Let’s Build a TorBox and Send Everything over Tor

6 min readJan 23, 2021

TorBox is an anonymizing router based on the Raspberry Pi


The hardware requirements are a Raspberry Pi 3B+, a case (I guess this is optional), and a micro SD card. You’ll also need an Ethernet cable and a switch to plug the Pi into, and a computer to configure the Pi from.

Why do this?

TorBox creates a Wifi access point that routes all its traffic over Tor. Instead of using an application like the Tor Browser to encrypt one application and only anonymize that traffic, all traffic that connects to the TorBox is routed over Tor. Now, this is good and bad. Not everything works over Tor. But this also good, not everything work over Tor! Having seen all the traffic my smartphones generate, and how much I block with my Pihole, if I anonymize that traffic over Tor and some of it doesn’t work, I really don’t care. Read more about TorBox here: https://www.torbox.ch/

Application versus Network based Tor Routing

Getting Started

Format your Micro SD Card and image the latest version of Rasbian Lite. There are many ways to skin this cat, chose your favorite. Add a “ssh” file to the boot partition using touch ssh or New File > Text Document and name it “ssh” and remove the “.txt”

Install the Micro SD Card and boot. Find the IP of the Pi and SSH using the default password. Run Raspi-config to set localization, set GPU memory split (set it down to 8MB, we’re not using a desktop), and expand the file system. Be sure to set the WiFi country but don’t connect it to an SSID. Reboot.

SSH in again and update Rasbian by running sudo apt-get update && sudo apt-get upgrade -y

Change the default password by typing psswd

Install the unattended-upgrades package

sudo apt install unattended-upgrades

You can configure the unattended upgrades via the config file

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Configure the period upgrades by running this command:

sudo nano /etc/apt/apt.conf.d/02periodic

Paste these lines (the file should be empty, if not, change the values):

APT::Periodic::Enable “1”;
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Download-Upgradeable-Packages “1”;
APT::Periodic::Unattended-Upgrade “1”;
APT::Periodic::AutocleanInterval “1”;
APT::Periodic::Verbose “2”;

You can debug your configuration with this command:

sudo unattended-upgrades –d

Give your Pi a static IP. Configure the dhcpcd.conf config.

sudo nano /etc/dhcpcd.conf

Uncomment the eth0 section and enter your IP info:


Save and reboot.

Check DNS. Now would be a good time to install dnsutils.

sudo apt install dnsutils

And then check DNS resolution, which probably works because you could install the package.

Yes I dug the MX record of protonmail because I’m a nerd.

Looks good. Let’s setup some cron jobs to keep things tidy, even though we setup unattended upgrades.

sudo crontab -e

(Chose nano unless you love Vi, I do but I’ve become lazy.)

This is a failsafe to keep the server up-to-date, and largely unnecessary, but makes me feel good to type it out and know it’s scheduled in cron. So save and exit.

Installing TorBox (Finally)

We’re going to manually install TorBox via the install script. This will get us the most recent software and we just did all that work to secure Rasbian.

Let’s install some dependencies before we run the install script.

sudo apt-get -y install hostapd isc-dhcp-server obfs4proxy usbmuxd wicd-curses dnsmasq dnsutils tcpdump iftop vnstat links2 debian-goodies apt-transport-https dirmngr python3-setuptools python3-pip python3-pil imagemagick tesseract-ocr ntpdate screen nyx git openvpn tor

And we can install some Python requirements

sudo pip3 install pytesseract

sudo pip3 install mechanize

You’ll get prompted to participate in submitting statistics. I generally am against this for everything, always, but you live your life how you want.


So from section 4. “Download and run the script:”

cd ~/
wget https://raw.githubusercontent.com/radio24/TorBox/master/install/run_install.sh
sudo chmod a+x run_install.sh
sudo ./run_install.sh

If that worked, you should get a welcome screen:

Where the trouble starts.

Hit “Ok” and watch the script run.

Wait even longer while the script runs. Watch some alarming errors scroll by.

When the script is almost finished, the following will be displayed:

And the script continues to run.

The script has finished. Let’s complete the install.

Fancy! Reboot the server.

sudo reboot

And then connect over WiFi to the TorBoxNN network. The SSH port on the eth0 interface is closed.

SSH to torbox@

The menu does not display, so re-run the script.

sudo ./run_install.sh

After the script runs, reboot.

Login. Still no menu. Manually install it.

wget https://github.com/radio24/TorBox/archive/master.zip
unzip master.zip
rm -r torbox
mv TorBox-master torbox
rm -r master.zip

Edit the .profile

sudo nano .profile

Add to the bottom

cd torbox
sleep 2

Save and exit

Log out and log back in.

You should be greeted by the menu. Hopefully it will say “TOR is working” in the upper right corner.


Essentially you are done. There are some final configurations, but you can read the documentation on the menu here: https://www.torbox.ch/?page_id=775

Update all the passwords associated with your TorBox and make note of them in your password manager.

What is the Payoff?

You now have a WiFi access point that routes out over Tor. All traffic connected to the AP will travel via Tor, essentially anonymizing all your traffic, not just traffic from the Tor browser. I’m still testing and assessing the security of this system, and I wouldn’t trust my life with it, but it seems like a good way to escape the pervasive surveillance of government and corporations, especially on mobile devices. Throughput on the clear web is good, but again, I’m testing and will update this article with any significant findings.


I was received a call from work because a ticket was raised by the SOC due to testing. I have several Office 365 application on my mobile phone, and while I was connected to the TorBox, they were connecting in the background over Tor and it was flagged as an issue due to the random geolocations my account was connecting from. I was able to easily explain that I was doing security research and connecting over Tor, but this showed TorBox works. And I also probably need another phone.

Another thing I experienced was that websites would often have issues with Tor like they often do, but apps had no real issues. Connecting over Tor is not really in expected behavior, and they would work fine for the most part. I didn’t have high confidence about tracking/telemetry traffic being blocked or failing, so I ran Blokada with some block lists (Get the app on F-Droid or here: https://f-droid.org/en/packages/org.blokada.alarm/ ).

We’re on Tor!




Cybersecurity architect. Security dev and researcher. Infosec nerd. Linux enthusiast. All opinions and views are my own. Polite, professional, prepared.