Can You Access .Onion Sites Without Tor Browser?

by Ciphas

(Note: Thanks to Ben Tasker’s Security Blog and traudt.xyz for being references.)

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much. onionto

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

reverse_proxy

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

If you’re unfamiliar with proxy servers, Indiana University gives a great definition of one: What is a proxy server?  (Psst…I talked about this a little in my earlier post ‘Anonymous’ Proxy List?)

The example they use to illustrate on Tor2web.org is that when you see an onion URL, for example, http://pbfcec3cneb4c422.onion/, if you add “.to,” “.link,” “.cab,” etc. to the end of the URL (e.g. http://pbfcec3cneb4c422.onion.to), and that proxy will connect you to the onion service. Great, right?

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

onion

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

Ben Tasker Security Blog has an excellent post about this called Don’t Use Web2Tor/Tor2web (especially Onion.cab) – the example he gives is that some Web2Tor services “have some pretty bad habits, including playing fast and loose with your privacy.”

If you visit  https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

piwik_tracking

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

  • The title of the page you’re viewing
  • An ID for the site
  • The time that you made the request
  • The exact URL you were looking at
  • The page that sent you to that URL
  • Details of which plugins you have installed
  • Whether cookies are enabled
  • Your screen resolution
  • A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

You can even contract malware via some Tor2web proxies – read this article by Virus Bulletin – Vawtrak uses Tor2web to connect to Tor hidden C&C servers. Granted, this article is over two years old, but it can still give you an idea of what might happen if you rely on these proxies.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

There’s a reason it’s called the “dark web,” after all.

creepy_eyes

‘Anonymous’ Proxy List?

SPIDERMANLUCK.png

I forget exactly where I found this link – I think it was either Electronic Frontier Foundation or Privacy Tools  – but it’s a list of supposedly anonymous proxy servers, generated by a set of particular search engine terms:

+”:8080″ +”:3128″ +”:80″ filetype:txt

This returns results for lists of proxy servers that use ports 8080, 3128, and 80, which are apparently more anonymous than average proxies.

You’ll get different results if you use different search engines, too:

qwant.com: proxy list

Blackle.com: proxy list

For the curious, here are some of the actual results that you might get as well:

rebro.weebly.com: proxy list

Proxy Spider: short proxy list

kan339: proxy list

lategoodies.tripod.com: proxy list

h3furnitureoutlet: proxy list (yeah, a furniture outlet has a proxy list)

proxy IP list: anonymous

jobabroad.sweb.cz: proxy list

playinator.com: proxy list

Even so, as I mentioned in a few earlier posts, this all depends on whether you trust proxies at all. Which is why I haven’t used any of these, personally.

It’s similar to using a VPN in combination with Tor. Are you really anonymous when doing this? That depends on whether or not you trust your VPN provider! By the same token, it’s very risky to use certain proxies, unless you know what data the proxy server is collecting about you. Never mind the fact that .txt documents can contain malware (just as some PDFs on Tor do). Read Should You Trust Any Proxy? to find out a little more.

Regardless, it’s an interesting experiment to try Googling this, even if you don’t decide to use the proxy services themselves. Most of the sites look like this:

anonymous_proxy

While the idea of “anonymous proxy server” sounds great, in theory, they could be just like malicious Tor exit nodes – intending to steal data or worse.

So yes, these proxies exist. Should you use them? That’s up to you.

Call me paranoid, but personally, I wouldn’t.

 

How to Access the Dark Web with I2P!

use-i2p-host-and-share-your-secret-goods-dark-web-anonymously.w654

What?  You mean there’s another way to access the dark web?  YES!

I’ve said this before, but it bears repeating – Tor is not the only way to access the so-called “dark web,” but it seems to be the most popular at the moment.  In fact, there are many ways to do so.  Oddly enough, many of the trending articles that discuss the dark web act as if Tor is the only way to reach it.

“Dark web” is essentially a metaphor for all the sites built on top of encrypted networks that require special software, configurations or permissions to access.  I must clarify this, however – Tor, I2P, and Freenet are completely separate networks.

