2011-11-14 00:57:54 +00:00
|
|
|
ProxyChains ver 4.0 README
|
2011-02-25 15:48:33 +00:00
|
|
|
==========================
|
2011-02-25 09:40:11 +00:00
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
ProxyChains is a UNIX program, that hooks network-related libc functions
|
|
|
|
in dynamically linked programs via a preloaded DLL and redirects the
|
|
|
|
connections through SOCKS4a/5 or HTTP proxies.
|
|
|
|
|
2011-11-14 00:57:54 +00:00
|
|
|
*********** ATTENTION ***********
|
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
this program works only on dynamically linked programs.
|
|
|
|
also both proxychains and the program to call must use
|
|
|
|
the same dynamic linker (i.e. same libc)
|
2011-11-14 00:57:54 +00:00
|
|
|
|
|
|
|
*********************************
|
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
*** Known limitations of the current version: ***
|
|
|
|
|
|
|
|
when a process forks, does a DNS lookup in the child, and then uses
|
|
|
|
the ip in the parent, the corresponding ip mapping will not be found.
|
|
|
|
this is because the fork can't write back into the parents mapping table.
|
|
|
|
IRSSI shows this behaviour, so you have to pass the resolved ip address
|
|
|
|
to it. (you can use the proxyresolv script (requires "dig") to do so)
|
|
|
|
|
|
|
|
this means that you can't currently use tor onion urls for irssi.
|
|
|
|
to solve this issue, an external data store (file, pipe, ...) has to
|
|
|
|
manage the dns <-> ip mapping. of course there has to be proper locking.
|
|
|
|
shm_open, mkstemp, are possible candidates for a file based approach,
|
|
|
|
the other option is to spawn some kind of server process that manages the
|
|
|
|
map lookups. since connect() etc are hooked, this must not be a TCP server.
|
2011-11-14 00:57:54 +00:00
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
I am reluctant on doing this change, because the described behaviour
|
|
|
|
seems pretty idiotic (doing a fork only for a DNS lookup), and irssi
|
|
|
|
is currently the only known affected program.
|
2011-02-25 09:40:11 +00:00
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
*** Installation ***
|
2011-02-25 09:40:11 +00:00
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
# needs a working C compiler, preferably gcc
|
|
|
|
./configure
|
|
|
|
make
|
|
|
|
sudo make install
|
2011-02-25 09:40:11 +00:00
|
|
|
|
2011-11-14 00:57:54 +00:00
|
|
|
Changelog:
|
|
|
|
----------
|
|
|
|
|
|
|
|
Version (4.x) removes the dnsresolver script which required a dynamically
|
|
|
|
linked "dig" binary to be present with remote DNS lookup.
|
|
|
|
this speeds up any operation involving DNS, as the old script had to use TCP.
|
|
|
|
additionally it allows to use .onion urls when used with TOR.
|
|
|
|
also it removed the broken autoconf build system with a simple Makefile.
|
|
|
|
there's a ./configure script though for convenience.
|
|
|
|
it also adds support for a config file passed via command line switches/
|
|
|
|
environment variables.
|
|
|
|
|
|
|
|
Version (3.x) introduces support for DNS resolving through proxy
|
2011-02-25 09:40:11 +00:00
|
|
|
it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
|
|
|
|
Auth-types: socks - "user/pass" , http - "basic".
|
|
|
|
|
|
|
|
When to use it ?
|
|
|
|
1) When the only way to get "outside" from your LAN is through proxy server.
|
|
|
|
2) To get out from behind restrictive firewall which filters outgoing ports.
|
|
|
|
3) To use two (or more) proxies in chain:
|
|
|
|
like: your_host <--> proxy1 <--> proxy2 <--> target_host
|
|
|
|
4) To "proxify" some program with no proxy support built-in (like telnet)
|
|
|
|
5) Access intranet from outside via proxy.
|
|
|
|
5) To use DNS behind proxy.
|
|
|
|
|
|
|
|
Some cool features:
|
|
|
|
|
|
|
|
* This program can mix different proxy types in the same chain
|
|
|
|
like: your_host <-->socks5 <--> http <--> socks4 <--> target_host
|
|
|
|
* Different chaining options supported
|
|
|
|
random order from the list ( user defined length of chain ).
|
|
|
|
exact order (as they appear in the list )
|
|
|
|
dynamic order (smart exclude dead proxies from chain)
|
|
|
|
* You can use it with any TCP client application, even network scanners
|
|
|
|
yes, yes - you can make portscan via proxy (or chained proxies)
|
|
|
|
for example with Nmap scanner by fyodor (www.insecire.org/nmap).
|
|
|
|
proxychains nmap -sT -PO -p 80 -iR (find some webservers through proxy)
|
|
|
|
* You can use it with servers, like squid, sendmail, or whatever.
|
|
|
|
* DNS resolving through proxy.
|
|
|
|
|
2011-11-14 00:57:54 +00:00
|
|
|
|
2011-02-25 09:40:11 +00:00
|
|
|
Configuration:
|
2011-11-14 00:57:54 +00:00
|
|
|
--------------
|
|
|
|
|
2011-02-25 09:40:11 +00:00
|
|
|
proxychains looks for config file in following order:
|
2011-02-25 15:48:33 +00:00
|
|
|
1) file listed in environment variable ${PROXYCHAINS_CONF_FILE} or
|
|
|
|
provided as a -f argument to proxychains script or binary.
|
|
|
|
2) ./proxychains.conf
|
|
|
|
3) $(HOME)/.proxychains/proxychains.conf
|
|
|
|
4) /etc/proxychains.conf **
|
2011-02-25 09:40:11 +00:00
|
|
|
|
|
|
|
**see more in /etc/proxychains.conf
|
|
|
|
|
|
|
|
Usage Example:
|
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
$ proxychains telnet targethost.com
|
2011-02-25 09:40:11 +00:00
|
|
|
|
|
|
|
in this example it will run telnet through proxy(or chained proxies)
|
|
|
|
specified by proxychains.conf
|
|
|
|
|
2011-02-25 15:48:33 +00:00
|
|
|
Usage Example:
|
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
$ proxychains -f /etc/proxychains-other.conf targethost2.com
|
2011-02-25 15:48:33 +00:00
|
|
|
|
|
|
|
in this example it will use different configuration file then proxychains.conf
|
|
|
|
to connect to targethost2.com host.
|
|
|
|
|
2011-02-25 09:40:11 +00:00
|
|
|
Usage Example:
|
|
|
|
|
2012-07-08 19:44:02 +00:00
|
|
|
$ proxyresolv targethost.com
|
2011-02-25 09:40:11 +00:00
|
|
|
|
|
|
|
in this example it will resolve targethost.com through proxy(or chained proxies)
|
|
|
|
specified by proxychains.conf
|
|
|
|
|