitBuildTimeout="60"


#	CircuitsAvailableTimeout NUM
#           Tor will attempt to keep at least one open, unused circuit available for this amount of time. This option governs how long idle
#           circuits are kept open, as well as the amount of time Tor will keep a circuit open to each of the recently used ports. This way when
#           the Tor client is entirely idle, it can expire all of its circuits, and then expire its TLS connections. Note that the actual timeout
#           value is uniformly randomized from the specified value to twice that amount. (Default: 30 minutes; Max: 24 hours)
# Suggestion: Do not set a very long number (in seconds).
CircuitsAvailableTimeout="1500"

#	LearnCircuitBuildTimeout 0|1 --> If 0, CircuitBuildTimeout adaptive learning is disabled.
#             If LearnCircuitBuildTimeout is 1, this value of 'CircuitBuildTimeout' serves as the initial
#             value to use before a timeout is learned.
#             If LearnCircuitBuildTimeout is 0, this value is the only value used.
#             ( The TOR Default: 1)
#             Suggestion: Set it to 0(zero) to force only the fast TOR Circuits. In case of using a slow internet use 1.
LearnCircuitBuildTimeout="1"


#	CircuitStreamTimeout		 --> If non-zero, this option overrides the TOR internal timeout schedule for how many seconds
#             until we detach a stream from a circuit and try a new circuit.
#             If your network is particularly slow, you might want to set this to a number like 60.
#             (TOR Default is: 0)
#             Suggestion: The TOR default stream timeout is 30 seconds.
#			  In summary, by setting a number lower than 30, you're trying to force only the fast TOR circuits.
#			  Do not set it lower than 10 seconds, because you will have problems to find valid circuits.
#
#           	 You can leave this option as TOR DEFAULT because this script performs a very good load balance between the TOR instances.
#		 So try to run more instances and you can keep this number between 10 and 30. This way, you'll have more estability in your connection.
CircuitStreamTimeout="0"

#	ClientOnly					 --> If set to 1, Tor will not run as a relay or serve directory requests.
#             (TOR Default is: 0)
#             Suggestion: If you have a slow internet connection, set this as 1. The idea is try to save bandwich not serving as relay.
#             Also I'm not setting the options 'ORPort', 'ExtORPort' and 'DirPort' that are related with the TOR relay features.
#
ClientOnly="1"

#	ConnectionPadding			 --> This option governs Tor’s use of padding to defend against some forms of traffic analysis.
#             If it is set to auto, Tor will send padding only if both the client and the relay support it.
#             If it is set to 0, Tor will not send any padding cells. If it is set to 1, Tor will still send padding for client
#             connections regardless of relay support.
#             (TOR Default is: auto)
ConnectionPadding="1"

#	ReducedConnectionPadding 0|1 --> If set to 1, TOR will not not hold OR connections open for very long, and will send less padding on these connections.
#             (TOR Default is: 0)
#             Suggestion: Set it to 1 because the main idea of this script is not to keep the connections open for long time.
ReducedConnectionPadding="1"

#	GeoIPExcludeUnknown	0|1|auto -->  If this option is set to auto, then whenever any country code is set in ExcludeNodes or ExcludeExitNodes, all
#              nodes with unknown country ({??} and possibly {A1}) are treated as excluded as well.
#              If this option is set to 1, then all unknown countries are treated as excluded in ExcludeNodes and ExcludeExitNodes.
#              This option has no effect when a GeoIP file isn’t configured or can’t be found.
#              (TOR Default is: auto)
#              Suggestion: Set it to 1
GeoIPExcludeUnknown="1"

#	StrictNodes 0|1				 --> If StrictNodes is set to 1, Tor will treat solely the ExcludeNodes option as a requirement to follow
#             for all the circuits you generate, even if doing so will break functionality for you
#             (StrictNodes applies to neither ExcludeExitNodes nor to ExitNodes).
#             If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list,
#             but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells TOR that
#             it is okay to use an excluded node when it is necessary to perform relay reachability self-tests,
#             connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload
#             directory information, or download directory information.
#             (TOR Default is: 0)
#			  Suggestion: Keep it as 1 if you are concerned about your security.
#				      If you're running the SPEED mode, is suggested change this value to 0.
StrictNodes="1"

