Using proxychains to become (mostly) anonymous

If you’ve ever wanted to mask your IP address (whatever the reason) you’ll be aware that using a proxy is the first thing to do.

Possible motivations might include:

  • Geoblocking
  • State Censorship
  • Local Network Firewall
  • Privacy
  • Illicit activity

Using one proxy is standard for most uses, let’s say your network administer restricted a certain IP address/domain and you wanted to get around it, one proxy will suffice.

In other scenarios, you’d want to think of using multiple proxies which are chained together to further enhance privacy. This is called a proxy chain. It’s a series of proxies linked together to further obfuscate a users source IP address.

Untitled

The Tor network works in a similar fashion, which consists of multiple nodes being chained together with several hops as a means to hide the origin of any connection. However, many Tor exit nodes are known to be run by rogue entities such as the NSA. Treat any kind of proxy (or Tor node) as compromised by default, unless you are the one who is running it.

Whilst Tor has the benefit of encrypting traffic passing between nodes, this becomes irrelevant if every node within the connection is compromised.

Using a series of chained proxies alongside Tor can further enhance privacy. When considering that many rogue nodes exist. Whilst rogue socks proxies are also a thing, there are so many of them available that it would be much harder to directly control a vast amount of them. You can however, utilise Tor within a proxy chain for added obfuscation. The important thing would be to make sure that Tor is not the last hop within the proxy chain. It’s wise not to use a Tor exit node as your actual endpoint address in some scenarios.

In some cases, many websites will block known Tor exit nodes from accessing any content. Using a socks proxy chained onto Tor can help avoid that.

If you plan on accessing a service which is only available through the Tor network (the darkweb) then you will probably have to use Tor as the last proxy within the chain for obvious reasons when resolving an onion TLD.

To get started on Linux (i’m using Slackware here), you’ll want to get hold of an application called proxychains.

On Slackware you can find it in the SlackBuilds.org repository. Most other distributions should probably have it included in the network category of your package manager.

Once you’ve built/installed the application you’ll want to edit the file /etc/proxychains.conf, The default configuration should be fine as it is, but you’ll want to provide a list of proxies for the software to use. At the bottom of this file is the section where you enter the proxies to be used:

Screenshot_2017-03-29_22-19-06

As you can see the software is setup by default to use the Tor network, assuming you have the daemon/service up and running on your system. This will work by using Tor alone.

To get around the problem i hi-lighted above relating to Tor exit nodes, we can supply an additional socks proxy, creating a proxy chain.

Grab a bunch of socks proxies from your favourite proxy lists,  for example here are some open socks proxy websites that list some:

I’d recommend checking a whole bunch at once using a script. But there are plenty of proxy checker tools out there that are easy to find.

Once you’ve managed to find several working socks proxies, we can now add these to our proxy chain. So get the IP address and the port number of a working socks proxy, and place it into the proxychain config file:

socks4 127.0.0.1 9050
socks5 YY.YY.YY.YY 3041
socks5 ZZ.ZZ.ZZ.ZZ 1337

We can use Tor (socks4 127.0.0.1 9050) within the proxy chain somewhere if required. After saving the file, you should now be able to connect to a service where your endpoint is the last proxy in the chain.

Connect to a website such as https://wtfismyip.com/ using curl to confirm the proxy chain is working correctly.

$ proxychains4 curl https://wtfismyip.com/text

If all of the proxies in the chain connected, then you should see something like this:

Screenshot_2017-03-29_22-52-08

Noticing that the website detects your IP address as the last one configured in the proxychain. You can now use this command in front of any other to force all connections through the proxy chain. It’s worth remembering that the more proxies you have chained together, the longer it takes to connect to a service and timeouts WILL happen frequently.

$ proxychains4 firefox
$ proxychains4 hexchat
$ proxychains4 nmap XX.XX.XX.XX

If that’s not enough, you can also change the type of chain used in the proxychain configuration file, to randomise the order in which the proxies are chained together.

It’s always important to remember than many open socks proxies could potentially be harvesting user data and acting as honeypots for user credentials. So be careful of any information leakage, such as entering login/password forms for personal accounts.  Socks proxies are not always safe, you will from time to time find a rogue proxy designed to replace certain content (such as injecting javascript into a webpage) and this can be rather dangerous when combined with browser exploits, and one of these could just turn you into a bot!

Whilst using any kind of proxy, you are never fully anonymous. Privacy is really just an illusion, but it can make things harder to track. Using a combination of Tor, socks(4/a)(5) and randomisation of the proxy chain can help obfuscate the source of a connection.

UPDATE: It turns out you cannot establish a connection to the Tor network using proxychains unless Tor is the first proxy in the chain.

Advertisements
This entry was posted in Desktop, Linux, Network, Privacy and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s