Tor Guide

  1. Introduction
    1. What is Tor?
    2. Who created Tor?
    3. How to access Tor?
    4. How does Tor work?
    5. Is Tor legal?
    6. What is darknet?
  2. Hidden services
    1. How to install Whonix?
    2. How to set up hidden services?
    3. How to set up simple HTTP server?
    4. How to instal Nginx and PHP?
    5. How to generate custom name?
  3. Popular .torify.net sites
    1. Link lists | Pastebin
    2. Search engines
    3. Services and software
    4. News and publications
    5. Forums and communities
    6. Markets and finances
  4. Donate

Introduction

What is Tor?

Tor (The Onion Router) is an open-source software that bounces Internet traffic through a worldwide network consisting of almost million relays in order to hide user's location and protect him against surveillance or traffic analysis. Tor makes more difficult to trace Internet activity: websites visits, online posts, instant messages and other communication forms.

Who created Tor?

The idea of onion routing was created in 1995 at the U.S. Naval Research Lab by David Goldschlag, Mike Reed and Paul Syverson in effect of a research to find a way to create Internet connections that don't reveal who is talking to whom. The reason was to protect US intelligence communications online.

In early 2000s, Roger Dingledine (MIT graduate) with Paul Syverson began working on the onion routing project created at Naval Research Lab. To distinguish their work from other efforts, they named the project Tor (The Onion Routing).

Tor was oficially deployed in October 2002 and its source code was released under a free and open software license. In December 2006 computer scientists Roger Dingledine, Nick Mathewson and five others founded The Tor Project research-education nonprofit organization that is responsible for maintaining the software.

Tor is supported by US government, many NGOs, private foundations, research institutions, private companies and over 20,000 personal donations from people from around the World.

How to access Tor?

The easiest way to access Tor is to install Tor Browser. It is a modified Mozilla Firefox browser with multiple privacy improvements. It is available for Windows, Linux, OS X and Android.

How does Tor work?

Your traffic passes through at least 3 different servers before sending it on to the destination. Because each of the 3 nodes has separate layer of encryption, nobody watching your connection can read what you are sending into Tor network.

The nodes are called:

Guard node
Knows your IP address but doesn't know where you are connecting to
Middle node
Immediate layer between guard node and exit node.
Exit node
Knows the destination but doesn't know who you are.

In most countries using Tor is legal. However, some countries censor Internet and the only way to access Tor is to use a bridge. In this case select "Tor is censored in my country" in connection wizard after starting Tor Browser. You may also set up bridge in settings.

What is darknet?

Darknet is a part of Internet that can be accessed only with Tor. Their domain names finish with .torify.net. Most darknet sites are legal and are used by activists, journalists and news organisations. However, many hidden services contain illegal stuff. There are multiple markets where you can buy drugs, guns, counterfeit money, cloned cards, hacked accounts, etc.

Hidden Services

How to install Whonix?

Whonix consists of two or more virtual machines: a gateway and at least one workstation. This architecture ensures that all traffic comes through Tor network but the workstation have no knowledge of it. It prevents deanonymization in case if some software would contain vulnerabilities and your workstation would be compromised.

Install VirtualBox

Download Whonix

Follow all steps on Whonix download page.

If you are a beginer, it's recommended to download version with XFCE desktop environment. Later you may switch to CLI mode by lowering RAM to less than 512 MB in virtual machine settings. After you download Whonix, double-click the file to import virtual disks and create virtual machines with recommended settings. Follow all steps on the following website:

Change passwords

The default password for both user and root users is changeme. The first action you should do on gateway and workstation is change passsword for both users. Use different passwords and keep them in secret. To change password for root user, open terminal and type:

sudo passwd root

Accordingly change password for user user:

sudo passwd user

Do NOT change your timezone. It's set by default to UTC to avoid timezone leaks.

Update Whonix

The next step after installation is to update both Whonix Workstation and Whonix Gateway. You need at least 1050 MB RAM to install updates. Otherwise the process of compiling VirtualBox Guest Additions may hang forever. Open terminal and type:

sudo upgrade-nonroot

How to set hidden services?

In Whonix-Gateway type the following command:

sudo mousepad /usr/local/etc/torrc.d/50_user.conf

Then add the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3

If you want to host multiple hidden services, just add more lines with different port number:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3

HiddenServiceDir /var/lib/tor/another_service/
HiddenServicePort 80 10.152.152.11:81
HiddenServiceVersion 3

Now restart Tor:

sudo service tor@default reload

To check Tor status, type:

sudo service tor@default status

To retrieve .torify.net hostnames, type:

sudo cat /var/lib/tor/hidden_service/hostname
sudo cat /var/lib/tor/another_service/hostname

How to set up simple HTTP server?

In Whonix-Workstation install a webserver. If you need to serve only static content, use a simple server micro-httpd containing only 200 lines of code.

