Using Tor, you can:

• access hidden TCP services as a client
• host your own hidden TCP services as a server

Hidden, in this context, means that these services will only be accessible through Tor.

A good proxifying application is called tsocks, that allows you to prefix a command-line invocation of an application so that it gets relayed through Tor. tsocks is essentially a SOCKS wrapper that forwards TCP connections to Tor's SOCKS port. It can be configured by editing its configuration file, usually found at /etc/torsocks.conf.

After configuring the local subnets, the only required lines are:

server = 127.0.0.1
server_type = 5
server_port = 9050

that relay all the TCP traffic to Tor, listening on 127.0.0.1 and on port 9050.

An invocation of tsocks, could then be:

tsocks mysql -u user -p -h vva33zlardffgeet.onion

that would connect to a hidden database, at the .onion address vva33zlardffgeet.onion over the Tor network.

Setting-up your own services behind Tor is a fairly trivial task. The relevant directives for the Tor configuration file are the following:

HiddenServiceDir /var/lib/tor/hidden_server/
HiddenServicePort 80 127.0.0.1:8800

which instructs Tor to relay all traffic coming from the Tor network on TCP port 80 to the address 127.0.0.1 and port 8800. This implies that a web-server will be listening to requests on 127.0.0.1 and port 8800 as specified by the HiddenServicePort.

The .onion address is automatically generated and can be read from (in the case above):

/var/lib/tor/hidden_server/hostname

You can have multiple HiddenServicePort lines for every service you wish to make available to the .onion network.