ProxyChains

Using ProxyChains to Proxy Your Internet Traffic

How do hackers cover their tracks during a cyber attack? Today, let’s talk about an important concept for penetration testers and forensics investigators: proxying.

Proxying refers to the technique of bouncing your Internet traffic through multiple machines to hide the identity of the original machine, or to overcome network restrictions. ProxyChains is a tool that hackers often use to accomplish this goal.

What is ProxyChains?

ProxyChains is a tool that redirects TCP connections made by applications, through various proxies like SOCKS4, SOCKS5, or HTTP. It is an open-source project for GNU/Linux systems. ProxyChains can string multiple proxies together to make it harder to identify the original IP address. These chains are often used in red team engagements to make it difficult for blue teamers to trace the original IP address. While using ProxyChains, you are able to use various tools such as SSH, telnet, wget, and Nmap to evade detection.

Configuration Types

You have three configuration options while using ProxyChains: Dynamic, Strict, and Random.

Dynamic chain: This allows us to run our traffic through every proxy on the list. If one proxy is not responding it will be skipped and automatically move to the next proxy. At least one proxy must be available for the chain to work.

Strict chain: All proxies in the list will be used and chained in the assigned order. Unlike a dynamic chain, all proxies must be responsive in a strict chain for it to work.

Random chain: All proxies will be selected at random. We could optionally specify the number of proxies to use.

Usage of ProxyChains

At first, you have to start the Tor service in order to use ProxyChains.

┌──(root💀kali)-[/home/writer]
└─# service tor start

After the tor service is started, you can use ProxyChains for browsing and for anonymous scanning and enumeration. You can also use Nmap or sqlmap tool with ProxyChain for scanning and searching exploits anonymously. It’s great, right?

To utilize ProxyChains, simply type the ProxyChains command in a terminal, followed by the name of the app you want to use. The format is as follows:

┌──(root㉿kali)-[~]
└─$ proxychains firefox www.flippa.com

To use Nmap:

$ proxychains nmap -targetaddress

To use sqlmap:

$  proxychains python sqlmap -u target

You can also test for exploits anonymously like

$ proxychains python sqlmap -u http://www.targetaddress/products.php?product=3

Literally, Every TCP reconnaissance tool can be used with ProxyChains.

For the final confirmation of ProxyChains is working properly or not, just go to dnsleaktest.com and check your IP address and DNS leaks.

After running ProxyChains, you will notice that Firefox has been loaded with a different language. Now, let’s perform a DNS leak test by using a command :

$ proxychains firefox dnsleaktest.com

As you can see, my location has shifted from INDIA to PAKISTAN, and the good news is that ProxyChains continuously changing my IP address in a dynamic manner, ensuring that my anonymity is maintained.

If you wish to see a new result, simply close Firefox, clean the terminal, restart the Tor service and launch ProxyChains again. In the DNS leak test, you’ll see a variety of outcomes, as illustrated below.

Again you can see that my location has shifted from Pakistan to Russia. This is how dynamic chain proxies work. It increases the chances for more anonymity while hacking.