List of content you will read in this article:
- 1. What Are Proxy Chains?
- 2. Pros and Cons of Proxy Chaining
- 3. What are proxy chains used for?
- 4. How to Set Up Proxy Chaining with Iptables?
- 5. Proxychains vs Proxychains-ng
- 6. How to install Proxychains on Kali Linux?
- 7. How to install Proxychains on Ubuntu
- 8. Configuring Proxychains
- 9. Choosing Proxychains Modes
- 10. How to use Proxychains
- 11. Pivoting with Proxychains
- 12. Using Tor with Proxychains
- 13. Considerations Tips for Proxychains
- 14. VPN or Proxy Chain: Which Is the Right Choice for You?
- 15. FAQ
Sometimes we need to stay anonymous in the online world due to limitations like geographical restrictions. To stay private on the internet, most people use VPNs. But you should know that VPNs aren’t the only choice you have. There are other alternatives like proxies. New innovations of proxies and VPNs have been created to bypass cyberattacks. The solution for VPNs is site-to-site and for proxies, we have concepts like reverse proxies—and today's focus, proxy chaining. But what are proxy chains? How does proxy chaining work? If you want to know everything about proxy chaining, you’re in the right place because we’re going to tell you everything about proxy chains from use cases to setting up processes. Stick with us.
What Are Proxy Chains?
Before you understand what are proxy chains, you must know what is a proxy. A proxy is an intermediary server that is like a bridge between you and the internet. For example, when you want to visit a website like monovm.com, instead of directly connecting and sending a request to this website, your request and connection go to the proxy in the first step. Proxy forwards your request to monovm.com, then gets the answer and brings it back to you. In this process, your real identity and IP address will stay hidden and the websites only interact with the proxy. As a result, you can surf the internet privately and bypass the geographical restrictions.
Now, what are proxy chains used for? Actually, proxy chains take this concept to the next level. Instead of employing a single proxy server, proxychains connect numerous servers in a sequence—hence the name "chain." Your traffic is routed from your machine to the first proxy server, then to a second, and maybe more, until it reaches the destination, thereby increasing anonymity and security.
Pros and Cons of Proxy Chaining
Before you decide to choose proxy chains or not, you should consider their pros and cons. Here we mention the advantages and disadvantages of using proxy chains to keep in mind:
Pros |
Cons |
Speed: Using several proxy servers allows your internet traffic to flow faster. It's like having a relay race team: more runners equals more speed! |
Maintenance: Managing many proxy servers is similar to juggling several balls. Keep an eye on each one to ensure it is functioning properly. |
Security: Consider it like wearing several layers of clothing. Each proxy server provides an additional layer of security, making it extremely difficult to track you online. |
Reliability: If one server fails, the entire chain is broken. It's like a chain reaction, if one link breaks, the entire chain collapses. |
Caching: Proxy chains function similarly to very efficient memory banks. They remember the websites you've visited, allowing you to access them faster the next time. |
Cost: More servers equals more money. You will have to pay for bandwidth and maintenance, particularly if you use servers in multiple locations. |
What are proxy chains used for?
Now let’s see what are proxy chains used for. These types of proxies are often utilized in penetration testing to hide the origin of communication, making it appear to be originating from a different location or IP address. Using them, hackers connect multiple proxies so others won’t realize where the connection is coming from. So, it will be harder to find them. In this way, they can sneak into networks, move around, or steal data privately.
But are proxy chains only for hackers? Of course not! In some countries like Iran, there are restrictions for some websites even educational ones like Coursera and YouTube. In this way, people in that country can’t benefit from useful content for educational and learning purposes. That’s where proxy chains come in! using them, those people can bypass the illogical limitations of the country.
Proxychains can also work with additional tools known as pivoting tools. These programs allow you to use a compromised computer to communicate with other computers on a network. Using proxy chains with these tools allows you to perform commands or tools on other computers that are ordinarily hidden.
How to Set Up Proxy Chaining with Iptables?
In this part, we're going to show how to use IPtables to route packets across several servers and establish a proxy chain. But before that, you should know what Iptables are:
What is IPtables?
IPtables is a tool often used in Linux environments that allows you to control how your computer communicates with other computers on the Internet. This application is used for server management as well as coding. IPtables allow users to add many kinds of networking rules, such as firewalls and proxy chains. As a result, you can protect your computer and manage what traffic enters and exits.
