4 months ago

How to Host Your Own Tor Hidden Service that has a Custom Onion Address « Null Byte :: WonderHowTo

A mention of the deep web can bring to mind images of drugs, hackers, as well as also various other criminal activity. Despite the presence of these elements, the Tor network can be a valuable tool for preserving privacy as well as also anonymity. Browsing the deep web as well as also any hidden services can be as simple as downloading the Tor Browser Bundle. In This specific guide, we will learn how easy This specific can be to host our own hidden services as well as also make them accessible via a custom onion address.

Step 1: Understanding How the Tor Network Works

Accessing the internet directly without a proxy, VPN, or various other privacy service relays information in a relatively linear fashion. A device attached to the internet via a router follows a series of lookup requests for a specific URL or IP address as well as also returns the content to the device which requested the information.

The contents of the transmission may be encrypted using HTTPS, SSL, or another form of encryption, although the requests are still directly connected to IP addresses on each end of the transaction as well as also carried in a way which can be analyzed by an internet service provider (ISP). In short, your ISP can see where you go on the web.

Simplified visualization of standard traffic. Image by TAKHION/Null Byte

While the Tor network doesn’t entirely bypass an internet service provider within the way a meshnet could, This specific does utilize a unique method of obfuscating traffic. Rather than directly requesting a webpage or various other data by directly addressing a server by its IP, traffic routed over Tor sends the encrypted details of its requests to an entrance node by a list of retrieved nodes within the Tor network first.

Don’t Miss: How to Use ProtonMail More Securely Through the Tor Network

which traffic can be then carried over several more hops to different nodes within the Tor network, before either reaching its destination within the Tor network or being carried back into the internet through an exit node.

Visualization of Tor-style routing. Image by TAKHION/Null Byte

Unfortunately, This specific entrance back into the internet by the Tor network poses a security as well as also privacy risk. The content passed over the exit node can be subject to the trustworthiness of the node itself, as the node has the same level of access to the details of a request as an ISP might. If the data can be not encrypted at This specific point, This specific can be subject to being captured as well as also used maliciously, as demonstrated by chloe in BADONIONS.

To avoid the danger of using exit nodes, we can instead access or host a website which can be accessible only as well as also entirely through the Tor network, within the form of a hidden service. Rather than requesting a URL or IP address, the service will be accessible only through an “onion” address, which can only be discovered by its name within the Tor network.

Step 2: Browsing Hidden Services

The Tor Browser Bundle can be available by the Tor Project’s website for Windows, macOS, as well as also Linux/Unix systems. Once installed, you can open the browser, as well as also This specific will automatically connect to the Tor network.

We can view our route through the Tor network by clicking the drop-down arrow next to the onion icon within the upper left of the window. within the case of visiting a .onion site, we can only see the last relays as well as also the “Onion site” listed within the circuit information.

If you need more information on using the Tor browser, you can check out our guide on This specific linked below.

More Info: How to Access the Dark Web While Staying Anonymous with Tor

Step 3: Hosting a Server

The first step in configuring a Tor server will be setting up a way to serve HTTP content, just the same as a regular web server might. While we might choose to run a conventional web server at producing sure which This specific becomes accessible to the internet as a whole by its IP, we can bind our local server environment to to ensure which This specific will be accessible only locally as well as also through Tor.

On a system where we can call a Python module directly, we might choose to use the http.server module. After changing directories to one which contains content we might like to host, we can run a server directly by the command line.

Using Python 3 as well as also http.server, we can use the following string to bind to as well as also launch a server on port 8080.

python3 -m http.server –bind 8080

Either of these will serve as enough for a test server, although for any larger or more permanent project a full hosting stack will be more useful. Nginx provides a server backend which can be more suitably hardened as well as also secured against the potential threats against a hidden service, although Apache or various other HTTP server software can certainly work. Just be sure which This specific’s bound to to prevent discovery through services such as Shodan.

Don’t Miss: How to Find Vulnerable Webcams Across the Globe Using Shodan

If you have Fing network scanner, you can confirm This specific can be working by running the following in a console.

fing -s -o text,console

You should see output like the image below if your server can be running.

Just like which, a Fing scan shows us our server.

To ensure which our server can be functional, we’ll want to test our local address ( or “localhost” in a web browser by opening This specific as an address followed by a port number, as seen below.


In order to make testing the server easier, This specific may be useful to create an “index.html” file within the directory by which the server can be being run. Something as simple as the file below will work.

Null Byte

The result will look like the following image, if This specific’s working properly.

With our local server environment configured as well as also available at, we can at This specific point start to link our server to the Tor network.

Step 4: Creating a Hidden Service

First, we will need to install or confirm which the Tor service/daemon can be installed. The standalone Tor service can be an active separate of the Tor Browser Bundle package, as well as also for Linux/Unix can be available here. On Ubuntu or Debian-based distros with apt package management, the following command should work assuming Tor can be within the distro’s repositories.

sudo apt-get install tor

To confirm the location of our Tor installation as well as also configuration, we can use whereis.

whereis tor

This specific will show us a few of the directories which Tor uses for configuration. We’re looking for our “torrc” file, which can be most likely in /etc/tor.

