Creating a Dark Web – Deep web website
5 marzo, 2021 por
Creating a Dark Web – Deep web website
Administrator
| Sin comentarios aún


As we discussed before the difference between Surface web, Dark web and Deep web. In dark web Tor is used and it allows anyone to access websites with anonymity.

If you want to create your own anonymous website or convert an existing website into dark web website, you can do so by creating a hidden service Tor site. Your website will run within Tor. Only people using Tor can access it.

People create dark web websites for trading stuff or a website like wikileaks as political activists in repressive countries. As per digital forensics course experts most of trading done in dark web is done via bit coins or sites like PayPal.

This tutorial is purely for educational purposes and will focus on setting up a hidden Tor site on Debian Linux. Note, that the tutorial only tells you how to set up website on TOR network. If your content is very important, you will have to penetration testing of your server and secure it well. To get started, you’ll have to download and install Tor on your computer.

Let’s start by installing some required packages

apt-get install nano

apt-get install openssl

Add user to your server so that you are not running your website as root.

adduser user

Add user to sudoers

sudo adduser user sudo

SSH configuration. Open up your sshd configuration and set up following and reload SSH configuration once done:

nano /etc/ssh/sshd_config

Setup port for SSH

Port 23433

PermitRootLogin no

Follow the torproject.org docs to add the Debian repo as shown here .

Then make a new folder named “tor” and download + extract tor

cd /

mkdir tor

wget https://www.torproject.org/dist/tor-X.X.X.X.tar.gz

tar xzf tor-X.X.X.X.tar.gz; cd tor-X.X.X.X

Then use this to install TOR:

make install

Open the folder which has the sample of a configuration file, rename it to “torrc” (or make a new copy) and add/modify lines in nano file editor:

cd /usr/local/etc/tor

cp torrc.sample torrc

nano torrc

Add/modify:

HiddenServiceDir /tor/hidden_service/

HiddenServicePort 80 127.0.0.1:9444

You can get the host name from

sudo cat /var/lib/tor/hidden_service/hostname

This will help you in defining the directory where you have the .onion link to your website and that port 80 (the website port) gets redirected to port 9444 on your actual server. You can set any port you want for that, but you will also make the web server listen on that port.

Installing the Lighttpd Webserver

apt-get install lighttpd php5-cgi

lighty-enable-mod fastcgi

lighty-enable-mod fastcgi-php

/etc/init.d/lighttpd restart

Open lighttpd configuration file and modify lines:

nano /etc/lighttpd/lighttpd.conf

Add/modify:

server.port = 9444

$HTTP[“remoteip”] !~ “127.0.0.1” {

url.access-deny = ( “” )

}

server.dir-listing = “disable”

Restart Tor after you do this. Now you can also run it as a daemon so that it keeps on running after you exit the console. Once you have done this, you should check the Message Log to see if there are any error messages. If the Message log is free of errors, you’re good to go. Check out the hidden service directory you created. Tor will have created two files in the directory – hostname and private_key. Don’t give anyone the private_key file or they’ll be able to impersonate your hidden service Tor site. Give the address to others so they can access your site. Remember, people must be using Tor to access your hidden service site.

As mentioned above, be careful of letting your web server reveal identifying information about you, your computer, or your location. You will have to do hardening of your server incase you want be completely anonymous says Arturo Rojas from Mexico who is a black hat researcher and digital forensics course professor.

Another good option to make the deep web website is sities similar to Deepify, it allows users to create a Silk Road–style black market easily and anonymously with about two clicks. You can open deepify with deepifyvyixbgkts.onion, and it is a very easy to use for people who are non technical.

Identificarse dejar un comentario