Create your own Private Botnet with ProxyDock!

scraping
docker
botnet
openvpn

(Security Architect & Founder) #1

Hello, fellow 0x00’ers!

First off, I lied. It’s not a botnet. But it enables you to achieve botnet-like abilities.

Today I am going to show you something that has been kept a secret for a long time in the hacker community and has never really been made accessible to the average hobbyist. With this knowledge you will be able to:

  • Bypass rate limits on API’s
  • Google dork with impunity
  • Scan hosts extremely stealthily
  • Leverage hundreds of IP addresses, legally, and quickly

And if that doesn’t already sound incredible. You’ll be able to do it all for less than 2.99 euro a month.


Author Assigned Level: Wannabe

Community Assigned Level:

  • Newbie
  • Wannabe
  • Hacker
  • Wizard
  • Guru

0 voters

Required Skills

List of previous knowledge required to understand the paper. Contents that will not be explained and without knowing them it will be very difficult to follow the paper content.

  • Have a basic understanding of Docker
  • Be able to use the linux CLI.
  • Have a VPN subscription with at least 1 file Click me!
  • Have Docker installed and your user in the Docker group.

Disclaimer

Please don’t use this for illegal purposes. Abuse of this could lead to an increased crackdown on this method, and we’d like this to work as long as possible.


Why

If you’ve ever tried to automate any sort of scraping, Google dorking, or pulling from API’s with rate limits, you’ll know this little guy very well,

The dreaded captcha.

A traditional way you would bypass this would be to scrape some public proxies, however, Google has gotten smarter and upped their detection game. Using any public proxy, or any known Tor exit node doesn’t work either. Providers are quick to block these (freenode, API providers, and others).

Now the only option left seems to be VPN’s. Many VPN’s are difficult to detect, and very rarely ever used to scrape as switching between them is really difficult. Today that is about to change.

Theory

My first idea to solve this problem was to get a bunch of different computers and virtual machines, hook them up to a VPN, stand up a HTTP proxy server on them, and then manually load them up in a proxychains file. Sounds like a good idea, except it would take forever for my entire 45 VPN files.

Instead of using actual computers, I decided this would be a good job for Docker.

Inside each ProxyDock docker container, is OpenVPN connected to a VPN tunnel, with a HTTP proxy server exposed on port 8080, all traffic sent through port 8080 will go through the VPN connection.

The simple bash script repeats this for however many VPN files you have in the VPN directory. For each VPN file, it will forward the port 8080 on the container, to a local port, and it will write the local connection port into a proxychains configuration, which means usage of these proxies is super simple.

Using ProxyDock

Downloading

If you haven’t already, download this

git clone https://github.com/pry0cc/ProxyDock/

Now, create a new directory called ‘VPN’

cd ProxyDock
mkdir VPN

Put all your OpenVPN.ovpn files in there, and make sure they do not have any sketchy characters, they should look like this:

Remove auth prompts from connection files

(skip this if it doesn’t prompt you on connection)

Now, with most providers, they have built-in authentication prompts, so when you run openvpn file.ovpn, it will load, and ask for a username and password, not very helpful for automation, you can easily solve this using an auth.txt file.

Create a file in the ProxyDock directory called auth.txt, inside that file put your username, followed by your password on a newline. Then, append auth-user-pass auth.txt to each file in the VPN directory, a simple bash one liner will do the trick nicely:

for f in $(cd VPN; bash -c ls); do echo "auth-user-pass auth.txt" >> VPN/$f; done

You may find that if the string is not on a new line by itself, then this won’t work, it’s a bit hacky, but re-running this oneliner usually fixes that.

You can test this worked by running sudo openvpn VPN/vpnfile.ovpn, and it should connect without any prompts.

Building the Dockerfile

I have included a script for this, so it’s easy as:

./build.sh

Running ProxyDock!

Now you have done all the setup, it is time to run the start.sh script and let the beautiful collection of proxies startup before your eyes.

A simple run of docker ps, should reveal the running containers.

Demo’s

Starting:
asciicast

Usage:
asciicast

Usage

Simply use proxychains in the current directory, proxychains will automatically recognize that a proxychains.conf is present and will use it.

Non-icmp nmap scans, curl’s, and other fun stuff can be run through proxychains, and each request will use a different proxy, you can even couple this to an IRC client or browser for maximum hacker cred :laughing:

Conclusions

This method is extremely simple, very affordable, and a wonder that nobody has thought of this before. What is very cool about this, is that you can throw in as many VPN files to the VPN directory, and potentially have the reach of 400-500 different non-blacklisted IP addresses. You essentially have a botnet that you can use for scraping or whatever else you’re doing.

If you liked this article please like it, share it, and drop a comment giving your thoughts! And as always, Stay Snappy :wink:


OSINT - Passive Recon and Discovery of Assets
#2

Thanks for writing this article and sharing this technique. I tried to recreate the simple demonstration that was provided above, wherein curl is called, but I am getting timeout errors and I am not quite sure why. I followed each of the steps that were listed, and I even signed up for FrootVPN just to maintain as much of the setup as possible. I would appreciate any suggestions on how to fix this issue, and would be happy to follow up with additional info. I have pasted my errors below.

|R-chain|-<>-127.0.0.1:5006-<><>-4.2.2.2:53-<--timeout
|DNS-response|: google.com does not exist
curl: (6) Could not resolve host: google.com

It looks like the proxies do not have access to DNS so I tried to manually specify an IP address within one of Google's IP ranges (64.233.160.100, to be exact). In a web browser, this resolved just fine, but I got the following error message when trying to run curl.

