OnionShare -- Send and Receive Files Anonymously & Securely using Tor

A normal Internet user send files on internet through mails, messaging applications, Google Drive, DropBox, WeTransfer etc. But as security researcher we knows that these ways are not secure. Our accounts might be terminated by attackers or government and keeps en extra eye on everyone.

Sending sensitive data through normal shearing platform is not safe. Even Twitter got compromised. In today's article we are going to learn a secure and anonymous way to send and receive our files on the internet.
OnionShare -- Send and Receive Files Anonymously & Securely
To do this we are going to use OnionShare tool. It is a is an open source and cross-platform tool for securely and anonymously sending and receiving files (any size, any type) using Tor onion services. It works by starting a web server directly on your computer and making it accessible as an un-guessable Tor web address that others can load in Tor Browser to download files from you, or upload files to you. It doesn't require setting up a separate server, using a third party file-sharing service, or even logging into an account.

First we install and use OnionShare in our Computer, then we talk something more about this tool.

Installing OnionShare

OnionShare is a cross-platform software that means we can use this on various Operating systems like Linux, MacOS, Windows etc.

Windows users download the exe file from here & Mac users please download OnionShare here, or use this command: brew cask install onionshare

Linux users follow us, we are using Debian-based Kali Linux system and we just need to run following command in our terminal window.
sudo apt install -y onionshare
For Fedora users the command will be sudo dnf install onionshare. Getting trouble on installation follow this.

Now after installing OnionShare we can launch this tool. Now this tool have two modes One is Command line another is Graphical User Interface.

To open the CLI version we need to use onionshare command but we are going to use the GUI version here so we can search onionshare on app menu
Searching onionshare on app menu
Searching onionshare on app menu
 Otherwise we can use following command to start OnionShare:
onionshare-gui
After starting it will establish the connection with TOR network, as we can see in the following screenshot.
OnionShare creating connection to TOR
After completing the connection building with TOR network we can see it's main interface as shown in the following screenshot.
OnionShare in Linux

Send files using OnionShare

Now we can send or receive files (any type and any size) securely and anonymously using OnionShare. To send files we can use the add option or simply drag & drop our files.

Then we just need to click on "Start sharing".
adding files to share in onionshare
After clicking on "Start sharing" OnionShare will start sharing our files and gives us an onion sharing link.
shering started via Onionshare
Now we can copy this onion link and share to anyone we want to share our file. When our friend opens this link in Tor Browser and can download the file we have shared, until we "Stop sharing".

Receive Files using OnionShare

To receive files using Onion share we need to go to the "Receive Files" tab and click on the "Start Receive Mode".
Receive files mode on OnionShare
After starting receive files mode we got another .onion link.
reciving files using OnionShare
Our friends can open this link on Tor browser and share the files with us.

If our friend opens our shared link on Tor browser it would be like following screenshot:
OnionShare receive via Tor Browser
Now our friend can upload files here that they can upload files on directly our computer. The uploaded files will be saved on ~/OnionShare directory.

We also got notified that someone opens our link and we received a file
Notification received


We also can host a website to share our files. We have a very old article about opening Own Onion Website manually, but here things are automated. This is also very simple we just need to got to the "Publish website" section and share our files and create an website.

These is the simple and easy ways to send and receive files anonymously and securely using tor services.

In the settings section of OnionShare we got various useful options like Public mode, Persistence address and many more.
Onionshare settings

Who should use OnionShare ?
  • Journalists specially who wrights against the Gov.
  • Who wants to share some secret data.
  • Privacy concern people.
  • Who want to be anonymous.
  • Who have fear of cyber attackers (These days they are dangerous even Twitter and Elon Musk got compromised).

Why OnionShare is So Good?

  1. All data sent and received through OnionShare is end to end encrypted using Tor’s V3 onion protocol.
  2. Non guessable onion links.
  3. OnionShare addresses are ephemeral (by default), and intended for one-time use. (For example, if someone sends us an OnionShare address in a Twitter DM, and a few minutes later we load it and download the files, that address won't exist anymore in the future. If anyone ever gains access to our Twitter DM history, that OnionShare address will no longer work.)
  4. Files are sends and received directly peer to peer with an encrypted connection using Tor network.

Security Concerns

For a better security we should not send the links directly to our friend. Steganography can be very useful here. One hears that some people have been pulling FBI's nose (or... some other body part?) by sending strongly encrypted information steganographically hidden inside normal looking images. To know more about this click here.

Better yet, there are two levels in the steganography: the less hidden message contains a pointed insult to any agent who is hip to the scheme and manages to find and decrypt the less hidden message. The real message is more deeply hidden.

Another thing is the "Receive Files", We need to be very careful with it, and make sure to take the prominent warning to heart. Some files can potentially take control of our computer if we open or execute them. We should only open things from people we trust, or if we know what we are doing.

That's it. Liked our tutorial ? Then make sure to follow our website. We are also available in Twitter and Medium. For any inquiry or issue please feel free to comment down. We always reply.

No comments:

Please do not spam here. It is comment box not a spambox. Promotional links are not allowed.

Powered by Blogger.