Over the past few months, several times I have had to solve fairly similar problems - regularly gaining access to computers “hidden” behind NAT. While it was one desktop computer, everything was solved by forwarding the port on the home router plus DynDNS. Then a laptop was added. And one more. Laptops could connect to home WiFi, or they could end up, for example, at the workplace. Our company provides VPN services, but during this period the VPN, for some reason, did not work stably. VPS and reverse ssh tunnels were used. When the configuration no longer fit in my head, the idea came to reduce the number of entities using the Tor Hidden Service.
As you know, Tor provides the ability to create “hidden” services - network names from the .onion space, which can be connected through any client of the Tor network. Moreover, in order to anonymize the server on which these services are located, the connection occurs through “meeting points” (rendezvous points) - computers that are not closed by NAT. The computer itself on which the hidden service is located may be behind a NAT, firewall, etc., but it can still be accessed through the Tor network.
No sooner said than done. Install the Tor client. Add two lines to the configuration file:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22
As HiddenServiceDir, we specify any place where Tor can create the directory itself (if it does not exist) and several configuration files.
In the HiddenServicePort line, the first number is the port number that we access through Tor. Theoretically, you can specify not 22, but, for example, 1234.
Restart Tor. Two files will appear in the directory:
- private_key — the secret key of your service. Tor uses this key from this file to operate. Please note that knowing this key, an attacker can pretend to be your service and no one will understand anything;
- hostname - an automatically generated file with the name of your service. If you delete or change this file, everything will still work.
The hostname file contains the name of your service like xxxxxxxxxxxxxxxx.onion.
After that, on any machine I can say torsocks ssh xxxxxxxxxxxxxxxxx.onion and get to my laptop.
You can choose a less random name for the hidden service. The Scallion program is used for this. The generated key is placed in the folder corresponding to the hidden service.
One Tor client can serve several hidden services (it is enough to specify these lines several times). Each hidden service “serves” one or more ports forwarded through Tor (specify several lines with HiddenServicePort in a row).
We will need a configuration file, so create one in the directory C:\Tor\, this file must be named torrc:
Echo(> C:\Tor\torrc
You can check whether the service starts with the settings file (if it contains errors) with the following command:
Now let's install the Tor service, which will read the settings from the file C:\Tor\torrc:
Remember that options can be specified after the flag -options, otherwise they will be ignored.
To start and stop the service use the commands:
C:\Tor\tor.exe --service start C:\Tor\tor.exe --service stop
To remove a service:
C:\Tor\tor.exe --service stop C:\Tor\tor.exe --service remove
Please note that you must first stop the service and then remove it.
By default, the Tor service listens on a port 9050 so you can check if it is running with a command that shows if port 9050 is listening:
Netstat -aon | findstr ":9050"
You can also use the following command:
For /f "tokens=1,2,3,4,5*" %i in ("netstat -aon ^| findstr ":9050" ^| findstr /i listening") do echo %j %l & @tasklist | findstr %m
Now that the Tor service is installed and running, several recipes will be shown on how it can be used.
Using Tor on Windows to download files from blocked sites
Some sites with media content allow you to view it, but do not allow you to download files to your hard drive. An example of such a site is YouTube.
YouTube is not blocked for us (yet), but I think there are those among you who have to go to your favorite blocked site through the Tor browser, but from which you cannot download a video due to the fact that the downloading program does not use Tor and, naturally cannot access it.
I'll show you with an example JDownloader(free, open source, supports a huge number of sites and file hosting services, cross-platform), but these instructions are suitable for any similar programs if they support SOCKS 5 or SOCKS 4. JDownloader website, direct download link.
In JDownloader go to Settings, then tab Connection Manager and click on the button Add. Replace type with Socks5, in field Host/port enter localhost And 9050 :
Click OK to save the settings and close the window.
JDownloader rotates connections. Therefore, if you are downloading from a blocked site, then uncheck the connection No proxy:
Now you can again not only view, but also download from blocked sites!
