TCP Connections & Proxychains

TCP Connections & Proxychains

- 4 mins
Kali Linux Security

INTRODUCTION

A proxy server is a dedicated computer or software system running on a computer which can act as an intermediary between an end device, such as a computer and another server which a client is requesting any services from. If you use Proxchains and connect to the Internet, your client IP address will not be shown but rather the IP of the proxy server.

WHAT IS PROXYCHAINS

Proxychains is a UNIX program that forces any TCP connection made by any given application to go through proxies like TOR or any other SOCKS4, SOCKS5 or HTTP proxies.

IMPORTANT TERMINOLOGY

  1. Dynamic Chain — dynamically runs through all available proxies. All proxies must be online to play and dead proxies are automatically skipped.
  2. Strict Chain — follows a connection of proxies in sequences. All proxies must be online to play and a single dead proxy in the chain will result will interrupt the connection.
  3. Random Chain — bounces connection back and fourth between random proxies. Best for testing your IDS o not for production.

IMPORTANT CONCEPTS

  1. DNS Leak - DNS queries must also be proxied, if not your privacy is at risk since all DNS queries are sent using an unencrypted DNS request over the network.


In this example, I go through the process of configuring Proxychains on Kali Linux.


REQUIREMENTS

  1. Unix OS


DEPLOYMENT PROCESS OVERVIEW

  1. Verify Current Environment
  2. Configure proxychains.conf File
  3. Verify Configuration

TIME TO IMPLEMENT: 15 minutes

VERIFY CURRENT ENVIRONMENT


It is important to verify your current environment before begin using proxychains. After we congifure Proxychains, we can use the following information to verify Proxychains is functioning appropriately.

  1. Go to google.com and search the following. Take note of your public IP address:
    2. What's my ip?

    proxychains
  2. Go to the following URL and take note of the IP your DNS Server is reporting for you. It should be same IP from the first step.
    3. https://dnsleaktest.com/

    proxychains
  3. Now, go to the following URL and take note of your DNS Server's IP address:
    4. http://www.whatsmydnsserver.com/

    proxychains
  4. Change directories to Documents. Here, we will make a file to keep trake of the IP addresses we just took note of.
    5. cd ~/Documents
  5. Create a file and call it environment by running the following command:
    6. touch environment
  6. Open the file with the following command then paste IP addresses along with their counterpart.
    7. vim environment


proxychains

CONFIGURE PROXYCHAINS.CONF FILE

  1. Open the proxychains.conf file in vim on Kali Linux by issuing the following command:
    2. sudo vim /etc/proxchains.conf
  2. In the /etc/proxychains.conf configuration file, enable the option for dynamic chain:

    3. proxychains
  3. Scroll down and enable the option for Proxy DNS Requests:

    4. proxychains
  4. At the botom of the configuration file add the following to enable SOCKS5 and Tor:
    5. socks5   127.0.0.1 9050

    proxychains
  5. If you haven't already, install Tor by running the following command:
    6. sudo apt-get install tor
  6. Start the Tor service and check it's status after by running the following commands:
    7. service tor start
service tor status

VERIFY CONFIGURATIONS

  1. Run the following command to test using Firefox with the new Proxychains configuration. Firefox will open.
    2. proxychains firefox

    Note the dynammic chain configuration in Terminal and how the browser opens up in German:
    proxychains
  2. Go to google.com and search the following. Take note of your public IP address:
    3. What's my ip?

    proxychains
  3. Go to the following URL and take note of the IP your DNS Server is reporting for you:
    4. https://dnsleak.com/

    proxychains
  4. Now, go to the following URL and take note of your DNS Server's IP address:
    5. http://www.whatsmydnsserver.com/

    proxychains
  5. Change directories again to Documents. Here, we will make note of the IP addresses after our Proxchains configuration so we can compare the differences.
    6. cd ~/Documents
vim environment
  6. Paste each new IP address in and compare.


proxychains


By looking at our environment file, we are able to verify that Proxychains is (1) forwarding our IP address through Tor proxy, (2) our DNS quieres our proxied through Tor (and mitigating DNS Leak), and (3) our DNS server is reporting a different IP address. Proxychains is configured properly.

USE CASES


See below for some exampe use cases for Proxychains:

  1. Proxychains with Nmap scans:
    2. proxychains [nmap command]
proxychains nmap -sC -sV -oA nmap/outputfile 10.10.10.10
  2. Proxychains with SSH:
    3. ssh -D 127.0.0.1:8080 target.com


This will make SSH forward all traffic sent to port 8080 to target.com. You will need to add 127.0.0.1:8080 to the Proxychains proxy list.

SUMMARY

  1. The concept of proxies and knowing how to use proxies is important to learn for anyone in infosec.
  2. Having the Proxychains tool configured and ready for use can prove useful, even if you don't use the tool daily.
  3. Be sure to double check your configurations - a DNS leak can easily expose your identity.

Related Posts

comments powered by Disqus
rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora