1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
<!DOCTYPE html>
<html lang="" xml:lang="" xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8"/>
<meta content="pandoc" name="generator"/>
<meta content="width=device-width, initial-scale=1.0, user-scalable=yes" name="viewport"/>
<title>how-to-host-a-tor-hidden-service</title>
<style>
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
div.columns{display: flex; gap: min(4vw, 1.5em);}
div.column{flex: auto; overflow-x: auto;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
/* The extra [class] is a hack that increases specificity enough to
override a similar rule in reveal.js */
ul.task-list[class]{list-style: none;}
ul.task-list li input[type="checkbox"] {
font-size: inherit;
width: 0.8em;
margin: 0 0.8em 0.2em -1.6em;
vertical-align: middle;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
/* CSS for syntax highlighting */
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
<link href="../../static/main.css" rel="stylesheet"/>
</head>
<body>
<nav id="TOC" role="doc-toc">
<h2 id="toc-title">Contents</h2>
<ul>
<li><a href="#how-to-spin-up-a-temporary-hidden-file-share-with-python" id="toc-how-to-spin-up-a-temporary-hidden-file-share-with-python" target="_self">How to
spin up a temporary hidden file share with Python</a>
<ul>
<li><a href="#configure-tor" id="toc-configure-tor" target="_self">Configure
Tor</a></li>
<li><a href="#set-up-the-server" id="toc-set-up-the-server" target="_self">Set up the
server</a></li>
</ul></li>
</ul>
</nav>
<p>This might sound spooky and complicated, but it's really not. If you
want to host a small site or a small file share among friends, I
honestly think Tor is one of the easiest and safest options to set
up.</p>
<p>Getting a Tor hidden service running is so stupidly easy that it
hardly deserves it's own article. Tor's website has a great guide right
<a href="https://community.torproject.org/onion-services/setup/">here</a>.
I figured I'd put my own spin on it by showing you show to host a
temporary server to share some files with your friends. Please note the
word <em>temporary</em> in that last sentence; running this way for a
while is insecure and not a good idea. For a permanent solution, you'll
want to host a real web server as explained <a href="/tutorials/www/how-to-make-this-site.html">here</a>.</p>
<p>Like that article, I will only explain how to do this on Linux since
it's way easier and, to be honest, I've never tried to do it on Windows.
If you've never used Linux before, buy a Raspberry Pi and follow the
basic install guide. If you're strapped for cash, run it in a virtual
machine, or use <a href="https://docs.microsoft.com/en-us/windows/wsl/install">Windows
Subsystem for Linux</a>.</p>
<h2 id="how-to-spin-up-a-temporary-hidden-file-share-with-python">How to
spin up a temporary hidden file share with Python</h2>
<p>Once you have Debian/Ubuntu/whatever installed and it's updated to
your liking, you can install Tor with:</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb1-1"><a aria-hidden="true" href="#cb1-1" tabindex="-1"></a><span class="ex">$</span> sudo apt install tor</span></code></pre></div>
<p>Start (or stop) Tor with:</p>
<div class="sourceCode" id="cb2"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb2-1"><a aria-hidden="true" href="#cb2-1" tabindex="-1"></a><span class="ex">$</span> sudo service tor start</span></code></pre></div>
<p>or</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb3-1"><a aria-hidden="true" href="#cb3-1" tabindex="-1"></a><span class="ex">$</span> sudo systemctl start tor.service</span></code></pre></div>
<p>You may need to enable the service first. I think this is done by
default now, but it doesn't hurt:</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb4-1"><a aria-hidden="true" href="#cb4-1" tabindex="-1"></a><span class="ex">$</span> sudo systemctl enable tor.service</span></code></pre></div>
<h3 id="configure-tor">Configure Tor</h3>
<p>You'll need to edit the file "/etc/tor/torrc" before your service can
be available over Tor. Use vim, nano, or whatever you like to edit the
file (as root!) and search for the following lines:</p>
<pre><code>#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80</code></pre>
<p>Remove the '#' at the beginning of each and change the port to 8000
like so:</p>
<pre><code>HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8000</code></pre>
<p>Save and restart Tor for the changes to apply:</p>
<div class="sourceCode" id="cb7"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb7-1"><a aria-hidden="true" href="#cb7-1" tabindex="-1"></a><span class="ex">$</span> sudo service tor restart</span></code></pre></div>
<p>Once you do this, you'll get a new onion address located in the
directory noted above. Use cat to read the hostname file and copy it
down somewhere. This is your ".onion" address:</p>
<div class="sourceCode" id="cb8"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb8-1"><a aria-hidden="true" href="#cb8-1" tabindex="-1"></a><span class="ex">$</span> cat /var/lib/tor/hidden_service/hostname</span></code></pre></div>
<h3 id="set-up-the-server">Set up the server</h3>
<p>Make some directory to hold your files.</p>
<div class="sourceCode" id="cb9"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb9-1"><a aria-hidden="true" href="#cb9-1" tabindex="-1"></a><span class="ex">$</span> mkdir <span class="at">-pv</span> ~/files</span></code></pre></div>
<p>If you're on WSL you can copy files from your C drive like so:</p>
<div class="sourceCode" id="cb10"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb10-1"><a aria-hidden="true" href="#cb10-1" tabindex="-1"></a><span class="ex">$</span> cp <span class="at">-vr</span> /mnt/c/Users/username/Desktop/cats ~/files/</span></code></pre></div>
<p>On a remote server (like a Raspberry pi) you can use scp instead
(replace 'rapsberry' with the hostname or local IP of you Pi):</p>
<div class="sourceCode" id="cb11"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb11-1"><a aria-hidden="true" href="#cb11-1" tabindex="-1"></a><span class="ex">$</span> scp <span class="at">-vr</span> cats pi@raspberry:~/files/</span></code></pre></div>
<p>Since we're only doing this temporarily, we don't care too much about
security or where the files should go, but if you want to be careful,
you can issue the following to set the directory to read only after you
copy your files in:</p>
<div class="sourceCode" id="cb12"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb12-1"><a aria-hidden="true" href="#cb12-1" tabindex="-1"></a><span class="ex">$</span> chmod <span class="at">-R</span> 644 files</span></code></pre></div>
<p>Change into the directory and run Python's built-in http server:</p>
<div class="sourceCode" id="cb13"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb13-1"><a aria-hidden="true" href="#cb13-1" tabindex="-1"></a><span class="ex">$</span> cd files</span>
<span id="cb13-2"><a aria-hidden="true" href="#cb13-2" tabindex="-1"></a><span class="ex">$</span> python3 <span class="at">-m</span> http.server</span></code></pre></div>
<p>You'll see the server is being hosted on port 8000, which is what we
chose in the config file earlier. Just leave it running, or send it to
the background with Ctrl+Z and run "bg".</p>
<p>And that's it! You are now the proud owner of a tor hidden service.
Take the hostname you copied down before and add ".onion" to the end and
give it to your friends so they can browse the files in the directory
through the Tor Browser.</p>
<p>Be sure to watch the program log though... lest they get up to no
good.</p>
</body>
</html>
|
