How to Create a Tor hidden Service
Ever wondered how people make darkweb websites? Here's how you can make your own! In a step by step tutorial!
Ever wondered how people make darkweb websites? Heres how you can make your own! In a step by step tutorial!
Prerequisites
- Linux server (im using ubuntu)
- Knowledge of command line basics
- Brave browser or The Tor browser
- Website you want to share
Time required: an few hours, or 30 - 60 mins if your hackerman😎
Background:
1) tor websites are cool! ive always wondered how hard it was to setup one
Turns out? quite easy!
Lets get crack'in!😎
Setup a linux server
I used https://digitalocean.com to spin up a simple linux box
Connect to your server
ssh root@<IP HERE>
example:
ssh [email protected]
Use the password you set in the creation page
Grab a sample html website
cd ~
mkdir website
cd website
wget https://gist.githubusercontent.com/wisehackermonkey/8467ae4fbd372c0f634ce372da5ddcec/raw/d0afa0ba3701d91c03b68a6f1a982ca2b5bee4f8/index.html
heres the full html page
Install Tor
Overview of important files & Directories
Torrc File (ToreRC)
setups all the confirguation for your tor server, in this case we only edit two config settings
/etc/tor/torrc
Where tor stores your project's host name (.onion) and crypto
/var/lib/tor/\<PROJECT NAME>
example
/var/lib/tor/website
Website code folder
~/\<PROJECT NAME>
example
~/website
Steps in order
nano /etc/tor/torrc
edit lines ~71, ~72
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
becomes
HiddenServiceDir /var/lib/tor/<NAME OF PROJECT>/
HiddenServicePort 80 127.0.0.1:80
example
HiddenServiceDir /var/lib/tor/website/
HiddenServicePort 80 127.0.0.1:80
IMPORTANT!
Restart tor
when tor first installs this director doesnt exist, only after setting the config HiddenServiceDir
as seen below does this folder pop up with your tor .onion address
ls /var/lib/tor/
service tor restart
ls /var/lib/tor/
if you dont see a website
directory something has gone wrong make sure you edited the config torrc
file /var/lib/tor/website/
is set
should look like this one your done (minus the _old folder)
RUN THE SERVER
Lets use a python simple server to test if its working
run the following
cd ~/website
python3 -m http.server 80 --bind 127.0.0.1
What --bind means?
and what is 80?
--bind 127.0.0.1
= HiddenServicePort 80 127.0.0.1
:80
127.0.0.1
127.0.0.1
:80the 127.0.0.1 must match to what --bind
has
are what ip address the server will allow to connect from.
127.0.0.1
means only localhost (only your computer)
0.0.0.0
means anyone can connect.
not recommend if you want to keep the page a tor only website
Lets get the tor .onion address
And visit the website over TOR!
cd /var/lib/tor/website
ls
cat /var/lib/tor/website/hostname
Copy this XXXXXXXXXXXXXXXXXXXXX.onion address
Open brave.exe or download if you dont have it
Open Tor enabled
brave Tab
when brave is open use the command
ALT+SHIFT+N
for a tor mode browser tab to open
First Try will probibly look like this
meaning? the server isnt running!
cd ~/website
python3 -m http.server 80 --bind 127.0.0.1
still nothing?
make sure torrc was set correctly and restart tor
/etc/tor/torrc
HiddenServiceDir /var/lib/tor/website/
HiddenServicePort 80 127.0.0.1:80
Restart tor
service tor restart
check to see if tor is running
service tor status
If everything went to plan...
This is what success looks like!
Congrats! 🎊🎊🎊
you now are the proud owner of a tor website
FIN!
Out of scope But....
the python -m http.server
doesnt last for ever.
I recommend install something more permanent
Server Software | Description | Setup/Installation Command |
---|---|---|
Apache HTTP Server | A widely used and highly configurable server. | - On Linux: sudo apt-get install apache2 - On Windows: Download from https://httpd.apache.org/download.cgi |
Nginx | Known for its high performance and scalability. | - On Linux: sudo apt-get install nginx - On Windows: Download from https://nginx.org/en/download.html |
Lighttpd | A lightweight and fast web server. | - On Linux: sudo apt-get install lighttpd - On Windows: Download from https://www.lighttpd.net/download.html |
Caddy | An easy-to-configure web server with HTTPS. | Down |
Resources
Note: the post was inspired by john Hammond
Tor setup "tutorial" (not really step by step throgh)
How to use pythons http.server
Security best practaces for running tor stuff
Random history about .onion Top level domains TLD being approved
Author
by oran collins
github.com/wisehackermonkey