Identity Secret: How to Become a Ghost Hacker with Proxychains

August 16, 2016 | Views: 32208

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Welcome Back, Cybrarians!!!!

When it comes to hacking remotely, the number one priority that comes to a hacker’s mind is how to stay anonymous and operate under the radar in order to be safe.

Anonymity is a big topic in the digital world that becomes complicated as technology advances. However, achieving a complete anonymity is a myth, simply because the digital world based on the internet was not built to be used anonymously. You’re never completely anonymous on the internet; you have to keep that idea in mind.

That being said, they are some ways, if done together, that can  minimize the level of exposure and trace-ability, such as VPNs, Proxychains, changing physical locations and so on….

In our tutorial today, we’ll go through setting up Proxychains on Kali Linux in order to use it later in other hacking tutorials.

 

Let’s start…

Terminology:

Proxy: the idea of a proxy, in general, is directing traffic from your system (computer) to another system (computer or server) before reaching the targeted destination.

Proxy Server: is the midpoint between the client/hacker computer (your computer) and the targeted computer or server.

As you see below in the diagram, you get the external IP address from your ISP (internet Service Provider). Instead of connecting directly to the target, your traffic will travel through one or more servers and you will get a new IP address, before reaching the intended destination. These servers are the called proxy server.

prox1.JPG

Proxychains: are using multiple proxy servers to obscure or hide your original IP.

 

NOTES:

1- The more proxies you use, the slower your internet connection gets, as a result of bouncing packets from one server to another.

2- Spend a good amount of time searching for a good proxies for your mission.

3-Your proxies choice should be based on your location and laws of your area; it’s recommended to take the time to know which proxies ensure obscurity and are less likely to be traced back to your identity.

4- The weakest link is the proxychain is your original IP address that can be traced back to you. This  should be taken in consideration as where to get your internet connection. This should add a layer of anonymity to whole package.

 

Tutorial Requirements:

1- Kali Linux virtualbox

2- Proxies: these are list of common proxies. Yet, as I mentioned above, choose them carefully.

  1. SamAir Security

  2. Proxy4Free

  3. Hide.me

  4. Hide My Ass

 

Step 1: Change Network Settings

Before you start your box, change the settings of your Network to a Bridged Network.

3.JPG

Step 2: Choose Your Proxies

For the purpose of this tutorial, I chose 3 proxies from different locations. As I mentioned before, spend some time choosing the right proxies for you. Remember NEVER depend on one proxy or proxy site. Always keep moving, keep bouncing.

bb.JPG

 

Step 3: Configure Proxychains

  • Locate proxychains configuration file:

>> locate proxychains

1proxy.png

  • Edit the configuration file using any file editor:vim, nano, leafpad,pico.

prox2.JPG

  • Once you hit the command, you should see the configurations below.

po.JPG

They are 3 different settings for proxychains and each one serves a different purpose.

1- Strict chain: is used when the order of the proxies is important to you. The connection will go through your list, one by one, as you listed them. This comes in handy if you know that all the proxies you chose are working and you can rely on them. Strict chain will help you craft a scenario as to where the attacks come from as you choose the locations to align with the mission.

2- Dynamic chain: goes through your list in order, but if one of the proxies timed out or is not working anymore, it skips it and goes to the next one in the list.

By default strict mode is uncommented out; if you want to switch to dynamics, comment out strict_chain by adding pound sign “#”in front of it, like below:

o1.png

And remove the pound sign ”#” to use the dynamic_chain

o2.png

3- Random chain: goes through the proxy list randomly without any order, every time you make a connection, you will get a different IP address. This means that each time you use proxychains, the chain of proxy will look different to the target destination, which makes it harder to trace the traffic back to you.

Note: If you want to use random_chain, make sure you comment the other two and uncomment “random_chain”

* To add your proxy list :

  • Go down the file under #Add proxy list and add your proxies

  • The list of proxies will include the protocol type, IP address and port number

  • Note: When you add the proxies, use the “tab key instead of “space” to avoid any problems while running proxychains later

Ex: Socks4”tabs”IP_address”tab”Port_number

os4.png

Now that you added the list of the proxies, it’s the time to test them to see if they work properly as expected.

 

Step 4: Testing Your Proxies

Now that we set everything up, let’s test it and see how it goes.

Before we start using the proxychains, let’s check out original IP.

>>>> curl icanhazip.com

x1.JPG

Now, let’s check our IP address using the proxychains; I’m using dynamic_chain switch

>>> proxychains curl icanhazip.com

o4.png

As you see above, using the dynamic switch helps skipping the timeout responses. The connection bounced from one IP to another – skipping the timeout until it reached the destination with 80.169.208.218 IP were the response message was OK.

– One of the greatest things about proxychains is that you can use it to scan networks or web servers. Sometimes anonymously, like below using Nmap

>>> proxychains nmap -sS -T4 www.google.com

  • sS for (TCP SYN scan)

  • T4 for time

os6.JPG

NOTES:

  • As you see, the above connection bounced from one IP to another until it hit the target with a different IP from the one it started the scanning with.

  • Keep trying multiple times, as sometimes the scanning will time out a couple of times before you get a response back.

 


That’s all for this tutorial. In the coming ones, we’ll use proxychains for remote/external hacking. Thanks for reading and stay tuned for more…

@Z33MAXX

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
36 Comments
  1. My wife and I have been together for ten years and have a little boy. Three weeks ago my whole world imploded. She is 35, has a successful business and works out of town for weeks at a time. I work full time and keep things going on. She has been cheating on me with her clients and a lot of it going as far back as last year, maybe beyond that. Thank God I found Dylan.
    Through his Gmail,, PROCYBERHELP@GMAIL.COM
    Text and call +15015502248, WhatApp +16282043588.
    Recommended by my best friend for spying on her and extracting all the info i needed from her phone (Whatsapp, Facebook, Text messages, Viber, Snapchat, Instagram, iCloud including her call logs, deleted messages and so on) to confirm she was cheating on me. So far this hacker is the best, his works are discreet, secured and perfect without trace. You can contact him to catch your cheating partner. Tell him Anthony Brian referred you because he can be picky at times.

Page 6 of 6« First...«23456
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel