Introduction
What is Tor?
Tor (The Onion Router) is an open-source software that bounces Internet traffic through a worldwide network consisting of almost million relays in order to hide user's location and protect him against surveillance or traffic analysis. Tor makes more difficult to trace Internet activity: websites visits, online posts, instant messages and other communication forms.
Who created Tor?
The idea of onion routing was created in 1995 at the U.S. Naval Research Lab by David Goldschlag, Mike Reed and Paul Syverson in effect of a research to find a way to create Internet connections that don't reveal who is talking to whom. The reason was to protect US intelligence communications online.
In early 2000s, Roger Dingledine (MIT graduate) with Paul Syverson began working on the onion routing project created at Naval Research Lab. To distinguish their work from other efforts, they named the project Tor (The Onion Routing).
Tor was oficially deployed in October 2002 and its source code was released under a free and open software license. In December 2006 computer scientists Roger Dingledine, Nick Mathewson and five others founded The Tor Project research-education nonprofit organization that is responsible for maintaining the software.
Tor is supported by US government, many NGOs, private foundations, research institutions, private companies and over 20,000 personal donations from people from around the World.
How to access Tor?
The easiest way to access Tor is to install Tor Browser. It is a modified Mozilla Firefox browser with multiple privacy improvements. It is available for Windows, Linux, OS X and Android.
Download Tor Browser
How does Tor work?
Your traffic passes through at least 3 different servers before sending it on to the destination. Because each of the 3 nodes has separate layer of encryption, nobody watching your connection can read what you are sending into Tor network.
The nodes are called:
- Guard node
- Knows your IP address but doesn't know where you are connecting to
- Middle node
- Immediate layer between guard node and exit node.
- Exit node
- Knows the destination but doesn't know who you are.
Is Tor legal?
In most countries using Tor is legal. However, some countries censor Internet and the only way to access Tor is to use a bridge. In this case select "Tor is censored in my country" in connection wizard after starting Tor Browser. You may also set up bridge in settings.
What is darknet?
Darknet is a part of Internet that can be accessed only with Tor. Their domain names finish with .torify.net. Most darknet sites are legal and are used by activists, journalists and news organisations. However, many hidden services contain illegal stuff. There are multiple markets where you can buy drugs, guns, counterfeit money, cloned cards, hacked accounts, etc.
Hidden Services
How to install Whonix?
Whonix consists of two or more virtual machines: a gateway and at least one workstation. This architecture ensures that all traffic comes through Tor network but the workstation have no knowledge of it. It prevents deanonymization in case if some software would contain vulnerabilities and your workstation would be compromised.
Install VirtualBox
Download VirtualBox from virtualbox.org.
Download Whonix
Follow all steps on Whonix download page.
If you are a beginer, it's recommended to download version with XFCE desktop environment. Later you may switch to CLI mode by lowering RAM to less than 512 MB in virtual machine settings. After you download Whonix, double-click the file to import virtual disks and create virtual machines with recommended settings. Follow all steps on the following website:
Change passwords
The default password for both user
and root
users is changeme
. The first action you should do on gateway and workstation is change passsword for both users. Use different passwords and keep them in secret. To change password for root
user, open terminal and type:
sudo passwd root
Accordingly change password for user user
:
sudo passwd user
Do NOT change your timezone. It's set by default to UTC to avoid timezone leaks.
Update Whonix
The next step after installation is to update both Whonix Workstation and Whonix Gateway. You need at least 1050 MB RAM to install updates. Otherwise the process of compiling VirtualBox Guest Additions may hang forever. Open terminal and type:
sudo upgrade-nonroot
How to set hidden services?
In Whonix-Gateway type the following command:
sudo mousepad /usr/local/etc/torrc.d/50_user.conf
Then add the following lines:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3
If you want to host multiple hidden services, just add more lines with different port number:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3
HiddenServiceDir /var/lib/tor/another_service/
HiddenServicePort 80 10.152.152.11:81
HiddenServiceVersion 3
Now restart Tor:
sudo service tor@default reload
To check Tor status, type:
sudo service tor@default status
To retrieve .torify.net hostnames, type:
sudo cat /var/lib/tor/hidden_service/hostname
sudo cat /var/lib/tor/another_service/hostname
How to set up simple HTTP server?
In Whonix-Workstation install a webserver. If you need to serve only static content, use a simple server micro-httpd containing only 200 lines of code.
