Creating a Dark Web – Deep web website

Posted on

 

Darket-website
Darket-website

As we discussed before the difference between Surface web, Dark web and Deep web. In dark web Tor is used and it allows anyone to access websites with anonymity.

If you want to create your own anonymous website or convert an existing website into dark web website, you can do so by creating a hidden service Tor site. Your website will run within Tor. Only people using Tor can access it.

People create dark web websites for trading stuff or a website like wikileaks as political activists in repressive countries. As per digital forensics course experts most of trading done in dark web is done via bit coins or sites like PayPal.

This tutorial is purely for educational purposes and will focus on setting up a hidden Tor site on Debian Linux. Note, that the tutorial only tells you how to set up website on TOR network. If your content is very important, you will have to penetration testing of your server and secure it well. To get started, you’ll have to download and install Tor on your computer.

Let’s start by installing some required packages

 

apt-get install nano

 

apt-get install openssl

 

Add user to your server so that you are not running your website as root.

 

adduser user

 

Add user to sudoers

 

sudo adduser user sudo

 

SSH configuration. Open up your sshd configuration and set up following and reload SSH configuration once done:

nano /etc/ssh/sshd_config

Setup port for SSH

Port 23433

PermitRootLogin no

Follow the torproject.org docs to add the Debian repo as shown here .

Then make a new folder named “tor” and download + extract tor

cd /

mkdir tor

 

wget https://www.torproject.org/dist/tor-X.X.X.X.tar.gz

 

tar xzf tor-X.X.X.X.tar.gz; cd tor-X.X.X.X

Then use this to install TOR:

make install

Open the folder which has the sample of a configuration file, rename it to “torrc” (or make a new copy) and add/modify lines in nano file editor:

 

cd /usr/local/etc/tor

cp torrc.sample torrc

nano torrc

Add/modify:

 

HiddenServiceDir /tor/hidden_service/

HiddenServicePort 80 127.0.0.1:9444

You can get the host name from

sudo cat /var/lib/tor/hidden_service/hostname

This will help you in defining the directory where you have the .onion link to your website and that port 80 (the website port) gets redirected to port 9444 on your actual server. You can set any port you want for that, but you will also make the web server listen on that port. 

Installing the Lighttpd Webserver

 

apt-get install lighttpd php5-cgi

 

lighty-enable-mod fastcgi

lighty-enable-mod fastcgi-php

 

/etc/init.d/lighttpd restart

 

Open lighttpd configuration file and modify lines:

 

nano /etc/lighttpd/lighttpd.conf

 

Add/modify:

 

server.port = 9444

 

$HTTP[“remoteip”] !~ “127.0.0.1” {

     url.access-deny = ( “” )

}

 

server.dir-listing         = “disable”

 

Restart Tor after you do this. Now you can also run it as a daemon so that it keeps on running after you exit the console. Once you have done this, you should check the Message Log to see if there are any error messages. If the Message log is free of errors, you’re good to go. Check out the hidden service directory you created. Tor will have created two files in the directory – hostname and private_key. Don’t give anyone the private_key file or they’ll be able to impersonate your hidden service Tor site. Give the address to others so they can access your site. Remember, people must be using Tor to access your hidden service site.

As mentioned above, be careful of letting your web server reveal identifying information about you, your computer, or your location. You will have to do hardening of your server incase you want be completely anonymous says Arturo Rojas from Mexico who is a black hat researcher and digital forensics course professor.

Another good option to make the deep web website is sities similar to Deepify, it allows  users to create a Silk Road–style black market easily and anonymously with about two clicks. You can open deepify with deepifyvyixbgkts.onion, and it is a very easy to use for people who are non technical.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s