Setting up a hidden service in Windows
The essence of the hidden service is that on your computer (it can be a rented VPS or your home computer) is running a web server. Your computer must have access to the Tor network. Through this network, anyone with the address of your hidden service (domain like *.onion) can access your website, which is served by your web server. You don't need to worry about purchasing a domain name (given for free), DNS, whitelisted IPs, etc. - the Tor network will take care of this itself. To run a hidden service, you only need two things:
- running web server
- connection to the Tor network
If you have Linux, then the material “Setting up the Tor hidden service in Arch Linux / BlackArch” may be suitable for you. If you want to launch a hidden service from Windows, then below it is written how to do this.
We need to have a working web server. To configure it, refer to the instructions "".
Now that the web server is installed and its functionality has been verified, let's proceed to setting up a hidden service in Windows.
Your website for the hidden service should already be working and open from localhost. I'll create a stub page to demonstrate the work. In folder C:\Server\data\htdocs\ I'm creating a new folder hidden, and in it the file index.htm with the following content:
Therefore, this file is accessible from the local server at http://localhost/hidden/:
Now open the Apache configuration file C:\Server\bin\Apache24\conf\httpd.conf and add there:
Listen 127.0.0.1:9475
In principle, you only need to edit the line in it DocumentRoot "C:/Server/data/htdocs/hidden/"- it shows the path to your website, which will be the Tor hidden service.
Restart the Apache web server for the changes to take effect:
C:\Server\bin\Apache24\bin\httpd.exe -k restart
Your hidden service site should now be accessible from your local computer at http://localhost:9475
Let's move on to setting up Tor.
Open the file with any text editor C:\Tor\torrc and copy into it:
HiddenServiceDir "C:/Tor/hidden_service/" HiddenServicePort 80 127.0.0.1:9475
Notice how we wrote it down C:\Tor\hidden_service\- instead of \ we use / . You must also use quotation marks.
Restart the Tor service:
C:\Tor\tor.exe --service stop C:\Tor\tor.exe --service start
A folder will be generated automatically hidden_service and two files in it. In file C:\Tor\hidden_service\hostname you will see the domain name for your hidden service:
In my case, this is 77pam5zhvzu5jhst.onion, we try to open it in the Tor browser:
It may take a few minutes for the hidden service to open in the browser.
To change settings in Firefox, go to Settings -> Advanced -> Network -> Configure. In the window that opens, put the switch on Manually setting up a proxy server. In field SOCKS node enter 127.0.0.1 , and the field Port- 9050 . Set the switch to SOCKS 5. Click OK to save settings.
System-wide proxy settings in Windows
Windows has a WinHTTP proxy program. It allows you to set proxy settings for the system as a whole. Logically, it is expected that all applications should use system-wide settings, but this does not happen. Windows uses WinHTTP for certain services, such as downloading Windows updates and performing certificate revocation checks. However, perhaps you can find a use for it.
Using the command
Netsh winhttp import proxy source=ie
you can import settings from Internet Explorer.
And with the following commands you can view/reset the use of system-wide settings:
Netsh winhttp show proxy netsh winhttp reset proxy
Accessing Tor from a PHP program
If you have installed the Tor service and you have installed a web server to configure the hidden service, then you can also fetch data from the Tor network in your PHP program (using cURL). Working code example:
Using Tor with Pentest Tools on Windows
If the program supports working with SOCKS 5 or SOCKS 4, then specify as the proxy server 127.0.0.1 , and as a port - 9050 .
If the program only supports HTTP proxies, then you must use Privoxy in addition to Tor. How to do this is shown using the example of jSQL Injection.
How to Prevent DNS Leaks on Windows
To connect to sites and hosts on the Internet, your computer constantly makes DNS queries. The essence of these requests is as follows:
“what IP address is the name ya.ru” “what IP address is the name super-site.ru” “what IP address is the name any-site.ru” ............ ........................
Moreover, these requests are transmitted in unencrypted form. If someone sniffs (listens) your traffic when you use the Tor network through a regular web browser, then they can indirectly learn from the DNS queries coming from your computer which sites you visit. By the way, since these DNS requests and responses are not encrypted, an attacker can modify the responses that come to you. This may result in one of the man-in-the-middle attacks being carried out, or you may be “blocked” from accessing certain sites.
