diff --git a/opsec/darknet_surf/Address_generation.png b/opsec/darknet_surf/Address_generation.png new file mode 100644 index 0000000..d54afb2 Binary files /dev/null and b/opsec/darknet_surf/Address_generation.png differ diff --git a/opsec/darknet_surf/Descriptor.png b/opsec/darknet_surf/Descriptor.png new file mode 100644 index 0000000..39b71b3 Binary files /dev/null and b/opsec/darknet_surf/Descriptor.png differ diff --git a/opsec/darknet_surf/Get_descriptor.drawio b/opsec/darknet_surf/Get_descriptor.drawio new file mode 100644 index 0000000..59d9a61 --- /dev/null +++ b/opsec/darknet_surf/Get_descriptor.drawio @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/opsec/darknet_surf/Get_descriptor.png b/opsec/darknet_surf/Get_descriptor.png new file mode 100644 index 0000000..53ba151 Binary files /dev/null and b/opsec/darknet_surf/Get_descriptor.png differ diff --git a/opsec/darknet_surf/Introduction_points.png b/opsec/darknet_surf/Introduction_points.png new file mode 100644 index 0000000..e099ce3 Binary files /dev/null and b/opsec/darknet_surf/Introduction_points.png differ diff --git a/opsec/darknet_surf/clearnet_model.drawio b/opsec/darknet_surf/clearnet_model.drawio new file mode 100644 index 0000000..990e068 --- /dev/null +++ b/opsec/darknet_surf/clearnet_model.drawio @@ -0,0 +1,47 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/opsec/darknet_surf/clearnet_model.png b/opsec/darknet_surf/clearnet_model.png new file mode 100644 index 0000000..d95f232 Binary files /dev/null and b/opsec/darknet_surf/clearnet_model.png differ diff --git a/opsec/darknet_surf/dread.png b/opsec/darknet_surf/dread.png new file mode 100644 index 0000000..5a49291 Binary files /dev/null and b/opsec/darknet_surf/dread.png differ diff --git a/opsec/darknet_surf/firewall_config.png b/opsec/darknet_surf/firewall_config.png new file mode 100644 index 0000000..743c607 Binary files /dev/null and b/opsec/darknet_surf/firewall_config.png differ diff --git a/opsec/darknet_surf/firewall_reload.png b/opsec/darknet_surf/firewall_reload.png new file mode 100644 index 0000000..2c71824 Binary files /dev/null and b/opsec/darknet_surf/firewall_reload.png differ diff --git a/opsec/darknet_surf/index.html b/opsec/darknet_surf/index.html new file mode 100644 index 0000000..bd382d6 --- /dev/null +++ b/opsec/darknet_surf/index.html @@ -0,0 +1,295 @@ + + + + + + + + + + + Navigate the darknet + + + + + + + + + + + + + + + + + + + +
+
+
+ + The Nihilism Blog +
+
+ +
+ +
+
+ + + +
+
+
+
+ Previous Page

nihilist - 00 / 00 / 00

+

How to navigate darknet and join the webring

+

If you are new to the tor network, you might find out it is difficult to find the content you are interested in. Since all you get is a cold and long onion address, you cannot google it and remember the domain name.

+

In this tutorial I will explain the special routing mechanism of tor, then how to find the legit websites and avoid scams. At last, I will show how to set up your own directory website, you can even help others for better reaching the darknet

+
+ +
+
+
+ + +
+
+
+
+

How does onion routing works

+

Clearnet websites are like legit real businesses, which have a big sign on their shops, you can easily find them and visit them.

+

For visiting a clearnet site you simply type in the domain name, and your browser query its ip address and access it. Sometimes there might be a layer of CDN in the middle

+ +

For onion addresses on tor network this is a totally different story. TCP/IP is not designed to protect privacy at all, in order to allow client and server talk to each other while both of them remain anonymous, tor invent a very sophisticated mechanism to achieve

+

Compare to the metaphor of clearnet, onion address access is more like dark market. Vendors cannot be found easily, and you need some sort middle man to arrange a meeting for trading to happen. The most important part of tor network is both parties never directly talk to each other.

+

Setting up and access a hidden service is a quite complicated process technically speaking, here I summarize the most important part of it:

+

Service Publish

+

1.Like HTTPS which is used to establish a secure connection on clearnet, the first step for setup a hidden service to operate is to generate a public/private key pair. The public key then is encoded and is embedded in the onion address.

+ +

That is why the onion address is so human unfriendly, because it contains a complete public key inside

+

2.Next step is let the tor network to know the presence of hidden service, because you do not have a clearnet port opening, if you do not advocate yourself nobody will ever be able to find you.

