Red Teaming
KimCrawley,
Aug 11
2021
You may have heard of the Dark Web or the Darknet. It sounds ominous... mysterious. Is it illegal? If you’re burning with curiosity, this post is designed to satiate you. I have spent lots of time on the Dark Web, partly for the growth of my knowledge as a hacker, and partly for my cyber threat intel work. So let me take you on a tour and show you how you can explore the Dark Web yourself.
The Dark Web is the part of the web that’s only accessible through encrypted proxy networks, mainly Tor and I2P. The Darknet generally refers to all of the internet which is only accessible through those networks, not just the web. And that’s it. There’s nothing inherently dangerous or illegal about the Dark Web. In the vast majority of the world outside of China, using the Dark Web in and of itself is perfectly legal. Generally, you’ve only broken the law if you do something on the Dark Web that would also be illegal to do offline.
In fact, many major tech brands and online services have a presence on the Tor Network, including Facebook and the BBC. I suppose from their perspective, they’re thinking “here’s our opportunity to have a really secure web channel” or “here’s our opportunity to do datamining on the Darknet, not just the clearnet.” What’s the clearnet? If you’re reading this webpage, you’re on the clearnet now. The clearnet is all of the internet that doesn’t require routing your traffic through Tor or I2P. The “normal” internet, if you will.
Sometimes laypeople confuse the Dark Web with the Deep Web. Here’s the difference. The Deep Web is all of the web that isn’t crawled by a popular search engine, such as Google. (If you haven't already, I suggest you learn the art of Google Dorking). All Dark Web is Deep Web, but not all Deep Web is Dark Web. The Spice Girls fan site I made on Angelfire in 1997 isn’t the Dark Web, it’s the Deep Web.
Here’s the basics of how both Tor and I2P work. Your browser or other sort of Tor or I2P client establishes a connection with either network. Once that connection has been established, your internet traffic is routed through a series of proxy servers in order to get to your destination. Each proxy node only knows how to transfer the packets to the next proxy node. So data that identifies your endpoint is only found at the exit node that leads to your device. All of your internet traffic through these proxy networks is thoroughly encrypted.
All websites that are only accessible through Tor use the .onion top level domain, and all websites that are only accessible through I2P have the .i2p top level domain.
Here are my dos and don’ts for using the Dark Web.
Do be an adult. There is some content on the Dark Web that’s innocuous and appropriate for children. If I was a mother, I would be okay with my child reading a Dredd forum about Animal Crossing: New Horizons. But if my child clicked a couple of times away from there, they could stumble upon a Dredd forum about something that is very inappropriate for children! So if you want to explore the Dark Web, I would recommend making sure you’re an adult first. And make sure you’re an adult who’s comfortable with stumbling upon an... adult image, or discussions about selling cocaine. Yes, the clearnet also has some adult or illicit content. But the Darknet is more like the Wild West of the Web from the 1990s where it’s easier to run into that sort of thing accidentally. Although the Dark Web itself is legal, a lot of users go on the Dark Web for the purposes of breaking the law. You’ve been warned!
Don’t maximize your Tor Browser or I2P Browser screen if you’re on desktop rather than mobile. The main purpose of using Tor or I2P is privacy, and it’s easier to fingerprint a user whose browser is maximized on their screen.
Do visit the Dark Web outside of China. Using Tor or I2P while geographically in China is illegal, and you may be caught and face heavy penalties. If you’re in China and you think using a location spoofing VPN will help you evade Chinese law, you may be impleasantly surprised!
Don’t overestimate your endpoint security or privacy while you’re on Tor or I2P. Your device is just as likely to get infected by malware, if not even more so. If you engage in illegal activity through the Dark Web, you may still be caught by law enforcement. I do cyber threat intel, so I should know. It’s much more difficult for law enforcement to trace you on the Dark Web, but it can be done. They usually collect identifying data from Tor and I2P exit nodes or look for clues in what you post on Dark Web forums and markets. “I sell illegal firearms and I live in this specific tiny town!” You’re busted.
Do try visiting the clearnet through Tor or I2P! Yes, you can visit “normal” websites through Tor Browser and I2P Browser. And you’ll be doing so through an extra layer of encryption. Some really privacy minded hackers do almost everything through Tor or I2P, including shopping on Amazon or visiting Twitter.
Recommended read: Dread Forums: The Dark Web's Reddit
You need a Mac or a PC with Windows or Linux. You could start with Parrot OS on your PC! Or an Android phone, iPhone, or iPad. Alternately, Pwnbox through your web browser and a Hack The Box VIP+ plan is also a good starting point.
You can use Tor and the Tor Browser on all of the above platforms. In fact, if you’re using Parrot or Pwnbox, Tor Browser is ready to go, no extra installation necessary! You can use I2P on most of the above platforms, but you must install a client first.
Tor Browser installation:
Here’s where you can download and install Tor Browser on Windows, Linux, Mac, or Android.
The fork of Tor Browser for iPhone is Onion Browser, and you need to install it from the App Store here.
I2P installation:
Here’s where you can download and install I2P for Windows, Mac, Linux, Android, BSD, and Solaris.
I have way, way more experience with the Tor Network than with I2P. So I’ll start you off with some useful resources that are predominantly Tor-minded.
I love Dark.fail so much that I’ve made its index my homepage in Tor Browser. Think of it as the Yellow Pages of the Dark Web. You will need it, especially if you want to visit illicit markets and forums. Because more illicit Dark Web sites change their URLs very frequently, sometimes multiple times per day, in order to evade the law or cyber attacks from cybercriminals. Dark.fail will give you the latest URLs that you can copy and paste in your address bar in Tor Browser.
Their clearnet site is at https://dark.fail, but we don’t recommend it.
Visit them through Tor at darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion.
Dark.fail’s Twitter account follows me on Twitter. That’s a real honor!
My favorite search engine for Tor sites is Ahmia.fi. You can visit https://ahmia.fi on the clearnet, or go to http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/ directly in Tor Browser.
As I mentioned, your device can be infected with malware or you can be otherwise cyber attacked through Tor, just like anywhere else. Really careful hackers use the Tor Network with Pwnbox. Pwnbox runs in our cloud, not directly on your device. So using Pwnbox gives you an extra layer of security!
Blue Teaming
Odysseus (c4n0pus), Dec 20, 2024