On previous posts I’ve mentioned Freenet, but there are other options too, and I2P is one of them.  The reason that it probably doesn’t have the same reputation as Tor, or even Freenet for that matter, is that it’s a bit more complex to learn and use.  (At least that’s my guess).

So, downloading I2P is the easy part; just go to Download – I2P and install it!  The site offers packages for the following OS’s:

  • Windows
  • Mac OS X
  • GNU/Linux/BSD/Solaris
  • Debian/Ubuntu
  • Android

The tricky part, as you may have guessed, is the post-install work!  Courtesy of their homepage, I’ll offer the steps:

I2P_post-install-work

After running the installer on Windows, simply click on the “Start I2P” button which will bring up the router console, which has further instructions.

On Unix-like systems, I2P can be started as a service using the “i2prouter” script, located in the directory you selected for I2P. Changing to that directory in a console and issuing “sh i2prouter status” should tell you the router’s status. The arguments “start”, “stop” and “restart” control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with “sh runplain.sh” instead.

When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.

Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.

If you want to reach eepsites via your browser, have a look on the browser proxy setup page for an easy howto.

Did that read like a foreign language to you?  Congratulations!  It did to me too, at first.  It may make more sense once you actually get into the process of setting it up…or not.

At first, I’ll admit I was somewhat intimidated by I2P, given that you couldn’t just install it and run it without a lot of configuration and forehand knowledge, but now that I’m more educated in that area, it’s kind of fun (believe it or not).  Or maybe it’s because I’m a nerd, I don’t know…

d4f20041254a0727ddce7cb81be9e68c

If you find the homepage’s instructions a bit too technical, there are a number of other sites that “translate” the setup tutorial into a simple guide. Deepdotweb featured one of these guides in this post: Full guide: How to access I2P Sites & Use TheMarketplace.i2p

The Tin Hat also offers a great tutorial here: How To Use I2P | I2P Tutorial & Setup Guide.  Plus, they explain how the network works in layman’s terms!

the_tin_hat_I2P

Screenshot credit: thetinhat.com

Once you have the network up and running and you open it in a browser (e.g. Firefox), you should see a page like this:

I2P_router_console_0.7.7

Credit: 2009 Wikimedia Commons

As it says, that’s the I2P Router Console, and from that page you can configure just about everything about your connection, how much bandwidth you’re using, and what IP address your “identity” appears to be (not unlike Tor, actually)!

Let the Right One In

hand-984170_960_720

I had to include at least one creepy image.

Now, I have to confess that the part where I got held up was when I tried to access actual I2P sites (known as “eepsites”).  I knew I was connected to the network, so that wasn’t the problem.

According to the official I2P FAQ, under the question explaining what eepsites are:

An eepsite is a website that is hosted anonymously – you can access it by setting your web browser’s HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.

I did this, but I was still unable to access a number of the eepsites (or at least the featured ones on the router console).  Therefore, my thought was that the sites themselves were down.

Either that, or my firewall settings were preventing me from accessing the sites – I plan on modifying those and giving this another try.  Of note: eepsites also tend to go down often (not unlike .onion sites), so that could also be the problem.

But Wait…There’s More!

I2PBote-inbox-0.4

Like its darknet cousin Freenet, I2P offers several main features:

Email/Messaging: I2P has a few different messaging services.  The main ones are a built-in email application and I2P-Bote, a secure messaging platform somewhat akin to Freenet’s FMS (Freenet Messaging System) application.

I2P-Bote is a P2P email service; there is no central server that stores your personal data. Email messages are stored in encrypted form on the computers of other I2P-Bote users, which is how it differs in its structure from standard email services.  No one with the ability to read your emails actually stores them on their servers.

If you check out the link above, it breaks down many of the security features of I2P-Bote, including its encryption method(s), and anonymity components.

