How to connect to .onion Tor domains with Firefox on Linux

So you are looking for an easy way of surfing the hidden network of .onion domains?. Many people probably will use some of the proxies available to reach the .onion domains. Unfortunately this is not a good idea for your privacy since the proxy owner can spy all your communications.

So, I’m going to explain in 3 easy steps how to configure Firefox to access .onion domains directly through your local Tor daemon. This way, we ensure all traffic goes directly to the tor network.

  1. Install Tor daemon.
  2. On Debian/Ubuntu Linux distributions this is as easy as:


    • sudo apt-get install tor
  3. Configure Firefox to tunnel requests to .onion domains via the Tor network
  4. This is the tricky part, because we only want Firefox to tunnel requests to .onion domains via the Tor network, but we don’t want Firefox tu tunnel all the other requests via the Tor network. To achieve this we are going to use a proxy configuration file.

    • Save the following content in a file (for example as ~/.proxy_pac)
      function FindProxyForURL(url, host) {
          isp = "PROXY ip_address:port; DIRECT";
          tor = "SOCKS 127.0.0.1:9050";
          if (shExpMatch(host,"*.onion")) {
              return tor;
          }
          return "DIRECT";
      }
      
    • And configure Firefox to use that file as a proxy configuration file (Edit->Preferences->Advanced->Network->Settings->Automatic proxy configuration URL).
      • You have to use the following syntax: file://absolute-path-to-the-file
      • If you are not sure, just open a new firefox window, and type on the browser location bar (the place where you type web addresses) the following URL file://. Now just browse your HDD to where you saved that file, right click on it and select Copy Link Location. Now paste such link location on the Automatic proxy configuration URL settings.
  5. Configure Firefox to tunnel DNS queries via a SOCKS5 proxy
  6. The last step is to tell Firefox that it should tunnel the DNS lookups via the Tor SOCKS5 proxy when we want to access a .onion domain. By default firefox will try to resolve .onion domains using our local DNS resolver, therefore it will fail to do that.
    To fix this, we should enable network.proxy.socks_remote_dns on the advanced configuration page:

    • In the browser location bar (the place where you type web addresses), type about:config and press Enter. This opens a different set of Firefox preferences. Where it says Search: at the top, type network.proxy.socks. The list of preferences will automatically change to show your proxy preferences.
      Highlight network.proxy.socks_remote_dns by clicking it only once. Then, right-click it. This opens a small pull-down menu. Select Toggle from the menu to change its value to true.

    This will make Firefox to tunnel all the queries to .onion domains via our local Tor daemon. This also adds privacy by preventing DNS queries to .onion domains from leaking.

Now restart Firefox and you should be able to surf .onion domains directly.

3 Comments.

  1. Thank you, very cool configuration!

  2. Hello there!
    Well I did exactly as the instructions but it doesn’t load any .onion websites :(

  3. Muy interesante e ilustrativo, pero supongo que te refieres la Firefox que viene con el paquete TOR y ya optimizado para su funcionamiento anónimo, no? Porque usar el FF “normal” no sé yo si es muy conveniente, y menos si no tenemos instalados bloqueadores de cookies, guiones, etc.

    Enhorabuena por el blog; buen nivel y bien explicado todo. Saludos.