Sub-menu: Danger Zone

The Danger Zone sub-menu of TorBox v.0.5.3.
The Danger Zone sub-menu of TorBox v.0.5.3.

This sub-menu comprises features that are considered risky or could compromise the user’s security and anonymity. Therefore, these features should only be used if the user knows the potential risks and consequences. In the following, we look at all menu entries one by one:

  • Menu entry 1: Start / Stop the exclusion of domains from tor protection: If this feature is started, TorBox will connect certain domains directly, meaning that these domains will NOT BE ROUTED THROUGH TOR. These domains are given by the user and can be placed in two buckets named CLEARNET and VPN. If you put a domain into the CLEARNET bucket, TorBox will always contact this domain directly. In the VPN bucket, TorBox will only directly contact the domain if the TorBox is connected with a VPN provider (either in the main menu entry 10 is chosen or entry 18 in the Countermeasure sub-menu is activated).

    This feature was a request from a user who wanted specific governmental sites in an authoritarian country to be connected directly and not through tor, even if he used tor for all other connections to protect himself. Another use case could be excluding of a streaming service that doesn’t need protection (for example, a local music station) but uses much bandwidth. Please remember that tor does not protect the traffic to/from the IPs on the exclusion list. It would be best to assume that everyone will see that you connect these IP addresses. If not correctly encrypted (for example, by using HTTP, which is blocked by default), everyone can see the content of the communication to/from these IP addresses!

  • Menu entry 2: Add, change or remove a domain/IP entry in the exclusion lists: Let’s say you don’t want that the streaming of is routed through tor. In this case, this menu entry, the domain can be added to the exclusion list. If the domain isn’t already in the exclusion list, you must choose in which bucket the domain should be placed — CLEARNET (always contact this domain directly) or VPN (only directly contact the domain if the TorBox is connected with a VPN provider). After this first step, (or better, the associated IP addresses) will be excluded from tor routing. The entry in the exclusion list looks like this:

    Next, the option for a deeper scan is offered, which makes sense in a more complex situation (load-balanced sites, requests from apps, etc.) when additional subdomains or more IPs have to be excluded. It is important that during the deep scan, the domain is used as usual on the client because the scan is listening to DNS requests on the client interface. However, this can be a bit challenging because your client browser or/and the operating system usually cache the DNS response (the IP address) for some time. Using another browser to connect or flushing the DNS cache of your browser will help. Another method is flushing the DNS cache of your system and then use ping (for example: ping on the client machine. How to flush the DNS cache of an operating system or a Chrome based browser, see here. The scan automatically stops when it has enough data and shows you the screen below:

According to the result, the deep scan found an additional IP ( for and two additional sub-domains ( and, which were used during your interaction. The message about adding open nameservers shows some delay or troubles with resolving the domains. It is safe to ignore this message or, if this is the first deep scan, to repeat it to be sure to cache all subdomains and IP-addresses. In our example, choosing “Complement old entries” makes sense. After choosing that entry, the exclusion list looks like the following:

If you use the menu entry again and enter a domain that is already in the exclusion list (for example, or, you will see the following sub-menu:

  • Entry 1 will make / repeat a deeper scan of the domain to exclude (more) subdomains and IPs if available and linked with the domain. For more information, see above.
  • Entry 2 gives the ability to move the domain from one bucket to the other (CLEARNET to VPN / VPN to CLEARNET).
  • Entry 3 will remove the domain from the exclusion list.

    Regarding entries 2 and 3, be aware that, for example, will also move / remove and However, if you enter, then or will still be in the (old) exclusion list.

  • Menu entry 3: Lists the exclusion lists: does what it say.

  • Menu entry 4: Disable / Enable the AP on wlan1 failsafe: By default, TorBox’s wireless network (the Access Point; AP) is on the interface wlan0 representing the internal wireless chip. However, entry 7 in the main menu changes that because to use the internal chip to connect to the Internet, the AP has to be put on wlan1 which is representing the USB wireless network adapter. The big problem is that if TorBox is shut down, the USB wireless network adapter is removed, and TorBox starts again, the user is locked out. To avoid that, TorBox reverts any configuration during the boot, putting the AP on wlan1. Of course, this is not something users want to have when they want the AP stick to the USB wireless network adapter. For them, it is possible to turn off the failsafe feature with this menu entry.

  • Menu entry 5: Disable / Enable SSH password login: does what it says. It especially makes sense after generating and using SSH keys for the TorBox SSH login, which can be done in the Configuration sub-menu entry 2.

  • Menu entry 6: Forwarding only – tor protection disabled: The “forwarding only” mode for client data traffic will function as a router without tor protection. This feature was a request, but most of the time, it makes only sense in connection with developing and debugging.
TorBox’s different connection modes
TorBox’s different connection modes

• • •

Problems and questions

  • TorBox’s wireless manager doesn’t show me none or not all wireless networks (2,5 GHz and/or 5 GHz)! What can I do? –> see here.