Tor onion site

There is a lot of misconception around the dark web, and most of the people think that it гидрой is not possible to create their website on Dark web (The Onion network). Today we will set up a website in the Onion/Tor network for free (With our own home server).As you can see above, I have created my website in the Tor network, and I've accessed it using the Tor Browser.This tutorial consists of three stepsPreparing your computer (Not a real com step)Installing & Configuring nginxInstalling TorConfiguring the Tor serverIngredientsAn old computer (You can try on AWS EC2, but I've not tried it there) 💻A stable internet connection 🌐2 hours ⌚Comfort using terminal ⌨InstructionsTo begin with, find a spare computer that can be used as a server (If you don't have one, you can try following the tutorial on an AWS EC2 or similar service). Also, you do not need a static IP for your dark web website.To follow the tutorial, You will need to install a Linux based OS on the server (we will refer your spare computer/cloud computer as a server from now), I have tested the below steps on Ubuntu 18.04 Server LTS and I recommend that you also use the same. Ubuntu 20.04 doesn't seem to work well with Tor.It is also recommended to use SSH to connect to your server since there will be no GUI, you will not be able to open this article on the server and copy-paste the commands. Typing the commands out will be time taking & also very error-prone.In this article, I will not explain how to use & configure SSH but you can refer the below link to understand & use SSH.How To Use SSH To Connect To A Remote Server In Linux Or WindowsImportant: Make sure you are running as root throughout the tutorial.sudo suLet's get our hands dark 😎Installing & Configuring nginxThe role of nginx is to serve the HTML files and assets (act as a web server).apt updateapt install nginxThe above commands will update the server & install nginx. To start the nginx serverservice nginx startTo check the status of the nginx serverservice nginx statusTo confirm if the nginx server is working. We will make a GET request to the server using curl. Before that, you'll need to know what is your IP address.ifconfigThe output will be similar to thislo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 134 bytes 21230 (21.2 KB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 134 bytes 21230 (21.2 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0wlp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet your-ip-address netmask 255.255.255.0 broadcast ###.###.#.### inet6 ####::####:####:####:#### prefixlen 64 scopeid 0x20<link> ether ##:##:##:##:##:## txqueuelen 1000 (Ethernet) RX packets 6379 bytes 8574482 (8.5 MB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3518 bytes 506008 (506.0 KB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0Find your IP address in inet your-IP-address. Note it down, using that now make a curl request.curl your-IP-address:80The console should print out the HTML code of the default nginx page. You can also check if nginx is working by typing the IP address of the server in your browser.To add your custom page, follow the steps from their official documentation. Beginner's guide - nginxInstalling TorInstalling Tor (not just the browser) allows your computer to communicate with the Tor network. Before installing Tor, we will have to install apt-transport-https, so that we can use source lines with https://apt install apt-transport-httpsImportant: The below commands are for Ubuntu 18.04 onlyIf you are running other OS, please find the commands here, from Tor's official, site. We will now open the sources file to add the Tor sources.touch /etc/apt/sources.list.d/nano /etc/apt/sources.list.d/Once the editor is open, add the following sources to the filedeb https://deb.torproject.org/torproject.org bionic maindeb-src https://deb.torproject.org/torproject.org bionic mainAfter exit & saving, type the following in the terminal. This is to add the gpg key used to sign the Tor packages.curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --importgpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -Finally, now we install Tor and also a package which will help to keep the signing key current.apt updateapt install tor deb.torproject.org-keyringSimilar to nginx, Tor can be started & checked by the following commandsservice nginx startservice nginx statusSetting up the tor serverNow that we have nginx & Tor up and running, we will have to configure Tor so that our server acts as a Tor server (Your server will not be used as a relay node)For this, we will have to edit the torrc file. The torrc is the configuration file for your Tor, the power of the file is such that, you can alter Tor to act as a proxy server & contribute to the Tor network (Not in this tutorial). In this tutorial, the torrc will be configured to act as a tor webserver (onion service).nano /etc/tor/torrcIn the torrc file, Go to the middle section and look for the line############### This section is just for location-hidden services ###And uncomment the following lines.HiddenServiceDir /var/lib/tor/hidden_service/HiddenServicePort 80 127.0.0.1:80In these lines,HiddenServiceDir will tell Tor where to save the private_key & hostname of your Tor website (They are information about your dark website). The private key stored is very important & could be used to impersonate you. In case you change your server, you just need to copy-paste your private key into the new server.HiddenServicePort lets you specify a virtual port (that is, what port people accessing the website will think they're using) and an IP address and port for redirecting connections to this virtual port.To apply this new configuration, Stop the Tor service and start it again by typing the following commands.service tor stopservice tor startNow check the status of the tor service to see if the changes are working & valid.service tor statusIf things are looking good, proceed to the next step, otherwise, you might have made a mistake in editing the.torrc file.At this point, your dark website must be running. But we don't know what is the URL, to get it, run the following commandcat /var/lib/tor/hidden_service/hostnameThe URL to your all-new dark website will be printed in the console. To test if it's workingcurl -v --socks5-hostname localhost:9050 http://your-onion-domain.onionThe URL is actually your-public-RSA-key.onion. Tor has a different way of identifying websites, i.e. via their public RSA key.You might notice that the URL generated, is very long and you might be wondering how to create custom hostname (i.e. Custom RSA public key). I will be creating an article on this topic very soon.Now let's celebrate on your first dark website 🎉. Also please share your thoughts in the comments 😁 (For example, you can ask me to add instructions on "how to add your custom page in nginx")

Tor onion site - Hydra официальный сайт в россии

All anyone monitoring your browsing habits can see is that you're using Tor.RESIST FINGERPRINTINGTor Browser aims to make all users look the same, making it difficult for you to be fingerprinted based on your browser and device information.MULTI-LAYERED ENCRYPTIONYour traffic is relayed and encrypted three times as it passes over the Tor network. The network is comprised of thousands of volunteer-run servers known as Tor relays.BROWSE FREELYWith Tor Browser, you are free to access sites your home network may have blocked.We believe everyone should be able to explore the internet with privacy.We are the Tor Project, a 501(c)(3) US nonprofit.We advance human rights and defend your privacy online through free software and open networks. Meet our team.

By Ben Kero, Devops Engineer at BraveIn 2018, Brave integrated Tor into the browser to give our users a new browsing mode that helps protect their privacy not only on device but over the network. Our Private Window with Tor helps protect Brave users from ISPs (Internet Service Providers), guest Wi-Fi providers, and visited sites that may be watching their Internet connection or even tracking and collecting IP addresses, a device’s Internet identifier.We are, and always have been, hugely thankful for the work and mission that the Tor team brings to the world. To continue our support, we wanted to make our website and browser download accessible to Tor users by creating Tor onion services for Brave websites. These services are a way to protect users’ metadata, such as their real location, and enhance the security of our already-encrypted traffic. This was desired for a few reasons, foremost of which was to be able to reach users who could be in a situation where learning about and retrieving Brave browser is problematic.We’ll go through the process of creating this setup, which you should be able to use to create your own onion service.To start the process we ‘mined’ the address using a piece of software called a miner: I chose Scallion due to Linux support and GPU acceleration. Mining is the computationally expensive process of creating a private key to prove a claim on an onion address with a desired string. Onion (v2) addresses are 16 character strings consisting of a-z and 2-7. They end in .onion, and traffic to .onion domains does not exit the Tor network. V3 addresses are a longer, more secure address which will provide stronger cryptography, which we will soon migrate to.In our case we wanted a string that started with ‘brave’ followed by a number. A six-character prefix only takes around 15 minutes when mined on a relatively powerful GPU (we used a GTX1080). The end result is a .onion address and a private key that allows us to advertise we are ready and able to receive traffic sent to this address. This is routed through a ‘tor’ daemon with some specific options.After we mined our onion address we loaded it up in EOTK. The Enterprise Onion Toolkit is a piece of software that simplifies setting up a Tor daemon and OpenResty (a Lua-configurable nginx-based) web server to proxy traffic to non-onion web servers. In our case we are proxying traffic to brave.com domains. One last piece was required to complete the setup: a valid SSL certificate.Without the certificate, upon starting  EOTK for the first time, you’ll find that many web assets don’t load. This is due to using a self-signed SSL certificate. For some, this is acceptable. Many onion users are accustomed to seeing