[email protected]:~/ProxyDock$ sudo proxychains curl 64.233.160.100
ProxyChains-3.1
|R-chain|-<>-127.0.0.1:5037-<><>-64.233.160.100:80-<--timeout
curl: (7) Couldn't connect to server

Running VPNs behind squid
(Security Architect & Founder) #3

Hi @srrpub, can you verify the tunnel is open? Run docker ps and see the port maps manually.

Can you also verify that you can connect to the VPN’s from within the docker container? Find a docker container that is running, find it’s name, and run

docker exec -ti "container_name" bash

Once in, attempt to curl google.com, if this succeeds, then you can be confident it’s not a VPN issue, but rather a proxy issue. If however it does not succeed, and you cannot connect out, then it’s a problem your VPN configuration. Verify that it connects properly to the VPN, and that your auth-user-pass auth.txt file is correctly setup.


#4

Does this create lots and lots of tun devices?


#5

Thanks for getting back to me @pry0cc. I double-checked my VPN configuration using the steps from this article - I had forgotten to remove the “sketchy” characters from my .ovpn file names. I verified that the VPN files were configured properly by running sudo openvpn VPN/vpnfile.ovpn.

I took the additional steps of completely removing and reinstalling Docker, and I re-ran the build.sh and start.sh scripts.

I think that I captured the other troubleshooting steps that were suggested in your reply. Please see the attached screenshot. I am trying to use 7 .ovpn files provided from FrootVPN, so the number of available docker containers shown in docker ps appears to be correct. It looks like curl actually might not be accessible to any of my containers (not sure how to install it either). I would consider myself a docker newbie so please bear with me. Thanks again for your support.


(Security Architect & Founder) #6

Since it is based on Ubuntu, run the following commands:

sudo apt-get update && sudo apt-get -y install curl

This will install curl. Would you be able to run ifconfig as well please?


#7

curl is already installed in my Ubuntu host. I thought that this would make curl accessible to each container, but running which curl from within any docker container returns nothing. When I try to run apt-get update && apt-get install curl -y from within a docker container (e.g. from brave_davinci, shown above), the instruction times out because the container cannot resolve the named apt repositories. Does DNS need to be configured separately, or is this indicative of a misconfigured VPN as you had originally suggested?

ifconfig output:

docker0   Link encap:Ethernet  HWaddr 02:42:24:42:5f:f9  
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:24ff:fe42:5ff9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21533 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18548 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1305698 (1.3 MB)  TX bytes:35082699 (35.0 MB)

ens33     Link encap:Ethernet  HWaddr 00:0c:29:4a:c5:da  
          inet addr:10.10.100.16  Bcast:10.10.100.255  Mask:255.255.255.0
          inet6 addr: fe80::5934:2d1b:c6db:ace5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:94151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42607 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:122881756 (122.8 MB)  TX bytes:3986874 (3.9 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2268 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2268 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:179632 (179.6 KB)  TX bytes:179632 (179.6 KB)

veth26961ec Link encap:Ethernet  HWaddr 02:f8:f5:86:20:dc  
          inet6 addr: fe80::f8:f5ff:fe86:20dc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:354 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1459 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:36582 (36.5 KB)  TX bytes:247873 (247.8 KB)

veth4830e88 Link encap:Ethernet  HWaddr de:27:6e:a2:31:e2  
          inet6 addr: fe80::dc27:6eff:fea2:31e2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:360 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1474 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:37227 (37.2 KB)  TX bytes:249355 (249.3 KB)

veth6741dcd Link encap:Ethernet  HWaddr 9e:40:5d:89:25:c8  
          inet6 addr: fe80::9c40:5dff:fe89:25c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:357 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1470 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:36721 (36.7 KB)  TX bytes:248667 (248.6 KB)

vethbf4fb47 Link encap:Ethernet  HWaddr 12:3b:dd:d1:59:4e  
          inet6 addr: fe80::103b:ddff:fed1:594e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1458 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:37927 (37.9 KB)  TX bytes:247411 (247.4 KB)

vethd5e9ec2 Link encap:Ethernet  HWaddr fa:b6:16:0b:04:89  
          inet6 addr: fe80::f8b6:16ff:fe0b:489/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:340 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1458 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:35903 (35.9 KB)  TX bytes:248197 (248.1 KB)

vethd9145f4 Link encap:Ethernet  HWaddr 22:c2:06:c7:eb:59  
          inet6 addr: fe80::20c2:6ff:fec7:eb59/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8926 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:630304 (630.3 KB)  TX bytes:405581 (405.5 KB)

vetheb9dc0a Link encap:Ethernet  HWaddr ce:22:bd:a4:25:a1  
          inet6 addr: fe80::cc22:bdff:fea4:25a1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:334 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1477 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:35546 (35.5 KB)  TX bytes:249529 (249.5 KB)

(Security Architect & Founder) #8

Hmm, interesting… DNS is already configured with the start script, would you be able to join irc, irc.0x00sec.org, I’ll be on the main channel #0x00sec.


#9

Sure thing, I am joining now.


#10

I’m not getting past the “Joining channel…” message. The server bot had the following to say.
12:03:45ⓘ srrpub set mode +iwxz srrpub
12:03:45ⓘ [477] #0x00sec, You need a registered nick to join that channel.


(oaktree) #11

Register your nick. Because it’s getting off-topic, please PM IRC Staff (group message) if you have any more troubles.


(fir3l0rd) #12

Hi @srrpub I am having the same problem as you. Did you manage to connect to the internet from inside docker containers? Thanks


(Security Architect & Founder) #13

This topic was automatically closed after 30 days. New replies are no longer allowed.