Access an IRC Tor hidden service requiring SASL authentication with Xchat client

Access an IRC Tor hidden service requiring SASL authentication with Xchat client

Configure Xchat with Tor

  • We assume Tor daemon is already running at our system, listening to localhost:9050. Find the IRC server’s .onion address. For example Indymedia’s is h7gf2ha3hefoj5ls.onion . Then edit /etc/tor/torrc, add this line at the bottom
  mapaddress h7gf2ha3hefoj5ls.onion 

and restart Tor. Of course you can use any private ipv4 you want.

  • Then add a new network at Xchat, say IndymediaTor, and define as server the “”. Be sure this network does use the proxy. Notice : If you have more than one networks configured in Xchat, that you don’t want to use Tor, then edit them and tick “Bypass proxy” option.
  • Then at Xchat’s Preferences>Network add a proxy :, port 9050 (the one Tor daemon listens to ) and type SOCKS 5.

Configure SASL authentication for Xchat

Various IRC hidden services need SASL authentication to use it. That means you have to have a registered with NickServ nickname. Whatsmore you need to enable SASL for Xchat.

Configuring SASL for XChat: Perl script

This script is based on the SASL script for irssi, and was ported by Lian Wan Situ.

  • Copy the script,, into your ~/.xchat directory, or from wherever XChat loads startup scripts.
  • Load the script using the /load command, or select load script from the Scripts and Plugins menu.
  • The script needs to be configured with /sasl set. The network name (e.g. IndymediaTor — case matters), your primary registered nickname, NickServ password, and authentication mechanism will need to be provided. The authentication mechanism will be one of those returned by /sasl mechanisms.
/sasl set IndymediaTor myNickname myPassword PLAIN
  • If you don’t mind your password being saved to your hard drive or if you don’t want to type the /sasl set command every time before you connect, you will need to do
/sasl save.
  • If everything has been configured correctly, the next time you connect you should see the message:
    SASL authentication successful

To see other options available, you can run just /sasl.