I hosted a mirror of this blog on the dark web. Here's how

I hosted a mirror of this blog on the dark web. Here's how

How to host any website on the dark web using .onion URL

Winston Wacieni's photo
Winston Wacieni
·

5 min read

If you're reading this then you probably know what the deep and dark web is. If you don't then I definitely recommend watching this Techquickie explainer video which really helped get the concepts right Tor As Fast As Possible - YouTube

So, before doing proper research on this topic I honestly thought it would be an uphill task. With all the secrecy and shadiness that the deep web is shrouded in, I thought getting to host any website/service on the deep web is a sort of exclusive club.

Turns out the process is a lot simpler than I thought. You don't need complex technical knowledge. You'll need a Linux machine since the tor-service runs best on UNIX-like systems and it is well supported. Hop on your Linux machine or a VM and let us get started.

This is what we will be running through

  • Tor Browser and Service
  • Creating a basic web page
  • Starting a basic webserver to host our web page
  • Hosting our web page on the Dark Web with a custom Onion address

Tor Browser and Service

The tor browser enables connection to the hidden service Network. With domains ending with .onion. I will be using Fedora Linux in which Tor does not come pre-installed. I will also feature commands for the most common packaging system APT (advanced packaging tool) used on Debian-based Linux distros.

You can also install the Tor Browser on Windows, OS X, and Android.

The first step is to install “tor”.

tor-logo.jpeg On Debian based systems

kali@kali:~$ sudo apt-get update -y && sudo apt-get upgrade -y
kali@kali:~$ sudo apt-get install tor -y

On Fedora-based systems

$ sudo dnf update 
$ sudo dnf install -y tor
$ sudo dnf install -y tor-browser-launcher

On Arch-based systems

     $ sudo pacman -S tor
     $ ## nyx provides a terminal status monitor for bandwidth usage.
     $ sudo pacman -S nyx
     $ ## torsocks safely torify applications
     $ sudo pacman -S torsocks

Then, we start the “tor” service…

stonney@localhost:~$ service tor start
Redirecting to /bin/systemctl start tor.service

Or we can optionally start TOR on the start-up

sudo systemctl enable tor

Whichever operating system you use, the Tor browser requires a dedicated non-root user to run and there is a good reason for this. If for any reason the browser is compromised by some vulnerability or dodgy download, you want to limit the attack surface as much as possible on your system. For the same reason, you would never want to run this as root.

For the next steps, I will boldly assume that you have downloaded the Tor Browser bundle and have it installed on your machine. Go on the deep/dark web and do some exploration by yourself. BE CAREFULL though :-)

Creating a basic webpage

Let's create a very basic webpage that we will use for demonstration. That is you don't already have something to host already.

Start by creating a directory for your website.

 sudo mkdir /var/www/onion
 sudo chown kali:tor /var/www/onion
 sudo chmod 775 /var/www/onion

Then create yourself a basic HTML page.

This can be optionally done via the terminal.

kali@kali:~$ cd /var/www/onion
kali@kali:/var/www/onion$ echo 
"<html>
    <head>
    <title>TechandGeneral Tutorial </title>
    </head>
    <body>Heeeey this is actually my first deep web site </body>
</html>" > index.html
kali@kali:/var/www/onion$ ls -la
total 12
drwxrwxr-x 2 kali tor  4096 Nov 21 23:47 .
drwxr-xr-x 4 root root 4096 Nov 21 23:43 ..
-rw-r--r-- 1 kali kali   85 Nov 21 23:47 index.html
kali@kali:/var/www/onion$ cat index.html
<html>
    <head>
    <title>TechandGeneral Tutorial </title>
    </head>
    <body>Heeeey this is actually my first deep web site </body>
</html>

Optionally you can just download a basic HTML File from TG and be sure to place it in our folder.

Starting a basic webserver to host our web page

You can use anything you like here. You could go for a more production-ready service like Apache or Nginx or just use a quick and dirty web server “one-liner” using Python, Node, PHP, etc.

I’ll use Python 3 as you will probably have it installed already and will be easiest to demonstrate.

If you have another web service installed on your machine be careful not to temporarily disrupt the service. If any other web server is installed in your machine kindly follow all the rules of that server i.e file location.

Debian, Ubuntu, Kali etc.
# Update & Upgrade System
sudo apt-get update -y && apt-get upgrade -y
# Install Python 3
sudo apt-get install python3 -y
Redhat, CentOS etc.
# Update & Upgrade System
sudo dnf update -y
# Install Python 3
sudo dnf install python38 -y
# python3 --version
Python 3.8.3
Arch, ManjaroOs etc.
# Update the system 
sudo pacman -Syu
# Install Python 3
sudo pacman -S python3

Let’s confirm our web server works and the web page site loads…

python3 -m http.server --bind 127.0.0.1 8080

If all steps have been followed it should output.

Serving HTTP on 127.0.0.1 port 8080 (http://127.0.0.1:8080/) ...

Now open your browser and go to, “http://127.0.0.1:8080”.

Hosting the webpage on the Dark Web with a custom Onion address

You will need to do this next part as root.

You will need to do this next part as root.
kali@kali:/var/www/onion$ sudo su -
[sudo] password for kali: 
root@kali:~#
root@kali:~# vi /etc/tor/torrc
Navigate down to these lines…

Navigate down to these lines…

#HiddenServiceDir /var/lib/tor/hidden_service/  
#HiddenServicePort 80 127.0.0.1:80

Uncomment the lines and change the port from 80 to 8080.

HiddenServiceDir /var/lib/tor/hidden_service/  
HiddenServicePort 80 127.0.0.1:8080

Save the file and exit.

Restart the “tor” service.

root@kali:~# **service tor restart**

And navigate to this directory.

root@kali:~# **cd /var/lib/tor/hidden_service**  
root@kali:/var/lib/tor/hidden_service#

The “onion address” of our web site on the Dark Web is,

“**3vqzzssig3kbcnkgo3n6uf23xglgmupbrrky6zh3uyhee5mcbrz5d4qd.onion”**

root@kali:/var/lib/tor/hidden_service# **cat hostname**

3vqzzssig3kbcnkgo3n6uf23xglgmupbrrky6zh3uyhee5mcbrz5d4qd.onion

I’m going to log back into the Tor Browser “tor” user on my Kali Linux system as I will want to browse to my onion site.

Let’s start our Python 3 web service…

┌──(tor㉿kali)-[~]  
└─$ **cd /var/www/onion** 
┌──(tor㉿kali)-[/var/www/onion] 
└─$ **python3 -m http.server --bind 127.0.0.1 8080**  
Serving HTTP on 127.0.0.1 port 8080 (http://127.0.0.1:8080/) ...

And confirm it still works locally…

Startup your Tor Browser and navigate to our onion address on the Dark Web.

And it works!

What is interesting as well is I didn’t need to open up any firewall rules to allow this website to be hosted. It’s all handled through the Tor service.

###@WinstonWacieni

Web DevelopmenthackingPython 3Linuxlinux for beginners