قالب وردپرس درنا توس
Home / Tips and Tricks / How to Host a Deep Web IRC Server for More Anonymous Chat «Zero Byte :: WonderHowTo

How to Host a Deep Web IRC Server for More Anonymous Chat «Zero Byte :: WonderHowTo



Internet Relay Chat, or IRC, is one of the most popular chat protocols on the internet. The technology can be connected to the Tor network to create an anonymous and secure chat room – without the use of public IP addresses.

IRC servers allow one to create and manage rooms, users and automated functions, among other tools, to manage an instant messaging environment. IRC’s roots began in 1988 when Jarkko Oikarinen decided to try to implement a new chat protocol for users at the University of Oulu. Since then, it has been widely adopted and used as a light means of communication.

The chat protocol has proven to be particularly popular in technology communities, with channels for user groups for software, support and help, and discussion areas for developers and programmers. Its user base was eventually expanded to include hackers and security activists, many of whom liked the protocol but felt it lacked certain aspects of privacy.

For hackers, and anyone else who wants anonymity, combining IRC with a proxy system like Tor proved to be a valuable solution. Learning to join and create Tor-connected IRC channels allows you to form private communication platforms, for those who are interested in protecting their identity.

Combining Tor and IRC is more complicated than just downloading Tor Browser, so we explain how to configure a local IRC server, connect this server to the Tor network, and connect to the server as a client.

Step 1: Gather the prerequisites

An IRC server will be easiest to combine with Tor on a Linux system and will be more secure on a server-specific distribution. Some popular server operating system choices are Debian, Ubuntu Server, or CentOS. All Linux distributions are technically appropriate, and while Kali is used in this example, it is not necessarily the best option for a secure server.

The Linux installation used to host the server can be on a remote Virtual Virtual Server (VPS), a Raspberry Pi, or even just a personal server on your local network.

When our server itself is selected, the first software we need to host an IRC server is InspiRCd. This handles the entire IRC component of the server. We also need to install Tor. For the server, it must be able to be called as a service, so it is best to install the Tor version available on Linux repository.

In Debian-based districts, we can update our repositories with apt. On other systems, the modules are available from their respective websites. We can do this by opening a terminal window and typing the following.

~$ sudo apt-get update

[sudo] password for kali:
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 Packages [16.5 MB]
Get:3 http://kali.download/kali kali-rolling/non-free amd64 Packages [197 kB]
Get:4 http://kali.download/kali kali-rolling/contrib amd64 Packages [101 kB]
Fetched 16.9 MB in 9s (1,974 kB/s)
Reading package lists... Done

Once our repository has been updated, we can install the necessary software by typing the command below.

~$ sudo apt-get install inspircd tor

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libtre5 tor-geoipdb torsocks
Suggested packages:
  gnutls-bin ldap-server tre-agrep mixmaster torbrowser-launcher tor-arm
  apparmor-utils obfs4proxy
The following NEW packages will be installed:
  inspircd libtre5 tor tor-geoipdb torsocks
0 upgraded, 5 newly installed, 0 to remove and 782 not upgraded.
Need to get 5,156 kB of archives.
After this operation, 24.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://kali.download/kali kali-rolling/main amd64 libtre5 amd64 0.8.0-6+b1 [59.0 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 inspircd amd64 3.4.0-2 [1,585 kB]
Get:3 http://kali.download/kali kali-rolling/main amd64 tor amd64 0.4.3.6-1 [1,943 kB]
Get:4 http://kali.download/kali kali-rolling/main amd64 tor-geoipdb all 0.4.3.6-1 [1,492 kB]
Get:5 http://kali.download/kali kali-rolling/main amd64 torsocks amd64 2.3.0-2+b1 [76.3 kB]
Fetched 5,156 kB in 2s (3,322 kB/s)
Selecting previously unselected package libtre5:amd64.
(Reading database ... 287092 files and directories currently installed.)
Preparing to unpack .../libtre5_0.8.0-6+b1_amd64.deb ...
Unpacking libtre5:amd64 (0.8.0-6+b1) ...
Selecting previously unselected package inspircd.
Preparing to unpack .../inspircd_3.4.0-2_amd64.deb ...
Unpacking inspircd (3.4.0-2) ...
Selecting previously unselected package tor.
Preparing to unpack .../tor_0.4.3.6-1_amd64.deb ...
Unpacking tor (0.4.3.6-1) ...
Selecting previously unselected package tor-geoipdb.
Preparing to unpack .../tor-geoipdb_0.4.3.6-1_all.deb ...
Unpacking tor-geoipdb (0.4.3.6-1) ...
Selecting previously unselected package torsocks.
Preparing to unpack .../torsocks_2.3.0-2+b1_amd64.deb ...
Unpacking torsocks (2.3.0-2+b1) ...
Setting up libtre5:amd64 (0.8.0-6+b1) ...
Setting up inspircd (3.4.0-2) ...
update-rc.d: We have no instructions for the inspircd init script.
update-rc.d: It looks like a network service, we disable it.
inspircd.service is a disabled or a static unit, not starting it.
Setting up tor (0.4.3.6-1) ...
Something or somebody made /var/lib/tor disappear.
Creating one for you again.
Something or somebody made /var/log/tor disappear.
Creating one for you again.
update-rc.d: We have no instructions for the tor init script.
update-rc.d: It looks like a network service, we disable it.
Setting up torsocks (2.3.0-2+b1) ...
Setting up tor-geoipdb (0.4.3.6-1) ...
Processing triggers for libc-bin (2.30-4) ...
Processing triggers for systemd (245.4-3) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for kali-menu (2020.2.2) ...

Step 2: Configure InspIRCd

Once our IRC server daemon has been installed, we can begin configuring it to meet our needs. The configuration file is available on Linux systems at /etc/inspircd/inspircd.conf. We can edit this file with Nano by running the following command. If the IndspIRCd was properly installed, the file that will be opened should be similar to the one below.

~$ sudo nano /etc/inspircd/inspircd.conf

  GNU nano 4.9.2           /etc/inspircd/inspircd.conf
# This is just a more or less working example configuration file, please
# customize it for your needs!
#
# Once more: Please see the examples in /usr/share/doc/inspircd/examples/















































^G Get Help    ^O Write Out   ^W Where Is    ^K Cut Text    ^J Justify
^X Exit        ^R Read File   ^ Replace     ^U Paste Text  ^T To Spell

There are several configuration parameters that we should review and edit to suit our purposes. First we want to look at the “server” parameters section seen below.

We can change this to what we want to name our IRC channel, but the “name” option must be in a format similar to “irc.website.com.” For most servers, this would be important because it may be relevant to the URL, which solves the IP of the IRC server, but since we will instead make our server available over Tor, we can leave it whatever we choose. For this tutorial, I left these at the default settings “Local”.

Then we will update the “admin” settings.

The “name” and “nickname” should be changed to the desired identification for your server administrator. To make it easier to identify these, I turned them both to “admin”. I left the email setting as it was, as it does not have to be a valid email address.

In most cases we also want to change the “bind” value, but since all our connections will be made through Tor, we can leave the address as 127.0.0.1 and the port on 6667 or the port of our choice.

An important field to update is the “power” section. This provides two passwords that can be used by yourself or channel operators to restart or shut down the server. Be sure to set them to something more secure than the specified default passwords.

The last sections of this configuration file that we want to modify are the “oper” or operator section, and the “files” section. In the operator section, we want to update the operator’s references to give server privileges to the users we want. The most important part to update is the “password” field. Make sure you change the password to something more secure.

Finally, we want to define the place for Today’s announcement and regulations files.

If these files are already set in a convenient location, you can simply edit them to update these files in nano. These files will be displayed in the channel when a user requests one of them by running / motd or / rules.

~$ sudo nano /etc/inspircd/inspircd.motd

  GNU nano 4.9.2           /etc/inspircd/inspircd.motd
**************************************************
*             H    E    L    L    O              *
*  This is a private irc server. Please contact  *
*  the admin of the server for any questions or  *
*  issues.                                       *
**************************************************
*  The software was provided as a package of     *
*  Debian GNU/Linux .   *
*  However, Debian has no control over this      *
*  server.                                       *
**************************************************
(The sysadmin possibly wants to edit )

^G Get Help    ^O Write Out   ^W Where Is    ^K Cut Text    ^J Justify
^X Exit        ^R Read File   ^ Replace     ^U Paste Text  ^T To Spell
~$ sudo nano /etc/inspircd/inspircd.rules

  GNU nano 4.9.2          /etc/inspircd/inspircd.rules
Please edit /etc/inspircd/motd

                              [ Read 1 line ]
^G Get Help    ^O Write Out   ^W Where Is    ^K Cut Text    ^J Justify
^X Exit        ^R Read File   ^ Replace     ^U Paste Text  ^T To Spell

We can further update this configuration file by referring to the InspIRCd Wiki. Save the file by pressing Control O in Nano, and then press Ctrl-X To leave. When the configuration file is ready, we can test our server locally.

