Launch an hidden service with Tor

Some of us followed this conference of Axel Beckert at Cosin 2019.

Go and watch the slides to learn some neat tricks on ssh. Anyway, in this page we will talk about a past workshop I found in the same author's site call Gate as a public, free VPN to reach your own server at home behind NAT.

So I'll show in few steps how I've managed to pull up an hidden web service via the Tor onion network.

All you need for your tor service.

I've put together a simple hello world web service just for the purpose of showing something. Clone the expresshello repo from github or with:

  git clone https://github.com/pliski/expresshello.git

(For the records and for the curious it's done with Nodejs/Express/Typescript)

We will use docker to build up our service, because its simple, easy shareable, does not pollute your environment, etc etc.

So make sure you have Docker and docker-compose installed.

To access the service you can get a tor browser here .

On Ubuntu I followed these steps in order to install it.

You should follow along the slides of the workshop if you want to have a better understanding of the process. Anyway here we will take a shortcut and use a docker-compose file, like one of those found in this useful repo, that I've adapted to launch our expresshello service.

So, go into the expresshello directory that you have already installed and type:

  docker-compose -f docker-compose.tor.yml up

And that's all. Compose will download the goldy/tor-hidden-service and expresshello docker images and run them; at the end, if all went well, you should see the Done message and the Express console waiting for some connection.

The goldy/tor-hidden-service docker image come with a nice utility to retrieve the address of your service. Type:

  docker exec -ti expresshello_tor_1 onions

Then copy the address (something like vegm3d7q64gutl75.onion:80) and paste it in the tor browser.

If you are still skeptic try the same thing from another machine/address.

Now what?

Some practical(?) use cases/ideas.

Install docker in a Raspberry PI at your home and launch your remote home automation service. Or don't use docker and follow the slides.

You can try other images from docker hub or build your own. So why not an image of an SSH server that you could reach with something like:

  ssh -o 'ProxyCommand = nc -X 5 -x localhost: 9050% h% p' pi@kumd43gasfh6ywxt.onion

See this slide .

This was a very quick jump, I encourage you to follow the slides of the talk if you want to dig deeper (or fly higher!).

If you have other use cases or ideas of hidden services feel free to share them in the comments.