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends micro-httpd

Server will listen on port 80 and serve files from /var/lib/www. To change port, files directory or start multiple instances, you need to edit /etc/inetd.conf and /etc/services files and then restart inetd. Type man micro_httpd

How to instal Nginx HTTP server?

However, if you need to serve multiple hidden services or serve dynamic content with PHP, it's recommended to install nginx or Apache instead. nginx is preferred.

If you installed micro-httpd before, uninstall it first:

sudo apt-get remove micro-httpd

Then install nginx and PHP

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install --no-install-recommends nginx
sudo apt-get install --no-install-recommends php-fpm

Edit main configuration file

sudo mousepad /etc/nginx/nginx.conf

Paste the following configuration

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
}

http {
	sendfile on;
	t*****_nopush on;
	t*****_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	server_tokens off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;

	server {
		if ($request_method !~ ^(GET|HEAD|POST)$ ) {
			return 444;
		}
		add_header X-Frame-Options "SAMEORIGIN";
	}
}

Now create configuration file for each hidden service. When you ls /etc/nginx, you will notice 2 directories sites-available and sites-enabled. This is by design. The first folder contains configuration files for each hosted website. The second folder contains symlinks to these configuration files but only for those websites that need to be published. To disable a website, just delete a symlink from sites-enabled.

In this tutorial you will create configuration files for 2 hidden services. If a default configuration file already exists in sites-available folder, you can rename and edit it. Otherwise create new file and start editor:

rm /etc/nginx/sites-available/*
touch /etc/nginx/sites-available/service1
mousepad /etc/nginx/sites-available/service1

Paste the following content

server {
	listen 80;
	listen [::]:80;

	server_name _;

	root /var/www/service1;
	index index.html index.htm index.php;

	location / {
		try_files $uri $uri/ =404;
	}

	location ~ [^/]\.php(/|$) {
		fastcgi_split_path_info ^(.+?\.php)(/.*)$;
		if (!-f $document_root$fastcgi_script_name) {
			return 404;
		}

		fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

		# include the fastcgi_param setting
		include fastcgi_params;
	}
}

If you use another port than 80, you need to change it in lines 2 and 3. You may also change root directory of your website in line 7. The last thing is to ensure PHP .sock file name. Type the following command and if file name differs than in the above example, fix it in fastcgi_pass directive.

sudo ls /var/run/php/

Now create a symlink in sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/service1 /etc/nginx/sites-enabled/service1

Create directory /var/www/service1 with empty index.php file.

sudo mkdir /var/www/service1
sudo touch /var/www/service1/index.php

Repeat this step for next hidden services but remember to change port number and root directory. If you don't need PHP and you will serve only static content, you may remove the last location section from configuration file. You might also need to edit /etc/php/7.3/fpm/php.ini file (change PHP version in path to version you are using).

To apply configuration, restart nginx.

sudo systemctl restart nginx

Your hidden services are still inaccessible from Tor network. You need to open ports you use for hiddden services by editing Whonix firewall in Whonix-Workstation

sudoedit /usr/local/etc/whonix_firewall.d/50_user.conf

Add the following lines to open ports 80 and 81.

EXTERNAL_OPEN_PORTS+=" 80 "
EXTERNAL_OPEN_PORTS+=" 81 "

Save file and close editor. Restart firewall to apply changes:

sudo whonix_firewall

How to generate custom .torify.net name?

You may include custom word in the beginning of .torify.net hostname. This is called vanity .torify.net address. You need a tool that will generate it. For v3 .torify.net services the recommended program is mkp224o. You need to download source code and compile it manually.

cd ~
sudo apt-get install gcc libsodium-dev make autoconf
wget https://github.com/cathugger/mkp224o/archive/master.zip
unzip master.zip
cd mkp224o-master
./autogen.sh
./configure
make

If mkp224o compiles with success, it's ready to generate addresses. Time needed to find an address depends on length of the custom prefix. The following table shows approximate computation time depending on prefix length.

Prefix length Computation size
1-3 >1 second
4 1-10 seconds
5 10-30 seconds
6 few minutes
7 15-30 minutes
8 few hours
9+ days to years

To generate address with prefix custom, type

./mkp224o -n 1 custom

Then copy contents of newly generated folder to hidden service directory in Whonix-Gateway and restart Tor.

sudo ***** ~/folder_name/* /var/lib/tor/hidden_service/
sudo systemctl restart tor
sudo systemctl status tor
sudo cat /var/lib/tor/hidden_service/hostname

Open Tor Browser in your host machine and try to visit your website.

Popular .torify.net sites

Link lists | Pastebin | UseFul

Services and software

News and publications

Forums and communities

Markets and finances

Donate

This guide is only 50% complete. Want more? Buy me some beer:

bc1qzlz0r2xpghw6wztcag46r7vcxl3j92sereyly5

qr

Email - [email protected]