Step 3: Test the local IRC server

First we can start the server daemon with systemd by typing the following in terminal.

~$ sudo service inspircd start

If the command is successful, we can confirm the status with the system status parameter.

~$ sudo service inspircd status

● inspircd.service - InspIRCd - Internet Relay Chat Daemon
     Loaded: loaded (/lib/systemd/system/inspircd.service; disabled; vendo>
     Active: active (running) since Thu 2020-08-06 20:19:27 EDT; 11s ago
       Docs: man:inspircd(8)
    Process: 2133 ExecStart=/usr/lib/inspircd/inspircd start (code=exited,>
   Main PID: 2135 (inspircd)
      Tasks: 1 (limit: 2317)
     Memory: 1.3M
     CGroup: /system.slice/inspircd.service
             └─2135 /usr/sbin/inspircd --config=/etc/inspircd/inspircd.conf

Aug 06 20:19:27 kali systemd[1]: Starting InspIRCd - Internet Relay Chat D>
Aug 06 20:19:27 kali inspircd[2133]: InspIRCd - Internet Relay Chat Daemon
Aug 06 20:19:27 kali inspircd[2133]: For contributors & authors: See /INFO>
Aug 06 20:19:27 kali inspircd[2135]: InspIRCd Process ID: 2135
Aug 06 20:19:27 kali inspircd[2135]: Loading core modules ................>
Aug 06 20:19:27 kali inspircd[2135]: InspIRCd is now running as 'irc.local>
Aug 06 20:19:27 kali systemd[1]: Started InspIRCd - Internet Relay Chat Da>
lines 1-18/18 (END)

We can now test the connection to our server using the IRC client of our choice. I used Irssi. Irssi is available in most Linux warehouses, and on Debian-based systems it can also be installed with prone, which is seen below.

~$ sudo apt install irssi

[sudo] password for kali:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  irssi-scripts
The following NEW packages will be installed:
  irssi
0 upgraded, 1 newly installed, 0 to remove and 782 not upgraded.
Need to get 1,183 kB of archives.
After this operation, 2,919 kB of additional disk space will be used.
Get:1 http://kali.download/kali kali-rolling/main amd64 irssi amd64 1.2.2-1+b1 [1,183 kB]
Fetched 1,183 kB in 1s (1,320 kB/s)
Selecting previously unselected package irssi.
(Reading database ... 287426 files and directories currently installed.)
Preparing to unpack .../irssi_1.2.2-1+b1_amd64.deb ...
Unpacking irssi (1.2.2-1+b1) ...
Setting up irssi (1.2.2-1+b1) ...
Processing triggers for kali-menu (2020.2.2) ...
Processing triggers for man-db (2.9.1-1) ...

Irssi can be started directly from the command line just by name.

~$ irssi

 Irssi v1.2.2-1+b1 - https://irssi.org
20:30 -!-  ___           _
20:30 -!- |_ _|_ _ _____(_)
20:30 -!-  | || '_(_-<_-< |
20:30 -!- |___|_| /__/__/_|
20:30 -!- Irssi v1.2.2-1+b1 - https://irssi.org
20:30 -!- Irssi: The following settings were initialized
20:30                        real_name Kali
20:30                        user_name kali
20:30                             nick kali

[(status)]

Within Irssi we can connect to our server with connect command. This command connects us to our server. You should see something like below.