#	FascistFirewall 0|1			 --> If 1, Tor will only create outgoing connections to ORs running on ports that your firewall
#             allows (defaults to 80 and 443; see FirewallPorts).
#             This will allow you to run Tor as a client behind a firewall with restrictive policies.
#             (Tor Default is:0)
#             Suggestion: Only if you need to run this script in a restrict environment, set it to 1.
#
FascistFirewall="0"

#	FirewallPorts PORTS			 --> A list of ports that your firewall allows you to connect to. Only used when FascistFirewall is set.
#             This option is deprecated; use ReachableAddresses instead. (Default: 80, 443)
FirewallPorts="443"

#	LongLivedPorts				 --> A list of ports for services that tend to have long-running connections (e.g. chat and interactive shells).
#             Circuits for streams that use these ports will contain only high-uptime nodes, to reduce the chance that
#             a node will go down before the stream is finished. Note that the list is also honored for
#             circuits (both client and service side) involving hidden services whose virtual port is in this list.
#             (TOR Default is: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300)
LongLivedPorts="22"

#	NewCircuitPeriod			 --> Every NUM seconds consider whether to build a new circuit.
#             (TOR Default is: 30 seconds)
NewCircuitPeriod="15"

#	MaxCircuitDirtiness			 --> Feel free to reuse a circuit that was first used at most NUM seconds ago, but never attach a
#             new stream to a circuit that is too old. For hidden services, this applies to the last time a circuit was used,
#             not the first. Circuits with streams constructed with SOCKS authentication via SocksPorts that have
#             KeepAliveIsolateSOCKSAuth also remain alive for MaxCircuitDirtiness seconds after carrying the last such stream.
#             (TOR Default is: 10 minutes (600 seconds))
#             The lowest value supported is 10 seconds. Even if you try to set a value under 10 seconds the TOR will automaticaly
#             adjust and return it to 10.
#             In order to avoid a pattern, and avoid that all TOR instances running change the circuit at same time,
#             this script is using a random value between 10 and and the number that you set in this option.
#             TOR will use this value as the interval of the circuit automaticaly changes.
# Suggestion: MaxCircuitDirtiness="15"
MaxCircuitDirtiness="15"

#	MaxClientCircuitsPending	 --> Do not allow more than NUM circuits to be pending at a time for handling client streams.
#             A circuit is pending if we have begun constructing it, but it has not yet been completely constructed.
#             (TOR Default is: 32)
#             Suggestion: 1024 is the maximum supported. The idea is always have circuits available because the script force a new circuit every 10 seconds.
MaxClientCircuitsPending="1024"

#	SocksTimeout				 --> Let a socks connection wait NUM seconds handshaking, and NUM seconds unattached waiting for an appropriate circuit,
#             before we fail it.
#             (TOR Default is: 2 minutes)
SocksTimeout="${MINIMUM_TIMEOUT}"

#	TrackHostExitsExpire		 --> Since exit servers go up and down, it is desirable to expire the association between host and exit server after NUM
#             seconds. The default is 1800 seconds (30 minutes).
#             Suggestion: 10
TrackHostExitsExpire="120"

#	UseEntryGuards 0|1			 --> If this option is set to 1, we pick a few long-term entry servers, and try to stick with them.
#             This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will
#             observe a fraction of your paths. Entry Guards can not be used by Directory Authorities, Single Onion Services, and
#             Tor2web clients. In these cases, the this option is ignored.
#             (TOR Default is: 1)
#             Suggestion: KEEP IT AS 1!!!
UseEntryGuards="1"


#	NumEntryGuards NUM
#           If UseEntryGuards is set to 1, we will try to pick a total of NUM routers as long-term entries for our circuits. If NUM is 0, we try
#           to learn the number from the guard-n-primary-guards-to-use consensus parameter, and default to 1 if the consensus parameter isn’t set.
#           (Default: 0)
#			Suggestion: Keep it 1 to have the maximum number of EntryGuards.
NumEntryGuards="0"


#	SafeSocks 0|1				 --> When this option is enabled, Tor will reject application connections that use unsafe variants of the socks protocol
#             ones that only provide an IP address, meaning the application is doing a DNS resolve first. Specifically, these are
#             socks4 and socks5 when not doing remote DNS.
#             (TOR Default is: 0)
#             Suggestion: KEEP IT AS 1 to avoid DNS leak!
SafeSocks="1"

#TestSocks 0|1
#           When this option is enabled, Tor will make a notice-level log entry for each connection to the Socks port indicating whether the
#           request used a safe socks protocol or an unsafe one (see above entry on SafeSocks). This helps to determine whether an application
#           using Tor is possibly leaking DNS requests. (Default: 0)
TestSocks="0"

