How to securely use Tor on macOS with Kali Linux VM

When surfing the dark web and opening .onion links, you should be extra paranoid about privacy and security. If you have a brand new MacBook Pro, it's definitely worth it to isolate it as best you can. In this article, we're going to:

1. Install VMware Fusion for setting up virtual machines
2. Set up a Kali Linux VM, suited for our ARM-based host machine
3. Set up a VPN in the VM that automatically starts on boot
4. Install a Tor browser

Download the virtualization software

There are many virtualization solutions out there, but here we're using VMware. And if we want to use VMware on macOS specifically, we need VMware Fusion(opens in new tab) (while VMware Workstation is for Windows and Linux only).

1. Register in Broadcom(opens in new tab) (who acquired VMware(opens in new tab) in 2023)
2. Log into your account
3. Download VMware Fusion(opens in new tab) (I'm using version 13.6.4):

   

Set up the VM

1. Download the Kali Linux ISO(opens in new tab) from the official website:

   

2. Start up VMware Fusion and drag the downloaded ISO file there

3. Create a new image using the Debian template (since Kali is based on Debian):

   

4. Run through the Kali installer using the preselected options:

   

5. Select "Guided - use entire disk" for disk partitioning:

   

6. Once Kali boots, you should see this:

   

7. And once you log in, you should see this:

   

Setting up Tor

At the time of writing, we can't use the canonical Tor browser(opens in new tab) because it has no builds for ARM architecture CPUs, on which Apple Silicon machines are based. Check issue #12631(opens in new tab) in the Tor project for updates.

Even if you were to install the Tor browser, you'd get the following error upon starting it up:

Tor Browser requires a CPU with SSE2 support. Exiting.

For this reason, we'll be using Brave, as it has Tor connectivity built-in:

1. Download Brave for Linux(opens in new tab) on your Kali VM:

   curl -fsS https://dl.brave.com/install.sh | sh

   

2. Start it by typing brave-browser in the terminal

Setting up the VPN

For extra safety, you should connect your Kali VM to a VPN, so that the traffic doesn't return to your personal IP. I'm using Proton VPN(opens in new tab) because it's privacy-focused and free.

1. Create an account in Proton VPN(opens in new tab)

2. Download a .ovpn config file from the Downloads page(opens in new tab) (scroll to the "OpenVPN configuration files" section):

   

3. Install openvpn with sudo apt install openvpn, as described in the Kali docs(opens in new tab)

4. Move the config file to /etc/openvpn:

   sudo mv ~/Downloads/ch-free-2.protonvpn.udp.ovpn \
          /etc/openvpn/ch-free-2.protonvpn.udp.conf

   Note: The extension changes from .ovpn to .conf, since that's what the openvpn program expects!

5. Get your VPN credentials from the Account page(opens in new tab):

   

6. Store your credentials on disk:

   sudo bash -c 'printf "%s\n%s\n" "YOUR_OPENVPN_USERNAME" "YOUR_OPENVPN_PASSWORD" > /etc/openvpn/credentials'
   sudo chmod 600 /etc/openvpn/credentials

7. Change the config to point to the credentials file:

   sudo sed -i 's/^auth-user-pass$/auth-user-pass \/etc\/openvpn\/credentials/' \
     /etc/openvpn/ch-free-2.protonvpn.udp.conf

8. Start the service:

   sudo systemctl daemon-reload
   sudo systemctl enable --now [email protected]

9. Open checkip.amazonaws.com(opens in new tab) on both the VM and the host OS and verify that the IPs are different

10. Restart the VM and verify that you get automatically connected to the VPN

Browse with Tor

Now that you have a fully configured VM with a VPN and a Tor browser, simply start Brave in Tor mode and surf the (dark) web!

To be extra sure, open check.torproject.org(opens in new tab) to verify that you are indeed using Tor: