Hello everyone of 0x00!
I figured why not make my first contribution, so heres a quick one
Today, im going to brush the topic of proxies, followed by how to set up ProxyChains to make being tracked a bit harder.
So first things first. What is a proxy?
In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. --Proxy Server - Wikipedia
What a proxy does, is essentially performs the connection for you, putting another computer between you and your destination. For example. I wish to connect to https://0x00sec.org. Normally, when i enter the address in my search bar in my browser, my computer firstly resolves the hostname to an ip address, from which point my computer would attempt to make a connection and retrieve the webpage. Which would leave my IP address in the access log of said webpage. Not good for anyone hoping to be anonymous.
Now, when using a proxy server in the above example, the order of connection would go My Computer -> Proxy Server -> 0x00sec. Thus leaving the IP of the proxy in any logs as opposed to my IP address.
A proxy is all well and good. However, the proxy has my IP address, so if I were to do anything bad, anyone trying to unmask me could contact said proxy,(given they have legal right to do so) and trace my IP back to me.
What is ProxyChains?
proxychains - a tool that forces any TCP connection made by any given application
to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.
Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.
--ProxyChains - SourceForge
What ProxyChains does is send your connection through multiple SOCKS/HTTP(S) proxy servers.
So, using the above example, instead of Me -> Proxy -> 0x00sec.org
It would be more as follows, Me -> Proxy1.us -> Proxy2.ru -> Proxy3.se -> Proxy4.uk -> 0x00sec
Now, why is this important? If you recall, each proxy retains the previous connecting address, So Proxy1 has my IP, Proxy2 has Proxy1 IP, and so on and so forth.
So, in a scenario of anonymity in the case of someone trying to unmask you, They have to jump through many more hoops to try to get back to your original IP.
ProxyChains can be used with TOR, but im not getting into that due to anyone who hasnt used TOR before would require me doing a guide on that. Maybe another time.
Also, one final note before I get into installation and configuration.
Proxies are not perfect, and by no means 100% anonymity. This not only depends on the proxy you are using, where it is located, the laws in the country and its personal logging. Some Proxies are Transparent, some are not. For the sake of staying an introduction ill leave further research into proxies (SOCKS, HTTP, Transparent, Reverse, etc.) to the reader. I cant give it all to you however maybe in a follow up post.
I Personally would recommend using a handful of proxies, and making sure of a few of them are outside your countries jurisdiction. So in the US, i would use a few in the russian federation and sweden for example.
Here are some lists of proxies that show their country, DISCLAIMER I have not used these proxies nor can i verify their integrity, they are here for examples sake, i recommend researching which proxies youd like to use before relying on them too heavily!**
In the future ill update this post with some reliable proxy lists if there is enough response for such.
Now onto ProxyChains!
ProxyChains runs on *nix OS's, so for this example, im running lubuntu.
So to install proxy chains, were going to open up a terminal and fire off the command
sudo apt-get install proxychains
I already have proxychains installed or i would show the install screenshot.
After installation finishes, you can check proxychains is installed by simply typing proxychains into your terminal. Which if installed, should yield the usage screen as shown below:
Now, to get proxychains up and running. If you arent sure where to find your proxychains config file, you can run the
locate proxychains command, which will yield:
However, to my knowledge it is normally located at
so go ahead and type
sudo vim /etc/proxychains.conf in your terminal which will bring you to:
(if you dont have vim installed its just a
sudo apt-get install vim away!)
In this how-to were going to be setting up a dynamic_chain. Which will run through your list of proxies and if any are offline, it will skip them. ProxyChains also has strict_chain mode, which will try every proxy in the list and all must be online for it to route.
Also, take note of the random_chain option, which when used will use proxies from your config file in a random series.
Note, only one of the "option"_chain options can be used at one time
Press I for insert mode, and go ahead and comment the strict_chain line and uncomment the dynamic_chain option in your conf file so it looks like this:
now press press
esc and type
So now proxychains will use dynamic chaining when we get around to running it.
Open your conf file back up.
If you hit page down, you'll notice proxy_dns is already set by default. This will route all attempts at resolving domain names through your proxy, which If im not mistaken can AID in stopping DNS leaks. Anyone feel free to chime in if im incorrect If you hit page down again, it will take you to the
[ProxyList] section. This is where you will list all of your proxies you want proxychains to connect through.
Note it defaults to TOR
So here were going to comment out the default entry, same as before, i for insert, comment out the line.
Now were going to add a few proxies.
then backout with
Okay, all set! Now, to give her a test run!
To run a program through proxychains, you use
proxychains <program> <program parameters>
For example, you could run
proxychains nmap <IP address>, firefox, ssh, or wget just to name a few.
Now, the proxies i used in my screenshot are invalid So you wont have luck with them.
Running nmap through proxychains:
So final words, Find yourself some proxies, and get out there with proxychains!
*If anyone has any questions, comments, or areas where you feel im incorrect/need more detail, reach out and ill edit as necessary