Onion V3 support

[ahmed-abdelazim]

Please add Onion V3 support https://www.jamieweb.net/blog/onionv3-hidden-service/

[da2x]

Version 3 addresses are the recommended address format now. https://www.torproject.org/docs/onion-services.html.en

[evilaliv3]

Thank you @ahmed-abdelazim and @da2x. I agree with you that both the V3 should be supported as well as V2 for legacy reasons. Are you able to make a patch?

The project is a bit on hold due to missing resources but maybe we could restart it together.

Among the main priorities an up-to-date packaging for current Ubuntu Bionic LTS

[jbash]

I might be able to do a patch for this... depending on how much work it is.

Would you expect this to just be a simple matter of changing the regular expression in is_onion in tor2web/utils/misc.py and then doing some light testing, or would you expect some kind of can of inobvious worms?

Also, if there were a patch, do you think the server operators would adopt it? I'm not sure how maintained those servers are. And does the Tor2Web code itself have enough support that the project should keep running as opposed to just being phased out?

[evilaliv3]

@jbash: yes i think actually the if the software will be patched software operator will update to it. your guess is right i think as well that changing the regexp would just make it work.

As for the current status of the project i'm maintaining best effort in my free time but we will continue to develop it :)

[evilaliv3]

Today i will try to support this to happen. @jbash eventually would you be available for making some test?

[jbash]

I can try to set up a server and do some testing. I'm not sure I'm in a position to exhaustively regression test Tor2Web, but I can at least make sure that it's acting sane with a reasonable selection of URLs and file types. I'll try to get a server set up this week.

[evilaliv3]

Thank you this would be helpful!

I'm making a patch for making it work and will try to make a new release for ubuntu bionic and debian stretch as well.

[jbash]

The master branch doesn't seem to be buildable at the moment. I have lists.py trying to import tls from twisted.internet instead of twisted.protocols. When I fix that, it's trying to import tor2web.utils.ssl instead of tor2web.utils.tls.

I see you're putting in a lot of changes. Should I hold off on trying to test V3 until the tree is more stable?

[evilaliv3]

Yep @jbash, do not worry in a bit i will publish a package that should already work, and your tests could start from there.

The package will be for debian stretch and you will be able to run just the installation guide

[evilaliv3]

@jbash: Actually the patch made works.

I've released an up-to-date package 3.2.0 with a large set of important updates: https://twitter.com/evilaliv3z/status/1179030986702643205

would you like to give it a try?

\cc @virgil

[jbash]

I will, thank you.

Will it work with a standard Tor program? Looks like they took out the tor2web mode.

[evilaliv3]

Yes it works with the standard version of tor with no modifications.

Ive still to update the wiki removing the part discussing how to patch tor, but It you just run the install script It should work like a charm!

[virgil]

Does this removal signal that tor2web servers are no longer appreciated in Torland?

[jbash]

The tweet you linked to points back to this Github repository, and it's not obvious to me where to find the actual package. The "install-tor2web.sh" script apparently still installs 3.1.72[^1].

I made my own package on Ubuntu 18.04 (which I guess is "bionic"), by checking out the master branch (I don't see a 3.2.0 tag), changing the symbolic link at "debian/control" to point to "controlX/control.bionic", doing "debuild -i -us -uc -b", and installing dependencies until it actually built the package.

With that package installed, I can start tor2web, and I can make an HTTP or HTTPS connection to it, but trying to actually get to any hidden services gives me an indefinite hang on the browser side, and a journal line on the server side that says "Unhandled error in Deferred:". There's no other log output other than initialization messages. I assume there's supposed to be a stack trace, but I don't actually get one, even if I set "logreqs", "debugmode", and "debugtostdout" to "True". Running tor2web interactively does the same thing.

I'm doing this by installing a wildcard DNS A record that maps ".onion.kdjf.net" to the IP address of the test server. The test server has a self-signed certificate with a subject of "CN=onion.kdjf.net" and subjectAltNames of "onion.kdjf.net" and .onion.kdjf.net". The config file is attached. tor2web-conf.txt

[^1]: By the way, I don't know about the actual users of the package, but making "run this shell script" the official installation instructions isn't a happy thing for me. I rarely even use Debian-derived distros and am not facile with apt or dpkg... but even so I'd greatly prefer to be told how to set up the repositories myself. Scripts messing with my package management configuration make me nervous.

[evilaliv3]

Ah i'm sorry @jbash, the correct link was https://twitter.com/evilaliv3z/status/1179030986702643205

As for the release currently the 3.2.0 exists only for Ubuntu Bionic and Debian Buster. I would suggest you to start with Debian Buster. Would you please retry with the install script on it?

Thank you so much for the support!