Also, knowing which DNS server you use, you can guess what country you are from and even what Internet provider you use:
You can make settings so that DNS requests will be transmitted through the Tor network. Thanks to this: these requests will be made for you from another computer, and these requests will also be transmitted part of the way (from your computer to the exit node - the Tor node) over an encrypted connection.
Let's start by checking which nameserver is being used by default. To do this, on the command line run:
Nslookup.exe ya.ru
In the resulting output, we need information about the DNS server, or rather its address:
Server: google-public-dns-a.google.com Address: 8.8.8.8
If you already have the Tor service running, stop it and remove it from startup.
To redirect DNS requests via Tor, open (or create, if it doesn't exist) the file C:\Tor\torrc and add the line to it:
DNSPort 53
Check if the service starts with the settings file (if it contains any errors):
C:\Tor\tor.exe -f "C:\Tor\torrc"
Now let's install the Tor service, which will read settings from the C:\Tor\torrc file:
C:\Tor\tor.exe --service install -options -f "C:\Tor\torrc"
Go to the network adapter settings:
We find " Internet Protocol Version 4 (TCP/IPv4)", in the settings menu that opens, check the box for the custom DNS server and enter the address 127.0.0.1 :
Save the settings.
Again we check which name server is being used:
Nslookup.exe ya.ru
Now the information specified as the name server is:
Server: UnKnown Address: 127.0.0.1
Great, then our settings worked.
To check anonymity settings, including DNS leaks, you can use the following services:
By the way, please note that there is no DNS leak, the IP address has been spoofed, but there is a fatal problem with anonymity: my real IP address is revealed via WebRTC:
And this despite the fact that with the same settings 2ip.ru shows:
No IP leak via WebRTC
Be very careful about this! The local IP address is also leaked via WebRTC. What is typical is that if I switch to OpenVPN, now my real IP (this is the Thai one) is not revealed.
Overcoming WebRTC is very difficult (one of the drastic measures is to completely disable JavaScript) - which is why when a high degree of anonymity is really important to you (and not just going to a site to bypass blocking), it is recommended to use Tor Browser, which has additional plugins and settings built-in increasing the level of anonymity.
Recently, interest in the anonymous network has been constantly growing. And there are many reasons for this..
“Democratic reforms” in the world are in full swing. The governments of almost all countries now sincerely consider themselves to have the right to decide where their citizens go, what to watch and what to read. Bundles of laws, “with the best intentions” churned out by dumas, councils and parliaments, increasingly define the boundaries of the reservations within which the existence of users on the global Internet is now only possible.
“Don’t go there - come here. Otherwise the snow will fall on your head and you will be completely dead” © “Gentlemen of Fortune”.
Another tense moment is the ongoing revelations of Edward Snowden, from which it is clear that the total surveillance of everyone by the special services has already acquired a truly global scale. Of course, the overwhelming majority of people have nothing to hide, but it is extremely unpleasant to realize that you are under the constant surveillance of special forces, your every step is monitored and recorded, and someone regularly tries to pick their naughty little hands in your “dirty laundry.” And it doesn’t matter for what purpose he does it, whether his intentions are good or not.
Why is it needed, this Tor?
More and more people are trying to preserve the integrity of their private lives from the long nose of the intelligence services. More and more people are trying to get rid of the “fatherly care” of state officials and want to exercise their constitutional right to independently decide where to go, what to choose, where to look and what to do.
And here the anonymous Tor network comes to their aid. Because it can provide an individual with a significant reduction in obsessive attention, simultaneously removing almost all restrictions on movement on the World Wide Web. Tor will hide your online identity, hiding everything you did on the Internet and where you went.
In addition, the Tor network has another small practical bonus. It quite often allows you to bypass such an annoying thing as an IP ban on various sites. It's a small thing, but nice.
