Learn Kali Linux Episode #15: Accessing the Dark Web Using the Tor Browser (Part 1)

Learn Kali Linux Episode #15: Accessing the Dark Web Using the Tor Browser (Part 1)


Hello everybody and welcome to this
tutorial. Today, I will open up a chapter on how to stay anonymous. So there are
several ways, several methods that you can use. First off, you’ve probably heard
about these things, they are proxies, so you are just routing your connection
through several different points, although this can be very slow depending
on the speed of the proxies elsewhere, and you also know nothing of the other
side. You know nothing of the server’s through which your packets are going. So
that’s can be risky, but then again if you’re trying, if you’re just scanning
something, if you’re nmapping a network, if you’re using nmap to
footprint a network, why do you care? It’s not of importance. However, if you’re
using proxies to log in somewhere, or password credentials, or something of a kind, that is potentially dangerous, and you should not do that. I mean quite literally you shouldn’t do it. The other option is to use some sort of VPN to encrypt your traffic between you and the VPN service provider. Now these things can be very fast depending on
which one you have, so you can just pay for a service out there. I think a yearly
subscription is like a hundred and something bucks. A monthly subscription
is like 10 bucks, something like that. You get a dedicated VPN static IP address so
you can do a lot of stuff, and they can be very, very, very fast. Furthermore, your traffic is encrypted as I said, and the only way
that somebody can figure out that you are doing something somewhere is if the
VPN service provider actually relinquishes your information. However,
this does not happen that often, this is very difficult to attain, especially if
you get a VPN in certain parts of the world where they just generally
don’t give this sort of information out. But, I wouldn’t recommend doing that for
white hat hacking primarily because there isn’t a need to stay anonymous to
that extent. What we are going to be using VPNs and proxies mainly for, or what they are mainly used for in the world today, I would say anyway,
this is just my personal opinion, is to bypass firewall settings, or firewall
limitations, should I say. So, here’s a real-life example that people
have been using quite often, that people are using pretty much on a daily basis.
Netflix, for example, has a certain range of IP addresses from which it allows
connections. So, if you are elsewhere in the world, and you don’t you do not
belong to that IP address range, it will not allow you to view anything on the site. It will not allow you to see movies, or something of a kind. However, if you use a proxy, a good one, or if you use a VPN, you will be able to
access the site as though you were coming from the country which falls
within the IP address range list. So that’s just one of the common examples of what people are doing. Not exactly legal, but oh well. People have been doing it. It’s not exactly harmful, or something like that, you’re not breaking, you’re not
taking servers down, or anything of a kind, but people have been using it in
order to be able to watch Netflix from, I don’t know, a cell phone when they’re
traveling, or something like that. In any case, there are numerous other examples
when you want to bypass certain firewall settings primarily you bypass the IP
range lists which are allowed to access a certain server, or something
like that, but also, for example, if you have a certain server whose traffic
is mainly generated from a single area, from a single country, and you do not
want to be, for example, scanning it from, I don’t know, an IP address that belongs
to the area in China, or something like that, because those IP addresses they look very different. I mean of course they’re written the same, but
any network administrator as soon as they see that IP address, of that kind,
that is far away from their geographical area, they will know that it’s an anomaly of some sort, and that it doesn’t belong there, and they
will be intrigued, they will start looking, so that is not something you
want happening to you. You want to be accessing the server from where all the other users are accessing it from in order to hide yourself in the
mass. In any case, that is what we shall be doing in this chapter and a few other
things, but for the time being, for this tutorial, I want to show you how you can
actually access the dark web, or the hidden web, whichever way wish to refer
to it. Now the rumor is that the dark web is a lot bigger than your regular
internet, that there’s a lot more information there, and I use its
resources, a lot of people do, there are some very nice forums where you can
get a lot of good stuff. So I would definitely recommend trying it out, and you will, at some point of time, you will need it. For that you will need to
install a tor browser, and with the tor browser you will be able to access the