I2P-Bote, as opposed to standard email services like Gmail or Outlook, uses cryptographic keys as destinations (i.e. randomly generated numbers and letters.)

sy10500b

This end-to-end encryption is the default with I2P-Bote.  Beyond that, I2P-Bote also sanitizes email headers, taking out any unimportant information, and encrypts what’s left (e.g. the subject line).

I don’t know about you folks, but I find that very reassuring!

IRC (Internet Relay Chat): Some of you are probably already familiar with IRC – it’s been around since the internet’s early days (1988, believe it or not)!  The difference with I2P is that it has an IRC service that allows users to chat anonymously.  Similar services exist on Tor, by the way.  I have yet to use the chat service, but I plan on doing so in the future (and perhaps writing a separate post about it).  According to The Tin Hat’s how-to guide:

“Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives.”

And I can’t help but be reminded of an episode of Numbers while reading that line where they said this:

numbers_irc

Uhh…no it isn’t.  But I digress.  If you do end up using I2P’s IRC, The Tin Hat recommends the chat rooms #salt and #i2p-chat, which you can connect to by setting your IRC client (such as X-Chat) to 127.0.0.1 on port 6668.  If you already have experience with this, feel free to give me some feedback on how it went!

Torrents: Oh my God, you can torrent over I2P?  Yes – in fact, some would say that gives it an advantage over Tor, which strongly advises against torrenting over their network.

I2P offers The Postman Tracker and I2PSnark.  The former is a lot like The Pirate Bay, and the latter is very similar to µTorrent.  Again, I have yet to try out this feature, but according to my research, the torrenting feature only provides more cover-traffic, which actually improves your anonymity (as opposed to Tor)!

I2P also gives the user an advantage in that they can use it as a proxy for clearnet torrents, like BitTorrent or µTorrent.  That way you’re less likely to get some ominous letter from the RIAA, or have others users spying on your torrents.  It’s not 100% foolproof, but I’d say it’s smarter.  

Beyond that, there is an I2P plugin for the Vuze torrent client called I2P Helper; if you intend to use I2P primarily for torrenting, then it works very well in this context.  I2P Helper allows you to download torrents from both the clearnet and the dark web simultaneously.  To boot, you can configure Vuze to use I2P by itself, or an already running external I2P router.

One of the positive things about using I2P for torrenting is that there is very little child pornography or other questionable material on the torrent trackers (despite claims to the contrary).  Rather, there are quite a few sci-fi books, programming books, leaked government documents, movies, and music.

Its downside, however, is speed, which on average is about 30KBps (compared to roughly 1-2 MB/s on most other torrenting sites).  The trade-off, of course, is the anonymity factor.  You’re much less likely to get discovered and sued by angry record labels and movie studios if you’re using I2P, as opposed to their “cousins” on the clearnet.  So the choice is yours.

Give Me Links!  Give Me Links!

09_Browse_to_Site

All right, you asked for it!  I haven’t vetted any of these links, so enter at your own risk. These links are courtesy of DCJTech.info: DarkWeb Link List.  I have to admit, they’re much easier to remember than most .onion addresses, aren’t they?

Directory (I2P)

File-Sharing and Torrents

Gaming

Messaging

Miscellaneous I2P Sites

OutProxies

Search Engines (I2P)

Shopping (I2P)

Social

Is that enough links to get you started?  Well, I hope you have fun checking them out.

As for me,  I do hope to explore I2P more in the near future; it seems perfectly suited to nerds like me!

With that…it’s off to the darknet again…

 

 

 

 

 

 

What Does the FoxyProxy Say? (+Explanation)

 

what-does-the-fox-say-the-fox-and-the-hound-36131733-720-480

OK, OK – I know that song is so 2013, and this technically isn’t about the dark web – but it still relates, I promise.

The reason I considered covering this is because I became concerned about confidentiality and privacy on the internet, particularly as I started delving into the darker side of things.

For the techies among us, I’m sure you already know how proxy servers work.  That being said, for those who are unfamiliar with the concept, a proxy server allows you to reach a website (or another online destination), even if it’s blocked or restricted in your country, or by your ISP.  Obviously, this can be a very helpful anti-censorship tool.