What is Tor and how does it work
So, what is the anonymous Tor network? Tor is an abbreviation for The Onion Router (for those who do not know bourgeois, but are curious, see the translation in). If anyone is interested in tedious technical details, let them go to the Tor page on Wikipedia and figure it out. I would like to be a little simpler - on the same page on Lurkomorye. I’ll try to quickly explain it “on my fingers”.
Although this network operates on the basis of the regular Internet, all data in it does not go directly from you to the server and back, as in a “big” network, but everything is sent through a long chain of special servers and is encrypted many times at each stage. As a result, the final recipient, that is, you, becomes completely anonymous for the sites - instead of your real address, a completely wrong IP is displayed, which has nothing to do with you. All your movements become impossible to track, as well as what you did. And intercepting your traffic also becomes completely useless.
This is in theory. In practice, sometimes things are not so rosy. But we’ll talk about all possible problems a little later. You're already tired of the long and boring introduction, aren't you? Can't wait to install and try this miracle? Well, let's go!
Let's start using Tor?
Tor is a rather complicated device to install and configure. And in not so ancient times, connecting an ordinary “kettle” to it became a far from trivial task. However, today everything is much simpler. Smart and kind people took all the necessary modules, collected them into a coordinated group, configured everything as needed and stuffed it into a single package. This package is called . And after downloading, all the fuss with it comes down to the usual unpacking and subsequent stomping on the “I want Tor!” button. And Tor appears.
Of course, computer geeks and those who have nothing better to do or want to amuse their SCI can, as before, download all the necessary modules separately and gnaw at the multi-page technical “Kama Sutra”, trying to tie it all into a single whole, and somehow set it up and run the resulting design. Let's wish them good luck, and let's move on to something more rewarding.
I advise you to pay attention to the link on this tab “ Checking Tor Internet Settings" Clicking on it will help you finally make sure that you are actually now on an anonymous network. By the way, there is also a link to a short guide.
So, you are now invisible. However, before your head completely spins from anonymity and imaginary impunity, I will hasten to slightly spoil your mood. Just like that, purely out of personal harm.
I simply have to tell you about some of the “pitfalls” of the Tor network, so that when looking for adventures in your “lower hemispheres,” you don’t hurt them on these stones.
A little security in Tor
So, what Tor cannot protect against. Tor will not be able to protect a person from his own stupidity. If a person has only sawdust instead of brains in his neck growth, or he is purposefully looking for problems for himself, then he will definitely find these problems. And no Tor will help here. Learn to use your brain and exercise basic caution. Tor will also not be able to protect you from chatty programs on your computer. Any plugin or add-on in the browser can instantly “multiply your entire anonymity by zero.” And the browser itself...
That is why the package we are considering uses a specially modified version of Ognelis. By the way, does anyone else need to be reminded that Windows itself is one huge Trojan and a spyware? ( Linux people can breathe freely here - they never worry about such childhood problems of “windows”). Tor will also not be able to protect you from viruses and hackers. Well, it's not designed for that! Get yourself a normal antivirus and firewall, configure them correctly and learn how to use them - and sleep well.
The main problems of the anonymous Tor network
Okay, I’m finishing my lyrical digression and moving directly to the problems of the Tor network itself. The first thing that catches your eye is the speed. Page loading speed. Although the words “speed” and “rushing” are clearly inappropriate here. Pages are loading much slower than usual. This is the price for anonymity. The page you requested, before it gets to your browser, hangs around for a long time between servers around the world. It should, however, be recognized that the situation now is much better than a couple of years ago, and it’s quite possible to live at this rate. If you get used to it a little. No matter what, the network is developing and growing stronger.
Intelligence services
Another - and perhaps the main - problem of the Tor network is intelligence agencies. They just can’t come to terms with the fact that crowds of users roam the Internet freely and uncontrollably without their “all-seeing eye.” And they are constantly making all kinds of attempts to change the situation. The attempts are varied, even downright criminal. Before virus attacks, hacker attacks and hacking, targeted infection of software and servers with Trojans. Although not often, sometimes their efforts end successfully for them, and entire segments fall out of the “onion” network, and a “pative van” comes to one of the unluckiest (or the stupidest, or the most arrogant). But you’re not going to do anything criminal in Tor, are you? This is all to ensure that you do not relax too openly and always remember that Tor is not a panacea, and any anonymity is relative. And if you’ve already decided to gamble with the state, then it’s only a matter of time before you’re caught.
Officials
In addition to intelligence agencies representing the interests of states, government officials often pose a problem for the anonymous Tor network. The desire to “keep and not let go” in people who have seized power is ineradicable. Occasionally, in relation to some things, this desire is completely justified and fair, but more often than not, it is not. And the bit of freedom granted by Tor acts like a red rag on them. The Tor network is already banned in some countries. Legislatively. There was such an attempt in Russia. So far only in the draft version. Whether and when this project will become law, I do not know. At the moment, the Tor network in Russia operates without restrictions. If they ban it, something else will be found instead. I won’t lay out here verbatim folk wisdom on this matter, but I’ll say it a little softer and more streamlined: “For every action there is a reaction.”
Hackers
Another scourge for Tor is hackers. Some of them are ideological. and some are simply stoned to *** (sorry for the unparliamentary expression). Periodically, most often during a spring or autumn exacerbation, they organize “crusades”, trying to “cleanse the world from filth.” At the same time, the opinion of the world itself does not bother them at all. They feel that they have the right to decide for everyone. Not long ago, there was a “campaign” against, let’s say, unconventional porn on the Tor network. The matter in this case is quite godly. However, along with porn, a bunch of completely white sites were also cut down. Just like that, in passing. And who said that next time they will limit themselves to only this? So know that if your favorite “onion” site suddenly stopped opening, then it is quite possible that these are the actions of one of these with sore brains.
Infected files
Hackers are closely related to the problem with infected files of the Tor Browser itself. And here the ears of various intelligence agencies are often peeking out, trying to plant their Trojan on you instead of an anonymous network. For example, in App Store they still offer to download the infected Tor Browser. Moreover, the App Store administration was notified about this several times back in the fall. However, the Trojan is still there. Strange situation and strange slowness. True, all the strangeness instantly disappears when you remember that the tender and reverent friendship between the Apple Corporation and the US NSA is growing stronger day by day. So download the files of Tor itself exclusively from the official website, or our engine, in fact, will also give you the file directly from the official website.
Minor disadvantages of Tor
The review of more or less serious problems of the Tor network is over. Let's move on to minor troubles. I have already spoken about periodically disappearing sites. Now about Russian sites in this anonymous network. They are few. But they already exist, and there are more and more of them. And even on many foreign-speaking forums there are sections for Russians. So where to wander and who to talk to you will find. However, the main language on the Tor network is still English, and everything delicious on this network is in bourgeois. Although all kinds of dictionaries and dictionaries are always at your service.
Further. It should be remembered that the Tor network is fundamentally not moderated or controlled by anyone. Sometimes some kind of control is found on individual sites when their owners set rules for their visitors. But not more. Therefore, you may well stumble upon things that shock you. Be prepared for this. Also in this network there are various scumbags, outright schizoids, maniacs and other freaks. There are plenty of them on the “big” Internet, but on the anonymous network they feel more comfortable and are not particularly embarrassed. Their percentage is much smaller than government officials are trying to tell us, but they exist. And if you have minor children, I recommend protecting them from Tor.
And in general, I urgently demand that the Internet be protected from children! This will only benefit the Internet. This will make him much safer.
Well, in general, I told all the horror stories. Let me just remind you about viruses that Tor will not protect you from - protect yourself. Well, about anonymity once again - it is never one hundred percent, use your gray matter more often.
And for dessert, a small list of “onion” sites, so to speak, for overclocking.
Goodies and bonuses - a small list of “onion” sites
By the way, if you haven’t realized yet, in Tor Browser you can open both regular sites of the “big” Internet, bypassing some inconveniences, and special sites of the anonymous “onion” network. These sites are located in a special pseudo-domain zone .onion(look carefully at the address). They do not open from the regular Internet. At all. Only from a running and connected Tor Browser.
- Tor Wiki(http://torwikignoueupfm.onion/) - Directory of Tor links.
