Security researcher and software engineer Alec Muffett has created a new project called the Enterprise Onion Toolkit (EOTK), which can help website owners add a .onion URL for their site’s domain in a matter of minutes.
Under the hood, EOTK works by creating a man-in-the-middle proxy between your visitors and the website. This proxy hosts a .onion URL, which allows users to access your site via Tor, anonymously.
EOTK creates .onion domains. It doesn’t hide servers.
As Muffett notes himself in the project’s GitHub repository, EOTK is not a technology to hide your server on the Tor network, but only generates a .onion link through which Tor users can access your site, and they, themselves, can be anonymous.
Webmasters looking into hosting their server anonymously on the Tor network will have to look into other tools and procedures.
“The presumed use-case of EOTK is that you have an already-public website and that you wish to give it a corresponding Onion address,” the researcher. explained.
“[A] lot of people mistakenly believe that Tor Onion Networking is ‘all about anonymity’ – which is incorrect, since it also includes: privacy; identity/surety of to whom you are connected; freedom from oversight/network surveillance; anti-blocking; and enhanced integrity,” Muffett adds.
So why would webmasters go through all the effort to deploy a .onion domain? The answer is simple: malicious Tor exit nodes, who allow operators to snoop on exiting traffic. If a website has a .onion URL, users never leave the Tor network.
Still in early stages of development, but good to go
Currently, EOTK supports setups on Mac, Debian, Ubuntu, and Raspbian platforms. EOTK was designed to work with the latest version of Tor and with Nginx servers.
EOTK is still in its early phases of development but is reliable enough to be deployed in production. Nevertheless, Muffett recommends that EOTK to be used on “sites which do not require login credentials of any kind.”
Muffett has recorded two helpful videos to get people started with deploying EOTK on their machines.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.