Identity Secret: How to Become a Ghost Hacker with Proxychains

August 16, 2016 | Views: 33732

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Welcome Back, Cybrarians!!!!

When it comes to hacking remotely, the number one priority that comes to a hacker’s mind is how to stay anonymous and operate under the radar in order to be safe.

Anonymity is a big topic in the digital world that becomes complicated as technology advances. However, achieving a complete anonymity is a myth, simply because the digital world based on the internet was not built to be used anonymously. You’re never completely anonymous on the internet; you have to keep that idea in mind.

That being said, they are some ways, if done together, that can  minimize the level of exposure and trace-ability, such as VPNs, Proxychains, changing physical locations and so on….

In our tutorial today, we’ll go through setting up Proxychains on Kali Linux in order to use it later in other hacking tutorials.

 

Let’s start…

Terminology:

Proxy: the idea of a proxy, in general, is directing traffic from your system (computer) to another system (computer or server) before reaching the targeted destination.

Proxy Server: is the midpoint between the client/hacker computer (your computer) and the targeted computer or server.

As you see below in the diagram, you get the external IP address from your ISP (internet Service Provider). Instead of connecting directly to the target, your traffic will travel through one or more servers and you will get a new IP address, before reaching the intended destination. These servers are the called proxy server.

prox1.JPG

Proxychains: are using multiple proxy servers to obscure or hide your original IP.

 

NOTES:

1- The more proxies you use, the slower your internet connection gets, as a result of bouncing packets from one server to another.

2- Spend a good amount of time searching for a good proxies for your mission.

3-Your proxies choice should be based on your location and laws of your area; it’s recommended to take the time to know which proxies ensure obscurity and are less likely to be traced back to your identity.

4- The weakest link is the proxychain is your original IP address that can be traced back to you. This  should be taken in consideration as where to get your internet connection. This should add a layer of anonymity to whole package.

 

Tutorial Requirements:

1- Kali Linux virtualbox

2- Proxies: these are list of common proxies. Yet, as I mentioned above, choose them carefully.

  1. SamAir Security

  2. Proxy4Free

  3. Hide.me

  4. Hide My Ass

 

Step 1: Change Network Settings

Before you start your box, change the settings of your Network to a Bridged Network.

3.JPG

Step 2: Choose Your Proxies

For the purpose of this tutorial, I chose 3 proxies from different locations. As I mentioned before, spend some time choosing the right proxies for you. Remember NEVER depend on one proxy or proxy site. Always keep moving, keep bouncing.

bb.JPG

 

Step 3: Configure Proxychains

  • Locate proxychains configuration file:

>> locate proxychains

1proxy.png

  • Edit the configuration file using any file editor:vim, nano, leafpad,pico.

prox2.JPG

  • Once you hit the command, you should see the configurations below.

po.JPG

They are 3 different settings for proxychains and each one serves a different purpose.

1- Strict chain: is used when the order of the proxies is important to you. The connection will go through your list, one by one, as you listed them. This comes in handy if you know that all the proxies you chose are working and you can rely on them. Strict chain will help you craft a scenario as to where the attacks come from as you choose the locations to align with the mission.

2- Dynamic chain: goes through your list in order, but if one of the proxies timed out or is not working anymore, it skips it and goes to the next one in the list.

By default strict mode is uncommented out; if you want to switch to dynamics, comment out strict_chain by adding pound sign “#”in front of it, like below:

o1.png

And remove the pound sign ”#” to use the dynamic_chain

o2.png

3- Random chain: goes through the proxy list randomly without any order, every time you make a connection, you will get a different IP address. This means that each time you use proxychains, the chain of proxy will look different to the target destination, which makes it harder to trace the traffic back to you.

Note: If you want to use random_chain, make sure you comment the other two and uncomment “random_chain”

* To add your proxy list :

  • Go down the file under #Add proxy list and add your proxies

  • The list of proxies will include the protocol type, IP address and port number

  • Note: When you add the proxies, use the “tab key instead of “space” to avoid any problems while running proxychains later

Ex: Socks4”tabs”IP_address”tab”Port_number

os4.png

Now that you added the list of the proxies, it’s the time to test them to see if they work properly as expected.

