Anonymity is one of the most important elements for the penetration tester (hacker). Imagine if a pentester or a black hat hacker didn’t take steps to anonymize, they would certainly get caught by firewalls, IDS, digital forensic investigators, ISP logging, etc. Therefore, traceability does not pose a complex issue for adversaries when anonymity methods are not utilized by the attacker.
While complete anonymity is a fallacy, it’s certainly feasible to increase your anonymity and curtail traceability using proxies, VPNs, Tor, shifting real-life physical locations, etc.
Remember that proxies are likely to log your traffic, but an adversary has to acquire a warrant or subpoena to secure the logs. A wise attacker is likely to employ proxies that are located outside the jurisdiction of the target which makes it increasingly improbable for any associated traffic to be ascribed to your IP address.
You can use Proxychains to chain numerous proxies and Tor to deliver you anonymity, rendering it more difficult to pinpoint your real IP address. Hence, Proxychains uses many proxy servers to conceal your true IP address. Keep in mind that the more proxies you employ, the slower your Internet connection.
Proxy chaining is not difficult and can be achieved with ease by anyone as depicted in this article.
This tutorial seeks to illustrate how to set up Proxychains with Tor on Kali Linux.
Proxychains Brief Background
- Propels TCP connections initiated by applications to transmit through proxy servers such as SOCKS4, SOCKS5, and HTTP(S).
- Compatible with TCP reconnaissance tools like nmap
- Default setting uses Tor network.
- Can be blended with distinct proxy types inside a list.
If you are already using Kali, then Proxychains is already installed!
If not, type in the following commands into terminal:
sudo apt-get install tor proxychains
To check if Tor is running:
sudo service tor status
To start Tor service:
sudo service tor start
To stop Tor and use Proxychains with custom proxies:
sudo service tor stop
Find Some Proxies From An Updated List
Go to the search engine and find some proxies.
Select proxies from distinct locations. It’s not sensible to rely on proxies exclusively from one source.
An example of a site offering free proxies list is: https://www.free-proxy-list.net
Locate Directory Of Proxychains
Type the following command into terminal:
Based on the above screenshot, you can see that the Proxychains configuration file is located in /etc/.
Moreover, we see that our PATH variable is /usr/bin/ which indicates that you can use Oroxychains from any directory you desire.
Modify the configuration file with a file editor such as leafpad or nano.
Type the following command into terminal:
See below for your options and what to modify.
Strict chain is best deployed when the attacker requires that the appearance of origin of the attacks derive from particular locations that are fundamental to his aim. Essentially, every connection goes through your proxy list in order as you have listed them. Strict chain has merit when you know that the proxies you have selected are all working.
Proxychains’ default configuration has strict chain enabled. Hence, we can see that it is uncommented out in the configuration file:
It’s preferable that you use random chain if you value randomness since every connection goes through your proxy list randomly. Thus, there is no order to follow. When you utilize random chain, you don’t merely obtain a new IP address, but that your traffic will end up looking different to the target. This is exceptional since it makes it more difficult to track the traffic back to the original source which is you.
If you want to use random chain: uncomment “random_chain” by removing the pound sign (#) in front of it, comment both “dynamic_chain” and “strict_chain” with the pound sign (#) in front of them.
Also, you might decide to uncomment “chain_len” which establishes the number of IP addresses in the chain which are utilized in generating your randomized chain of proxies:
Dynamic chain is basically like strict chain with the added exception that it actually skips to the next proxy in your list if the previous one stopped working for some unknown reason.
To use Dynamic chain, simply uncomment “dynamic_chain” and comment both “strict_chain” & “random_chain“.
To use the proxies, you have to add them first to the Proxychains configuration file. Proxychains default settings utilize the Tor network.
If you haven’t already opened Proxychains configuration file, the following command in terminal will suffice to initiate modification:
If you notice that the first line in the proxy list: “socks4 127.0.0.1 9050” which indicates that Proxychains initially points the traffic through our host located at 127.0.0.1, port 9050:
If you choose not to use Tor since it can be quite slow, you must comment out this line by adding in a pound sign (#) in front of socks4 like this:
You can add your fresh proxies below “socks4 127.0.0.1 9050” as shown in the above screenshot.
Do remember to use the tab key rather than space key to steer away from any issues when using Proxychains later on.
Therefore, as an illustration, it goes like this: socks5’tab’IP Address’tab’Port Number
Checking Original IP Address Before Using Proxychains
Obviously, you need to test your new list of proxies.
You can check your original IP address prior to using Proxychains.
This can be accomplished easily by typing the following command into terminal:
Testing Proxy List
You can run a Nmap scan using Proxychains which will force the scan to run through one of the proxies in your list by typing in the following command into terminal:
proxychains nmap scanme.nmap.org
You can also test Proxychains with Firefox:
proxychains firefox www.duckduckgo.com
Hence, any time you want to use Proxychains, just type it first in terminal before the intended application.
Achieving anonymity is important for penetrating testing. While complete anonymity doesn’t exist, just a little bit of effort can be made to increase your anonymity which will drastically make it increasingly difficult for the adversary to pinpoint the origin traffic source.