im using the whonix gateway with a debian vm. is it possible to access onion addresses from the debian vm with applications that do not have SOCKS/proxy support? or for example if i wanted to access a .onion from firefox without configuring the network proxy option to 10.152.152.10:9150.
is this possible? if so, can you point to some configuration documentation?
Yes. This functionality is called Transparent Proxying and it is enabled by default. If possible it’s generally better not to rely on this and instead to configure application specific proxy settings to avoid identity correlation. Stream Isolation
thanks for you response! i configured the debian apt onions without apt-transport-tor. this worked perfectly. but im now trying to get burpsuite in kali linux to proxy to an onion address but it fails every time as if im not using tor.
Sorry, I wasn’t paying attention and need to backtrack a bit. My previous reply is correct as it applies to clearnet connections.
You specifically asked about connecting to hidden services (.onions). Onion addresses are stream (circuit) isolated by design ([tor-talk] hidden services and stream isolation). As the link states, you don’t need to proxy these connections unless you want to isolate multiple streams to the same hidden service.
I’m not familiar with burpsuite. You should be able to use it unmodified for connections to .onions. If you need to connect to clearnet addresses, you can also use it unmodified or proxify it for better stream isolation.
With regards to Firefox specifically, see iceweasel --> Firefox-ESR: need socks proxy? - SOLVED (thanks) - #6 by entr0py