Create Customized .onion Addresses For Tor Hidden Services
Tor’s .onion links can often look quite random in this article I will show you how to create customized .onion address for use with Tor’s hidden services.
Customized .onion links can often help other Tor users find and recognize your site easier.
For example take Facebook’s .onion hidden service that lets users access Facebook’s website more safely. Facebook .onion link is facebookcorewwwi.onion For a hash of a public key that’s randomly generated, it doesn’t look very random this got a lot of users wondering how they brute forced a full .onion link. The article linked below explain more about the processes Facebook took to create their custom .onion link.
Quote Tor “The short answer is that for the first half of it (“facebook”), which is only 40 bits, they generated keys over and over until they got some keys whose first 40 bits of the hash matched the string they wanted.”
In this article we won’t be creating a .onion link as extravagant as Facebook’s .onion link as we don’t have as much processing power to handle an entire address as it would take as long as the universe is believed to have been in existence so we will be creating a custom .onion link will fewer characters.
To create customized .onion links we can use a open source tool called Shallot.
Shallot allows you to create customized .onion addresses for Tor’s hidden services. By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.
sudo apt-get install libcurl4-openssl-dev
git clone https://github.com/katmagic/Shallot.git Shallot
cd Shallot ./configure && make ./shallot
$ ./shallot ^test
Found matching pattern after 99133 tries: testvztz3tfoiofv.onion
—–BEGIN RSA PRIVATE KEY—–
—–END RSA PRIVATE KEY—–
On the Security of Generated Key Pairs
“It is sometimes claimed that private keys generated by Shallot are less secure than those generated by Tor. This is false. Although Shallot generates a keypair with an unusually large public exponent e, it performs all of the sanity checks specified by PKCS #1 v2.1 (directly in sane_key), and then performs all of the sanity checks that Tor does when it generates an RSA key pair (by calling the OpenSSL function RSA_check_key).”
Adding new RSA private key to Tor hidden service
Setting up a Tor hidden service is quite simple it requires starting a web server on machine and setting the HiddenServiceDir and HiddenServicePort on tor’s configuration file.
Location of torrc: /etc/tor/torrc
When Tor starts a hidden service first it will generate a new public/private keypair for the hidden service. The key pair is further written to a file called private_key. Web masters are advised to keep this key safe from others if an attacker was to gain access to these keys they would then be able to impersonate a hidden service and conduct various Man-in-the-middle and downgrade attacks on the target Tor hidden service. If you replace the RSA private key (including its header and footer) in a file called private_key in the HiddenServiceDir you specified in your torrc, then when you restart your Tor, a hostname file will be created in HiddenServiceDir that contains your shiny new .onion address.
If you require more information on setting up Tor hidden services and configuration of torrc refer to the following article.
Performance Time Taken to Generate Custom .onion Links
Time to Generate an Tor .onion link with a Given Number of Initial Characters on a 1.5Ghz Processor
Amount of characters
time to generate (approx.)
1 less than a second
2 less than a second
3 less than a second
4 – 2 seconds
5 – 1 minute
6 – 30 minutes
7 – 1 day
8 – 25 days
9 – 2.5 years
10 – 40 years
11 – 640 years
12 – 10 millenia
13 – 160 millenia
14 – 2.6 million years
- Top 10 Phishing Tools - 10th April 2020
- Distributed Hash Cracking Hashcat Hashtopolis Tutorial - 30th March 2020
- Cracking Password Hashes with Hashcat Rule-based attack - 27th March 2020