Onion Decoy – Unannounced Honeypots as a Tor Service

A platform to run private unannounced Honeypots as Tor Hidden Services (aka Onion Decoys) inside the Tor Network.

The Onion Decoys are implemented with Docker containers as honeypots. The reason to choose Docker is that it is good at process and filesystem isolation, which ultimately gives the ability to run more services on the same box instead of having to deal with resource intensive virtual machines. Also, Docker containers can easily be made very clean, containing no identifying data and having uptimes that are different from the host they’re running in, which makes it difficult to get identified from outside.

The Docker containers are composed with two popular open source honeypots viz. Glastopf for HTTP and Cowrie for SSH & Telnet. The honeypot containers expose three ports viz. port 80 (HTTP), port 22 (SSH) and port 23 (Telnet). Each honeypot container is linked with a separate HS container which together creates the Onion Decoy having a unique onion address. The onion addresses are randomly generated and are not announced publicly anywhere.

# run a container with a network application
$ docker run -d -p 80:80 --name hello_world_container kitematic/hello-world-nginx
# and just link it to this container
$ docker run -tid --link hello_world_container --name hello_world_torrified_container iotdocktor/container-torrify

The .onion URLs will be displayed to stdout at startup.
To keep onion keys, or you already have Hostname/PrivateKey for Tor Hidden Service just mount volume /var/lib/tor/hidden_service/

$ docker run -d --link hello_world_container --name hello_world_torrified_container --volume /path/to/keys:/var/lib/tor/hidden_service/ iotdocktor/container-torrify
Also read: Exitmap: A fast and modular scanner for Tor exit relays 

Setup port

By default, ports are the same as linked containers, but a default port can be mapped using PORT_MAP environment variable.
Caution: Using PORT_MAP with multiple ports on single service will cause tor to fail.

Onion Decoy Installation Steps

  1. Install Ubuntu Server 16.04
  2. Install the following Dependencies:
    sudo apt-get install apache2-utils apparmor apt-transport-https aufs-tools bash-completion build-essential ca-certificates cgroupfs-mount curl dialog dnsutils docker.io dstat ethtool genisoimage git glances html2text htop iptables iw libltdl7 lm-sensors man nginx-extras nodejs npm ntp openssh-server openssl syslinux psmisc pv python-pip vim wireless-tools wpasupplicant
  3. Run the following command:
    sudo apt-get update
  4. Copy the OnionDecoy/Installer Repository contents to /root/OD_Installer
  5. Give necessary executable permissions to /root/OD_Installer:

    sudo -i nautilus
  6. Execuite the Installation Script:
    sudo /root/OD_Installer/install.sh
  7. After System Reboot, execute the Decoy Setup Script from the home directory:
    cd /home/$(SUDO_USER) or $USER or whoami sudo ./setup.sh


Leave a Reply

Your email address will not be published. Required fields are marked *