Learn Ethical Hacking Episode #15: Accessing the Dark Web Using the Tor Browser (Part 1)


If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!


Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
Certified Ethical Hacker Boot Camp for 2018!
The Complete Ethical Hacker Course: Beginner to Advanced!
Build an Advanced Keylogger for Ethical Hacking!

Hello everybody and welcome to this tutorial. Today, I will open up a chapter on how to stay anonymous.

So, there are several methods that you can use. First off, you’ve probably heard of proxies. Proxies route your connection through several different points. This can be very slow depending on the speed of the proxies, and you also know nothing of the other side. You know nothing of the server’s through which your packets are going. If you’re using proxies to log in somewhere with your password credentials that is potentially dangerous, and you should not do that. The other option is to use a VPN service to encrypt your traffic. A VPN can be very fast, especially if you use a reputable provider. A yearly subscription will cost you around $100, and a monthly subscription is roughly $10. You will get a dedicated VPN, static IP address, and you shouldn’t notice any delays with your connection to the internet. Furthermore, your traffic is encrypted, and the only way to lose anonymity is if the VPN service provider relinquishes your information. However, this does not happen often, especially if you get a VPN in certain parts of the world where they value privacy. What we are going to be using VPNs and proxies for is to bypass firewall settings, or firewall limitations.

Here’s a real-life example that people are using pretty much on a daily basis. Netflix, for example, has a certain range of IP addresses from which it allows connections. So, if you are elsewhere in the world, and \do not belong to that IP address range, it will not allow you to view anything on the website. However, if you use a proxy, a good one, or if you use a VPN, you will be able to access the site as though you were coming from the country which falls within the IP address range list. That’s just one of the common examples for why people use VPNs. Not exactly legal, but people have been doing it. It’s not exactly harmful, you’re not taking servers down, or something like that. People use VPNs in order to watch Netflix from a cell phone while they’re traveling, or something like that. In any case, there are numerous other examples of when you want to bypass certain firewall settings. For example, if you have a certain server whose traffic is mainly generated from a single area, from a single country, and you do not want to be, for example, scanning from an IP address in China. A network administrator would see that IP address and they will know that it’s an anomaly of some sort, and that it doesn’t belong there. This will draw unnecessary attention to yourself. You want to be accessing the server from where all the other users are.

In any case, that is what we shall be doing in this chapter, but for the time being, for this tutorial, I want to show you how you can access the dark web, or the hidden web, whatever you wish to refer to it as. Now rumor has it that the dark web is a lot bigger than the regular internet, that there’s a lot more information there. To access it you will need to install the tor browser, and with the tor browser you will be able to access the darknet. It is not installed by default on Kali, and this is one of the rare situations where we will actually need a different user other than root in order to be able to do anything with tor, in order to be able to start it. So, first off, I’m going to go ahead and create a new user. Open up your virtual machine, you see mine is already opened up here, and I have my terminal up and running here. Just open up your terminal and type in the following commands. First off, we need tor. I will explain what tor is in a moment, but you just type in apt-get install tor -y, and press ENTER. You will of course need an active internet connection to install the software. The -y argument in the command simply tells the system to answer “yes” to any prompts within the setup. Let’s just go ahead and clear the screen.

The next thing that we need to do is create a new user. Go ahead and type in the command adduser. Just a key note here, there is also a command called useradd. Do not use this command for the time being because it causes some unnecessary complications. So just go ahead and type in adduser, and now you can name your user whatever you wish. You cannot use capital letters if I remember correctly, that’s the rule in Debian systems, so I’m just going to call my user test. It says adding user test, adding new group test, adding new user test with group test. It will also create a home directory for that user. You will need this folder because we are going to be doing things here which you cannot do with root. Now go ahead and type in your password here. It doesn’t show anything when you type because that’s the standard way of UNIX passwords, in order to prevent anybody from seeing the length of your password on the screen. Go ahead and press Enter. Now you are prompted here for some information in regards to that user. Completely irrelevant for our purpose today, so we don’t type in the full name, room number, work phone, home phone, other, etc. Press ENTER, and there we go. We have just effectively created our new user, test, to which we need to login, and then from there conduct our work. Now a key thing to note here is that even though there is a way of configuring the tor browser to run as root, don’t. It’s not even a good idea to browse the Internet as a root user. If you pick a virus up, any sort of malicious code, it’s going to run as root. Not good, even if it is a virtual machine. I don’t want you to develop any bad habits. Otherwise, we will be using the root user throughout the majority of the course. All of the pen-testing tools require, more or less, root permission. Anyway, I will cut the tutorial here, and I’ll see you in the second part of it.

The remainder of the tutorial videos can be found in this YouTube playlist:


You can also enroll in the course and download the videos for offline viewing:


Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato