The Tor network is widely recognized as an important tool to preserve online privacy. In addition to anonymous Internet access, it allows hosting anonymous services, i.e., Onion Services. However, connecting to an Onion Service is realized in a way that makes them vulnerable to Denial-of-Service attacks (DoS). In this work, we propose Onion Pass, an extension of the Tor protocol that utilizes anonymous cryptographic tokens to mitigate the issue. Clients can solve a challenge to acquire tokens that later can be presented to the Onion Service. The Onion Service can thus differentiate between valid and malicious requests when under attack. Please note that Onion pass is agnostic on the specific challenge-response scheme and follows a design philosophy that puts Onion Services in control of the Onion Pass protocol. We implemented a prototype of Onion Pass and present experimental results that indicate its potential to prevent DoS attacks on Onion Services by reducing their CPU usage required to identify malicious requests by a factor of 47.