Launch an hidden service with Tor

Some of us followed this conference of Axel Beckert at Cosin 2019.

Go and watch the slides to learn some neat tricks on ssh. Anyway, in this page we will talk about a past workshop I found in the same author's site call Gate as a public, free VPN to reach your own server at home behind NAT.

So I'll show in few steps how I've managed to pull up an hidden web service via the Tor onion network.

All you need for your tor service.

I've put together a simple hello world web service just for the purpose of showing something. Clone the expresshello repo on github or with:

  git clone

(For the records and for the curious it's done with Nodejs/Express/Typescript)

We will use docker to build up our service, because it's simple, easy shareable, does not pollute your dev environment, etc etc.

So make sure you have Docker and docker-compose installed.

To access the service you can get a tor browser here .

On Ubuntu I followed these steps in order to install it.

You should follow along the slides of the workshop if you want to have a better understanding of the process. Anyway here we will take a shortcut and use a docker-compose file like one of those found in this useful repo that I've adapted to launch our expresshello service.

So, go into the expresshello directory you had just installed and type:

  docker-compose -f docker-compose.tor.yml up

And that's all. Compose will download the goldy/tor-hidden-service and expresshello docker images and run them; at the end, if all went well, you should see the Done message and the Express console waiting for some connection.

The goldy/tor-hidden-service docker image come with a nice utility to retrieve the address of your service; type:

  docker exec -ti expresshello_tor_1 onions

Copy the address (something like vegm3d7q64gutl75.onion:80) and paste it in the tor browser.

If you are still skeptic, try the same thing from another machine/address.

Now what?

Some practical(?) use cases/ideas.

Install docker in a Raspberry PI at your home and launch your remote home automation service. Or don't use docker and follow the slides.

You can try other images from docker hub or build your own. So why not an SSH server image that you could then access with something like:

  ssh -o 'ProxyCommand = nc -X 5 -x localhost: 9050% h% p' pi@kumd43gasfh6ywxt.onion

More details on this slide .

Any other idea? use case? Enhancement? Feel free to discuss it via the usual communications channels.

  • projects/dev/tor_hidden_service.txt
  • Dernière modification: 2019/06/19 11:02
  • de pliski