[Tor-BSD] OpenBSD httpd hidden service

hue manatee huemanatee at riseup.net
Tue Dec 5 13:31:17 EST 2017


Hm. Apparently httpd with basic config is solid right out-of-the-box. At 
least according to onionscan:

--------------- OnionScan Report ---------------
Generating Report for: <the-hidden-service>.onion

No risks were found.
--------------------------------------------------------

Steps to install onionscan for those who need it:

** How to scan your .onion location-hidden service for vulns
**** Install tor:
***** Add tor repo: =sudo add-apt-repository "deb 
http://deb.torproject.org/torproject.org xenial main"=
***** Add tor gpg keys: =gpg --keyserver keys.gnupg.net --recv 
A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89=
***** Export keys: =gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD8 
| sudo apt-key add - =
***** =sudo apt update=
***** =sudo apt install tor deb.torproject.org-keyring=
**** Install Go: =sudo apt-get install go-lang=
**** Set $GOPATH variable:
***** Ref: 
[[https://stackoverflow.com/questions/21001387/how-do-i-set-the-gopath-environment-variable-on-ubuntu-what-file-must-i-edit#21012349][Set 
GOPATH SE]]
***** =mkdir ~/.go=
***** ~echo "GOPATH=$HOME/.go" >> ~/.bashrc~
***** =echo "exporg GOPATH" >> ~/.bashrc=
***** ~echo "PATH=\$PATH:\$GOPATH/bin # Add GOPATH/bin to PATH for 
scripting" >> ~/.bashrc~
***** =source ~/.bashrc=
**** Install dependencies:
***** Ref: [[https://github.com/s-rah/onionscan/wiki][Onionscan Deps]]
***** =go get github.com/HouzuoGuo/tiedot=
***** =go get golang.org/x/crypto/openpgp=
***** =go get golang.org/x/net/proxy=
***** =go get golang.org/x/net/html=
***** =go get github.com/rwcarlsen/goexif/exif=
***** =go get github.com/rwcarlsen/goexif/tiff=
**** Install onionscan: =go get github.com/s-rah/onionscan=
**** Run onionscan: =onionscan <your-hidden-service>.onion=

Hue


On 12/05/2017 09:34 AM, Shawn Webb wrote:
> On Tue, Dec 05, 2017 at 09:28:32AM -0800, hue manatee wrote:
>> 5. Place httpd behind a fully Tor-ified network (unsure how to do this).
>>
>> 6. Run httpd inside a vmm and transparently torify all traffic of its only
>> (network) interface (unsure how to do this).
> For items 5 and 6 (they're pretty much the same from a technical
> standpoint), I've written an article about how to set up a Tor-ified
> network:
> https://github.com/lattera/articles/blob/master/infosec/tor/2017-01-14_torified_home/article.md
>
> Granted, it uses HardenedBSD as the example. You'll need to adapt the
> pf rules to OpenBSD, but it shouldn't differ too much from an
> ideological standpoint.
>
> Thanks,
>



More information about the Tor-BSD mailing list