#	AllowNonRFC953Hostnames 0|1	 --> When this option is disabled, Tor blocks hostnames containing illegal characters (like @ and :) rather than sending
#             them to an exit node to be resolved. This helps trap accidental attempts to resolve URLs and so on.
#             (TOR Default is: 0)
#             Suggestion: Keep it with value 0 for security reasons!
AllowNonRFC953Hostnames="0"

#	ClientRejectInternalAddresses 0|1	 --> If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1)
#            unless an exit node is specifically requested (for example, via a .exit hostname, or a controller request).
#            If true, multicast DNS hostnames for machines on the local network (of the form *.local) are also rejected.
#            (TOR Default is: 1)
ClientRejectInternalAddresses="1"

#	DownloadExtraInfo 0|1				 --> If true, Tor downloads and caches "extra-info" documents. These documents contain information about servers
#            other than the information in their regular server descriptors. Tor does not use this information for anything
#            itself; to save bandwidth, leave this option turned off.
#            (TOR Default is: 0)
DownloadExtraInfo="0"

#OptimisticData 0|1|auto
#           When this option is set, and Tor is using an exit node that supports the feature, it will try optimistically to send data to the exit
#           node without waiting for the exit node to report whether the connection succeeded. This can save a round-trip time for protocols like
#           HTTP where the client talks first. If OptimisticData is set to auto, Tor will look at the UseOptimisticData parameter in the
#           networkstatus. (Default: auto)
OptimisticData="1"


#AutomapHostsSuffixes SUFFIX,SUFFIX,...
#           A comma-separated list of suffixes to use with AutomapHostsOnResolve. The "." suffix
#           is equivalent to "all addresses." (Default: .exit,.onion).
AutomapHostsSuffixes=".exit,.onion"

# Level 2: PRIVOXY_TIMEOUT 		 --> Defines the timeout for PRIVOXY.
#             I'm using PRIVOXY to do the interface between the HTTP(OSI Layer 7) and the TOR OPEN SOCKS5(OSI Layer 5).
#             Suggestion: 13 seconds for a good performance and tollerance.
#           	 If the TOR circuit is slow, PRIVOXY will not send the request using it.
#             PS: Increase extra 1 seconds from the TOR CircuitStreamTimeout to have time to read all TOR SOCKS answer.
#PRIVOXY_TIMEOUT="$((CircuitStreamTimeout + MINIMUM_TIMEOUT))"
PRIVOXY_TIMEOUT="${MINIMUM_TIMEOUT}"

# Layer 3: MASTER_PROXY_TIMEOUT		--> The HAPROXY (Master Proxy) timeout. This is the proxy that you set in your web brownser.
#            	This proxy handles with all COUNTRY_PROXIES performing the load balance, fail over and roundrobin.
#MASTER_PROXY_SERVER_TIMEOUT="$((CircuitStreamTimeout + MINIMUM_TIMEOUT))"
MASTER_PROXY_SERVER_TIMEOUT="${MINIMUM_TIMEOUT}"
#MASTER_PROXY_CLIENT_TIMEOUT="$((RETRIES * MASTER_PROXY_SERVER_TIMEOUT * COUNTRIES))"
MASTER_PROXY_CLIENT_TIMEOUT="60"
#############################################################################################################

######################################
######## DO NOT CHANGE THESE! ########
######################################
#The Script will set it by it self.

#Instances
TOR_START_INSTANCE=0
TOR_CURRENT_INSTANCE=${TOR_START_INSTANCE}

#Socks_Port
TOR_CURRENT_SOCKS_PORT=${START_SOCKS_PORT}

#HTTP_Port
TOR_CURRENT_HTTP_PORT=${TOR_START_HTTP_PORT}

#Control_Port
TOR_CURRENT_CONTROL_PORT=${START_CONTROL_PORT}

#Transparent Proxy Port
TOR_CURRENT_TransPort=${TOR_START_TransPort}

#Privoxy Proxy Port
PRIVOXY_CURRENT_PORT=${PRIVOXY_START_PORT}

#Current Instance counter
COUNT_CURRENT_INSTANCE=0

#DNSPORT
DNSPORT=${START_DNS_PORT}

#NodeFamily
NodeFamily=""

SPOOFED_USER_AGENT=$(echo "${TOR_BROWNSER_USER_AGENT}" | sed 's/ /\\ /g')
######################################