Hidden chat with Whonix and socat
Back in 2013 I wrote about using socat with Tor to setup a Hidden Service chat. It was pretty simple to setup and I wanted to see how much harder it would be to do with Whonix , since the Gateway handles Tor and the Workstation should run socat. Ends up it isn’t hard at all.
On the Gateway you need to edit
/usr/local/etc/torrc.d/50_user.conf (as root)
and add a Hidden Service to it:
HiddenServiceDir /var/lib/tor/hidden-chat/ HiddenServicePort 2330 10.152.152.11:2330
This uses the IP of the Workstation instead of localhost, socat will be running on the Workstation where we’ll need to open up the port so that the Gateway can connect to it when it gets a Hidden Service request.
Restart Tor on the gateway by running
sudo systemctl restart tor and make sure that
it comes back up and is working. If not, check the syntax of what you added
50_user.conf and try again.
Get the new .onion service’s hostname from
and write it down. It is also a good idea to back up that directory since it
contains the private key for the service and if you lose that you lose the
On the Workstation you need to open up port 2330 so that the Gateway can connect. You
do this by editing
/etc/whonix_firewall.d/50_user.conf and adding this:
Restart the firewall with the new settings by running
sudo whonix_firewall, make sure
the Tor browser is still functioning properly.
Now you can run socat as a listener on the Workstation:
socat TCP4-LISTEN:2330,bind=10.152.152.11,reuseaddr STDIO
I used STDIO here intead of READLINE because the Debian version of socat doesn’t support READLINE.
Now you can send the hostname to anyone you want to chat with and wait for them to connect using this on their system:
socat STDIO SOCKS4A:127.0.0.1:ADDRESS.onion:2330,socksport=9050
ADDRESS is the .onion address from your
6z52kb2p4jfaqkj6.onion. Replace STDIO with READLINE if you are
running on Debian. And they must already have Tor running on their system
– running it from a Whonix Workstation for example.