I hosted a mirror of this blog on the dark web. Here's how
How to host any website on the dark web using .onion URL
If you're reading this then you probably know what the deep and dark web is. If you don't then I definitely recommend watching this Techquickie explainer video which really helped get the concepts right Tor As Fast As Possible - YouTube
So, before doing proper research on this topic I honestly thought it would be an uphill task. With all the secrecy and shadiness that the deep web is shrouded in, I thought getting to host any website/service on the deep web is a sort of exclusive club.
Turns out the process is a lot simpler than I thought. You don't need complex technical knowledge. You'll need a Linux machine since the
tor-service runs best on UNIX-like systems and it is well supported. Hop on your Linux machine or a VM and let us get started.
This is what we will be running through
- Tor Browser and Service
- Creating a basic web page
- Starting a basic webserver to host our web page
- Hosting our web page on the Dark Web with a custom Onion address
Tor Browser and Service
The tor browser enables connection to the hidden service Network. With domains ending with .onion. I will be using Fedora Linux in which Tor does not come pre-installed. I will also feature commands for the most common packaging system APT (advanced packaging tool) used on Debian-based Linux distros.
You can also install the Tor Browser on Windows, OS X, and Android.
The first step is to install “tor”.
On Debian based systems
kali@kali:~$ sudo apt-get update -y && sudo apt-get upgrade -y kali@kali:~$ sudo apt-get install tor -y
On Fedora-based systems
$ sudo dnf update $ sudo dnf install -y tor $ sudo dnf install -y tor-browser-launcher
On Arch-based systems
$ sudo pacman -S tor $ ## nyx provides a terminal status monitor for bandwidth usage. $ sudo pacman -S nyx $ ## torsocks safely torify applications $ sudo pacman -S torsocks
Then, we start the “tor” service…
stonney@localhost:~$ service tor start Redirecting to /bin/systemctl start tor.service
Or we can optionally start TOR on the start-up
sudo systemctl enable tor
Whichever operating system you use, the Tor browser requires a dedicated non-root user to run and there is a good reason for this. If for any reason the browser is compromised by some vulnerability or dodgy download, you want to limit the attack surface as much as possible on your system. For the same reason, you would never want to run this as root.
For the next steps, I will boldly assume that you have downloaded the Tor Browser bundle and have it installed on your machine. Go on the deep/dark web and do some exploration by yourself. BE CAREFULL though :-)
Creating a basic webpage
Let's create a very basic webpage that we will use for demonstration. That is you don't already have something to host already.
Start by creating a directory for your website.
sudo mkdir /var/www/onion sudo chown kali:tor /var/www/onion sudo chmod 775 /var/www/onion
Then create yourself a basic HTML page.
This can be optionally done via the terminal.
kali@kali:~$ cd /var/www/onion kali@kali:/var/www/onion$ echo "<html> <head> <title>TechandGeneral Tutorial </title> </head> <body>Heeeey this is actually my first deep web site </body> </html>" > index.html kali@kali:/var/www/onion$ ls -la total 12 drwxrwxr-x 2 kali tor 4096 Nov 21 23:47 . drwxr-xr-x 4 root root 4096 Nov 21 23:43 .. -rw-r--r-- 1 kali kali 85 Nov 21 23:47 index.html kali@kali:/var/www/onion$ cat index.html <html> <head> <title>TechandGeneral Tutorial </title> </head> <body>Heeeey this is actually my first deep web site </body> </html>
Optionally you can just download a basic HTML File from TG and be sure to place it in our folder.
Starting a basic webserver to host our web page
You can use anything you like here. You could go for a more production-ready service like Apache or Nginx or just use a quick and dirty web server “one-liner” using Python, Node, PHP, etc.
I’ll use Python 3 as you will probably have it installed already and will be easiest to demonstrate.
If you have another web service installed on your machine be careful not to temporarily disrupt the service. If any other web server is installed in your machine kindly follow all the rules of that server i.e file location.
Debian, Ubuntu, Kali etc.
# Update & Upgrade System sudo apt-get update -y && apt-get upgrade -y # Install Python 3 sudo apt-get install python3 -y
Redhat, CentOS etc.
# Update & Upgrade System sudo dnf update -y # Install Python 3 sudo dnf install python38 -y # python3 --version Python 3.8.3
Arch, ManjaroOs etc.
# Update the system sudo pacman -Syu # Install Python 3 sudo pacman -S python3
Let’s confirm our web server works and the web page site loads…
python3 -m http.server --bind 127.0.0.1 8080
If all steps have been followed it should output.
Serving HTTP on 127.0.0.1 port 8080 (http://127.0.0.1:8080/) ...
Now open your browser and go to, “http://127.0.0.1:8080”.
Hosting the webpage on the Dark Web with a custom Onion address
You will need to do this next part as root.
You will need to do this next part as root. kali@kali:/var/www/onion$ sudo su - [sudo] password for kali: root@kali:~# root@kali:~# vi /etc/tor/torrc Navigate down to these lines…
Navigate down to these lines…
#HiddenServiceDir /var/lib/tor/hidden_service/ #HiddenServicePort 80 127.0.0.1:80
Uncomment the lines and change the port from 80 to 8080.
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:8080
Save the file and exit.
root@kali:~# **service tor restart**
And navigate to this directory.
root@kali:~# **cd /var/lib/tor/hidden_service** root@kali:/var/lib/tor/hidden_service#
The “onion address” of our web site on the Dark Web is,
root@kali:/var/lib/tor/hidden_service# **cat hostname**
I’m going to log back into the Tor Browser “tor” user on my Kali Linux system as I will want to browse to my onion site.
Let’s start our Python 3 web service…
┌──(tor㉿kali)-[~] └─$ **cd /var/www/onion** ┌──(tor㉿kali)-[/var/www/onion] └─$ **python3 -m http.server --bind 127.0.0.1 8080** Serving HTTP on 127.0.0.1 port 8080 (http://127.0.0.1:8080/) ...
And confirm it still works locally…
Startup your Tor Browser and navigate to our onion address on the Dark Web.
And it works!
What is interesting as well is I didn’t need to open up any firewall rules to allow this website to be hosted. It’s all handled through the Tor service.