Welcome back, my amateur hackers!
As many of you know, Null Byte will soon be re-establishing its IRC channel. In preparation of that event, I want to show how to set up a secure IRC client with OTR, or Off the Record.
OTR does all the right things to make your instant messages secure; AES encryption, Diffie-Hellman key exchange, and SHA-1 hash. If you don't know what those items are, check out my article on Cryptography Basics for the Aspiring Hacker.
OTR provides us the security we need to communicate freely:
- Authentication: You can be certain the person you are talking to is who they say they are.
- Deniability: After a chat session ends, no one can identify either end of the conversation.
- Encryption: No one can read your messages en route.
- Perfect Forward Security: If your private keys are intercepted or otherwise obtained by a third party, your previous conversations will not be compromised.
If you need any testimonials as to the security of OTR, when Edward Snowden was being hunted down by the NSA in Hong Kong and Russia, he would ONLY communicate by OTR and, of course, he remained free. If that's not a testimonial to its security, I don't know what would be.
OTR is really a protocol for secure IRC communication. As such, many IRC clients use OTR if properly configured, while others require a plugin to use OTR. In this tutorial, we will be installing Pidgin with the OTR plugin.
Step 1: Install Pidgin with OTR
The first thing we need to do is install a client with OTR. I have chosen Pidgin because it is widely used and has an OTR plugin. Of course, many other IRC clients have OTR plugins and you are free to use those.
We can get Pidgin and OTR together from the Kali repository by typing;
kali > apt-get install pidgin-otr
As it installs, it will look something like this. Make certain to answer "y" when prompted.
When it has completed installing all the necessary components and libraries, it will look something like the above.
Step 2: Open Pidgin
Now that we have installed Pidgin, it will be installed on our Kali GUI at Applications -> Internet -> Pidgin Internet Messenger, as seen below.
When you click on Pidgin, you will be greeted by a screen like that below—click on Add to add an account to Pidgin.
Step 3: Add Accounts
In this case, I am adding my IRC (protocol) account under the username "otw" to the freenode.net server. Of course, use your own username and password. Also, you can use the Pidgin client on any "chat" protocol including AIM, Google Talk, ICQ, MSN, Yahoo, and others.
When I click "Add," it opens a Buddy List and a screen to enter more accounts.
Step 4: Add the OTR Plugin
Next, we need to add the OTR plugin to our Pidgin client. On the Buddy List, click on Tools -> Plugins -> Off-the-Record, then click "Configure Plugin."
Now check the button next to the OTR then click close, and close again to enable the plugin. Make certain that the checkboxes "Enable private messaging" and "Automatically initiate private messaging" are checked. Then will automatically encrypt your communication when using this client. I would also suggest that you check "Don't log OTR conversations" so that no record exists of your conversation
Lastly, we need to generate private keys. From the same OTR Plugin configuration screen, click on the "Generate." Be patient, this can take awhile.
Now we are capable of safe and secure IRC and other chats knowing that no one can intercept and read our conversations. That should enable us to speak freely about any subject without fear of repercussions.
In my next article on OTR, I will show you how to authenticate a user with OTR in our Pidgin client so that you can be certain that the person you are communicating with is actually who they say they are, so keep coming back my amateur hackers!
Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.
31 Comments
So it is coming! The more you know, I'll be prepared for that!
Is it avilable on android too??
Google is your friend!
No I mean the softwares you listed
Se7enpeace:
This is an example of what others were saying to you the other day on your disrespect post.
Try googling before you ask.
OTW
Yea but what I meant was that the way you listed above.. can I do all that on android.. cause google takes me to its official website which doesnt have the android option... so if you could help me with a similar one with all the encryption features and all.. if you know one...
Well I was not that descriptive before haha sorry ;);)
@SE7 Couldn't you use ciuffy's android guide and add it yourself if you can't find anything?
Google "OTR android".
Might be a good idea to add that to that guide!
Literally two words and a few seconds.
ghost_
That's really cool, I'll give it some use :P
Yay!
It's been years since I last used IRC, will it have a greeting bot too? :D
I still cant install anything, cuz of my package not found error :/
Thank you for this guide.
i cant even download it because of an "unable to locate package pidgin-otr" error, can you please help?
Are you connected to the internet when you run the command?
ghost_
i am
Check your repositories.
OTW I've got it all installed what channel do I add?
where and what do i look for?
PS: thank you for helping me with this
Have you done my linux series?
hey
I also got the package unavailable
ive checked my repos, they are: deb http://security.kali.org/kali-security/ sana/updates main contrib non-free
and deb-src http://security.kali.org/kali-security/ sana/updates main contrib non-free
Then, I added deb http://http.kali.org/kali sana main non-free contrib
using Kali 4.0
be sure to:
-check internet connection
Run after double-checking source.list:
-apt-get update
-apt-get upgrade
Is there a channel now, or is it still to come? Haven't seen a mention of it but thought I'd ask just in case.
Another great lecture OTW thank you. What do you think of ChatSecure by the Guardian Project? Is that any good or Pidgin is preferred?
I managed to install it finally! Thanks for the tutorial.
Woohoo, all working. Booo, no ones in the chat lol
@everyone that had problems getting the package to install:
type this command in the Terminal, minus the -otr, and it works.
apt-get install pidgin
With Pidgin now installed, why not head over to the NullByte channel on Freenode.net IRC Server and say hi (using Pidgin)?
Thank you Master OTW.
Well great article and I liked the bit of information about Snowden. Very helpful. Obviously I set it up myself and now It's up and running.
There is a but though and this is (of course) due to my lack of Knowledge.
I've noticed while I was on #nullbyte that if you click on someone ID and select info you can actually see the IP address so I'm thinking this plugin is great but absolutely useless if your IP is in plain sight. So Snowden must have done something else along using OTR to remain anonymous.
I did a bit of reaserch and find out that if you want to anonymize yourself you also have to use an irc bouncer. So the best packet would be a bnc + otr.
Am i still missing something?
P.S.
Thanks for the time and effort you put into this great thing called NullByte OTW
I am using Tor Messenger, it's a beta version but works for me.
I managed to install pidgin-otr as in the tutorial but in Kali Linux 2.0 I can't find pidgin in applications nor determine how to launch it via the terminal. It doesn't appear to have an executable in /usr/bin either. Any advice would be appreciated.
EDIT: solved I had installed pidgin's OTR plugin but not pidgin. I believe "apt-get install pidgin pidgin-otr" would have gotten both.
Share Your Thoughts