Setting up the hidden Tor service in Debian (Kali Linux, Linux Mint, Ubuntu)

6 May 2023 4 minutes Author: D2-R2

Tor hidden service and how to make it

In October 2021, TOR Onion version 2 hidden services will stop working. For some time now, TOR Onion v3 vanity has been used for the automatic generation of the hidden service domain. But if you are using the old, second version, then you need to switch to the third one with the new address, and use the old address to inform your visitors. This guide for setting up the hidden Tor service will show how to set it up in Kali Linux, but it will work for all Debian derivatives, including Linux Mint and Ubuntu. If you have a distribution based on Arch Linux, then the instruction “Setting up the hidden Tor service in Arch Linux / BlackArch” is for you. Tor hidden services have domain names with .onion extensions Hidden services are only accessible from the Tor network. For example, you can open these addresses if you use the Tor Browser.

The hidden service does not require a white IP, as the traffic is routed through the Tor network and it is fully responsible for data exchange. A .onion domain name is issued free of charge and automatically. It is generated as a random set of characters and you cannot select it. However, the article “How to get a nice domain name for the hidden Tor service” tells how this can be bypassed to some extent. . A web server is also required. On the server, you can use any technologies, including Apache, PHP, database management systems and others – anything that you can install on your computer or server. To install a web server, the article “Installing LAMP “The basics of working with a web server for pentesters” is recommended.

Connecting a local web server to the Tor network as a hidden service

You need to start by setting up a virtual host. You need to make this virtual host accessible only on the local network. Because if it is available globally, you can easily lose your “stealth”. Starting the web server:


Open the Apache configuration file:

I have a line there

That is, Apache listens for incoming connections both locally and externally. That is, if someone wants to connect to your web server, then if they are on your local network or you have a white IP, they will be able to do so. If you don’t need it, replace the line with the following:



The web server will listen on port 80 only on local IP 127.0.0.1.
Now we create a virtual host configuration file for the hidden service:


Insert the following into it:

In principle, you only need to edit the DocumentRoot line “/var/www/html/onion” in it – it shows the path to your website, which will be a hidden Tor service. Don’t forget to create this directory:



Activate the virtual host:


Place any files in this folder and restart the web server:



Check the status:


Place the files in the /var/www/html/onion folder and check if the server is working:

We need to start by installing Tor:



Open the file



Find the lines:



The first line specifies where the generated domain name and secret key will be stored. It is quite simple to uncomment it so that it works:



The second line should also be uncommented. The first number is the port on which your hidden service will be hosted – it is better not to change it, so that the user does not have to manually specify a non-standard port. The next line is the local address of your virtual host on the web server. The IP should remain the same, and if necessary, change the port to the one you assigned to the web server virtual host. In my case it is also 80:



Start (or restart if previously installed) the Tor service:



Check its status:



Add the service to startup (optional):



To find out your domain name, type:



Now report this domain name to the clients of your hidden Tor service. These sites can only be accessed through the Tor network. They are not available on the regular Internet. If you need multiple hidden Tor services, create the required number of virtual web server hosts and use strings



As many times as you need. For each service, it is necessary to specify its own directory in which the domain name and private key are located. My hidden serviceTor:
hacking5xcj4mtc63mfjqbshn3c5oa2ns7xgpiyrg2fenl2jd4lgooad.onion



Remember to restart the service every time you change Tor settings:


Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.