+

First you connect to a group of introduction points, these are the "middle man" that passes the information for you and clients to meet. Also you connect to these introduction points through tor relays, so you do not need to trust them. Pretty much like a spy agent where each node only knows absolute necessary information

+ +

For stability of the service, you maintain a stable connection to introduction points

+

3.Next you need to furthur advertise yourself, only set up some introduction points is not enough. Like in the spy movies people publish ads on the newspaper for contacting other spies, you also need to publish your presence on the tor network

+

You will create a Hidden service descriptor which contains your onion address and your introduction points, and sign it with your private keys. Then publish it on the tor network DHT

+ +

+

Client Access

+

Next the client will need to find the onion address from other places, like from a forum on clearnet or onion search engine.

+

This is the weak spot of tor network, since its addresses are very human unfriendly, it is impossible to memorize it and people need to trust some place for providing the correct onion address, for example taking notes locally or using some clear net directory website, which makes phishing very rampant on tor network.

+

A popular directory site dark.fail was taken over by a malicious actor, and all the onion addresses on it were changed to phishing sites setup by him. This highlights the importance of keeping your own local notes or set up your own directory site.

+

Let's assume a user obtained the correct onion address, and what happens next?

+

1.The tor browser will send the onion address to tor DHT, and will try to retrieve the hidden service descriptor, which contains all the information for contacting the hidden service. The public key embedded in the address will also be used to verify the authenticity of the descriptor

+ +

2.Next the browser(or client) will find a random relay, and make it a rendezvous point, basically it is a relay that both hidden service and client connects to, because tor network do not use IP protocol for transmitting data at all. So you have to set up a relay point for communication

+

3.The browser will inform the server about the rendezvous point through the introduction point.

+

4.The server and client both connected to the rendezvous point, after some verification, now the onion talk officially starts

+ +
+
+
+
+ +
+
+
+
+

Build you tor website directory



+

Now we will try to build our own directory of the tor network, at first step you have to rely on some trusted points for getting the sites at the beginning.

+

For clearnet directory site, I recommend tor.taxi and kycnot.me which contains a lot of useful sites.

+

kycnot.me mostly points towards legit privacy protecting services that is also available in clearnet, and most services support monero

+ +

tor.taxi mostly points towards real onion sites that is not available on the clearnet, and it is the best place to start if you want to explore the shady areas of the internet

+ +

Now you should already have some sites you are interested in, as a good habit you should always taking notes of these sites, since directory sites built by others might be taken down someday.

+

If you want to dive further down the rabbit hole, dread dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion is the best place to start with. Darknet websites are like 95% scams, if you just randomly find links from search engines you will most likely get scammed.

+

So it is best to lurk around a forum, and see people's feedback to determine the legitimacy of a service, and avoid phishing, and dread is the biggest and most active discussing forum right now. It is also topic oriented like reddit, so you choose the topic you are interested and go to its sub

+ +

The darknet market sub on dread

+

One last place for exploration is the search engine, which is a tool I strongly do not recommend. It is very likely to get a scam link from it, and scammers are way more motivated to get their site listed than legit sites

+

For example vormweb search engine http://volkancfgpi4c7ghph6id2t7vcntenuly66qjt6oedwtjmyj4tkk5oqd.onion

+ +

+

Just use your common sense, and anything looks too good to be true is very likely a scam

+
+
+
+
+ + + +
+
+
+
+

Build your own directory site



+

Finally, we come to the most interesting part, which is building your own directory site. By doing this you build a webring, and help others to reach their wanted services.

+

The source code is kindly provided by nihilism, and you can visit his own webring http://uptime.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/

+

Now we will host the webring using under whonix. The reason to use whonix is its superior security, even your website get compromised and get RCE, the attacker can only take down your site, but cannot reveal your real identity. If he wants to reveal your real identity, he needs to further exploit the whonix gateway or perform a vm escape, which will be significantly harder.

+

The OS I use is Qubes OS, if you do not know what is this please consult Navigating Qubes OS

+

1.Create a standalone dedicated whonix workstation vm, run this command in dom0

+

+$ qvm-create --class StandaloneVM --template whonix-workstation-17 --label yellow webring-hosting	
+
+

2.Next assign the net vm of this qube to your whonix gateway, which is mentioned in above qubes tutorial

+

3.Start to setup the network, you can also consult this official whonix document Whonix onion service hosting

+

First check the ip address of the whonix workstation, open a terminal in workstation

+

+ $ ip a
+ 1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host noprefixroute 
+       valid_lft forever preferred_lft forever
+2: eth0:  mtu 1500 qdisc mq state UP group 1 qlen 1000
+    link/ether 00:16:3e:5e:6c:00 brd ff:ff:ff:ff:ff:ff
+    inet 10.137.0.46/32 scope global eth0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::216:3eff:fe5e:6c00/64 scope link 
+       valid_lft forever preferred_lft forever
+
+

Record the address of eth0

+

4.Edit the torrc config file in whonix gateway. Start a terminal in whonix gateway, and edit /usr/local/etc/torrc.d/50_user.conf for running your onion service