Now, let’s see how to set up a proxy chain using Iptables.
Prerequisites
The prerequisites that you need is an active proxy server and to ensure that your IPtables setup does not contain any pre- or post-routing rules. If you have them, you’re ready to start.
Step 1: Enable IP Forwarding
You need to enable IP forwarding to create a proxy chain. This is the first essential step. To do that, enter the following command in command-line:
echo "1" > /proc/sys/net/ipv4/ip_forward
Next, add a rule to forward packets from your VPS's IP address to the destination server (example IP: 2.2.2.2) on port 1111:
iptables -t nat -A PREROUTING -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111
Finally, enable masquerading to conceal the original source of the traffic:
iptables -t nat -A POSTROUTING -j MASQUERADE
Step 2: Enable Specific Network Traffic Forwarding (Optional)
If you want to forward traffic from a specific source IP to another host, run the following command:
iptables -t nat -A PREROUTING -s 192.168.1.1 -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111
If you want to forward traffic from an entire network, modify the command as follows:
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 1111 -j DNAT --to-destination 2.2.2.2:1111
Step 3: Repeat as Needed
Do you need to add more servers to your proxy chains? If yes, you can repeat the mentioned process. But instead of those IP addresses and ports, you need to enter the new ones. You can add more servers if you need more privacy and security as it makes your chain longer.
Proxychains vs Proxychains-ng
The “ng” stands for "next generation”. So, proxychains-ng means and upgraded version of the original proxy chains. Actually, it is newer and upgraded so it has a better performance and works with more things.
It is an application for UNIX-based systems that tricks other programs into using proxies. It redirects their traffic, so instead of going directly to the website, it passes via the proxy first. It reroutes connections using proxy types such as SOCKS4a/5 or HTTP, but only TCP.
Simply said, proxychains-ng forces other applications to route their traffic through proxies by intercepting and redirecting connections started by those programs. While we may find a few reasons for using older versions, there are many use cases for proxychains-ng and they're considered the best choice for many purposes.
How to install Proxychains on Kali Linux?
Actually, proxychains-ng comes pre-installed on Kali Linux. If you want to check whether it’s installed or not, simply run the following command:
proxychains4
How to install Proxychains on Ubuntu
Unlike Kali, Proxychains isn’t pre-installed on Ubuntu. But don’t worry because the installation process is so easy. All you need to do is follow these steps:
- First, update your repositories by running:
sudo apt update -y
- Next, install Proxychains-ng with:
sudo apt install proxychains4
- To verify the installation, run:
proxychains4
How to install Proxychains on Windows?
So, as proxychains are originally built for Linux environments, it may be a little hard to install them on Windows. There are two options that you can try but both of them need a little technical knowledge and configuration. We’re going to mention how to install it on Windows but if you are unsure about any steps, you should refer to online tutorials or seek assistance from forums.
Important note: Proxy chains are not updated for Windows recently, and don’t expect them to provide the same level of anonymity as the Linux version.
To install:
- Download: Find the latest version of proxychains-windows from an online repository.
- Extract: Unzip the downloaded file to a folder of your choice.
- Run: Open a command prompt or terminal and navigate to the extracted folder.
- Execute: Type proxychains.exe and press Enter.
There is another alternative that you can try for Windows named Proxifier. It is reliable, offers various features, and can bypass firewalls. But it needs a one-time payment. To install it, follow these steps:
- Purchase: Buy a license for Proxifier from their official website.
- Download: Download the installer for your Windows version.
- Install: Follow the on-screen instructions to install the Proxifier.
- Configure: After installation, set up your proxy settings and other preferences within the Proxifier application.
Configuring Proxychains
Now, you learned how to install proxychains-ng on your Linux system. But after that, you need to configure it to use your desired proxy servers. In this part, we tell you how to do that:
- Use a text editor with root privileges to open the configuration file:
sudo nano /etc/proxychains4.conf
- Scroll to the bottom of the file and add your proxy servers in the following format:
<protocol> <IP> <port> [<username> <password>]
Replace like this:
- <protocol>: with the proxy protocol (e.g., socks5, http)
- <IP>: with the proxy's IP address
- <port>: with the proxy's port number
If the proxy requires authentication, include the <username> and <password>.
