Using Tor for more than browsing.

This article is a collection of interesting methods to use the Tor network for more than just what it is perceived to be used for. This is a way to utilize the overlay network to prevent need to punch holes in your firewall at home, prevent need for dynamic dns, and you might find your own interesting uses.

Just as there are many types of onions, there are many ways to use Tor.

Tor, the layers.

Tor, The Onion Router, is an overlay network originally designed by the United States Navy. It is still mostly funded by them. Many may inquire as to why this software should be trusted, that answer is quite simple. The same level of privacy that a covert operative needs, should be the same level of privacy that a user should have if it is used properly. Governments while they do hate people using Tor, they actually need users on the network for their own protection. It is also important to note while they may also be ever increasing attempts to de-anonymize users, the government really wants this to be stopped for their own sake. Let’s go over that these layers and a little dive into Tor, as there are layers to the ways it can be used.

A Diagram by the Electronic Frontier Foundation on how Tor works.

More than browsing.

As Tor is an overlay network, you can utilize this for more than browsing. You can utilize this as a tool for your own personal needs that might normally require firewall access. As we often think of Tor as being just a browser, we overlook the other aspects of the overlay network and it’s features. The hidden services features allow us to host a variety of services such as databases, communication protocols, and remote access services. There is at the current time with version 2 implementation of hidden services a number of great features to also secure these tools. Tor is in need of version 3 developers and support, consider donating or helping with code.

Enterprises also use Tor to prevent the need for firewall ports to be opened for remote management.

How to setup a hidden service

In order to setup a hidden service we will first need to install the tor daemon, not the Tor Browser, though you should install it as well and use it. The following steps will be provided for Unix/Linux users, I do apologize but at this time I do not have a Windows machine in order to do this setup and I am completely unfamiliar with their platform. If someone would like to work with me on the future on such things I would greatly appreciate it. The most common and easy way to install the tor daemon would be to simply use your package manager, here are some command examples to install:

  • ports install tor -y
Sample from MacOS torrc, but all systems will have this section.
HiddenServices declarations for ssh and for postgres database.
  • sudo port load tor
  • ps -aux | grep tor
The New York Times hidden service website, as viewed through current Tor browser.

Access

Dependent on what type of hidden service you setup you will need to first on your client or machine you plan to connect with to have the appropriate client. For example, as we are using ssh you will want to make sure that ssh is installed on your client device. You will also need to do a few configuration changes that we are going to go over now to properly and securely connect to the hidden services. You will need to install the tor daemon on your client machine as well. Please see above for installing just the daemon. For this section we will only need to make one change to the torrc, that password and url that we have from our hidden service we just setup. At the bottom of your torrc on the client machine add the following line:

  • ports install torsocks -y
A torsocks.conf example
  • ports install connect nc-y
  • sudo cp /usr/bin/curl /usr/local/bin/
Great job anon, you made it this far! You did it!

In Closing

There a variety of ways to use the tor network that is not just for browsing, in this little write up we explored and setup a remote ssh daemon on a host without a firewall port needing to be opened to access. We also were able to see how to do this for any other service we wanted. There are some caveats and not all services on the internet have been tested, however, this should not be a deterrent. This should encourage you to push the boundary and see what is possible. I can attest from a personal friend that he has RDP working and will use that to help his grandparents. There is a lot that one could find creative uses for these types of services.

General purpose hacker and deadhead. Sometimes I do things…