Hack Like a Pro: How to Install & Use a Secure IRC Client with OTR

How to Install & Use a Secure IRC Client with OTR

Welcome back, my amateur hackers!

As many of you know, Null Byte will soon be re-establishing its IRC channel. In preparation of that event, I want to show how to set up a secure IRC client with OTR, or Off the Record.

OTR does all the right things to make your instant messages secure; AES encryption, Diffie-Hellman key exchange, and SHA-1 hash. If you don't know what those items are, check out my article on Cryptography Basics for the Aspiring Hacker.

OTR provides us the security we need to communicate freely:

  1. Authentication: You can be certain the person you are talking to is who they say they are.
  2. Deniability: After a chat session ends, no one can identify either end of the conversation.
  3. Encryption: No one can read your messages en route.
  4. Perfect Forward Security: If your private keys are intercepted or otherwise obtained by a third party, your previous conversations will not be compromised.

If you need any testimonials as to the security of OTR, when Edward Snowden was being hunted down by the NSA in Hong Kong and Russia, he would ONLY communicate by OTR and, of course, he remained free. If that's not a testimonial to its security, I don't know what would be.

OTR is really a protocol for secure IRC communication. As such, many IRC clients use OTR if properly configured, while others require a plugin to use OTR. In this tutorial, we will be installing Pidgin with the OTR plugin.

Step 1: Install Pidgin with OTR

The first thing we need to do is install a client with OTR. I have chosen Pidgin because it is widely used and has an OTR plugin. Of course, many other IRC clients have OTR plugins and you are free to use those.

We can get Pidgin and OTR together from the Kali repository by typing;

kali > apt-get install pidgin-otr

As it installs, it will look something like this. Make certain to answer "y" when prompted.

When it has completed installing all the necessary components and libraries, it will look something like the above.

Step 2: Open Pidgin

Now that we have installed Pidgin, it will be installed on our Kali GUI at Applications -> Internet -> Pidgin Internet Messenger, as seen below.

Image via wonderhowto.com

When you click on Pidgin, you will be greeted by a screen like that below—click on Add to add an account to Pidgin.

Step 3: Add Accounts

In this case, I am adding my IRC (protocol) account under the username "otw" to the freenode.net server. Of course, use your own username and password. Also, you can use the Pidgin client on any "chat" protocol including AIM, Google Talk, ICQ, MSN, Yahoo, and others.

When I click "Add," it opens a Buddy List and a screen to enter more accounts.

Step 4: Add the OTR Plugin

Next, we need to add the OTR plugin to our Pidgin client. On the Buddy List, click on Tools -> Plugins -> Off-the-Record, then click "Configure Plugin."

Now check the button next to the OTR then click close, and close again to enable the plugin. Make certain that the checkboxes "Enable private messaging" and "Automatically initiate private messaging" are checked. Then will automatically encrypt your communication when using this client. I would also suggest that you check "Don't log OTR conversations" so that no record exists of your conversation

Lastly, we need to generate private keys. From the same OTR Plugin configuration screen, click on the "Generate." Be patient, this can take awhile.

Now we are capable of safe and secure IRC and other chats knowing that no one can intercept and read our conversations. That should enable us to speak freely about any subject without fear of repercussions.

In my next article on OTR, I will show you how to authenticate a user with OTR in our Pidgin client so that you can be certain that the person you are communicating with is actually who they say they are, so keep coming back my amateur hackers!

31 Comments

So it is coming! The more you know, I'll be prepared for that!

Is it avilable on android too??

No I mean the softwares you listed

Se7enpeace:

This is an example of what others were saying to you the other day on your disrespect post.

Try googling before you ask.

OTW

Yea but what I meant was that the way you listed above.. can I do all that on android.. cause google takes me to its official website which doesnt have the android option... so if you could help me with a similar one with all the encryption features and all.. if you know one...

Well I was not that descriptive before haha sorry ;);)

@SE7 Couldn't you use ciuffy's android guide and add it yourself if you can't find anything?

Google "OTR android".
Might be a good idea to add that to that guide!

That's really cool, I'll give it some use :P

Yay!
It's been years since I last used IRC, will it have a greeting bot too? :D

I still cant install anything, cuz of my package not found error :/

Thank you for this guide.

i cant even download it because of an "unable to locate package pidgin-otr" error, can you please help?

Are you connected to the internet when you run the command?

ghost_

OTW I've got it all installed what channel do I add?

where and what do i look for?
PS: thank you for helping me with this

Have you done my linux series?

be sure to:
-check internet connection
Run after double-checking source.list:
-apt-get update
-apt-get upgrade

Is there a channel now, or is it still to come? Haven't seen a mention of it but thought I'd ask just in case.

Another great lecture OTW thank you. What do you think of ChatSecure by the Guardian Project? Is that any good or Pidgin is preferred?

I managed to install it finally! Thanks for the tutorial.

Woohoo, all working. Booo, no ones in the chat lol

@everyone that had problems getting the package to install:
type this command in the Terminal, minus the -otr, and it works.
apt-get install pidgin

  • I don't really know why -otr no longer works but it was a valid argument; maybe they consolidated OTR plugin into the latest release of Pidgin.

With Pidgin now installed, why not head over to the NullByte channel on Freenode.net IRC Server and say hi (using Pidgin)?

Thank you Master OTW.

Well great article and I liked the bit of information about Snowden. Very helpful. Obviously I set it up myself and now It's up and running.

There is a but though and this is (of course) due to my lack of Knowledge.

I've noticed while I was on #nullbyte that if you click on someone ID and select info you can actually see the IP address so I'm thinking this plugin is great but absolutely useless if your IP is in plain sight. So Snowden must have done something else along using OTR to remain anonymous.

I did a bit of reaserch and find out that if you want to anonymize yourself you also have to use an irc bouncer. So the best packet would be a bnc + otr.

Am i still missing something?

P.S.
Thanks for the time and effort you put into this great thing called NullByte OTW

I managed to install pidgin-otr as in the tutorial but in Kali Linux 2.0 I can't find pidgin in applications nor determine how to launch it via the terminal. It doesn't appear to have an executable in /usr/bin either. Any advice would be appreciated.

EDIT: solved I had installed pidgin's OTR plugin but not pidgin. I believe "apt-get install pidgin pidgin-otr" would have gotten both.

Share Your Thoughts

  • Hot
  • Latest