[ Tutorial ] Your Own (Tor .onion) Hidden Services

A 5min tutorial showing you how to create your own .onion hidden service address (Tor accessible) for any tcp service. SSH is used for this example, but it is easy to substitute any other tcp server/service you wish, turning it into a .onion hidden service (example: change port 22 to 80/443 to host a hidden .onion website).

Setting up ssh access to Parrot OS in this way is a great way to access your Parrot machine/tools remotely without leaving sshd wide open to bruteforce attacks/shodan/portscanning (after issuing the iptables commands at end of this post). While part of the tutorial uses a Pinephone, all applies the same to Parrot OS.

Video walkthrough:

Block visibility/shodan/open internet portscans to your service, by issuing the following commands after finishing the video:

sudo iptables -A INPUT -p tcp -s 127.0.0.1 --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

If you are happy with the result, setup iptables to keep those rules at boot. And/or optionally edit /etc/ssh/sshd_config and add the following uncommented line:

ListenAddress 127.0.0.1

If you edit sshd_config, after saving, restart ssh:

systemctl restart ssh

4 Likes

great tutorial
thanks for sharing

1 Like

I normally just use docker to host things in tor,

  tor:
    mem_limit: 120m
    image: goldy/tor-hidden-service
    links:
      - your_app
    environment:
       #torport:your_app_name:your_apps_port
        YOUR_APP_TOR_SERVICE_HOSTS: '80:your_app:80'
        YOUR_APP_TOR_SERVICE_VERSION: '3'

    # Keep keys in volumes
    # if you want to reuse addresses
    volumes:
      - tor-keys:/var/lib/tor/hidden_service/

then you just define your app and you’re away. I have a PHPBB fourm hosted using this method on a rasberry pi.

1 Like