All Articles

Setting up a Tor hidden service

As part of my thesis, I’m looking at using Tor for an anonymous submission system. For this I set up a small hidden service to test, and I figured I’d write down how it’s done. It’s pretty easy.

Assuming you have some sort of TCP server you want to serve over Tor, proceed as follows. Install tor first. This is pretty much the only package you need. In Arch-Linux:

pacman -S tor

Then all you need to do is edit the torrc-file which is usually found at /etc/tor/torrc. Here all you need to do is add two lines, and the default config file describes it pretty well. In my case it looked as follows.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:5000

Here the HiddenServiceDir is the location where tor will store the private key for the hidden service, as well as the hostname. Note that you can have several hidden services running on different addresses, just more HiddenServiceDir lines with different directories. HiddenServicePort will act as a port forward from the first specified port at the onion-address to the specified IP-address and port. In my case this forwarded traffic from my onion address at the normal http address to a local python webservice I was developing on.

Once you’ve added the lines to your configuration, you can then restart the tor service to start forwarding traffic.

systemctl restart tor.service

Finally you can get the hostname of your hidden service by opening the /var/lib/tor/hidden_service/hostname file

cat /var/lib/tor/hidden_service/hostname

Now use this onion address to connect to in e.g. your Tor-browser.

Published Oct 14, 2015

Security Engineer with a dash of software. Originally from Stockholm, now in Berlin. I like to hack things.