User Tools

Site Tools

tools:tor

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tools:tor [2024/10/01 02:40] – [Testing Your Connection] AspHuntertools:tor [2025/09/30 22:44] (current) – external edit 127.0.0.1
Line 3: Line 3:
 **Tor** //(short for **"The Onion Router"**)// is a {{tagpage>Tunneling|tunneling service}} which was developed by the US Navy in the mid 1990s, and released to the public in 2004. It’s main goal was to add encryption and anonymity to naval communication. In 2006 **The Tor Project** was founded and began maintaining the Tor network. Today there are over 7000 volunteers who maintain the network, and it can be used on all major operating systems. **Tor** //(short for **"The Onion Router"**)// is a {{tagpage>Tunneling|tunneling service}} which was developed by the US Navy in the mid 1990s, and released to the public in 2004. It’s main goal was to add encryption and anonymity to naval communication. In 2006 **The Tor Project** was founded and began maintaining the Tor network. Today there are over 7000 volunteers who maintain the network, and it can be used on all major operating systems.
  
-Tor is most often used to anonymously browse the web, somewhat similarly to a [[security:proxy]] or [[security:vpn|VPN]]. However, Tor also provides the ability to anonymously run your own private website on the .onion TLD, which only people who use a Tor-enabled browser can reach. You don’t even have to pay for a domain name. If you wanted to set up your own privately hosted website that is not on the clearnet, you would use Tor and your favorite web server like Apache, nginx or even [[tools:python|Python]]. +Tor is most often used to anonymously browse the web, somewhat similarly to a [[security:proxy]] or [[security:vpn|VPN]]. However, Tor also provides the ability to anonymously run your own private website on the .onion TLD, which only people who use a Tor-enabled browser can reach. You don’t even have to pay for a domain name. If you wanted to set up your own privately hosted website that is not on the clearnet, you would use Tor and web server like [[tools:apache|Apache]][[tools:nginx]] or even [[tools:python|Python]]. 
  
  
 ===== Browsing the Web with Tor ===== ===== Browsing the Web with Tor =====
  
-[[https://www.torproject.org/download/|Tor Browser]] is a Mozilla-based browser that is able to navigate both the dark web and the clearnet. For instance if you were to put the address //(ie: s2zybriihvvjq4g55ckgfpdjwh2or3gg7dfosdz3sd4hrt5hvd5g2eqd.onion)// for our Tor website into Google Chrome, MS Edge or Firefox, you would get a 404 error returned back as none of those browsers can navigate the dark web with out addons.+[[https://www.torproject.org/download/|Tor Browser]] is a Mozilla-based browser that is able to navigate both the dark web and the clearnet. For instance if you were to put .onion address into Chrome, MS Edge or Firefox, you would get a 404 error returned back as none of those browsers can navigate the dark web without addons.
  
 Tor Browser works by establishing randomized links to **entry, middle and exit nodes** for the clearnet. When you first open Tor it will randomly connect to these. You can always reconnect and grab new nodes. Tor Browser works by establishing randomized links to **entry, middle and exit nodes** for the clearnet. When you first open Tor it will randomly connect to these. You can always reconnect and grab new nodes.
 +
  
 ==== Testing Your Connection ==== ==== Testing Your Connection ====
Line 16: Line 17:
 First open your regular browser window and go to [[https://dnsleaktest.com|DNS Leak Test]]. The info you are presented with is the what your ISP //(or preferably [[security:vpn|VPN]])// has passed on to them. Open that same link in Tor Browser, and you will see that it will give you different information. Run the standard tests for both and see the different results.  First open your regular browser window and go to [[https://dnsleaktest.com|DNS Leak Test]]. The info you are presented with is the what your ISP //(or preferably [[security:vpn|VPN]])// has passed on to them. Open that same link in Tor Browser, and you will see that it will give you different information. Run the standard tests for both and see the different results. 
  
-== So what is going on here? ==+ 
 +==== How It Works ====
  
 When you visit [[https://dnsleaktest.com|DNS Leak Test]] with Tor, all of your information is encrypted and sent to the entry node. The Entry node only sees the IP address that you are connecting from. The rest of the information that you send along with that remains encrypted. When you visit [[https://dnsleaktest.com|DNS Leak Test]] with Tor, all of your information is encrypted and sent to the entry node. The Entry node only sees the IP address that you are connecting from. The rest of the information that you send along with that remains encrypted.
Line 22: Line 24:
 It then forwards the data onto a middle node which only acts a relay between nodes. It doesn’t know the final destination nor does it know where the data came from. It only knows the entry node and the exit node. This is vital for making sure you stay anonymous. The Middle node or relay, only moves your encrypted data back and forth between entry and exit nodes. It then forwards the data onto a middle node which only acts a relay between nodes. It doesn’t know the final destination nor does it know where the data came from. It only knows the entry node and the exit node. This is vital for making sure you stay anonymous. The Middle node or relay, only moves your encrypted data back and forth between entry and exit nodes.
  
-When the exit node gets your data from the middle relay, it decrypts the URL that you are wanting to go to and forwards just that information onto a dns server which sends back the webpage you are looking for. This then enters the exit node, is encrypted and sent through the middle relay, which in turn moves the data back to the entry node and then to you. +When the exit node gets your data from the middle relay, it decrypts the URL that you are wanting to go to and forwards just that information onto a DNS server which sends back the webpage you are looking for. This then enters the exit node, is encrypted and sent through the middle relay, which in turn moves the data back to the entry node and then to you. 
  
