Tuesday, January 14, 2020

Proxychain tool in a nutshell

In order to do penetration testing anonymously and decrease the possibility of identity detection, hackers need to use an intermediary machine whose IP address will be left on the target system. This can be done by using a proxy.  "proxychains" is a tool that forces any TCP connection made by any given application to follow through proxy(ies) like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy(ies). Supported auth-types: “user/pass” for SOCKS4/5, “basic” for HTTP.

Steps: You set up proxychain in your own system to use a proxy / sequence of proxies, and use "proxychains <command> [options]" and any network traffic generated from the <command> will be routed through the configured proxy / sequence of proxies.

Kali linux comes with the tool built in. Otherwise, assuming you know how to install the tool, I will proceed with the use cases.

Using a single proxy with proxychain

Why useful?

It is useful when attacker compromised a server behind firewall - he can set up a dynamic SSH forwarding with the compromised system (ingress ssh must be allowed for this to work), set the local forwarded port as socks proxy in /etc/proxychains.conf, and use "proxychains <command> [options]" to attack the internal systems from the compromised system.

Configure:


Use:

Using multiple proxies

Why useful?

To increase anonymity while accessing a network/web.

Configure:

Add in /etc/proxychains.conf

Multiple proxies will be chained based on how it is configured under the /etc/proxychains.conf file - dynamic_chain / strict_chain / random_chain. You should un-comment the relevant configuration. Along with random_chain,  you may want to uncomment the line with chain_len. This will determine how many of the IP addresses in your chain will be used in creating your random proxy chain.

Use:

User has to execute the command - "proxychains <command> [options]"

Find yourself some proxies, and get out there with proxychains!

1 comment:

Proxychain tool in a nutshell

In order to do penetration testing anonymously and decrease the possibility of identity detection, hackers need to use an intermediary mach...