That's it Tor (abbreviation of The onion router) is a system that allows its users anonymity on the Internet.
Tor software routes web traffic through a global volunteer server network to hide a user's location or usage from anyone conducting web traffic monitoring or analysis.
Using Tor makes it difficult for a user to track online activity, including website visits, web posts, instant messaging and other online media, and is intended to protect personal liberty, the privacy and the ability of the user to conduct confidential work without recording his online activities.
The "Onion routingRefers to the stratified nature of the encryption service: the original data is encrypted and re-encrypted several times, then sent through successive Tor nodes, each of which decrypts an "encryption" layer before finally transferring the data to the next node. This reduces the likelihood that the original data will be decrypted or understood during the transfer. Tor is free client software and is free to use.
You can download Tor from here.
Step Zero: Start Tor
Before you start, you need to make sure that:
- Tor is on,
- you set it up correctly.
Step XNUMX: Install a web server locally
First, you need to set up a web server locally, for example nginx or lighttpd (apache is not the best choice for anonymity.
Creating a web server can be tricky. We are not going to cover how to create a web server here. If you get stuck or want to do more, find a friend who can help you. We recommend that you install a new separate web server for the service onion, as even if you already have one installed, you can use it (or use it later) for a regular website.
You need to configure your web server so that it does not provide information about you, your computer or your location. Be sure to connect the web server to localhost only (if users could access it directly, they could confirm that your computer is the service provider onion).
Make sure error messages cannot be retrieved by someone else, your hostname, or other tips. Consider running the web server in a test environment or VM to limit vulnerabilities in the code.
Once your web server is set up, make sure it works:
open your browser and go to address http: // localhost: 8080 / , where 8080 is the web server port you selected during configuration (you can select any port, 8080 is just an example). Next, try putting a file in the main html directory and make sure it appears when you access the site.
Step two: Set up the Tor service
Next, you need to configure the tor service to drive to your local web server.
First, open the torrc file in your favorite word processor.
The void consists of groups of lines, each of which represents a service onion. All lines contain a # at the beginning, which indicates that Tor services are disabled. Each line group consists of one HiddenServiceDir line and one or more HiddenServicePort lines:
- The HiddenServiceDir is a directory where Tor will store information about this Tor service. Specifically, Tor will create a file here called hostname, which will tell you the Tor URL. You do not need to add any more files to this folder. Make sure it is not the same folder as the hidserv folder you created when setting up thttpd, as HiddenServiceDir contains confidential information!
- The HiddenServicePort allows you to specify a virtual port (that is, which port people who have access to the Tor service will think they are using) and an IP-port address to redirect connections to this virtual port.
Add the following lines to your torrc:
HiddenServiceDir /Library/Tor/var/lib/tor/ hidden_service /HiddenServicePort 80 127.0.0.1:8080
You may want to change the HiddenServiceDir bar to a real folder with read / write permissions for the user running Tor.
The above line will work if you are using the OS X Tor package.
On Unix, try “/ home /username/ hidden_service / ”and fill in your username instead of“ username ”.
In Windows you can select:
HiddenServiceDir C:\Users\username\Documents\tor\hidden_service HiddenServicePort 80 127.0.0.1:8080
Note that since version 0.2.6, both SocksPort and HiddenServicePort support Unix slots. This means you can place HiddenServicePort on a Unix slot:
HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/ HiddenServicePort 80 unix:/path/to/socket
Now save your torrc and restart your Tor.
If Tor starts again, you are well on your way. Otherwise, something is wrong. Take a look at your logs for tips. You may see some warnings or error messages that give you an idea of what went wrong. There are usually typos in torrc or errors in directory permissions.
When Tor starts, it will automatically create the HiddenServiceDir you specified (if necessary) and create two files there.
First, Tor will generate a new public / private key for the Tor service. It will exist in a file called "private_key". Do not share this key with others. If you do, they may impersonate the Tor service you are running.
The other file that Tor will create is called "hostname". It contains a brief summary of your public key, and it looks like this: igurugrnewsxiuqc6.onion.
This is the public name for your service and you can give it, post it on websites, put it on business cards, etc.
If Tor is running as a different user than you, for example on OS X, Debian or Red Hat, then you may need root privileges to view these files.
When you restart Tor, it will be a little late because it will select points of entry in the Tor network and create a service descriptor Tor. This is a signed listing of entry points along with the full public key of the service. Publish this description anonymously to various listing servers so that other people can gain anonymous access to the server.
Step Three: More advanced tips
If you plan to keep your service available for a long time, you may want to back up your private_key file somewhere.
If you want multiple virtual ports for one service onion, just add more lines to HiddenServicePort.
If you want to run multiple Tor services from the same Tor client, just add another HiddenServiceDir line. All of the following HiddenServicePort lines refer to this HiddenServiceDir line until you add another HiddenServiceDir line:
HiddenServiceDir /usr/local/etc/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:8080 HiddenServiceDir /usr/local/etc/tor/other_hidden_service/ HiddenServicePort 6667 127.0.0.1:6667 HiddenServicePort 22 127.0.0.1:22
To create a Tor service in Raspbian take a look at Alec Muffett's github Enterprise Onion Toolkit.
To set cookie authentication for services v2 , refer to the entries for HidServAuth and HiddenServiceAuthorizeClient in the manual.
First add the following line to your Tor service torrc file:
HiddenServiceAuthorizeClient [auth-type] [service-name]
Restart / reload and read the cookie from your Tor service hostname file, for example at
To access it with a client, add the following line to torrc and (re) start / reload:
HidServAuth [onion-adress] [auth-cookie] [service-name]
You can now browse the Tor service address.
To set up Customer Authorization for services v3 (“Next-gen”) as defined in rend-spec-v3.txt for the tor service running Tor, follow the instructions in Customer Authorization. Note that in order to recall clients you will need to restart the tor service (see #28275 ). At the moment you have to create the keys yourself with a script (like the ones written in bash or rust).
To access Tor make-client make sure you have ClientOnionAuthDir in torrc.
In the <ClientOnionAuthDir> directory, create a file .auth_private for the Tor service corresponding to this key (ie 'iguru_onion.auth_private').
The contents of the <ClientOnionAuthDir> / <user> .auth_private file should look like:
<56-char-onion-addr- without-.onion-part>: descriptor:x25519:BBBEAUAO3PIFAH7SBGBI6A2QFAZBXG2NVN7HMBXFCZENJVF6C5AQ
Then (re) start / reload and you should be able to browse the service address onion.
Service managers Onion must apply correctly operational safety for system management and security maintenance. For some safety suggestions, be sure to read document “Tor Hidden (Onion) Services Best Practices” by Riseup. Here are some more anonymity issues to keep in mind:
- As mentioned above, be sure to let your web server reveal information about you, your computer or your location. For example, not be able to determine if the server is thttpd or Apache or learn something about your operating system.
- It is generally a good idea to host Tor services on a Tor client rather than on a Tor relay, as relay uptime and other properties are publicly visible.
Another common problem is whether to use HTTPS in your relay or not. Take a look at this suspension on the Tor Blog to learn more about these issues.
Step four: Set up the next generation Tor (v3)
This is the latest version of Tor services (“v3") And has many improvements over the old system:
- Better encryption (replace SHA1 / DH / RSA1024 with SHA3 / ed25519 / curve25519)
- Improved directory protocol, for much less information leakage.
- Improved directory protocol, with a smaller area for targeted attacks.
- Better Tor security against impersonation.
- More extensive introduction / rendezvous protocol.
- A cleaner and more modular code base.
For details see Why is Tor v3 better? .
You can specify a next-generation Tor address by its length: they are 56 characters long, as in iguru47i6kxnigurum6q7ib2s3uiguruqbsnzjpbi7utijcltosqeiguru.onion. The specifications for the next generation Tor services are found here .
How to set up your own prop224 service
It's easy and simple! Just use Tor torrc and add HiddenServiceVersion 3 to your Torrc block mode.
Here is an example of a torrc designed for testing:
SocksPort auto HiddenServiceDir /home/user/tmp/hsv3 HiddenServiceVersion 3 HiddenServicePort 6667 127.0.0.1:6667
Then your Tor address is in / home / user / tmp / hsv3 / hostname. To host a v2 and v3 service using two Tor service blocks torrc:
HiddenServiceDir /home/user/tmp/hsv2 HiddenServicePort 6667 127.0.0.1:6667 HiddenServiceDir /home/user/tmp/hsv3 HiddenServiceVersion 3 HiddenServicePort 6668 127.0.0.1:6667
Note that tor is strict about folder permissions and does not like sharing files. Make sure you restrict read and write access to the Tor service directory before restarting the tor.
For most Linux based systems
chmod 700 -R /var/lib/tor
service tor restart
How to help the next generation Tor develop
Let me know if you find any errors! Tor is still in the testing and active development phase. If you want to help develop, take a look at their list open errors prop224 .
The wiki page for researchers Onion Service Naming Systems could be useful.
To troubleshoot and send us more useful logs, enable logging information:
SafeLogging 0 Log notice file /home/user/tmp/hs/hs.log Log info file /home/user/tmp/hs/hsinfo.log
For any information you need, we are here to help you upload your own Tor page!