[(status)] /connect irc.localhost

20:31 -!- Irssi: Looking up irc.localhost
20:31 -!- Irssi: Connecting to irc.localhost [127.0.0.1] port 6667
20:31 -!- Irssi: Connection to irc.localhost established
20:31 !irc.localhost *** Looking up your hostname...
20:31 !irc.localhost *** Could not resolve your hostname: Request timed out; using your IP address (127.0.0.1) instead...
20:31 !irc.localhost *** Welcome to Localnet!
20:31 -!- Welcome to the Localnet IRC Network admin@127.0.0.1
20:31 -!- Your host is irc.local, running version InspIRCd-3.4.0
20:31 -!- This server was created on Debian
20:31 -!- irc.local InspIRCd-3.4.0 iosw biklmnopstv bklov
20:31 -!- AWAYLEN=200 CASEMAPPING=rfc1459 CHANMODES=b,k,l,imnpst CHANNELLEN=64 CHANTYPES=#
          CHARSET=ascii ELIST=MU FNC KICKLEN=255 MAP MAXBANS=60 MAXCHANNELS=20 MAXPARA=32
          are supported by this server
20:31 -!- MAXTARGETS=20 MOADES=20 NETWORK=Localnet NICKLEN=32 PREFIX=(ov)@+ STATUSMSG=@+
          TOPICLEN+307 VBANLIST WALLCHOPS WALLVOICES are supported by this server
20:31 -!- 811AAAAAA your unique ID
20:31 -!- irc.local message of the day
20:31 -!- - - message of the day goes here
20:31 -!- -
20:31 -!- End of message of the day.
20:31 -!- There are 1 users and 0 invisible on 1 servers
20:31 -!- 0 channels formed
20:31 -!- I have 1 clients and 0 servers
20:31 -!- Current Local Users: 1  Max: 1
20:31 -!- Current Global Users: 1  Max: 1
20:31 -!- Mode change [+i] for user admin

[(status)]

Once the IRC client has connected to the local IRC server, it can be managed in the same way as a server connected to the Internet. The test server is only connected to the machine where it is running, so the only users who can connect to the server must also be on the local machine.

Once the local IRC server connection has been verified and any IRC configurations have changed, we can disconnect the local server and connect it to the Tor network. If you use the Irssi IRC client, you can disconnect with /stop.

Step 4: Connect the IRC server to Tor

Tor routing for our IRC server will be configured in the torrc file. To find this file and confirm our Tor installation we can use where is as in the example below.

~$ whereis tor

tor: /usr/bin/tor /usr/sbin/tor /etc/tor /usr/share/tor /usr/share/man/man1/tor.1.gz

This returns several locations that Tor uses for configuration. The "torrc" file we are looking for is probably in / etc / tor. We can open it with the following command. Once opened, you should see something similar below.

~$ sudo nano /etc/tor/torrc

  GNU nano 4.9.2                    /etc/tor/torrc
## Configuration file for a typical Tor user
## Last updated 9 October 2013 for Tor 0.2.5.2-alpha.
## (may or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
## https://www.torproject.org/docs/faq#torrc

## Tor opens a socks proxy on port 9050 by default -- even if you don't
## configure one below. Set "SocksPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
#SocksPort 192.168.0.1:9100 # Bind to this address:port too.

## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

## Uncomment this to start the process in the background... or use
## --runasdaemon 1 on the command line. This is ignored on Windows;
## see the FAQ entry if you want Tor to run as an NT service.
#RunAsDaemon 1

## The directory for keeping all the keys/etc. By default, we store
## things in $HOME/.tor on Unix, and in Application Datator on Windows.
#DataDirectory /var/lib/tor

## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
#ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053>
#CookieAuthentication 1

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.

## Required: what port to advertise for incoming Tor connections.
#ORPort 9001
## If you want to listen on a port other than the one advertised in
## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
## follows.  You'll need to do ipchains or other port forwarding
## yourself to make this work.
#ORPort 443 NoListen
#ORPort 127.0.0.1:9090 NoAdvertise

## The IP address or full DNS name for incoming connections to your
## relay. Leave commented out and Tor will guess.
#Address noname.example.com

## If you have multiple network interfaces, you can specify one for
## outgoing traffic to use.
# OutboundBindAddress 10.0.0.5

## A handle for your relay, so people don't have to refer to it by key.
#Nickname ididnteditheconfig

## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
## Note that units for these config options are bytes per second, not bits
## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
#RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)

## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting "4 GB" may allow up to 8 GB total before
## hibernating.
##
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GB
## Each period starts daily at midnight (AccountingMax is per day)
#AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
#AccountingStart month 3 15:00

## Administrative contact information for this relay or bridge. This line
## can be used to contact you if your relay or bridge is misconfigured or
## something else goes wrong. Note that we archive and publish all
## descriptors containing these lines and that Google indexes them, so
## spammers might also collect them. You may want to obscure the fact that
## it's an email address and/or generate a new address for this purpose.
#ContactInfo Random Person 
## You might also include your PGP or GPG fingerprint if you have one:
#ContactInfo 0xFFFFFFFF Random Person 

## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
#DirPort 9030 # what port to advertise for directory connections
## If you want to listen on a port other than the one advertised in
## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
## follows.  below too. You'll need to do ipchains or other port
## forwarding yourself to make this work.
#DirPort 80 NoListen
#DirPort 127.0.0.1:9091 NoAdvertise
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
## can explain what Tor is if anybody wonders why your IP address is
## contacting them. See contrib/tor-exit-notice.html in Tor's source
## distribution for a sample.
#DirPortFrontPage /etc/tor/tor-exit-notice.html

## Uncomment this if you run more than one Tor relay, and add the identity
## key fingerprint of each Tor relay you control, even if they're on
## different networks. You declare it here so Tor clients can avoid
## using more than one of your relays in a single circuit. See
## https://www.torproject.org/docs/faq#MultipleRelays
## However, you should never include a bridge's fingerprint here, as it would
## break its concealability and potentionally reveal its IP/TCP address.
#MyFamily $keyid,$keyid,...

## A comma-separated list of exit policies. They're considered first
## to last, and the first match wins. If you want to _replace_
## the default exit policy, end this with either a reject *:* or an
## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
## default exit policy. Leave commented to just use the default, which is
## described in the man page or at
## https://www.torproject.org/documentation.html
##
## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
## for issues you might encounter if you use the default exit policy.
##
## If certain IPs and ports are blocked externally, e.g. by your firewall,
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
## For security, by default Tor rejects connections to private (local)
## networks, including to your public IP address. See the man page entry
## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # no exits allowed

## Bridge relays (or "bridges") are Tor relays that aren't listed in the
## main directory. Since there is no complete public list of them, even an
## ISP that filters connections to all the known Tor relays probably
## won't be able to block all the bridges. Also, websites won't treat you
## differently because they won't know you're running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
#BridgeRelay 1
## By default, Tor will advertise your bridge to users through various
## mechanisms like https://bridges.torproject.org/. If you want to run
## a private bridge, for example because you'll give out your bridge
## address manually to your friends, uncomment this line:
#PublishServerDescriptor 0

^G Get Help  ^O Write Out ^W Where Is  ^K Cut Text  ^J Justify   ^C Cur Pos
^X Exit      ^R Read File ^ Replace   ^U Paste Text^T To Spell  ^_ Go To Line

The section we need to edit is after the following banner.

############### This section is just for location-hidden services ###

To jump directly to this section, press Ctrl-W, type "location-hidden" and press Get on. To indicate our hidden service location to Tor, we want to comment on the following two lines.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

To do this, delete the "#" symbols at the beginning of these lines. We also want to edit one of the lines to specify our IRC port instead of port 80. When you are done, the line should look like this.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 6667 127.0.0.1:6667

Write these changes in the file with Control O and finish Nano with Ctrl-X.

Now that our Tor service is configured, we can start it with the following command.

~$ sudo tor

Aug 06 20:58:27.242 [notice] Tor 0.4.3.6 running on Linux with Libevent 2.1.11-stable, OpenSSL 1.1.1g, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.4.4.
Aug 06 20:58:27.242 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
...
Aug 06 20:58:36.000 [notice] Bootstrapped 100% (done): Done

When the Tor service is running, an onion address must be generated and placed in / var / lib / tor / Hidden_service / hostname. We can retrieve this address with Cat command, seen below.

~$ sudo cat /var/lib/tor/hidden_service/hostname

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.onion

If necessary, it is also possible to customize this onion address using tools such as Eschalot.

If Cat returns an onion address, your IRC server is now available via Tor!

Step 5: Connect to an IRC server over Tor

Now that your server is connected to Tor, it is available to anyone with the address to connect to it. To test our server connection, it is best to do so from a device other than the one on which the server is running. If you have installed your server on a VPS or a virtual machine, just switch back to using the device you configured it with.

To test the connection to my server, I used an IRC client that I had already installed, HexChat. It is also available in most Linux repositories and on Debian-based systems, and it can be installed with prone as seen below.

