Wednesday, 2 December 2015

How To Create A Hidden Service Tor Site To Set Up An Anonymous Website (Windows)

Tor is an anonymous, secure network that allows anyone to access websites with anonymity. If you want to know more about Tor and how it works, you could read my previous post on Tor - The Onion Router.

 If you want to set up your own anonymous website, you can create a hidden service Tor site. Your hidden service website runs entirely within Tor, so no one will know who created and runs the website. Only people using Tor can access it, though. Hidden service Tor sites are ideal for anyone who wants to set up a website anonymously, such as political activists in repressive countries.

Not all hidden services have to be websites. You could create an SSH server, IRC server, or any other type of server and offer it as a hidden service on Tor. This tutorial will focus on setting up a hidden Tor site using the Savant web server – which Tor recommends – on Windows. The steps can also be applied to other operating systems and web servers.

Step 1: Install Tor

To get started, you’ll have to download and install Tor on your computer. If you already have it installed, you can skip this step. By default, Tor installs the Tor browser bundle, which includes a specially configured Firefox browser - called the Tor browser.

When you visit the Tor website, do the following steps:

Click "Download Tor"

Click "Download" button. Tor Browser is about 42 MB. Then double click the downloaded Tor installer file.

After clicking finish, the Tor Browser connects.

Then if Tor connects successfully, the browser opens, such as below.

Then you check out the url in the address bar, you should get status as "Connected", if not you will not be able to host or view any .onion sites since you are not connected to the Tor network.

You can check out an example hidden service by plugging duskgytldkxiuqc6.onion into your Tor web browser’s address bar.

Tor must always be running on your system for the hidden service to be accessible. If your computer is off, disconnected from the Internet, or if Tor isn’t running, the hidden service Tor side won’t be accessible. This does have some anonymity implications – it’s theoretically possible to infer whether or not your computer is running the hidden service by seeing whether it’s accessible when your computer is off.

Step 2: Install & Configure A Web Server

You’ll need a web server to serve the hidden service site from your system. Tor’s official documentation recommends against using the common Apache web server. Instead, Tor recommends using the Savant web server on Windows or the thttpd Web server on Mac OS X, Linux and other UNIX-like operating systems. Tor’s documentation notes that Apache “[is] big and has lots of places where it might reveal your IP address or other identifying information, for example in 404 pages” but also notes that “Savant probably has these problems too“.

The takeaway is that web server configuration is very important. If you’re running a very sensitive hidden Tor site, you’ll want to go through your web server’s settings and ensure it isn’t leaking any information that could be used to identify you, such as your IP address.

We’ll use Savant as an example here, but you can set the same options in other web servers. To configure Savant, launch its main window and click the Configuration button.

From the configuration window, you’ll need to set the “Server DNS Entry” box to “localhost” to bind Savant to localhost. This ensures your website is only accessible from your local computer, so people can’t access it over the normal Web and see you’re hosting the hidden service Tor site.

You’ll also have to note the port number you’re using.

You could then open any browser (NOT TOR). Then type "localhost" in the address bar. You should get the following page :

Then if you look at the Savant Web Server admin area, you can see the following :

After the web server is configured, you’ll want to add your content. By default, Savant uses the C:\Savant\Root directory (you can change this from the Paths tab). Ensure you replace the index.html file in this directory with the file you want as your homepage.

You can verify it works by typing localhost into your main browser’s address bar. If you set a different port instead of 80 – say, port 1000 – type localhost:1000 instead.

Step 3: Configure The Hidden Service

Now that Tor’s installed and a web server is running, all you have to do is tell Tor about it. You should be able to add this information to the torrc file through the Vidalia graphical user interface, but I experienced errors and had to do this by hand.

First, shut down Tor if it’s running.

Next, locate your torrc file. For that go to the Tor directory (it will be installed in Desktop by default), enter the Browser directory.

Then goto Browser > TorBrowser > Data > Tor

Open this file with Notepad or another text editor.

Add the following section to the end of the file:

# Hidden Service
HiddenServiceDir C:\Users\Name\tor_service
HiddenServicePort 80

Replace C:\Users\Name\tor_service with the path to a directory Tor can read and write to on your system. Do not use the directory that already contains your website. This should be an empty directory.

Replace the :80 with the port the web server is using on your system. For example, if the web server is running on port 5000, you’d use the line HiddenServicePort 80

Save the file after editing it. You’ll also have to create the directory you specified, if it doesn’t already exist.

Restart Tor after you do this.

Check out the hidden service directory you created. Tor will have created two files in the directory – hostname and private_key. Don’t give anyone the private_key file or they’ll be able to impersonate your hidden service Tor site.

You’ll want to open the hostname file in Notepad or another text editor. It will tell you the address of your new hidden service Tor site. Plug this address into your Tor web browser and you’ll see your website. Give the address to others so they can access your site. Remember, people must be using Tor to access your hidden service site.

Successfully you have created your own .onion "anonymous" website :).

If you are able to get the .onion website, you might be wrong somewhere in the process. So read it again and then host the website again. The website you host depends on the bandwidth of your connection. You have to be connected to Tor whenever you wish others to see your website. Also, if you are using a firewall create some exceptions (if you have changed the port number in Savant server). 

If you wish to have your website hosted by others I will write a post on .onion hosting sites in the near future. Stay tuned.

Share your knowledge !!!