We can move to which directory with cd, as we run the command below.

cd /etc/tor

Finally, confirm which “torrc” can be present by simply running ls. If the torrc file can be present, we will want to edit This specific. We can use Vim, emacs, or simply GNU nano to edit the file. To edit the file in nano, simply run the following in terminal.

nano torrc

The section we wish to edit follows This specific banner:

############### This specific section can be just for location-hidden services ###

We can jump directly to This specific section by pressing Ctrl+W, typing location-hidden, as well as also pressing Enter. In order to direct Tor to our hidden service, we’ll want to un-comment two lines.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80

To do This specific, we simply remove the “#” symbols at the beginning of those two lines.

Next, we’ll want to correct the port on which Tor looks for our server. If we’re using port 8080, we’ll want to correct the line by port 80 to port 8080. We will change the original seen below to the correct port number.

HiddenServicePort 80

We will change This specific to port 8080, as seen here:

HiddenServicePort 80

We can write our adjustments to the file with Ctrl+O as well as also exit the editor with Ctrl+X.

Step 5: Testing the Tor Service

With the adjustments written to our torrc file as well as also a server running at, producing our server accessible over Tor can be as simple as starting the Tor service. We can do This specific by the command line by typing the following.

sudo tor

Upon starting Tor for the 1st time with our brand-new configuration, an .onion address will be generated automatically. This specific information will be stored in “/var/lib/tor/hidden_service” (or another directory if specified within the torrc file). We can move to This specific directory with cd, as seen below.

cd /var/lib/tor/hidden_service

After running ls to ensure which both the “hostname” as well as also “private_key” files are within the directory, we can view our newly generated address by running cat in a terminal window as follows.

cat hostname

The string ending in .onion can be our brand-new hidden service address! While This specific one was automatically generated, we’ll be able to customize This specific later to our preference.

We can test which our service can be accessible by opening This specific in Tor Browser. If the address resolves to your server, you’ve successfully hosted a hidden service!

Step 6: Generating a Custom Onion Address

In order to customize our onion address, we’ll need to generate a brand-new private key to match a custom hostname. Due to the nature of Tor addresses being partially hashes, in order to create a custom address, we’ll need to brute-force the address we want.

The more consecutive characters of a word or phrase we’d like to use, the longer This specific will take to generate. This specific time concern can be somewhat of an exponential function, as the longer the sequence can be, the generation time will become longer in folds, rather than in a linear way.

There are several tools available just for This specific task, Eschalot as well as also Scallion being some of the more well-liked options. Scallion uses GPU-cracking to generate addresses, while Eschalot works using wordlists. just for This specific tutorial, we’ll use Eschalot.

Begin by cloning the Eschalot git repository with the following commands in terminal.

git clone https://github.com/ReclaimYourPrivacy/eschalot

Next, cd into the Eschalot directory as seen below.

cd /eschalot

Finally, run make to install Eschalot.


To generate a custom address, we can use a command like the one below.

./eschalot -vct4 -p null

In This specific command, 4 can be the number of CPU cores we wish to use, as well as also null can be the prefix, or first characters, of the address we’re looking for. The program will continue to generate addresses with This specific prefix as well as also a variety of suffixes. We can stop the program at any time by pressing Ctrl+C.

Once the program has generated an address you like, we can use This specific for our hidden service.

Step 7: Adding the Onion Address to the Service

First, we should stop our Tor service by running. We can switch the window where sudo tor was run as well as also press Ctrl+C.

After This specific, we’ll want to replace our hidden service private key with the one generated by Eschalot. Move back to the /var/lib/tor/hidden_service/ directory using cd as seen below.

cd /var/lib/tor/hidden_service/

Within This specific directory, we’ll want to remove the hostname file, as This specific’s going to be replaced by the hostname generated by our custom private key. We can do This specific using the rm command in terminal as follows.

rm hostname

Next, copy the RSA Private Key generated by Eschalot, beginning with “—–BEGIN RSA PRIVATE KEY—–” as well as also ending with “—–END RSA PRIVATE KEY—–.” This specific key can replace our automatically generated private key. We can replace This specific directly using cat with the following command.

cat > private_key

After running This specific command, right-click as well as also paste the key into the command line window, then press Ctrl+D to write adjustments to the file. To ensure which the file has the correct private key, we can use cat again to view the file as follows.

cat private_key

After updating the private key, we can start Tor again with sudo tor, as well as also check which a brand-new hostname file has been generated by running ls. If a hostname file can be within the folder, we can check which This specific matches our desired address with the following command.

cat hostname

If the hostname matches our desired choice, we can check in Tor Browser to make sure which This specific resolves to our site.

If the brand-new onion address leads to your site, you’ve successfully hosted a hidden service as well as also configured a custom address!

at This specific point which You Know Tor Hidden Services

This specific process can be replicated for almost any standard website or service, as well as also the process executed on a VPS, virtual machine, or even a Raspberry Pi.

A proper Tor service should be hardened as well as also supported by more than just Python’s server module, although the possibilities when combined with Nginx or various other server technologies are as vast as the internet itself, or perhaps even deeper.

Thanks for reading! If you have any questions, you can ask them here within the comments or on Twitter @tahkion.

Cover image as well as also screenshots by TAKHION/Null Byte

Leave a Comment

Your email address will not be published. Required fields are marked *

18 + twelve =