π§ hypertor
The Tor network library for Rust and Python
Consume AND host onion services with the simplicity of reqwest and axum.
State-of-the-art security features including PoW DoS protection, Vanguards, and traffic analysis defense.
Why hypertor?
Traditional Tor libraries force you to choose: either a complex low-level API for security researchers, or a simplified wrapper that sacrifices control. hypertor provides both: a batteries-included experience for common tasks, with full access to advanced security features when you need them.
π― Built For
Two Libraries in One
| Component | Purpose | Similar To |
|---|---|---|
| TorClient | Make HTTP requests over Tor anonymously | reqwest, httpx |
| OnionApp | Host .onion services with routing | axum, FastAPI |
Quick Examples
Rust β Anonymous Client
use hypertor::{TorClient, Result};
#[tokio::main]
async fn main() -> Result<()> {
let client = TorClient::new().await?;
let resp = client
.get("http://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion")?
.send()
.await?;
println!("Status: {}", resp.status());
Ok(())
}
Rust β Onion Service
use hypertor::{OnionApp, ServeResponse};
#[tokio::main]
async fn main() -> hypertor::Result<()> {
let app = OnionApp::new()
.get("/", || async { ServeResponse::text("Hello from .onion!") })
.get("/api/status", || async {
ServeResponse::json(&serde_json::json!({"status": "operational"}))
});
let addr = app.run().await?;
println!("π§
Live at: {}", addr);
Ok(())
}
Python β httpx-style Client
import asyncio
from hypertor import AsyncClient
async def main():
async with AsyncClient(timeout=60) as client:
resp = await client.get("https://check.torproject.org/api/ip")
print(f"Tor IP: {resp.json().get('IP')}")
asyncio.run(main())
Python β FastAPI-style Server
from hypertor import OnionApp
app = OnionApp()
@app.get("/")
async def home():
return "Welcome to my .onion service!"
@app.post("/api/echo")
async def echo(request):
data = await request.json()
return {"received": data}
if __name__ == "__main__":
app.run() # π§
Live at: xyz...xyz.onion
Security Features
π‘οΈ PoW DoS Protection
Tor 0.4.8+ Proof-of-Work defense with adaptive difficulty automatically protects your service from DDoS attacks without affecting legitimate users.
π Client Authorization
Basic & Stealth authorization modes with x25519 key derivation. Restrict access to authorized clients while hiding service existence from others.
π Vanguards Protection
Vanguards-lite guard relay protection prevents circuit enumeration attacks that could reveal your service's location.
π Traffic Analysis Defense
WTF-PAD, Tamaraw padding, and circuit padding machines resist website fingerprinting and correlation attacks.
π Leak Detection
Comprehensive security scanner detects DNS leaks, header fingerprinting, timing patterns, and content leaks before they compromise anonymity.
β±οΈ Timing Attack Protection
Built-in timing correlation defense with jitter injection and pattern detection to prevent traffic analysis attacks.
β‘ Congestion Control
Vegas RTT-based congestion control (Tor Proposal 324) provides optimal throughput without overwhelming the network.
π WebSocket & gRPC
Real-time bidirectional WebSocket communication and gRPC services over Tor for modern application architectures.
π Bridge Support
Full support for obfs4, snowflake, meek, and webtunnel pluggable transports for censorship circumvention.
π Prometheus Metrics
Production-ready observability with counters, gauges, histograms, and automatic /metrics endpoint for monitoring.
Security Presets
Choose your security level based on your threat model:
use hypertor::SecurityConfig;
// Basic Tor protection (fastest)
SecurityConfig::standard()
// PoW + Vanguards (recommended for most)
SecurityConfig::enhanced()
// Full Vanguards + Client Authorization
SecurityConfig::maximum()
// Stealth Auth + Max PoW + Tamaraw padding
SecurityConfig::paranoid()
| Preset | PoW | Vanguards | Client Auth | Traffic Padding | Use Case |
|---|---|---|---|---|---|
standard |
β | β | β | β | Development, low-risk |
enhanced |
β | lite | β | β | Most production services |
maximum |
β | full | basic | β | High-value targets |
paranoid |
β max | full | stealth | Tamaraw | State-level adversaries |
Architecture
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β YOUR APPLICATION β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β TorClient β OnionApp β SOCKS5 Proxy β β (consume .onion) β (host .onion) β (bridge tools) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β hypertor core β β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββββ β β β Connection β β Privacy β β Security β β Observabilityβ β β β Pooling β β Padding β β PoW/Auth β β Metrics β β β β Retry β β Vanguards β β Analysis β β Tracing β β β ββββββββββββββ ββββββββββββββ ββββββββββββββ ββββββββββββββββ β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β arti-client (Tor Protocol) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€ β Tor Network (6000+ relays) β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Performance
| Operation | Time | Notes |
|---|---|---|
| Circuit establishment | ~2-4s | Initial connection |
| HTTP request (warm) | ~200-500ms | With pooled circuit |
| OnionApp startup | ~3-5s | Service registration |
| Request throughput | ~50-100 req/s | Depends on circuit |
All benchmarks run with cargo bench β 71 benchmarks covering all major operations.
Installation
Rust
[dependencies]
hypertor = "0.3"
tokio = { version = "1", features = ["full"] }
Python
pip install hypertor
Documentation
π Quick Start
Get up and running in 5 minutes with basic examples for both client and server usage.
π TorClient Guide
Deep dive into the HTTP client: requests, authentication, streaming, and advanced options.
π§ OnionApp Guide
Build and deploy onion services with routing, middleware, and security configuration.
π Security Guide
Configure PoW, Vanguards, client authorization, and traffic analysis defenses.