- The Hidden Wiki(http://kpvz7ki2v5agwt35.onion/wiki/index.php/Main_Page) is the first site where every new user of the Tor network should look. Contains links to almost all resources of the “onion” network. Often inaccessible due to huge influx of visitors.
- The Uncensored Hidden Wiki(http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page) - mirror of The Hidden Wiki. Moderation is minimal.
- TORDIR(http://dppmfxaacucguzpc.onion/) - a large catalog of “onion” sites.
- Tor Search(http://kbhpodhnfxl3clb4.onion/), Torgle(http://zw3crggtadila2sg.onion/torgle), TORCH(http://xmh57jrzrnw6insl.onion/) and The Abyss(http://nstmo7lvh4l32epo.onion/) - search engines on the Tor network, at least one of them works.
- Flibusta(http://flibustahezeous3.onion/) - a mirror of the famous library in the “onion” network (RU language).
- OnionNet(http://onionnetrtpkrc4f.onion/) - IRC network. The main language of communication is English. Different channels for discussion, even illegal. Additional servers: ftwircdwyhghzw4i.onion, renko743grixe7ob.onion, nissehqau52b5kuo.onion.
- vTOR“e(http://da36c4h6gxbckn32.onion/) - social network. interest clubs, blogs, forum.
- RAMP(http://ramp2bombkadwvgz.onion/) is today's largest trading platform in the Russian-language segment of the Tor network. Recently, there have been a lot of complaints about the actions of the administration and the increasing number of cases of scammers. (So don't click your beak and keep your eyes and ears open) Moreover, the largest selection in the entire network. And the highest prices.
- RUForum(http://ruforumqewhlrqvi.onion/) - Russian-language forum with communication and sale of everything that is not allowed. Recently it has been closed to outsiders. Registration is paid - $10.
- Amberroad(http://amberoadychffmyw.onion/) is one of the largest shadow trading platforms.
- Assassination Market(http://assmkedzgorodn7o.onion/) - betting on guessing the date of death of all sorts of bad people. Anyone can add a person to the list or increase the bid on existing positions. At the moment, Barack Obama and Ben Bernanke are in the lead.
- Hack IT(http://tuwrg72tjmay47uv.onion/) - a live service for hiring hackers.
- WikiLeaks(http://zbnnr7qzaxlk5tms.onion/) - I hope there is no need to explain what this is? Mirror in the “onion” network (ENG).
- Onion-Portal(http://ximqy45aat273ha5.onion/) - guide to the “onion” network (RU).
- http://k4bmdpobhqdguh2y.onion/ - blog about new hidden network services (ENG).
- Lukochan(http://562tqunvqdece76h.onion/Lukochan/) - large board (ENG, RU).
- Silk Road(http://silkroadvb5piz3r.onion) - another large anonymous trading platform (ENG).
- Keys open doors(http://wdnqg3ehh3hvalpe.onion/) - a site about hacking game consoles and all kinds of gadgets (ENG).
- http://n2wrix623bp7vvdc.onion/hackingservices.html - a resource about hacking social networks, etc. (ENG).
I intentionally do not cite all kinds of political-revolutionary-partisan resources here. Whoever needs it will find it himself.
Apparently, the Tor network remains unhacked. At least according to a 2012 internal NSA report, while the organization has had the ability to reveal the ownership of certain nodes in certain cases, it is generally unable to disclose any node upon request. Yes, and these disclosures occurred due to situations such as an error in the Firefox browser, which was part of the tor bundle and other similar things. If you use Tor correctly, the likelihood of exposure is extremely low.2. Tor is not only used by criminals
Contrary to popular belief, Tor is not only used by criminals, pedophiles and other bad terrorists. This, to put it mildly, is far from true. Activists of various kinds, journalists, and simply people who love privacy make up the portrait of Tor users. Personally, I am very impressed by the position of the Tor developers, answering the question “what, do you have something to hide?” with the phrase: “No, it’s not a secret - it’s just none of your business.”And criminals have a large arsenal of tools, from changing identities to stolen devices or network access, from botnets to Trojan viruses. By using and promoting Tor, you are helping criminals no more than using the Internet.
