Sign in Subscribe

How to Create a Tor hidden Service

Ever wondered how people make darkweb websites? Here's how you can make your own! In a step by step tutorial!

Oran C

6 min read
How to Create a Tor hidden Service

Ever wondered how people make darkweb websites? Heres how you can make your own! In a step by step tutorial!

Prerequisites

Time required: an few hours, or 30 - 60 mins if your hackerman😎

Background:

1) tor websites are cool! ive always wondered how hard it was to setup one

Turns out? quite easy!

Lets get crack'in!😎

Setup a linux server

I used https://digitalocean.com to spin up a simple linux box

the 4usd per month one is fine

Connect to your server

ssh root@<IP HERE>
example:
ssh [email protected]

Use the password you set in the creation page

Grab a sample html website

cd ~
mkdir website
cd website
wget https://gist.githubusercontent.com/wisehackermonkey/8467ae4fbd372c0f634ce372da5ddcec/raw/d0afa0ba3701d91c03b68a6f1a982ca2b5bee4f8/index.html

heres the full html page

Install Tor

apt update
apt install tor
service tor status
# if tor isnt running make sure its actually installed


# to stop
service tor stop
# restart
service tor restart
Note: use 'sudo' if its complaining

Overview of important files & Directories

Torrc File (ToreRC)

setups all the confirguation for your tor server, in this case we only edit two config settings

/etc/tor/torrc

Where tor stores your project's host name (.onion) and crypto

/var/lib/tor/\<PROJECT NAME>

example

/var/lib/tor/website

Website code folder

~/\<PROJECT NAME>

example

~/website

Steps in order

nano /etc/tor/torrc

edit lines ~71, ~72

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

becomes

HiddenServiceDir /var/lib/tor/<NAME OF PROJECT>/
HiddenServicePort 80 127.0.0.1:80

example

HiddenServiceDir /var/lib/tor/website/
HiddenServicePort 80 127.0.0.1:80

IMPORTANT!

Restart tor

when tor first installs this director doesnt exist, only after  setting the config HiddenServiceDir as seen below does this folder pop up with your tor .onion address
ls /var/lib/tor/
service tor restart
ls /var/lib/tor/

if you dont see a website directory something has gone wrong make sure you edited the config torrc file /var/lib/tor/website/ is set

should look like this one your done (minus the _old folder)

RUN THE SERVER

Lets use a python simple server to test if its working

the steps up to this point in the terminal

run the following

cd ~/website
python3 -m http.server  80 --bind 127.0.0.1

What --bind means?

and what is 80?

--bind 127.0.0.1  = HiddenServicePort 80 127.0.0.1:80

the 127.0.0.1 must match to what --bind has

are what ip address the server will allow to connect from.

127.0.0.1 means only localhost (only your computer)

0.0.0.0 means anyone can connect.

   not recommend if you want to keep the page a tor only website

Lets get the tor .onion address

And visit the website over TOR!

cd /var/lib/tor/website
ls
cat /var/lib/tor/website/hostname

Copy this XXXXXXXXXXXXXXXXXXXXX.onion address

Open brave.exe or download if you dont have it

Open Tor enabled brave Tab

when brave is open use the command

ALT+SHIFT+N

for a tor mode browser tab to open

First Try will probibly look like this

meaning? the server isnt running!

cd ~/website
python3 -m http.server  80 --bind 127.0.0.1

still nothing?

make sure torrc was set correctly and restart tor

/etc/tor/torrc

HiddenServiceDir /var/lib/tor/website/
HiddenServicePort 80 127.0.0.1:80

Restart tor

service tor restart

check to see if tor is running

service tor status

If everything went to plan...

This is what success looks like!

Congrats! 🎊🎊🎊

you now are the proud owner of a tor website

FIN!

Out of scope But....

the python -m http.server doesnt last for ever.  

I recommend install something more permanent

Server SoftwareDescriptionSetup/Installation Command
Apache HTTP ServerA widely used and highly configurable server.- On Linux: sudo apt-get install apache2 - On Windows: Download from https://httpd.apache.org/download.cgi
NginxKnown for its high performance and scalability.- On Linux: sudo apt-get install nginx - On Windows: Download from https://nginx.org/en/download.html
LighttpdA lightweight and fast web server.- On Linux: sudo apt-get install lighttpd - On Windows: Download from https://www.lighttpd.net/download.html
CaddyAn easy-to-configure web server with HTTPS.Down

Resources

Note: the post was inspired by john Hammond

Tor setup "tutorial" (not really step by step throgh)

Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service
Tor Logo

How to use pythons http.server

http.server — HTTP servers
Source code: Lib/http/server.py This module defines classes for implementing HTTP servers. Availability: not Emscripten, not WASI. This module does not work or is not available on WebAssembly platf…
Python documentation

Security best practaces for running tor stuff

Hosting Onion Services - riseup.net
The Onion Router
riseup.net

Random history about .onion Top level domains TLD being approved

Tor’s .onion domain approved by IETF/IANA
The Tor project gained an important piece of official recognitionthis week when two key Internet oversight bodies gave their stamp ofapproval to Tor’s .onion top-level domain (TLD). While .onion has been inuse on the Tor network for several years, it was always as a “pseudo-domain” in the past.…
LWN.netNathan WillisSeptember 10, 2015

Author

by oran collins
github.com/wisehackermonkey

I got this stuff in email form if thats more your speed...

Enter your email
Subscribe
If you want to help me out and give some donations here's my monero address: 432ZNGoNLjTXZHz7UCJ8HLQQsRGDHXRRVLJi5yoqu719Mp31x4EQWKaQ9DCQ5p2FvjQ8mJSQHbD9WVmFNhctJsjkLVHpDEZ I use a tracker that is pravicy focused so if you block its cool, im big on blocking stuff on my own machine. im doing it to see if anyone is actualy reading my blog posts...:)