Can You Access .Onion Sites Without Tor Browser?

by Ciphas

(Note: Thanks to Ben Tasker’s Security Blog and traudt.xyz for being references.)

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much. onionto

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

reverse_proxy

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

If you’re unfamiliar with proxy servers, Indiana University gives a great definition of one: What is a proxy server?  (Psst…I talked about this a little in my earlier post ‘Anonymous’ Proxy List?)

The example they use to illustrate on Tor2web.org is that when you see an onion URL, for example, http://pbfcec3cneb4c422.onion/, if you add “.to,” “.link,” “.cab,” etc. to the end of the URL (e.g. http://pbfcec3cneb4c422.onion.to), and that proxy will connect you to the onion service. Great, right?

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

onion

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

Ben Tasker Security Blog has an excellent post about this called Don’t Use Web2Tor/Tor2web (especially Onion.cab) – the example he gives is that some Web2Tor services “have some pretty bad habits, including playing fast and loose with your privacy.”

If you visit  https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

piwik_tracking

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

  • The title of the page you’re viewing
  • An ID for the site
  • The time that you made the request
  • The exact URL you were looking at
  • The page that sent you to that URL
  • Details of which plugins you have installed
  • Whether cookies are enabled
  • Your screen resolution
  • A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

You can even contract malware via some Tor2web proxies – read this article by Virus Bulletin – Vawtrak uses Tor2web to connect to Tor hidden C&C servers. Granted, this article is over two years old, but it can still give you an idea of what might happen if you rely on these proxies.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

There’s a reason it’s called the “dark web,” after all.

creepy_eyes

The “Shadow Web” Cited Me? Awesome!

Given that I’ve written a few past posts about the so-called “Shadow Web,” I was flattered when I came across a more recent site by that name, and they had quoted something I had written a while back when, ironically, I was less familiar with the dark web.

“The reason it’s so difficult to access the shadow web is that first, you would need a browser (such as Tor) that provides easier access to hidden sites (like .onion URLs). Then, you would most likely be given the specific URL by someone in the know, or use a search engine geared toward searching the deep web.”

I find this funny for several reasons: the statements I made at the time were not entirely accurate. Tor doesn’t really “provide easier access to hidden sites,” although at one time it was the only way you could access .onion URLs. Since there are now Tor2web proxies (like onion.to and onion.link), through which you can access Tor hidden services from the clearnet, you don’t necessarily have to have the Tor browser to reach them.

However, using the proxies is not a safe way to do so, because there’s a far greater chance that someone could spy on your web traffic in the process. They even warn you about this on some of the sites:

onionto

Also, at the time that I wrote the original post, I didn’t distinguish between “deep web” and “dark web” (which are still confusing terms for most people). I meant to say dark web, honest!!

tor2web

Regardless of my errors, thanks for citing me as a source, Mr. Shadow Web! The “new” Shadow Web site is located at http://shadowznwuibgi7w.onion, and looks somewhat similar to the previous ones. I attempted to take a screenshot of it, but that function was disabled (of course). In essence, it’s a black background with this picture at the top:

access the shadow web

The landing page of the so-called “Shadow Web” site

The only difference between my picture and theirs is that theirs says “Access The Shadow Web” at the top. This time around, they feature an FAQ of sorts, to try to “debunk” some of the “myths” about the Shadow Web…

And I quote…

# 1 Shadow Web is a myth or true

ANSWER: IT IS TRUE

# 2 Is Shadow Web somewhere deep hidden under something unbelievable?

ANSWER: NO. THAT WAS A MISSUNDERSTANDING [sic]. ITS [sic] NOT DEEP UNDER, OR SOME MAGIC PROTECTED. IS JUST A SPECIAL INTERNET, SEPERATE [sic], UNACCESSIBLE AND FOR THIS INVISIBLE TO GUYS THAT DO NOT HAVE THE ACCESS-KEYS TO ENCRYPT THE URL AND INFORMATIONS. IN OUR PACKET WE GIVE YOU 1000+ DIFFERENT KEYS. ON SOME SHADOW WEB SITES YOU CAN GET MORE FORE FREE. THERE ARE SOME SPECIAL ONES YOU HAVE TO PAY. THIS DEPEND ON WHAT YOU WANT TO GET. MOST ARE FREE.

# 3 Do I need a Super Computer for Access

ANSWER: NO. THAT IS JUST A STORY FOR STOP [sic] KIDS AND IDIOTS TO TRY.

Aw, man! And I just bought a new super computer! I won’t list all of the “FAQ” section here, but you get the basic idea. Anyhow, according to them, in order to access the site, you need to pay $295 in bitcoin, which seems a bit extravagant.

How to Create Your Own Shadow Web!

OpenVPN-Setup-on-Linux

In response to this, I thought I’d explain how you could actually create a “shadow web.” Just as there are a number of different ways to accomplish anonymity online, so are there many different networks that use these methods.

It might be something like the network dn42, which is a large VPN using various internet technologies, such as BGP, whois database, and DNS. Participants in dn42 connect to one another via network tunnels like OpenVPN and Tinc – however, dn42 is not technically part of the internet, because it doesn’t use the internet protocol (IP). Confused yet?

In other words, you could create a VPN-based hidden network, using a network tunnel. ChaosVPN, which I mentioned in some earlier posts, is also a VPN-based network. For full details on how to join dn42, click the link above.

Or it could be something like The Darknet Project – as they describe it, “A Darknet is a portion of routed, allocated IP space in which no active services or servers reside. These are “dark” because there is, seemingly, nothing within these networks.”

A third method might be to create a wireless mesh network, as I’d mentioned a couple of posts ago, but one that only you and a small number of people had access to – something like goTenna Mesh (as one example). Or, perhaps it would be something like a Freifunk network. Of course, you would need the right hardware for this, and you would have to find others to join, but that would just take a bit of time and effort.

So, in theory, a “shadow web” might be a private network that uses protocols other than the internet protocol, a darknet of some kind, or a wireless mesh network with a select few participants.

This, however, does not mean there actually is a Shadow Web – I just thought it was fun to consider how you could create one.

Will you be the first to do it? I dare you!

shadow-people