  
 ===== Hosting Your Own .onion Website ===== ===== Hosting Your Own .onion Website =====
  
-This lesson will briefly cover the aspects of using Tor and python3 to host your own site. +This lesson will briefly cover the aspects of using Tor and Python 3 to host your own site.
  
-Open a terminal and once open create a folder where you will work. +In your [[tools:bash|terminal]], create a folder called ''my_tor'' and use [[tools:bash:getting-started#cd|cd]] to enter it:
  
-mkdir my_tor +  mkdir my_tor 
 +  cd my_tor
  
-Now change directories into that folder. +Because I am using Python 3 as my web server, now is the time I will launch it:
  
-cd my_tor+  python3 -m  http.server –bind 127.0.0.1 8080
  
-Because I am using python3 as my web server, now is the time I will launch it+Now open open a new terminal in the same folder.
  
-python3 -m  http.server –bind 127.0.0.1 8080+The first thing we need to do is create an index file for our onion websiteIn this lesson we will use nano, but you can use any text editor that you like.
  
-Now open open a new terminal in the same folder.  +  nano index.html
- +
-The first thing we need to do is create an index file for our onion website. This paper will use nano but you can use any cmd line text editor that you like +
- +
-nano index.html +
  
 Once that is open type the following: Once that is open type the following:
  
-<html><body>Bestpoint Institute<body><html>+  <html><body>A Best Point demo page.<body><html>
  
-Now save and close your file. +Now save and close your file.
  
-It’s time to test. Open your browser and type in localhost:8080 You should see your website up and going. If it’s not you need to go back and troubleshoot your webserver. +It’s time to test. Open your browser and visit **localhost:8080**. You should see your website up and going. If it’s not you need to go back and troubleshoot your webserver.
-Next we need to configure Tor. Change directories to /etc/tor+
  
-cd /etc/tor+Next we need to configure Tor. Change directories to ''/etc/tor'' and use [[tools:bash:getting-started#ls|ls]] to view the contents:
  
-now +  cd /etc/tor 
 +  ls
  
-ls +You will see a file called ''torrc''. We want to edit that file.
  
-You will see a file called torrc. Open it with your favorite editor+  nano torrc
  
-nano torrc +Once the file is open you need to scroll down to the section that says //“This section is just for location-hidden services."// Uncomment the lines for ''hiddenservicedir'' and ''hiddenserviceport''. Change the port address from 80 to 8080 save and close.
  
-Once the file is open you need to scroll down to the section that says “This section is just for location-hidden services” +Next, start Tor with the following command:
  
-Uncomment the lines for hiddenservicedir and hiddenserviceport. Change the port address from 80 to 8080 save and close. +  sudo tor
  
-Next start Tor with the following command. +Open another terminal and become super user, navigate to the ''hidden_service'' directory, and view its contents:
  
-sudo tor +  sudo su 
 +  cd /var/lib/tor/hidden_service 
 +  ls
  
-Open another terminal and become super user+You will see a file there called ''hostname''That file has your site address. Use [[tools:bash:getting-started#cat|cat]] //(or any text editor)// to retrieve it:
  
-Sudo su +  cat hostname
  
-now navigate to  +You will get an output like this: ''longstringofrandomnumbersandlettersdsfargeg.onion''
-cd /var/lib/tor/hidden_service +
  
-and type  +Open your favorite Tor browser and paste that address in and you will see your own website. You now have a working website that is on the dark web. Type ''exit'' into your terminal to close out of your root session.
- +
-ls  +
- +
-you will see a file there called hostname.  +
- +
-You can either use your favorite editor to open it and see your hostname or you can cat the file.  +
- +
-Cat hostname  +
- +
-you will get an output like this s2zybriihvvjq4g55ckgfpdjwh2or3gg7dfosdz3sd4hrt5hvd5g2eqd.onion +
- +
-Open your favorite Tor browser and paste that address in and you will see your own website.  +
- +
- +
-You now have a working website that is on the dark web.  +
- +
-type exit in the terminal and exit from being root+
  
  
 ===== Security Caveats ===== ===== Security Caveats =====
  
-It is very important to know that this is not the most secure way of moving data. While highly anonymous, you can still be tracked by users running their own entry and exit nodes. **It is very important to note that Google, Amazon, most major ISPs, various US federal & law enforcement agencies, and many other governments as well, all run a sizable amount of the entry and exit nodes on Tor** //(for more information, see this visualization map at [[https://hackertarget.com/tor-exit-node-visualization/|Hacker Target]])//.+It is very important to know that this is not the most secure way of moving data. While highly anonymous, you can still be tracked by users running their own entry and exit nodes. **It is very important to note that Google, Amazon, most major ISPs, various US federal & law enforcement agencies, and many other governments as well, all run a sizable amount of the entry and exit nodes on Tor.** For more information, see this visualization map at [[https://hackertarget.com/tor-exit-node-visualization/|Hacker Target]].
  
-Since entry nodes know your IP and exit nodes know where you’re going on the clearnet, if you get an entry and exit node ran by someone harvesting data, your movements can then be trackedAlso Tor is illegal in some countries so make sure it’s legal to use in your area+Since entry nodes know your IP and exit nodes know where you’re going, your movements can be tracked if you get an entry and exit node run by someone harvesting data. This means it is a very good idea to [[https://www.independent.co.uk/advisor/vpn/combining-tor-and-vpn|layer Tor with a regular VPN]]. You should also know that Tor is illegal in some countriesso you should research this ahead of time to know what you're getting into.
  
  
 {{tag>Tools Tunneling}} {{tag>Tools Tunneling}}
 +
tools/tor.1727750456.txt.gz · Last modified: (external edit)

Find this page online at: https://bestpoint.institute/tools/tor