3. Tor has no hidden loopholes or backdoors
There are rumors that Tor was created by the military, and they deliberately created hidden loopholes in it. Although Tor was originally funded by the US Navy, its code has since been publicly available and many cryptography experts have studied its source code. Everyone can study them. And now enthusiasts, advocates of privacy and anonymity on the Internet, are working on the project.There is also information that US intelligence agencies hold about 60% of all nodes - but this is most likely a distorted information that about 60% of funding is provided by the US in the form of grants.
4. There have been no cases of anyone being convicted for supporting a relay node
True, in Europe, in this beacon of human rights and legal paradise, or more precisely in Austria, just the other day the person who held the output node was accused of complicity, because Illegal traffic passed through this node. So the danger of maintaining an output node is obvious. Well, relay nodes should be out of danger, since according to the network operation scheme they do not know where the request came from, where it is directed, or what traffic they transmit. And it is almost impossible to prove the passage of traffic through relay.5. Tor is easy to use.
Many people think that Tor is something difficult for hackers and computer geniuses. In fact, the developers have already made it as easy as possible to use - just download Tor Browser, and when you launch it, you will automatically use the Tor network. No settings, commands on the command line, etc.6. Tor is not as slow as you think
Just a couple of years ago the network was slow. Now access to sites occurs at quite acceptable speed. Yes, you can’t download torrents through Tor - it’s both slow and harmful to the network. But you can carry out any other usual activity without irritation.7. Tor is not a panacea
When using Tor, you still need to follow a few rules and understand a little about how it works, what it can do and what it cannot do, so as not to nullify all its efforts. If you are using the Tor Browser and are also logged into Facebook, this makes little sense. Understand how it works and use it wisely.Personally, I am a supporter of maintaining privacy and anonymity on the Internet. I promote and encourage everyone to support the Tor project as necessary and useful, especially in light of the sad events with the new laws “against the Internet.” Support the Tor network. Set up a relay for yourself - if you can allocate at least 50 kb/s in your channel for Tor, this will already be enough.
Why I advocate privacy and the possibility of anonymity. After all, I’m a law-abiding citizen and I have nothing to hide, right?
Well, I personally can answer this with the following arguments:
- I may have nothing to hide, but what I do is none of your business
- times change, people change, and laws change. I wrote something in the comments, and a couple of years after the adoption of another smart law, it suddenly became classed as extremist statements
- I don’t believe that all the people who are trying to monitor my actions are crystal honest and devoted servants of Themis. That no one will try to use the information received for their own dirty selfish purposes.
It will be interesting to know your opinion on issues of privacy and anonymity, %username%
,
I am not responsible for the quality of information
Tor allows clients and relays to provide so-called. hidden services (services). This means that you can make a Web, SSH, or other server publicly available without revealing its IP address to users. Moreover, your hidden service can work behind a firewall, because... no need for public addressing.
If you have Tor installed, you can see how hidden services work by visiting one of our official sites:
Idnxcnkne4qt76tg.onion/ - The Tor Project Website
j6im4v42ur6dpic3.onion/ - The Tor Package Archive
p3igkncehackjtib.onion/ - The Tor Media Archive
Other examples of reliable hidden sites are the Duck Duck Go search engine and someone's demo site.
This page describes the steps required to set up your own hidden site. Detailed information and technical details are available.
Step Zero: Install Tor
Before you start, you need to make sure that:
A. Tor is installed and working,
b. You have configured it correctly.
Windows users should read the “Windows Guide”
OS X users - with the “OS X Guide”,
and Linux/BSD/Unix users - with the “Unix Manual”
Step One: Install a Local Web Server
First, you will have to install a web server on your computer. Setting up a web server can be challenging. We will not describe here how to install a web server. If you're stuck or want to learn more, find someone you know who can help you. We recommend that you use a separate web server for your hidden site, because even if you already have a server installed, you may need it in the future for a regular site.