According to Web Upd8: Differences Between 3 Types of Proxy Servers, there are many different kinds of proxies, but three primary examples are:

Open (a.k.a. Normal/Caching Proxies): 

caching_proxy

An open proxy server is the simplest type, more or less. this is one of the most common types of proxies.  They are accessible by any internet user.  This is as opposed to a closed proxy (which would only allow users within a specific network to access it).  An example of a real web proxy is kifkifgo.ml, which is located in the U.S.  There are many sites on which you can find lists of public proxy servers – just simply Google them.  These include Public Proxy Server – Free Proxy Server List and XROXY.COM – Open Proxy List

Transparent Proxies:

pdproxy-transparent.png

Like an HTTP proxy, a transparent proxy server is also a caching server, but in this case, is configured in such a way that it eliminates the client side (browser side) configuration.  In most cases, the proxy server resides on the gateway and intercepts the web requests (port 8080, 544, etc.) from the clients; it receives the content for the first time and thereafter replies from its local cache.

The term “transparent” refers to the fact that the client (i.e. you) doesn’t know that a proxy server is acting on their behalf.  Think of it like a spy movie: you’re the hero, and you need some confidential information that could potentially get you arrested.  The transparent proxy would be the undercover agent who enters the enemy compound and retrieves it for you – except you, the hero, wouldn’t even know about that person doing the dirty work.

Transparent proxy servers are generally used in big corporate organizations where the client side configuration is not easy (due to the number of clients). This type of server is also used in ISP’s to reduce the load on the bandwidth usage.

Reverse Proxies:

apacheconna-2015-apache-httpd-24-reverse-proxy-8-638

 A reverse proxy, as opposed to the first two, is designed for the benefit of the web server rather than its clients. More or less, a reverse proxy resides on the web server end, and will cache all the static answers from the web server and reply to the clients from its cache to reduce the load on the web server.

In that sense, a reverse proxy is kind of like the bell staff at a hotel – the static answers from the web server are akin to all the requests for “Can you carry this?”  This arrangement is also known as Web Server Acceleration.

Proxy Lady…Comin’ to Getcha!!

jimi-foxyproxy

So FoxyProxy, in their words, “is a set of proxy and VPN management tools for OS/X, Windows, iOS, Android, Chrome, Firefox, and Linux.  We also offer reliable, high-bandwidth VPN and proxy servers in 60 different countries.”

The basic (read: free) version of FoxyProxy can be downloaded at FoxyProxy Basic :: Add-ons for Firefox.

The difficulty with finding a proxy or VPN is that there are many services that are simply flat-out scams.  FoxyProxy is definitely one of the legit ones, though.

They actually offer a number of different services, including FoxyProxy Basic, FoxyProxy Standard, and GeoShift (which changes your IP address from a list of different countries).

Once you have FoxyProxy installed, you can use its web proxy settings simply by typing in the URL (like you would normally do).  Its standard setting is “Use Proxy Default for all URLs.”  The setting (in Firefox) looks more or less like this:

FP_04

Select the “Add New Proxy” button above in order to manually add proxy servers.  In Chrome, the window looks like this:

foxyproxy_configure

The Settings window will pop up, in which you can manually or automatically configure a proxy connection (depending on your level of knowledge, and preferences):

foxyproxy_config2

On top of that, you can also specify when a proxy is (or is not) used, under “URL Patterns.”  This includes a whitelist and blacklist of different URL patterns, as seen below:

proxysettings

In my personal experience, I’ve found all of these to be extremely helpful!  Even if you’re not particularly familiar with the concept, FoxyProxy can still be an excellent tool to help circumvent censorship and in turn, protect your anonymity.

While you can do some of this without the FoxyProxy extension, it definitely does some of the legwork for you – and it also works well for users who have never attempted to use proxy servers of any kind.

In short, yes – I like it!

I have yet to try the advanced version, but I may cover that in a later post.