.Onion — The Real incognito

also the magic clue for Onion routing (TOR)

Image courtesy: ibtimes.co.uk

Some Internet users still believe surfing through incognito mode makes you invisible to the internet. Sorry, but Google Chrome’s incognito isn’t as private as you think. It only hides traces of your activity from people using your computer, not the Internet. Then who is the Real incognito?

“ Everyone is a Gangster until the Real Gangster arrives! ”


The name sounds misleading, but it has the actual meaning of it. Onion Routing communicates anonymously over the internet. It achieves it by using the free software browser called TOR. When you make an HTTP request from a TOR browser, it bounces around various routers residing in different countries, confusing the attacker by hijacking the connections. So it is hard to find the user who has requested the particular website. Thus it provides anonymity.

To access facebook.com, TOR communicated with multiple routers and passed over different overlay networks called Relay Circuits.

How does it connect?

At first, onion routing connects to the Internet Service Provider and creates relay lists containing all the active nodes. Then, it connects to different middle nodes that finally connect to the Exit Node. The exit node will make the HTTP request to the servers. Let’s assume the connections are tracked, then, only the last hop (Exit node) would be identified as the one that visited the website. In the above simulation, it only contacted the exit node’s IP address rather than the sender’s IP address.

Multiple Layer of Encryption

Onion routing sends messages through strong encryption for each communication, thus acquiring multiple encryptions with different keys in layers. Let us assume the client user has multiple shared keys to each node.

  1. The client has three symmetric keys named k1, k2, and k3.
  2. Communicating from the browser to the middle node (France). It uses k1 as the shared key to encrypt.
  3. From the middle node (France) to the middle node (Germany). It uses k2 as the shared key.
  4. Similarly, K3 uses middle nodes (Germany and Netherland)

It is decrypted the same way. Thus, an Onion Routing is established.

Image Courtesy: computerphile

The Dark Web:

Initially, Onion routing services was used by US Naval Research to protect their US intelligence data online. Later, TOR was released as an open-source which gave birth to the Dark Web (Peer-to-Peer Network).
Dark Webs are websites that are unindexed by search engines. These websites enforce indulging in illegal activities like gambling, guns, black market, hacking, Movie piracy, bitcoin, child pornography, and drug markets. Since onion routing has the anonymity feature, internet users started to communicate & did business anonymously through the dark web.

Image Courtesy: legitscript.com

These dark webs are not like standard websites. It has a .onion domain name, which points to TOR hidden services, that can be accessed only through TOR.

An onion website address may look like this: http://3g2upl4pq6kufc4m.onion/

Facebook provides an official onion web address to access through TOR hidden service:


TOR maintains a directory list that provides all the related .onion websites.


It is advised not to visit some of the onion websites as it will be too horrifying and disturbing. Some of the .onion websites are considered the scariest thing on the Internet.

The following information has been taken from here.

Besa Mafia

Besa Mafia, allegedly allowed people to hire hitmen to take out any rival they wished — as long as they paid the price to do so.

The Cruel Onion

The Cruel Onion is a Wikipedia-like site that allows users to post them abusing animals online.

The Cannibal Cafe

The Cannibal Cafe is a website that is devoted to people who want to eat human flesh. This website also sells part of human flesh for money.

Peter Scully’s Red Room

red rooms are websites that allow you to witness someone being raped, tortured, or killed for a price. To be a spectator, you have to spend some money.

Other .onion websites include:

  • Movie piracy which communicates through a P2P network to share files and resources.
  • Black markets such as Silk Road, a platform for selling illegal drugs and electronic components.
  • Hiring-a-Hacker is a website that hires a real hacker to attack rivals and pay for it.

FBI has raided a few of the websites and got shut down. But still, some of the technical nature of this network remains forever in the dark. Technology is meant for a good cause; use them wisely.

Always Stay safe and Secure 🙂

Find me on: Twitter | Github | LinkedIn | Instagram | TryHackMe



Penetration Tester

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store