diff --git a/opsec/index.html b/opsec/index.html index ed7a2bc..18a7be0 100644 --- a/opsec/index.html +++ b/opsec/index.html @@ -227,7 +227,7 @@
  • ✅ Hidden Service with custom .onion Vanity V3 address
  • ❌ Basic Webserver setup (NGINX / PHP / MYSQL)
  • ❌ Minimalistic MoneroSSO .onion setup
    • -
  • 🟠 XMPP prosody .onion setup (chat service)
    • +
  • ✅ XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)
  • ❌ Gitea .onion setup (Code repositories)
  • ❌ Nextcloud .onion setup (cloud storage)
  • ❌ Mastodon .onion setup (Microblogging)
    • diff --git a/opsec/xmpp2024/12.png b/opsec/xmpp2024/12.png new file mode 100644 index 0000000..db4308e Binary files /dev/null and b/opsec/xmpp2024/12.png differ diff --git a/opsec/xmpp2024/13.png b/opsec/xmpp2024/13.png new file mode 100644 index 0000000..e432996 Binary files /dev/null and b/opsec/xmpp2024/13.png differ diff --git a/opsec/xmpp2024/14.png b/opsec/xmpp2024/14.png new file mode 100644 index 0000000..43aa5fb Binary files /dev/null and b/opsec/xmpp2024/14.png differ diff --git a/opsec/xmpp2024/15.png b/opsec/xmpp2024/15.png new file mode 100644 index 0000000..648d71c Binary files /dev/null and b/opsec/xmpp2024/15.png differ diff --git a/opsec/xmpp2024/16.png b/opsec/xmpp2024/16.png new file mode 100644 index 0000000..779b3ca Binary files /dev/null and b/opsec/xmpp2024/16.png differ diff --git a/opsec/xmpp2024/17.png b/opsec/xmpp2024/17.png new file mode 100644 index 0000000..1fb91bf Binary files /dev/null and b/opsec/xmpp2024/17.png differ diff --git a/opsec/xmpp2024/18.png b/opsec/xmpp2024/18.png new file mode 100644 index 0000000..f48ad30 Binary files /dev/null and b/opsec/xmpp2024/18.png differ diff --git a/opsec/xmpp2024/19.png b/opsec/xmpp2024/19.png new file mode 100644 index 0000000..2d9b1a1 Binary files /dev/null and b/opsec/xmpp2024/19.png differ diff --git a/opsec/xmpp2024/20.png b/opsec/xmpp2024/20.png new file mode 100644 index 0000000..d4535d2 Binary files /dev/null and b/opsec/xmpp2024/20.png differ diff --git a/opsec/xmpp2024/21.png b/opsec/xmpp2024/21.png new file mode 100644 index 0000000..9445008 Binary files /dev/null and b/opsec/xmpp2024/21.png differ diff --git a/opsec/xmpp2024/22.png b/opsec/xmpp2024/22.png new file mode 100644 index 0000000..6a3ae07 Binary files /dev/null and b/opsec/xmpp2024/22.png differ diff --git a/opsec/xmpp2024/23.png b/opsec/xmpp2024/23.png new file mode 100644 index 0000000..6fd2c62 Binary files /dev/null and b/opsec/xmpp2024/23.png differ diff --git a/opsec/xmpp2024/24.png b/opsec/xmpp2024/24.png new file mode 100644 index 0000000..9f18aba Binary files /dev/null and b/opsec/xmpp2024/24.png differ diff --git a/opsec/xmpp2024/25.png b/opsec/xmpp2024/25.png new file mode 100644 index 0000000..91038aa Binary files /dev/null and b/opsec/xmpp2024/25.png differ diff --git a/opsec/xmpp2024/26.png b/opsec/xmpp2024/26.png new file mode 100644 index 0000000..950fc9b Binary files /dev/null and b/opsec/xmpp2024/26.png differ diff --git a/opsec/xmpp2024/27.png b/opsec/xmpp2024/27.png new file mode 100644 index 0000000..ff1d281 Binary files /dev/null and b/opsec/xmpp2024/27.png differ diff --git a/opsec/xmpp2024/28.png b/opsec/xmpp2024/28.png new file mode 100644 index 0000000..c62694a Binary files /dev/null and b/opsec/xmpp2024/28.png differ diff --git a/opsec/xmpp2024/29.png b/opsec/xmpp2024/29.png new file mode 100644 index 0000000..c3057ff Binary files /dev/null and b/opsec/xmpp2024/29.png differ diff --git a/opsec/xmpp2024/30.png b/opsec/xmpp2024/30.png new file mode 100644 index 0000000..13638dc Binary files /dev/null and b/opsec/xmpp2024/30.png differ diff --git a/opsec/xmpp2024/index.html b/opsec/xmpp2024/index.html index 9d58b64..b11806d 100644 --- a/opsec/xmpp2024/index.html +++ b/opsec/xmpp2024/index.html @@ -8,7 +8,7 @@ - XMPP Server Setup Setup + XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE) @@ -61,9 +61,9 @@
    Previous Page

    nihilist@mainpc - 2024-08-05

    -

    XMPP Server Setup Setup

    +

    XMPP Chat Server Setup (Clearnet + Onion + OMEO E2EE)

    -

    In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody and Pidgin.

    +

    In this tutorial, we're going to check out how to setup a XMPP chat server, that is accessible over Tor, as a hidden service, using Prosody. We'll also cover how to have a Clearnet XMPP server, and how to have OMEO End to End encryption using the Gajim XMPP client.

    @@ -74,7 +74,7 @@
    -

    XMPP Server Setup

    +

    XMPP Onion Server Setup

    Before starting, check out this tutorial on how to create your first hidden service.

    
 root@ANON-home:~# apt install prosody prosody-modules lua-unbound -y
@@ -328,9 +328,114 @@ Component "conference.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.o
         muc_log_expires_after = "1w"
    +
    +
    +
    + + + +
    +
    +
    +
    +

    XMPP Clearnet Server Setup



    +

    First edit prosody.cfg.lua like so :

    +
    
+[ Datura ] [ /dev/pts/3 ] [~]
+→ vim /etc/prosody/prosody.cfg.lua
+
+[...]
+
+VirtualHost "nowhere.moe"
+ssl = {
+     certificate = "/etc/ssl/nowhere.moe/fullchain.cer";
+         key = "/etc/ssl/nowhere.moe/nowhere.moe.key";
+}
+
+VirtualHost "nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion"
+
+[...]
+
+
    +

    Then copy the existing acme.sh certificates for nowhere.moe into another non-root directory, otherwise prosody wont be able to read them:

    +
    
+[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
+→ mkdir -p /etc/ssl/nowhere.moe/
+
+[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
+→ cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe
+
+[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
+→ sudo setfacl -R -m u:prosody:rx  /etc/ssl/nowhere.moe/
+
+[ Datura ] [ /dev/pts/4 ] [/etc/ssl/nowhere.moe]
+→ sudo -u prosody cat /etc/ssl/nowhere.moe/nowhere.moe.cer
+-----BEGIN CERTIFICATE-----
+MIIF5zCCBM+gAwIBAgISBCVaPZeC38+C4bWEm3yPX1LMMA0GCSqGSIb3DQEBCwUA
+MDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQD
+EwNSMTAwHhcNMjQwODExMjAyMjI5WhcNMjQxMTA5MjAyMjI4WjAWMRQwEgYDVQQD
+Ewtub3doZXJlLm1vZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJPO
+[...]
+-----END CERTIFICATE-----
+
+
+
    +

    to copy it once a day to the correct folder, you can do it via cronjob:

    +
    
+[ Datura ] [ /dev/pts/7 ] [~]
+→ crontab -e
+
+0 0 * * * cp -r /root/.acme.sh/nowhere.moe/* /etc/ssl/nowhere.moe ; setfacl -R -m u:prosody:rx  /root/.acme.sh/nowhere.moe ; systemctl restart prosody
+
+
    +

    Then, don't forget to create the clearnet user:

    +
    
+[ Datura ] [ /dev/pts/7 ] [~]
+→ prosodyctl adduser usertest usertestpwd
+
+[ Datura ] [ /dev/pts/7 ] [~]
+→ prosodyctl passwd  usertest@nowhere.moe
+
+
    +

    Then you can just connect to the XMPP server over clearnet aswell, but one thing to note is that pidgin is limited when it comes to encrypting chats, so let's use Gajim instead as it comes with OMEO encryption out of the box:

    +
    
+user@laptop: apt install gajim -y
+
+
    + + + + + +
    +
    +
    +
    + + +
    +
    +
    +
    +

    XMPP OMEO End to End Encryption (E2EE)



    + + + + + + + +

    Now here, you need to tell the other peer (if they don't have OMEO enabled) to install a XMPP client like gajim, just like you, to use OMEO encryption just like you, to have end to end encryption.

    + + + + + + + + +

    And that's it! you now have a XMPP server working over both Clearnet, and Tor, with end to end encryption.

    -

    TODO: showcase a multi-user chat with 3 users

    -

    TODO: showcase XMPP onion federation between server A <-> and B