self-signed certificate warnings, however for the best experience a legitimate certificate from a CA is necessary. For now, the only certificate authority issuing certificates for .onion addresses is DigiCert. They provide EV certificates for .onion addresses including SANs, with the exciting addition of wildcard SANs, which are otherwise not allowed in an EV certificate!Generating a private key and certificate signing request is done in the standard way with OpenSSL. For more information about how this is done see documentation here. An example of a CSR configuration file is shown below:One snag was that the process of proving you own the address requires a few different steps of validation. One is the traditional EV due diligence of contacting a representative of the organization that is on-file with DigiCert. Another is a practical demonstration, either of a DNS TXT record or a HTTP request to a well-known URL path. Since the onion addresses don’t have the concept of DNS, TXT validation will be impossible. That leaves the only remaining option as the HTTP practical demonstration. The demonstration involves requesting a challenge from DigiCert, at which point they will send you a short string and a path that they need to see the string served at.You then start a web server listening on that address on port 80 (non-SSL). They will send a GET request for that path. If they are able to successfully fetch the string, they know that you are in control of the address. Sadly, when I performed this song and dance with DigiCert the request did not work for 2 reasons. One was that EOTK was redirecting all of the non-SSL traffic to the SSL listener. The request failed since we were still running an EOTK-generated self-signed certificate. EOTK has a feature to serve short strings such as those required for this process using the “hardcoded_endpoint_csv” configuration option, but unfortunately it did not work due to the SSL redirect. I was able to modify the OpenResty configuration to move the configuration block responsible to the port-80 server section.After consulting with the author, I was told that the “force_http” EOTK option will fix this. Another problem is that DigiCert’s automated validator evidently cannot route Tor traffic since requests still failed. Opening a chat session with a DigiCert rep solved this problem quickly though, especially after pointing out that DNS TXT validation is not possible, and providing a link to the .onion blog post referenced earlier.We had to reissue certificates a few times (requiring more rounds of human validation for the EV cert requirements) in order to add some SAN wildcard subjects for our various subdomains (for example *.brave.com will not match example.s3.brave.com). One thing to note here is that even if you update the SAN subjects in your CSR, this will not add them to the reissued cert. They must be added through DigiCert’s web interface, and it can be easy to miss.Once we had our certificate we fed this into EOTK and found that web pages started appearing correctly, and that downloads worked without receiving a certificate error! This was a very satisfying milestone and let me know that we were almost done.EOTK does some string manipulation to rewrite URLs and some text on the pages so that they refer to the .onion addresses (example: a link to “brave.com/blog” becomes “brave5t5rjjg3s6k.onion/blog”). This is mostly desirable, although some strings should be preserved. For example we have several email addresses listed on brave.com such as [email protected]. This was being rewritten as [email protected]. Since we don’t (yet) run an email server as an onion service these email addresses won’t work, thus they should be preserved as [email protected]. EOTK has a “preserve_csv” option to maintain these static strings.Another suggestion is to include an Onion-Location response header on your web site, which points to your onion address. This hints at the user and their browser that the site is also available as an Onion service, and that they can visit that site if they so choose.Of course this novel daemon setup needed to run *somewhere*. In accordance with our standard devops practices at Brave, we wrote infrastructure-as-code using Terraform to deploy and maintain this. It is currently deployed in AWS EC2 with private keys secured in AWS SSM and loaded on boot. In a future iteration of the code we’d like to implement OnionBalance so that we can provide more redundancy and scalability to our onion services.Hopefully this post has taught you how we’ve been able to set this up at Brave, and how you can replicate our success to run an onion service for yourself. If you have any questions please feel free to reach out to me at [email protected], or on Twitter at @bkero.I’d like to thank Alec Muffett, the author of EOTK, for his invaluable assistance in helping me overcome all the challenges related to setting this up, and for encouraging me to do things the harder but more correct way. I’d also like to thank Kenyon Abbott at DigiCert for his assistance in helping with the process of issuing and re-issuing the certificate and enduring the multiple iterations necessary to get our certificate working.