 

Step 4: Testing Your Proxies

Now that we set everything up, let’s test it and see how it goes.

Before we start using the proxychains, let’s check out original IP.

>>>> curl icanhazip.com

x1.JPG

Now, let’s check our IP address using the proxychains; I’m using dynamic_chain switch

>>> proxychains curl icanhazip.com

o4.png

As you see above, using the dynamic switch helps skipping the timeout responses. The connection bounced from one IP to another – skipping the timeout until it reached the destination with 80.169.208.218 IP were the response message was OK.

– One of the greatest things about proxychains is that you can use it to scan networks or web servers. Sometimes anonymously, like below using Nmap

>>> proxychains nmap -sS -T4 www.google.com

  • sS for (TCP SYN scan)

  • T4 for time

os6.JPG

NOTES:

  • As you see, the above connection bounced from one IP to another until it hit the target with a different IP from the one it started the scanning with.

  • Keep trying multiple times, as sometimes the scanning will time out a couple of times before you get a response back.

 


That’s all for this tutorial. In the coming ones, we’ll use proxychains for remote/external hacking. Thanks for reading and stay tuned for more…

@Z33MAXX

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
36 Comments
  1. Confront your cheating spouse with evidence, i was able to spy on my cheating

    ex phone without finding out…..it really helped me during my divorce …you

    can contact (HACKINTECHNOLOGY@GMAIL.COM) call and text (669) 225-2253 OR GOOGLE HANGOUT HACKINTECHNOLOGY@GMAIL.COM for

    spying and hacking social networks, school servers, icloud and much more,

    viber chats hack, Facebook messages and yahoo messenger, calls log and spy

    call recording, monitoring SMS text messages remotely, cell phone GPS

    location tracking, spy on Whats app Messages, his services are AFFORDABLE

    ……………………………… ONLY GOD CAN THANK HIM FOR ME

  2. good information

  3. still have to pay people these days to monitor someone, when a simple web search will do that job?

  4. There is a multitude of ways to capture these activities yourself, no need to pay a hacker. You’re a couple, you’re telling me you had no access to his phone at one time or another? Or his PC? Cookies alone will give you all info you want, never mind history searches and other methods…even social engineering would work here. Hacking personal accounts to get this info, no matter what the purpose, is illegal. Do you know what Mr scottcyberlord11 will do in the future with your info or his? Just things to consider. I suspected my partner. At the time (10 years ago) I had no technical knowledge on how to catch him. Some research and a few thank you(s) to Google, I got all info needed to prove my suspicions. Don’t give your info out to hackers so liberally, is all I’m saying. I offer these services too, but only when it’s legal (according to my authority and laws within the country I live in) and under contract. Never touched individuals and never will, although I did have to report malicious intents I came across in the past. And the thing with hackers , good or bad, we’re just not easy to find. We make sure our footprints are either very small and hard to capture, or confuse our targets with polymorphic nature attacks, showing no modus operandi patterns and constantly changing our signatures and jump locations using proxy chains, VPN’s , anonymizers, spoofing our MAC and IP addresses in the process….because we have to. So doing “research” on any hacker is basically futile. Please don’t urge anyone to use hackers and break laws for no good reason. People can end up in jail from these actions. It should always be an idea they come up with on their own, and never infused by you. Because you can also be held liable down the road when (not if) another person points to your post…

  5. This is a quick advice for anyone in my shoes, suffering from infidelity. if you suspect your partner is cheating on you, or he/she is gradually changing in attitude, i advice you try to monitor him before its too late. contact SCOTT CYBERLORD to help you monitor your partner’s phone and computer activities, with this you will be able to know all his cheating activities. My partner cheated for many months, i was suspecting him but i couldn’t catch him until i used Scott’s service, he help me in hacking all his social media account, monitor his call logs, text messages, i only pay for the software he used and I easily got proof he was cheating, then i confronted him, he told me he was honestly sorry and he has stopped since then. That was what i had to do to save my relationship. You may need such service to save yours too, contact him at ( scottcyberlord11 @ gmail com ) or text, call, Whatsapp him via +1 (628) 204 3588 and tell him Ariana referred you, thank me later.

Page 5 of 6« First...«23456»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel