How to create a .onion website

That's it Tor (abbreviation of The onion router) is a system that gives its users the ability s on the Internet.

Tor software routes web traffic through a global volunteer network of servers in order to hide it a user or the use of traffic by anyone conducting web traffic monitoring or analysis.

Using Tor makes it difficult to track a user's online activity, including visits to some , postings, instant messaging and other online media, and is intended to protect the personal liberty, the privacy and the ability of the user to conduct confidential work without recording his online activities.

The "onion routingRefers to the stratified nature of the encryption service: the initial data is encrypted and re-encrypted several times, then sent through successive Tor nodes, each of which decrypts an "encryption" layer before finally transferring the data to the next node. This reduces the likelihood that the original data will be decrypted or understood during the transfer. Tor is free client software and is free to use.

 

You can download Tor from here.

Step Zero: Start Tor

Before you start, you need to make sure that:

  1. Tor is on,
  2. you set it up correctly.

Step XNUMX: Install a web server locally

First, you need to set up a web server locally, for example nginx or lighttpd (apache is not the best choice for anonymity.

Creating a web server can be tricky. We are not going to cover how to create a web server here. If you get stuck or want to do more, find a friend who can help you. We recommend that you install a new separate web server for the onion service, and even if you already have one installed, you can use it (or use it later) for a regular website.

You need to configure your web server so that it does not provide information about you, your computer or your location. Be sure to connect the web server to localhost only (if users could access it directly, they could confirm that your computer is the one offering the onion service).

Make sure the error messages cannot be retrieved by someone else, your hostname, or other hints. Consider running the web server in a sandbox or VM to limit it from vulnerabilities in the code.

Once your web server is set up, make sure it works:

open your browser and go to address http: // localhost: 8080 / , where 8080 is the web server port you selected during configuration (you can select any port, 8080 is just an example). Next, try putting a file in the main html directory and make sure it appears when you access the site.

Step two: Set up the Tor service

Next, you need to configure the tor service to drive to your local web server.

First, open the torrc file in your favorite word processor.

The bar consists of groups of lines, each of which represents an onion service. All lines contain a # at the beginning, which indicates that Tor services are disabled. Each line group consists of one HiddenServiceDir line and one or more HiddenServicePort lines:

  • The HiddenServiceDir is a directory where Tor will store information about this Tor service. Specifically, Tor will create a file here called hostname, which will tell you the Tor URL. You do not need to add any more files to this folder. Make sure it is not the same folder as the hidserv folder you created when setting up thttpd, as HiddenServiceDir contains confidential information!
  • The HiddenServicePort allows you to specify a virtual port (that is, which port people who have access to the Tor service will think they are using) and an IP-port address to redirect connections to this virtual port.

Add the following lines to your torrc:

HiddenServiceDir / Library / Tor / var / lib / tor / hidden_service / HiddenServicePort 80 127.0.0.1:8080

You may want to change the HiddenServiceDir bar to a real folder with read / write permissions for the user running Tor.

The above line will work if you are using the OS package Gate.

On Unix, try “/ home /username/ hidden_service / ”and fill in your username instead of“ username ”.

In Windows you can select:

HiddenServiceDir C: \ Users \ username \ Documents \ tor \ hidden_service HiddenServicePort 80 127.0.0.1:8080

Note that since version 0.2.6, both SocksPort and HiddenServicePort support Unix slots. This means you can place HiddenServicePort on a Unix slot:

HiddenServiceDir / Library / Tor / var / lib / tor / hidden_service / HiddenServicePort 80 unix: / path / to / socket

Now save your torrc and restart your Tor.

If Tor starts again, you're good to go. Otherwise, something is wrong. Take a first look at your logs for hints. You may see some before or error messages that will give you an idea of ​​what went wrong. Usually there are typos in torrc or errors in directory permissions.

When Tor starts, it will automatically create the HiddenServiceDir you specified (if necessary) and create files there.

private_key

First, Tor will generate a new public / private key for the Tor service. It will exist in a file called "private_key". Do not share this key with others. If you do, they may impersonate the Tor service you are running.

Host name

The other file that Tor will create is called "hostname". It contains a brief summary of your public key, and it looks like this: igurugrnewsxiuqc6.onion.

This is the public name for your service and you can give it, post it on websites, put it on business cards, etc.

If Tor is running as a different user than you, for example on OS X, or Red Hat, then you may need to have root privileges to be able to view these files.

When you restart Tor, it will be a little late because it will select points of entry in the Tor network and create a service descriptor Tor. This is a signed listing of entry points along with the full public key of the service. Publish this description anonymously to various listing servers so that other people can gain anonymous access to the server.

Step Three: More advanced tips

If you plan to keep your service available for a long time, you may want to back up your private_key file somewhere.

If you want multiple virtual ports for one onion service, just add more lines to HiddenServicePort.

If you want to run multiple Tor services from the same Tor client, just add another HiddenServiceDir line. All of the following HiddenServicePort lines refer to this HiddenServiceDir line until you add another HiddenServiceDir line:

    HiddenServiceDir / usr / local / etc / tor / hidden_service / HiddenServicePort 80 127.0.0.1:8080 HiddenServiceDir / usr / local / etc / tor / other_hidden_service / HiddenServicePort 6667 127.0.0.1:6667 HiddenServicePort 22 127.0.0.1:22

To create a Tor service in Raspbian take a look at Alec Muffett's github Enterprise Onion Toolkit.

Customer authorization

To set the control cookies for services v2 , see the HidServAuth and HiddenServiceAuthorizeClient entries in the manual.

First add the following line to your Tor service torrc file:

HiddenServiceAuthorizeClient [auth-type] [service-name]

Restart / reload and read the cookie from your Tor service hostname file, for example at

/ var / lib / tor / hidden_service_path / hostname.

To access it with a client, add the following line to torrc and (re) start / reload:

HidServAuth [onion-address] [auth-cookie] [service-name]

You can now browse the Tor service address.

To set up Customer Authorization for services v3 (“Next-gen”) as defined in rend-spec-v3.txt for the tor service running Tor, follow the instructions in Customer Authorization. Note that in order to recall clients you will need to restart the tor service (see #28275 ). At the moment you have to create the keys yourself with a script (like the ones written in bash or rust).

To access Tor make-client make sure you have ClientOnionAuthDir in torrc.

.auth_private for the Tor service corresponding to this key (ie 'iguru_onion.auth_private').


Then (re) start / reload and you should be able to browse the onion service address.

Functional safety

Onion service administrators must apply properly operational safety for system management and security maintenance. For some safety suggestions, be sure to read document “Tor Hidden (Onion) Services Best Practices” by Riseup. Here are some more anonymity issues to keep in mind:

  • As mentioned above, be careful about letting your web server reveal information about you, your computer, or your location. For example, not being able to determine whether the server is thttpd or Apache or learn anything about it your system.
  • It is generally a good idea to host Tor services on a Tor client rather than on a Tor relay, as relay uptime and other properties are publicly visible.

Another common problem is whether to use HTTPS in your relay or not. Take a look at this suspension on the Tor Blog to learn more about these issues.

You can use it vote to automate the management of your Tor services.

Finally, you can use mailing list [tor-onions] to discuss the secure management and operation of Tor onion services.

Step four: Set up the next generation Tor (v3)

This is the latest version of Tor services (“v3") And has many improvements over the old system:

  • Better encryption (replace SHA1 / DH / RSA1024 with SHA3 / ed25519 / curve25519)
  • Improved directory protocol, for much less information leakage.
  • Improved directory protocol, with a smaller area for targeted attacks.
  • Better Tor security against impersonation.
  • More extensive introduction / rendezvous protocol.
  • A cleaner and more modular code base.

For details see Why is Tor v3 better? .

You can specify a next-generation Tor address by its length: they are 56 characters long, as in iguru47i6kxnigurum6q7ib2s3uiguruqbsnzjpbi7utijcltosqeiguru.onion. The specifications for the next generation Tor services are found here .

How to set up your own prop224 service

It is easy and simple! Just use Tor torrc and add HiddenServiceVersion 3 to your Torrc block mode.

Here is an example of a torrc designed for testing:

SocksPort auto HiddenServiceDir / home / user / tmp / hsv3 HiddenServiceVersion 3 HiddenServicePort 6667 127.0.0.1:6667

Then your Tor address is in / home / user / tmp / hsv3 / hostname. To host a v2 and v3 service using two Tor service blocks torrc:

HiddenServiceDir / home / user / tmp / hsv2 HiddenServicePort 6667 127.0.0.1:6667 HiddenServiceDir / home / user / tmp / hsv3 HiddenServiceVersion 3 HiddenServicePort 6668 127.0.0.1:6667

Note that tor is strict about folder permissions and does not like sharing files. Make sure you restrict read and write access to the Tor service directory before restarting the tor.

For most Linux based systems

chmod 700 -R / var / lib / tor

To restart, it is safer not to use SIGHUP directly (see error #21818 ), but first check its validity configuration . On Debian-based systems, the service management tool does this for you:

service to restart

How to help the next generation Tor develop

Let me know if you find any errors! Tor is still in the testing and active development phase. If you want to help develop, take a look at their list open errors prop224 .

The wiki page for researchers Onion Service Naming Systems could be useful.

To troubleshoot and send us more useful logs, enable logging information:

SafeLogging 0 Log notice file /home/user/tmp/hs/hs.log Log info file /home/user/tmp/hs/hsinfo.log

For any information you need, we are here to help you upload your own Tor page!

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).