You will need to configure your web server so that it does not reveal information about you, your computer, or your location. Be sure to configure the web server to only respond to local requests (if people can access the web server directly, they will confirm that it is your computer that is providing the hidden service). Make sure that the error messages that your web server produces do not include your computer name or other personal information. Consider putting your web server in a sandbox or virtual machine to limit the damage from code vulnerabilities.
Once your web server is installed, check it's working: open your browser and try accessing localhost:8080/, where "8080" is the port number you chose during installation (you can choose any port, 8080 is just example). Then try placing some file in the root html folder and make sure it is accessible.
Step Two: Set Up Your Hidden Service
Now you need to configure your hidden service and redirect it to the local web server.
Firstly, open the file torrc in your favorite text editor. (Read https://www.torproject.org/docs/faq.html.en#torrc to find out what this means). About halfway through the file, look for a line that looks like this:
### This section is just for location-hidden services ###
This section of the file consists of groups of lines, each representing one hidden service. Now they are all deactivated (lines begin with #), that is, hidden services are turned off. Each row group consists of one HiddenServiceDir row and one or more HiddenServicePort rows.
HiddenServiceDir- this is the folder where Tor will store information about this hidden service. Specifically, Tor will create a file there called hostname, which will show you the .onion address. You don't need to add other files to this folder because it stores secret information!
HiddenServicePort allows you to configure a virtual port (i.e. the port that will be accessed from outside) and an IP address with a port for redirection to the virtual port.
Add the following instructions to your torrc:
HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
Change HiddenServiceDir so that it points to an existing folder with read and edit access for the user under which Tor will run. The above example should work if you are using Tor on OS X. On Unix, try "/home/username/hidden_service/" and replace "username" with your username. On Windows you can use:
HiddenServiceDir C:\Users\username\Documents\tor\hidden_service
HiddenServicePort 80 127.0.0.1:8080
Save torrc and restart Tor.
If Tor started, that's good. Otherwise something went wrong. Check your log files for entries with warnings or errors. Usually the problem is a typo in the torrc file or incorrect folder access settings.
When Tor loads, it will optionally create the HiddenServiceDir folder you specified and create two files in it.
private_key
First, Tor will create a new key pair (public and private) for your hidden service and store them in a "private_key" file. Do not share this key with anyone - otherwise another site may be presented as yours.
hostname
Another file created by Tor is called "hostname". There is a shortened version of your public key there, which will look like duskgxobans5g5jn.onion. This is the public name for your service and you can tell it to people, publish it on your website, put it on your business card, etc.
If Tor is running under a different username, such as on OS X, Debian, or RedHat, then you may have to switch to root to be able to view these files.
After you restart Tor, the program takes care of selecting "introduction points" in the Tor network and generating a "hidden service descriptor". This is a signed list of input nodes along with the full public key of the hidden service. Tor anonymously publishes this description to routing table servers. Other people anonymously copy this description from those servers when they try to connect to your service.
Try copying the contents of the hostname file into your browser. If everything works, then you will receive the html page that you configured earlier. If it doesn't work, check the log files and play with the settings until it works.
Step Three: Additional Tips
If you plan to keep your hidden service running for a long time, save a copy of the private_key file somewhere.
If you want to forward multiple virtual ports to a single hidden service, then simply add additional lines specifying the HiddenServicePort. If you want to provide multiple hidden services through one Tor client, then add the HiddenServiceDir lines. All subsequent HiddenServicePort references refer to the preceding HiddenServiceDir line until you add another:
HiddenServiceDir /usr/local/etc/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
HiddenServiceDir /usr/local/etc/tor/other_hidden_service/
HiddenServicePort 6667 127.0.0.1:6667
HiddenServicePort 22 127.0.0.1:22
Some aspects of anonymity you should keep in mind:
Be careful not to allow your web server to reveal personal information about you, your computer, or your location. Visitors may be able to determine the type of server - thttpd or Apache, for example - and learn something about your operating system.
If the computer is not constantly connected to the Internet, then your service will also not be constantly available. This provides additional information to your opponents.
If you have suggestions for improving this instruction, please send them to
