How to Host a Tor Hidden Service on a spare Android device

How to reuse an old Android smartphone left in a drawer? Turn it into a server for the hidden web!

How make it? Three simple steps!

1 — Install Tor

Install OrBot app from Google Play:

Then enable the ‘Hidden Service Hosting’ option in settings.

Change the value of ‘Hidden Service Ports’ to 80.

Also configure OrBot to run on the device startup.

When Orbot starts, the new hidden service address will appear in notification bar and also in app main log.

2 — Install the Web Server

Install Palapa Web Server:

Configure the server to run on device startup and setting the lighttpd port on 80.

3 — Install the SSH/SFTP server

(Optional) Install SSHDroid

Create an user (ex. admin) and set home directory to the www directory of Palapa WebServer (in /sdcard/pws/www/).

Once SSHDroid was started, you can connect to your ‘android hidden server’ througt SSH or SFTP (only on your local network) and publish your hidden site.

Now, leave your top-secret server in a drawer, connected to home wifi, or equip it with a SIM card and a data plan and hold it with you for a maximum security 🙂

Related posts

  1. How smartphones reacts to IMSI catching attacks?
  2. Android Triage: a really useful forensic tool by Mattia Epifani
  3. How many data are shared by iOS and Android telemetry?
  4. FAMA: Forensic Analysis For Mobile Apps
  5. Cybersecurity Roundup #17