A very popular question is how to do (whatever) anonymously.
I'm gonna explain how to do it properly IMHO (Any tip, improvement or suggestion is welcomed).
FIRST WAY - Linux host and KVM (FOSS chad way):
I'm gonna assume that you have a Linux system installed with full disk encryption.
*If you wanna do it in paranoid mode, you should get an external Hard Drive and create a hidden volume with Veracrypt. There is where you will store your VM's.
This tutorial is focused on Debian based systems host:
1- Install virt-manager
sudo apt install virt-manager
2- Ensure libvirtd is enabled and running.
sudo systemctl enable libvirtd
sudo sytemctl start libvirtd
sudo systemctl status libvirtd
3- Add user to groups
sudo usermod -aG kvm,libvirt "$(whoami)"
4- Reboot so group changes take effect.
5-Ensure KVM's / QEMU's default networking is enabled and has started.
sudo virsh -c qemu:///system net-autostart default
sudo virsh -c qemu:///system net-start default
sudo virsh net-list --all
6- Download Whonix into your encrypted hard drive or hidden volume.
7- Verify files
gpg --verify-options show-notations --verify Whonix-XFCE-126.96.36.199.Intel_AMD64.qcow2.libvirt.xz.asc Whonix-XFCE-188.8.131.52.Intel_AMD64.qcow2.libvirt.xz
*If the virtual machine image is correct, the output will inform that the signature is good.
8- Extract files.
tar -xvf Whonix-XFCE-184.108.40.206.Intel_AMD64.qcow2.libvirt.xz
9- Add the virtual networks.
sudo virsh -c qemu:///system net-define Whonix_external_network-220.127.116.11.xml
sudo virsh -c qemu:///system net-define Whonix_internal_network-18.104.22.168.xml
10- Activate the virtual networks.
sudo virsh -c qemu:///system net-autostart Whonix-External
sudo virsh -c qemu:///system net-start Whonix-External
sudo virsh -c qemu:///system net-autostart Whonix-Internal
sudo virsh -c qemu:///system net-start Whonix-Internal
11- Ensure the networks are correctly enabled.
sudo virsh net-list --all
12- Now we are ready to import Whonix-XFCE-22.214.171.124.Intel_AMD64.qcow2
Open virt-manager > File > New virtual machine > Import existing disk image > Browse > Browse Local > Go to the path where you made the download and double click on Whonix-XFCE-126.96.36.199.Intel_AMD64.qcow2
13- Select the OS type "Generic Linux 2022" and click Forward.
14- Choose Memory and CPU settings and click Forward.
Recommended Memory: 750MiB (If you choose less 500 it wont have GUI)
Recommended CPUs: 1
15- Select Network.
Select > "Virtual Network 'Whonix-External' :NAT" > "Customize configuration before installing" > Finish
17- Add other virtual network interface.
Click on "Add harware" > Network > select "Virtual Network 'Whonix-Internal' :Isolated Network" > Finish > start installation
18- Our Whonix gateway is installed and running!
TOR connection wizard and system-check will pop up, just configure TOR at your needs and apply the updates of system-check.
*If system-check updates fail, just do it manually in terminal:
19- Change default password. (Default user= user. Default password= changeme)
20- Our Whonix gateway VM is done. NEVER USE AS WORKSTATION.
21- Time to install our Workstation VM.
*IF YOU WANT TO BROWSE THE DARKNET OR USE TOR INSIDE THE WORKSTATION, JUST USE WHONIX-WORKSTATION. YOU CAN'T RUN TOR INSIDE A TOR CIRCUIT, SO ANY OTHER SYSTEMS WONT BE ABLE TO USE TOR AS A PROXY OR REACH HIDDEN SERVICES*
- Just import whonix-workstation*.qcow2 in virt-manager as we did it in step 12.
- Select the OS type "Generic Linux 2022" and click Forward.
- Choose Memory and CPU settings and click Forward (Recommended Memory: 4096MiB Recommended CPUs: 3)
- Select Network > "Virtual Network 'Whonix-Internal' :Isolated Network"
- Click Finish. No more settings needed.
In my example I'm gonna use Kali Linux, but is the same process with any ISO (Obviously avoid Microshit Windows).
22- Create VM from ISO file.
Open virt-manager > File > New virtual machine > Select Local Install Media (ISO image or CDROM) > Browse > Browse Local > Go to the path where you made the download and double click on kali-linux-2022.2-installer-amd64.iso > uncheck "Automatic detection from the installation or source media" > select "Generic Linux 2022" > Forward
23- Choose Memory and CPU settings and click Forward.
Recommended Memory: 4500MiB
Recommended CPUs: 3
24- Create disk image for the virtual machine. /var/lib/libvirt/images is used by default.
If you are OK with this path just select the size of the disk an click Forward.
In my case I'm gonna use my encrypted external hard drve.
Click on "select or create custom storage" > Manage > Add pool > Name the new pool > Browse > Select the path where you wanna allocate your VMs for example (/media/user/HardDrive/VMs/) > Finish > click on "+" (create a new volume) > name the volume > Select format (I prefer qcow2) > Select the size (about 150GiB in my case) > Finish and wait a while > Select your new volume and click on "Choose Volume" > Forward
25- Select Network.
Name the machine > Select Network > "Virtual Network 'Whonix-Internal' :Isolated Network" > Finish
26- Our workstation VM is installed and running.
27- Time to install our kali system into the VM
Graphic Install > Select Language > Select Location > Conigure keyboard > Configure the Network > Configure Nerwork Manually
28- Network Configuration
IP ADDRESS: 10.152.152.21 (Just an example, choose whatever you want inside that network)
*YOU CAN ADD AS VMs AS YOU WANT TO THIS INTERNAL NETWORK*
29- Finish installation as always. I'm not gonna deep into that.
I recommend to use Encrypted LVM but you wont be able to copy/paste the password. You must introduce it manually.
30- Once the OS is fully installed you can install SPICE guest tools. Is like VBox guest additions for KVM. (Automatic screen resize, Copy/Paste between host and guest...etc)
sudo apt install spice-vdagent
31- Well, at this point you have your fresh Anonymous Environment ready to work.
*Maybe you don't want to use IP addresses from Tor Network so I'm gonna explain how to setup Mullvad VPN*
32- VPN over TOR
Create an account on Mullvad and pay with XMR.
33- Download and install the client.
34- Open the client and log in with your account.
36- Configure VPN client to work over TOR.
Settings > Advanced > Tunneling protocol > Select OpenVPN > OpenVPN Settings > Transport Protocol > TCP > TCP Port > Automatic
Go back to main menu, select country and connect!
NO ONE WILL KNOW YOUR IP, NOT EVEN MULLVAD.
*What about reverse shells?
Just rent a VPS (paid with XMR) and do your things there, connect to the VPS through SSH from this environment (Preferably without VPN, just TOR).
*Okay nice guide, but i already have all my environment in Virtualbox (or similar crap) and i don't want to install all my systems again...
No worries. I'm gonna tell you how to migrate your machines from Virtualbox into KVM:
1. If the VMs were encrypted with the virtualbox feature, just disable it. If the VM were encrypted through system install there is no problem.
Once you got the VMs decrypted you are ready to migrate.
2. Convert VM from VDI to IMG
VBoxManage clonehd --format RAW MyVM.vdi MyVm.img
(Grab a coffee and wait)
2. Convert VM from IMG to QCOW2
qemu-img convert -f raw MyVM.img -O qcow2 MyVM.qcow2
(Grab a coffee and wait)
3. Done, ready to import the machines into KVM like in step 12. (Obviously you need to create the Whonix-Internal network and Whonix-External network. Steps 9 & 10).
SECOND WAY - Linux/Windows host and Virtualbox (Virgin proprietary skid way):
I'm not gonna deep to much into that since there are plenty information about that.
1- Just install Virtualbox.
2- Download Whonix for Virtualbox.
3- Import Whonix-XFCE-188.8.131.52.ova into Virtualbox
4- Done. You are ready to run Whonix-Gateway and Whonix-Workstation.
5- Run both VMs and work.
*If you want to install Kali or other ISO with Whonix-Gateway in Virtualbox.
- Just create a Kali VM as always and in network choose Internal Network, then select Whonix.
- Start both machines and configure manually Kali network like step 28.
* CAUTION CLEARNET LINK!
Video where is well explained: https://youtu.be/q7_Lu2OEois
I hope it will be useful for everyone, specially who those are new into this.
Sorry for my bad english and other orthographic fails.
As i said any suggestion, correction or contribution will be welcomed.
Feel free to ask me any questions or problems during the process.
One Love, Stay safe and Happy Hacking.