General security

The Internet Underground: Tor Hidden Services

Jeremy Martin
November 2, 2012 by
Jeremy Martin

Some people think onion routing or the Tor network is for criminals and people with something to hide. Well, they are half right. The Tor network was designed to give a masked, "semi-safe", passage to those who needed to get information out.

According to its website, "Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others."

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

People use Tor as a way to bypass traffic filters or monitors throughout the Internet. If using a minimum of SSL encryption, this medium has been recognized as being a "safer" way to communicate over the Internet. What most people do not realize is that there is an entire subnet underground out there called "Darknet" or "Deepweb". Others just call the underground Internet Tor network hidden servers. These hidden servers usually have a ".onion" extension and can only be seen using a Tor proxy or TorVPN. The easiest way to get onto the Tor network is with the Tor Browser Bundle (TBB). It is free and very easy to install and then use. All you have to do is go to the and download TBB and within minutes you will be connected.

There are legitimate reasons to use Tor, especially for those who are trying to hide their identities from oppressive governmental regimes or reporters trying to minimize leaking the identity of informants. Some will even stay on the proxy network and use services like Tor mail, a web based email service. There are still some anonymity challenges. If you are on the same network, you may still leak the originating IP address and there is a risk of someone capturing your traffic. Some will even go as far as only using HTTPS (SSL encryption) or reverting back to the good old VPN.

There are darker usages of the hidden servers. There are E-Black Markets all over this network that sell anything from meth to machine guns and services that range from assembling credit card data to assassinations ("you give us a picture; we'll give you an autopsy report!"). Most of the sites trade their goods with an e-currency called Bitcoins, an anonymous electronic commodity that can purchase almost anything.

One of the most popular "secret" sites called "The Silk Road" or SR has almost anything you can think of. SR has evolved over the years and has recently dropped its weapon sales section and created a new site called the Armory. Shortly after, the Armory closed due to the lack of traffic and interest. They have also banned assassination services to minimize attention from showing up on Law Enforcement's radar. They still have plenty of drugs, counterfeit items, and stolen goods though.

There are still plenty of other sites that focus on arms dealing or unfiltered auction site. Once you are on Tor, the next thing you would have to do to communicate with some of these sites is to get an anonymous Tor based email. This is a web based email that you log into that acts just like a regular email except it only exists in the Tor world. Another popular communications mechanism is TorPM.

Tor Communications

E-Black Market sites

Social Network



So let's take this step by step.

  1. Download "Tor Browser Bundle" from
  2. Double left click on "Start Tor Browser".
  3. You should then see Vidalia connecting to Tor.
  4. The Tor Browser should automatically open.

You are now on the "Deepweb."

You can now access ".onion" domains.

  • Create a TorMail account on jhiwjjlqpyawmpjx.onion.
  • Create a TorPM account on 4eiruntyxxbgfv7o.onion/pm/
  • Enjoy a little more anonymity for research.

Disclaimer: do NOT break the law. This was written to explain what the (Darkweb / Deepnet / Tor hidden service) is and what kind of things you may find. It is not an invitation to break the law with no recourse. Just like any network, this one has both good and bad guys. If you break the law, you will get caught. Bad guys have to be lucky EVERY time. Good guys only have to be lucky once.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Jeremy Martin
Jeremy Martin

Jeremy Martin is a Senior Security Researcher that has focused his work on Red Team penetration testing, Computer Forensics, and Cyber Warfare. Starting his career in 1995, Mr. Martin has worked with Fortune 200 companies and Federal Government agencies. He has received numerous of awards for service. He has been teaching Advanced Ethical Hacking, Computer Forensics, Data Recovery, SCADA/ICS security, Security Management (CISSP/CISM), and more since 2003.

As a published author he has spoken at security conferences around the world. Current research projects include SCADA security, vulnerability analysis, threat profiling, exploitation automation, anti-forensics, and reverse engineering malware. You can find more of Jeremy's writings & services at