~$ sudo apt install hexchat

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  hexchat-common hexchat-perl hexchat-plugins hexchat-python3
Suggested packages:
  hexchat-otr unifont
The following NEW packages will be installed:
  hexchat hexchat-common hexchat-perl hexchat-plugins hexchat-python3
0 upgraded, 5 newly installed, 0 to remove and 782 not upgraded.
Need to get 1,214 kB of archives.
After this operation, 5,570 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://kali.download/kali kali-rolling/main amd64 hexchat-common all 2.14.3-3 [762 kB]
Get:2 http://kali.download/kali kali-rolling/main amd64 hexchat amd64 2.14.3-3 [338 kB]
Get:3 http://kali.download/kali kali-rolling/main amd64 hexchat-perl amd64 2.14.3-3 [42.5 kB]
Get:4 http://kali.download/kali kali-rolling/main amd64 hexchat-plugins amd64 2.14.3-3 [37.8 kB]
Get:5 http://kali.download/kali kali-rolling/main amd64 hexchat-python3 amd64 2.14.3-3 [33.6 kB]
Fetched 1,214 kB in 6s (202 kB/s)
Selecting previously unselected package hexchat-common.
(Reading database ... 287612 files and directories currently installed.)
Preparing to unpack .../hexchat-common_2.14.3-3_all.deb ...
Unpacking hexchat-common (2.14.3-3) ...
Selecting previously unselected package hexchat.
Preparing to unpack .../hexchat_2.14.3-3_amd64.deb ...
Unpacking hexchat (2.14.3-3) ...
Selecting previously unselected package hexchat-perl:amd64.
Preparing to unpack .../hexchat-perl_2.14.3-3_amd64.deb ...
Unpacking hexchat-perl:amd64 (2.14.3-3) ...
Selecting previously unselected package hexchat-plugins:amd64.
Preparing to unpack .../hexchat-plugins_2.14.3-3_amd64.deb ...
Unpacking hexchat-plugins:amd64 (2.14.3-3) ...
Selecting previously unselected package hexchat-python3:amd64.
Preparing to unpack .../hexchat-python3_2.14.3-3_amd64.deb ...
Unpacking hexchat-python3:amd64 (2.14.3-3) ...
Setting up hexchat-plugins:amd64 (2.14.3-3) ...
Setting up hexchat-common (2.14.3-3) ...
Setting up hexchat (2.14.3-3) ...
Setting up hexchat-perl:amd64 (2.14.3-3) ...
Setting up hexchat-python3:amd64 (2.14.3-3) ...
Processing triggers for desktop-file-utils (0.24-1) ...
Processing triggers for mime-support (3.64) ...
Processing triggers for hicolor-icon-theme (0.17-2) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for kali-menu (2020.2.2) ...

After the launch of HexChat with:

~$ hexchat

Enter the desired nickname options and then select "Add" in the network section.

Assign a name to your new network, then right-click on it and press "Edit".

Update the address in this edit window that appears in servers box to be the onion address assigned to it by Tor in the previous step.

Close this window and then select "Connect." The connection will not be established immediately, as we will have to change our network settings to resolve the onion. To do this, click on "Settings" under the "Settings" menu on top of the new window that has opened.

In the settings window, select "Network settings" under the Network category in the left menu. On this page, below proxy Server change host Name to 127.0.0.1, Port to 9050and select "Socks5" for Type.

This uses Tor as a proxy server for the client and makes it possible to resolve address resolution. Keep in mind that this only works on devices if Tor can be called as a service on port 9050. On Linux systems, the Tor service can be started in the same way as if it were a server. To do so, type the command below.

~$ sudo tor

When the network configuration has been updated, press "OK". HexChat should try to connect to the specified onion address. This time it should work.

If Welcome the message is displayed, you have successfully created a Tor-connected IRC server!

You may notice that after the onion address has been looked up, the specified IP address is the localhost address on the server itself, 127.0.0.1. This is because Tor routes connecting clients to the server and does not in any way reveal the server's public IP, so clients connecting to it see the server almost as if it were on their local network, rather than on a secret IP hidden by an onion address.

Now that the server is running, you can customize it like any other IRC server and start inviting more users to interact with its channels.

Thanks for reading and if you have any questions you can ask them in the comments below or on Twitter @tahkion.

Want To Get Into The Gift Basket Business? Jump your career with hat hacking with our training package for premium ethical hacking 2020 from the new Null Byte store and get over 60 hours of training from professional ethical hacking.

Buy now (90% off)>

Cover photo of Kody / Null Byte; Screenshots of Takhion / Null Byte




Source link