darknet. Now it is not installed by default on Kali, and this is one of those rare occasions and rare situations where we will actually need a different user other than root in order to be able to
do anything with tor, in order to be able to start it. So, first off, I’m going to go
ahead and create a new user. So just open up your virtual machine, you see mine is
already opened up here, I’m just changing the size so that you can see it it’s a
virtual machine, and I have my terminal up and running here, I can close it and
reopen it, there you go. Just open up your regular terminal and
type in the following. So first off we need tor. I will explain what tor is in a
moment, but you just type in apt-get install tor -y, and press ENTER, with this command that I am highlighting at the moment tor will
install. No problems on Kali as long as you have an active internet connection. It is not installing here because I already have it installed. The
following…right, yep, there we go. It says tor is already the newest version,
so it is already installed, it is the newest version, I have deliberately
skipped all the verbose installation, the entire verbose installation primarily because you’re not gonna see anything useful there at the moment, and
it’s gonna waste quite a bit of time. So just type in this command, you will not
be prompted for any questions because that -y argument, and the installation
will go through, no problems. Let’s just go ahead and clear the screen. Now the
next thing that we need to do is actually create that user that we have been talking about. So just go ahead and type in the command adduser. Just a key note here, there is also a command useradd. Do not use this
command for the time being primarily because I have discovered that it causes
some unnecessary complications which tend to hinder us along the way. So just
go ahead and type in adduser and now you can name your user whatever you want. You cannot use capital letters if I remember correctly, that’s the rule in
Debian systems, so I’m just gonna call my user random…I’m not going to gonna call it random, I’m gonna call him, what shall I call him? I’ll call them test. Here my user will be
test, and there we go. Now it says adding user test, adding new group test, adding
new user test with group test. That’s pretty much what has happened here. It
has created a home directory for that user. It already exists, what do you know,
I have created it previously, but I have deleted it just just to make sure there
are no mistakes in this tutorial, but it doesn’t matter. It will say here that the home test directory has been created and that you will be able
to use it. You do need this folder primarily because we were gonna be doing stuff there which you cannot do with root. Now go ahead and type in your
password here. It doesn’t show anything when you type, that’s the standard way of
UNIX passwords in order to prevent anybody from seeing the length of your
password in the screen, very nice. So press Enter. Now you are prompted here for some username for some information in regards to that user. Completely irrelevant for our purpose
today so we don’t type in the full name, room number, work
phone, home phone, other, don’t care. Is this information correct? Sure, why not.
Press ENTER and there we go. We have just effectively created our new user, test, to
which we need to log, and then from there conduct our work. Now a key thing to note here is that even though there is a way of configuring the tor browser to run as
root, it’s not simple but there is a way, do not do that. I mean do not…it’s not even a good idea to browse the Internet as a
root user. You can if you pick any sort of viruses up, any sort of malicious code,
it’s gonna run as root, so you don’t want that on your system, you do not want to
compromise it in such a way, and generally on the machine that you are
performing these attacks, like this virtual machine of Kali Linux, you don’t
really use it to browse the internet. For the sake of examples, I sometimes open the browser Firefox, basically iceweasel, and do some stuff there just
to show you the information. Or I, as you see now, I have downloaded it from a very specific site, actually not now but in a few moments you will, I will
download from a very specific site a tor browser. So just when you know exactly
what you’re doing, and where you are getting it from, and when you have verification off the source, then you should use it as root, or you
can use it as root, but otherwise do not browse the Internet as a root user. That’s a bad idea. However, we will only use this user, well
maybe not only, but mainly for our tor browser. Otherwise, we will be using the
root user primarily because you can’t do pretty much anything in Kali without the
root user. All the tools require, more or less, require these sort
of root permissions as they do tend to access network related things. Anyway, I will cut the tutorial here, and I’ll see you in the second part of it.