Setup a Tor Hidden Service

Setup a Tor Hidden Service

A Tor hidden service is simply a web server that runs locally and only takes requests from inside the Tor network. It is bound to localhost, so it is not visible or accessible to the outside Internet.

Hidden services do not require registration or processing because they are anonymous, so there is no domain name to purchase and use. You may simply set up a web server, and point it to your loopback address.

The network will then generate a Tor host name to be located by. Knowing this also explains the sometimes varied uptime of hidden services in general.

You will find hackers, crackers, porn and political discontent. You will find places to have your hashes cracked and places that sell drugs.

If you want to operate a hidden service, you need to download and install the actual Tor client. The installation is a simple matter in most cases, but might require a few extra steps for Ubuntu/Debian users.

After you’re finished, you have the Tor client running on a default port of 9050.

If you are using Linux, your absolute best choice for a web server is ThttpD. You may use more mainstream servers like Apache. Windows users will find a good home there, but in this tutorial, we will focus on ThttpD.

$ wget http://www.acme.com/software/thttpd/thttpd-2.25b.tar.gz
$ tar zxvf thttpd-2.25b.tar.gz

Move into the new directory to configure and compile from source:

$ sudo ./configure && make
$ mkdir hidserv; cd hidserv
$ cd ..
$ ./thttpd -p 5222 -h localhost

The last command started the web server and told it to use port 5222 and localhost as its host. You can click this link to see if it worked.

Navigate to your /etc/tor directory and open the file named torrc with your favorite editor. This is a configuration file for letting Tor know you are running a hidden service. Scroll down about halfway until you see the title:

### This section is just for location-hidden services ###

And add the following lines under that:

HiddenServiceDir /home/username/hidden_service/
HiddenServicePort 80 127.0.0.1:5222

Username is the name you log into on your Linux box with and hidden_service is whatever name you wish to give it. Now restart Tor. When it starts back up, it reads the file torrc, follows the instructions, and bootstraps your service into the Tor network.

It will then automatically create the ‘hidden_service’ directory that you specified (if necessary), and it will create two files there, private_key and hostname.

The private key is identical to the idea we discussed in this GPG article. Keep this key secret. Anyone who obtains it can impersonate your hidden service. The hostname is a URL created by the network used to identify you from other services, it should look something like uy4htf7ssvv3gfh8g.onion.

Besides Tor you can use also I2P for a anonymous network.