Esta pagina se ve mejor con JavaScript habilitado

ProxyChains bajo FreeBSD/Ubuntu

 ·  🎃 kr0m

ProxyChains es una herramienta realmente útil cuando es necesario un acceso indirecto a un servidor, ya sea por restricciones de zona geográfica, filtrado IP o por cualquier otra razón. Este software funciona interceptando las funciones de libc relacionadas con la red y reflejándolas a través de un proxy SOCKS4a/5 o HTTP previamente configurado. Esto implica que solo funcionará con programas compilados dinámicamente y contra la misma libc del sistema.

Instalamos el software:

pkg install proxychains-ng

apt install proxychains4

Preparamos el proxy, en mi caso un proxySocks5 montado mediante SSH en el puerto 7778:

ssh root@A.B.C.D -p 32003 -D 7778 -N -f

Consultamos el fichero de configuración de ejemplo(solo disponible en FreeBSD):

cat /usr/local/etc/proxychains.conf.sample

En mi caso añado el proxy comentado:

vi /usr/local/etc/proxychains.conf

vi /etc/proxychains4.conf


# Remote server:
socks5	127.0.0.1 7778

Comprobamos la ip con la que salimos sin ProxyChains:

curl -4 icanhazip.com

79.116.9.6

Ahora utilizando ProxyChains:

proxychains curl -4 icanhazip.com

[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains-4.so
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain  ...  127.0.0.1:7783  ...  icanhazip.com:80  ...  OK
A.B.C.D

ProxyChains permite encadenar varios proxys, a modo de ejemplo he utilizado el previamente configurado mediante SOCKS5 y uno HTTP público de esta web , cuidado con los proxys públicos que podrían examinar el tráfico o incluso guardar logs de las conexiones pudiendo desvelar el enmascaramiento si alguna autoridad así lo exigiese:

[ProxyList]
socks5  127.0.0.1 7783
http 35.185.196.38 3128

Podemos ver la cadena de proxys al ejecutar ProxyChains:

proxychains curl -4 icanhazip.com

[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains-4.so
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain  ...  127.0.0.1:7783  ...  35.185.196.38:3128  ...  icanhazip.com:80  ...  OK
34.105.87.158

Además podemos tener una lista de proxys y conectar a través de ellos de distintas maneras:

#dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#round_robin_chain
#
# Round Robin - Each connection will be done via chained proxies
# of chain_len length
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped).
# the start of the current proxy chain is the proxy after the last
# proxy in the previously invoked proxy chain.
# if the end of the proxy chain is reached while looking for proxies
# start at the beginning again.
# otherwise EINTR is returned to the app
# These semantics are not guaranteed in a multithreaded environment.
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see  chain_len) from the list.
# this option is good to test your IDS :)

# Make sense only if random_chain or round_robin_chain
#chain_len = 2

Otro aspecto interesante es tunelizar las peticiones DNS a través de los proxys para evitar la correlación en la hora de la conexión al servidor final y la hora de la resolución del registro DNS:

## Proxy DNS requests - no leak for DNS data
# (disable all of the 3 items below to not proxy your DNS requests)

# method 1. this uses the proxychains4 style method to do remote dns:
# a thread is spawned that serves DNS requests and hands down an ip
# assigned from an internal list (via remote_dns_subset).
# this is the easiest (setup-wise) and fastest method, however on
# systems with buggy libcs and very complex software like webbrosers
# this might not work and/or cause crashes.
proxy_dns

# method 2. use the old proxyresolv script to proxy DNS requests
# in proxychains 3.1 style. requires `proxyresolv` in $PATH
# plus a dynamically linked `dig` binary.
# this is a lot slower than `proxy_dns`, doesn't support .onion URLs,
# but might be more compatible with complex software like webbrowsers.
#proxy_dns_old

# method 3. use proxychains4-daemon process to serve remote DNS requests.
# this is similar to the threaded `proxy_dns` method, however it requires
# that proxychains4-daemon is already running on the specified address.
# on the plus side it doesn't do malloc/threads so it should be quite
# compatible with complex, async-unsafe software.
# note that if you don't start proxychains4-daemon before using this,
# the process will simply hang.
#proxy_dns_daemon 127.0.0.1:1053

Algunos comandos útiles que funcionan bien con ProxyChains son:

proxychains nmap -sT -PO -p 80 -iR targethost.com
proxychains telnet targethost.com 25

Mucho cuidado porque hay software con el que no funciona posiblemente debido a esto , como consejo personal recomiendo antes de lanzar nada a ciegas, hacerlo primero en un entorno controlado para comprobar que no se filtre nuestra dirección IP.

Si te ha gustado el artículo puedes invitarme a un RedBull aquí