+ +

Add the above content into the file

+

You should replace the ip address 10.137.0.46 to your own workstation ip address

+

5.Restart the tor client in whonix gateway using the control panel

+ +

6.Next check the onion address that is just generated in /var/lib/tor/webring/

+

+# root@host:/var/lib/tor/webring# cat hostname 
+4i4q5btqberkgwv7fmra3tatoqdn6slseiinkbe2jgqkyghxc5einjqd.onion
+
+

7.Install the nginx and webring source code into the workstation vm according to this repo webring project

+

First clone the repo

+

+$sudo git clone http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/darknet-onion-webring /srv/darknet-onion-webring
+
+

8.Install nginx and php(lol php)

+

+$sudo apt install php8.2-fpm nginx -y
+
+

9.Copy the nginx config

+

+$ sudo cp /srv/darknet-onion-webring/nginx.conf /etc/nginx/sites-available/uptime.conf
+
+

10.Next enable nginx configs and python dependencies

+

+$ ln -s /etc/nginx/sites-available/uptime.conf /etc/nginx/sites-enabled/
+
+$ nginx -s reload
+
+$ sudo apt install python3-pandas python3-requests python3-socks
+
+

11.Check if the webpage is running correctly by trying to access it locally

+

+$ curl 127.0.0.1:4443
+
+

If you get the webpage then it is up and running

+ +

12.Check the python uptime checker script is running correctly

+

+$ python3 scripts/uptimechecker.py
+	[+] ONION UPTIME CHECKER
+	[+] Reading the CSV File: /srv/darknet-onion-webring/www/links/webring.csv
+	[+] Checking if each .onion link is reachable:
+	[+] Editing the uptime score
+	0
+	[+] http://uptime.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion 200
+	http://uptime.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion ✔️
+	[+] Reading the CSV File: /srv/darknet-onion-webring/www/links/Exchanges.csv
+	[+] Checking if each .onion link is reachable:
+	[+] Editing the uptime score
+	0
+	http://exchanger.infinityjs5qob5euyao745kp5x2hh4xquh7qs5cze3kcxv63xdwxlad.onion/ ❌
+	[+] Editing the uptime score
+	1
+	[+] http://robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion/ 200
+	http://robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion/ ✔️
+	[+] Editing the uptime score
+	2
+
+

If you see something like this without any exception then you are all good

+

Then make this python script a crontab job, so you routinely check the uptime of your webring sites.

+

+# crontab -e
+
+*/3 0 * * * python3 /srv/darknet-onion-webring/scripts/uptimechecker.py
+

13.Finally, edit the whonix workstation firewall so onion traffic from the gateway can reach it

+

First create the firewall config directory

+

+$ sudo mkdir -p /usr/local/etc/whonix_firewall.d 
+
+

Then find the "User firewall setting" in the GUI menu, add the below content

+ +

Save it can find the "Reload firewall" in the GUI menu, and make sure it is reloaded sucessfully

+ +

+

14.Open a tor browser, and try to access your own site

+ +
+
+
+
+ + + +
+
+
+
+

PrismBreaker

+

+ Shatter the big brother.



Creative Commons Zero: No Rights Reserved
+ +

+
+ +
+

My Links

+

+ + RSS Feed
SimpleX Chat
+ +

+
+ +
+

About nihilist

+

Donate XMR: 87iB34vdFvNULrAjyfVAZ7jMXc8vbq9tLGMLjo6WC8N9Xo2JFaa8Vkp6dwXBt8rK12Xpz5z1rTa9jSfgyRbNNjswHKTzFVh


Contact: prismbreaker@waifu.club (PGP)

+
+ +
+ +
+
+ + + + + + + + diff --git a/opsec/darknet_surf/kycnot.png b/opsec/darknet_surf/kycnot.png new file mode 100644 index 0000000..e0b68b5 Binary files /dev/null and b/opsec/darknet_surf/kycnot.png differ diff --git a/opsec/darknet_surf/restart_tor.png b/opsec/darknet_surf/restart_tor.png new file mode 100644 index 0000000..2203487 Binary files /dev/null and b/opsec/darknet_surf/restart_tor.png differ diff --git a/opsec/darknet_surf/site.png b/opsec/darknet_surf/site.png new file mode 100644 index 0000000..337fcaa Binary files /dev/null and b/opsec/darknet_surf/site.png differ diff --git a/opsec/darknet_surf/torrc_config.png b/opsec/darknet_surf/torrc_config.png new file mode 100644 index 0000000..ff6f65a Binary files /dev/null and b/opsec/darknet_surf/torrc_config.png differ diff --git a/opsec/darknet_surf/tortaxi.png b/opsec/darknet_surf/tortaxi.png new file mode 100644 index 0000000..60fab45 Binary files /dev/null and b/opsec/darknet_surf/tortaxi.png differ diff --git a/opsec/darknet_surf/vormweb.png b/opsec/darknet_surf/vormweb.png new file mode 100644 index 0000000..510a6e0 Binary files /dev/null and b/opsec/darknet_surf/vormweb.png differ