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends micro-httpd
Server will listen on port 80 and serve files from /var/lib/www
. To change port, files directory or start multiple instances, you need to edit /etc/inetd.conf
and /etc/services
files and then restart inetd
. Type man micro_httpd
How to instal Nginx HTTP server?
However, if you need to serve multiple hidden services or serve dynamic content with PHP, it's recommended to install nginx or Apache instead. nginx is preferred.
If you installed micro-httpd before, uninstall it first:
sudo apt-get remove micro-httpd
Then install nginx and PHP
sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends nginx
sudo apt-get install --no-install-recommends php-fpm
Edit main configuration file
sudo mousepad /etc/nginx/nginx.conf
Paste the following configuration
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
t*****_nopush on;
t*****_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
add_header X-Frame-Options "SAMEORIGIN";
}
}
Now create configuration file for each hidden service. When you ls /etc/nginx
, you will notice 2 directories sites-available
and sites-enabled
. This is by design. The first folder contains configuration files for each hosted website. The second folder contains symlinks to these configuration files but only for those websites that need to be published. To disable a website, just delete a symlink from sites-enabled
.
In this tutorial you will create configuration files for 2 hidden services. If a default configuration file already exists in sites-available
folder, you can rename and edit it. Otherwise create new file and start editor:
rm /etc/nginx/sites-available/*
touch /etc/nginx/sites-available/service1
mousepad /etc/nginx/sites-available/service1
Paste the following content
server {
listen 80;
listen [::]:80;
server_name _;
root /var/www/service1;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include the fastcgi_param setting
include fastcgi_params;
}
}
If you use another port than 80, you need to change it in lines 2 and 3. You may also change root directory of your website in line 7. The last thing is to ensure PHP .sock file name. Type the following command and if file name differs than in the above example, fix it in fastcgi_pass directive.
sudo ls /var/run/php/
Now create a symlink in sites-enabled
directory.
sudo ln -s /etc/nginx/sites-available/service1 /etc/nginx/sites-enabled/service1
Create directory /var/www/service1
with empty index.php
file.
sudo mkdir /var/www/service1
sudo touch /var/www/service1/index.php
Repeat this step for next hidden services but remember to change port number and root directory. If you don't need PHP and you will serve only static content, you may remove the last location
section from configuration file. You might also need to edit /etc/php/7.3/fpm/php.ini
file (change PHP version in path to version you are using).
To apply configuration, restart nginx.
sudo systemctl restart nginx
Your hidden services are still inaccessible from Tor network. You need to open ports you use for hiddden services by editing Whonix firewall in Whonix-Workstation
sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf
Add the following lines to open ports 80 and 81.
EXTERNAL_OPEN_PORTS+=" 80 "
EXTERNAL_OPEN_PORTS+=" 81 "
Save file and close editor. Restart firewall to apply changes:
sudo whonix_firewall
How to generate custom .torify.net name?
You may include custom word in the beginning of .torify.net hostname. This is called vanity .torify.net address. You need a tool that will generate it. For v3 .torify.net services the recommended program is mkp224o. You need to download source code and compile it manually.
cd ~
sudo apt-get install gcc libsodium-dev make autoconf
wget https://github.com/cathugger/mkp224o/archive/master.zip
unzip master.zip
cd mkp224o-master
./autogen.sh
./configure
make
If mkp224o compiles with success, it's ready to generate addresses. Time needed to find an address depends on length of the custom prefix. The following table shows approximate computation time depending on prefix length.
Prefix length |
Computation size |
1-3 |
>1 second |
4 |
1-10 seconds |
5 |
10-30 seconds |
6 |
few minutes |
7 |
15-30 minutes |
8 |
few hours |
9+ |
days to years |
To generate address with prefix custom
, type
./mkp224o -n 1 custom
Then copy contents of newly generated folder to hidden service directory in Whonix-Gateway and restart Tor.
sudo ***** ~/folder_name/* /var/lib/tor/hidden_service/
sudo systemctl restart tor
sudo systemctl status tor
sudo cat /var/lib/tor/hidden_service/hostname
Open Tor Browser in your host machine and try to visit your website.
Popular .torify.net sites
Link lists
Search engines
Services and software
News and publications
Forums and communities
Markets and finances
Donate
This guide is only 50% complete. Want more? Buy me some beer:
1Jv11eRMNPwRc1jK1A1Pye5cH2kc5urtLP