Outils pour utilisateurs

Outils du site


Launch an hidden service with Tor

Some of us followed this conference of Axel Beckert at Cosin 2019.

Go and watch the slides to learn some neat tricks on ssh. Anyway, in this page we will talk about a past workshop I found in the same author's site call Gate as a public, free VPN to reach your own server at home behind NAT.

So I'll show in few steps how I've managed to pull up an hidden web service via the Tor onion network.

Prepare to launch

All you need for your tor service.

Hello world

I've put together a simple hello world web service just for the purpose of showing something. Clone the expresshello repo on github or with:

  git clone https://github.com/pliski/expresshello.git

(For the records and for the curious it's done with Nodejs/Express/Typescript)

Docker

We will use docker to build up our service, because it's simple, easy shareable, does not pollute your dev environment, etc etc.

So make sure you have Docker and docker-compose installed.

Tor Browser

To access the service you can get a tor browser here .

On Ubuntu I followed these steps in order to install it.

Ignition

3,2,1 ... Tor

You should follow along the slides of the workshop if you want to have a better understanding of the process. Anyway here we will take a shortcut and use a docker-compose file like one of those found in this useful repo that I've adapted to launch our expresshello service.

So, go into the expresshello directory you had just installed and type:

  docker-compose -f docker-compose.tor.yml up

And that's all. Compose will download the goldy/tor-hidden-service and expresshello docker images and run them; at the end, if all went well, you should see the Done message and the Express console waiting for some connection.

Retrieve the address

The goldy/tor-hidden-service docker image come with a nice utility to retrieve the address of your service; type:

  docker exec -ti expresshello_tor_1 onions

Copy the address (something like vegm3d7q64gutl75.onion:80) and paste it in the tor browser.

If you are still skeptic, try the same thing from another machine/address.

Reach the stars

Now what?

Some practical(?) use cases/ideas.

Call Ground Control

Install docker in a Raspberry PI at your home and launch your remote home automation service. Or don't use docker and follow the slides.

SSH

You can try other images from docker hub or build your own. So why not an SSH server image that you could then access with something like:

  ssh -o 'ProxyCommand = nc -X 5 -x localhost: 9050% h% p' pi@kumd43gasfh6ywxt.onion

More details on this slide .

Whatever

Any other idea? use case? Enhancement? Feel free to discuss it via the usual communications channels.

projects/dev/tor_hidden_service.txt · Dernière modification: 2019/06/19 11:02 par pliski