Anonymous Web Resource In TOR

  • Автор темы ViNand
  • 244
  • Обновлено
  • 22, Jun 2020
  • #1
Why do you need this?



TOR can hide the actual location of the site, which means that they cannot turn it off, and the creator can find and punish / eliminate (subject to certain rules). In addition, the TOR address in the .onion domain zone cannot be stolen / assigned / revoked until you lose the secret key for this domain (more on this later).

Configure the web server

We skip this section and go to the TOR configuration section if the web server is already configured.

Python Single Line

If you have static html files with a website (ideal for security) and not a lot of resources, then you can simply run a one-liner in Python, which will give the user content.

To do this, go to the directory with html files and run the following command:

$ cd /var/www/site1$ python -m SimpleHTTPServer 80

You can run several sites in parallel, changing only the destination directory and port.

For example:

$ cd /var/www/site2$ python -m SimpleHTTPServer 81

Nginx

If the site is more complex and has enough resources – you can configure nginx.

We put:

$ sudo apt-get install nginx

It is recommended that the following values be changed in the /etc/nginx/nginx.conf file:

https {

...

# we do not provide a version of the software used

server_tokens off;

# disable logging

#access_log /var/log/nginx/access.log;

#error_log /var/log/nginx/error.log;

error_log /dev/null crit;

...

Next, create a new virtualhost file:

/etc/nginx/sites-available/site1

server {

listen 127.0.0.1:80 default_server;

server_name localhost;

root /var/www/site1;

index index.html index.htm;

location / {

allow 127.0.0.1;

deny all;

}

}

Turn it on:

$ cd /etc/nginx/sites-enabled

$ sudo ln -s ../sites-available/site1 .

Restart nginx and add it to autoload:

$ sudo service nginx restart

$ sudo update-rc.d enable nginx

Create a directory with a future site:

$ sudo mkdir /var/www/site1

We put the necessary files there and change the owner:

$ sudo chown -R www-data:www-data /var/www/site1

TOR setting

Configuring TOR comes down only to installing it and adding 2 lines to the config.

$ sudo apt-get install tor

Open /etc/tor/torrc:

HiddenServiceDir /var/lib/tor/site1 # the directory will create automatically

HiddenServicePort 80 127.0.0.1:80

Restart TOR:

$ sudo /etc/init.d/tor restart

The first line in the config indicates the path to the private key, which is created automatically by TOR at the first start after the configuration is modified and plays the role of the onion domain.

Let’s look at the contents of the directory for a better understanding:

$ sudo ls /var/lib/tor/site1

hostname private_key

The hostname file contains the domain address of the private_key key generated on the basis of the hash, which, in turn, was randomly generated at the first start.

pigf5kfufjz63s5z.onion

deleting / modifying the hostname file does not entail any consequences, the next time you restart TOR, it is again created based on the key.

This is more of a help file for you. But the private_key must be kept secret.

As long as you are the sole owner of this file – no one will ever steal your domain.

The key has a standard view:

-----BEGIN RSA PRIVATE KEY-----

MIICXQIBAAKBgQCiwfOmTC3c02kaz/BGftIXLafz4z6sTbufBpM/usaQAFdbW072

xZ0ds2ZEVbQNOjewU9QihrtA25v20ZblbEZfrLkPytKzb/ghCIEQN/mbSsnBcJ9b

JJa0OzhUy+V9uuXrO0afpk7eCB/EPNdwugfKu/G9JaBirWrRMkkAozhKjwIDAQAB

AoGBAJlFVwMzWDlN6fvy+E4a3hQvzauSRBIVPevbUE3CwX0YpSuGSE2B+Zzfth4C

K4YNXiYyO2KsSKkiZrS/2X+CQJ4WLy87VCkoF2TF5C4MKF3SOhGPorO4TCtxkhnN

7tprZFIlT7/cP45XretG+i6ZuksZtv2Oje0r1oCwxv0F4V5BAkEA0rVve2Q0x5EG

nZrBPFgsdPm6ikutuMUBFbNxv71ILbh3f+qePpH6wZIjgQ7FJXGXarC1DcyaPT52

QQWWnhGCYQJBAMW97zxTD+9klPBisZ7ClFWh88VBCPVeyz5AS2oQdNtRaJeKyiiS

JhtNIq5yPabCZ/JecqbtCoMY/pdJeJNs0u8CQFyAgG+YHz+ZYGEiRkDaqLG1zHnY

HWznN8GyJHa7fwtrVzLV6iCn74C5SlLnDA+THZkd+G4Va4UFfd6vuF6uayECQD9Q

aWFvVxLXqbiuYSDsPIKOsHbgM/YcvAban0r+qevvTQX4snH7Gah0Mj6Y5ZSXeqDo

DN3V2B/RyPK325uYpJECQQCs/Ko0Z2LIk+fDaHRsWI00DbflRK8jptnjArVTrabs

0Os5jX+UFum0kGRlNKQPV8suucP/5y6FanlmTs3RFwpt

-----END RSA PRIVATE KEY-----

It is recommended to make a copy of the key, pre-encrypting for example GPG, using a cryptographic password (or your key) and copy it somewhere:

$ sudo gpg -c /var/lib/tor/site1/private_key

If you clear the / var / lib / tor / site1 directory from the key, then the next time you restart TOR, it will generate a new key with a new random onion address.

Let’s go back to the config.

The second line (HiddenServicePort 80 127.0.0.1:80) defines what port the onion resource will have and what address and port we will forward to it. In our case, we take the address / port 127.0.0.1:80 and forward it to pigf5kfufjz63s5z.onion:80.

Let’s check if this is so. Open in tor-browser, or in any other browser, but with TOR configured and enter the address https://pigf5kfufjz63s5z.onion

. A page should open that hangs at 127.0.0.1:80.

If there are not so many sites, then we add in the config, for example:

HiddenServiceDir /var/lib/tor/site2

HiddenServicePort 80 127.0.0.1:81

HiddenServiceDir /var/lib/tor/site3

HiddenServicePort 80 127.0.0.1:82

restart TOR, after which the keys are created in the corresponding directories.

Despite the fact that the addresses are generated randomly – they can be selected.

We will talk about this in a separate article.

ViNand


Рег
29 Apr, 2012

Тем
11013

Постов
15292

Баллов
125422
Тем
49554
Комментарии
57426
Опыт
552966

Интересно