Example:
socks5 192.168.1.1 8080
http 127.0.0.1 8081
This configuration adds two proxies: a SOCKS5 proxy at 192.168.1.1:8080 and an HTTP proxy at 127.0.0.1:8081.
Save the Changes. To do that, press Ctrl+X, then Y, and then Enter to save the changes and exit the editor.
Testing Your Configuration
To test your configuration, run a command with proxychains prepended:
proxychains ping google.com
If the ping is successful, your proxychains configuration is working. You can then use proxychains with other commands to route traffic through your proxies.
Note: Always replace the placeholder IP addresses and ports with the actual addresses and ports of your proxy servers.
If you're using authentication, ensure the username and password are correct. You can add as many proxies as you need to your configuration file. Experiment with different proxy combinations and protocols to find the best setup for your needs.
Choosing Proxychains Modes
Proxychains offer several modes to control how proxies are used:
- Dynamic Chain: Uses proxies in order, skipping any that fail.
- Strict Chain: Proxies are used in the exact order specified, and if one fails, the connection is dropped.
- Round-Robin Chain: Cycles through proxies, balancing the load across them.
- Random Chain: Randomly selects proxies for each connection, increasing anonymity.
Ensure you uncomment the desired mode in the config file. For example, to use a random chain, uncomment:
random_chain
How to use Proxychains
After configuring proxy chains, you can use it to mask your IP address. To check your current IP, run:
curl ipinfo.io
Then, run the same command through Proxychains to verify it’s working:
proxychains4 curl ipinfo.io
Running Applications Through Proxychains
You can route any application through Proxychains by prepending the command with `proxychains4`. For example, to run Firefox:
proxychains4 firefox
Advanced Proxychains Features
In addition to basic usage of proxy chains, you can use advanced proxy chains features. Which include:
1. Proxy DNS Requests
To prevent DNS leaks and ensure that DNS queries go through the proxy chain, enable:
proxy_dns
2. Configuring Timeouts
Adjust TCP timeouts for better performance by modifying:
tcp_read_time_out <milliseconds>
tcp_connect_time_out <milliseconds>
Pivoting with Proxychains
Proxychains can be combined with pivoting tools like SSH to access internal networks. If you want to use SSH for pivoting, create a SOCKS proxy on the jump host:
ssh -f -N -D 9050 user@jumphost
Now, you can use Proxychains to interact with internal hosts. For example, to scan an internal host:
proxychains4 nmap -p 3389 10.0.0.129
Using Proxychains with Metasploit
You can also use Proxychains with Metasploit. After establishing a Meterpreter session, configure a SOCKS proxy for external tools:
use auxiliary/server/socks_proxy
Set the necessary options and start the proxy. Then, ensure the Proxychains config file is set to the same port used by Metasploit.
Using Tor with Proxychains
Proxychains works well with Tor for anonymous browsing. First, install and start Tor:
sudo apt install tor
sudo service tor start
Ensure Proxychains is configured to use Tor’s SOCKS proxy (default port 9050), then launch a browser through Proxychains to browse anonymously.
Considerations Tips for Proxychains
Now that you know what are proxy chains used for, you should know the consideration tips when using them, including:
- Regular Testing: Ensure proxies are functional, especially when using free lists.
- Geographic Diversity: Use proxies from various locations for increased anonymity.
- Tool Compatibility: Be aware that some tools (e.g., Nmap) might not function optimally due to connection delays.
VPN or Proxy Chain: Which Is the Right Choice for You?
Feature |
Proxy Chain |
VPN |
Accessibility |
More complex setup |
Easier to use |
Maintenance |
Requires more upkeep |
Less maintenance |
ISP Tracking |
Prevents ISP monitoring |
Prevents ISP monitoring |
Encryption |
Strong encryption |
Strong encryption |
Privacy |
Higher level of privacy |
Good privacy |
Flexibility |
Allows for easy switching between proxy servers |
Limited flexibility |
Integration |
Works well with various tools |
Works well with various tools |
Overall Choice |
Suitable for those prioritizing absolute privacy |
Generally a better option due to ease of use and security |
When you take a look at this table, you’ll understand each has its own benefits. Before choosing one, you should consider your needs. Both of them offer good privacy and security, but proxy chains act better in security. On the other hand, VPNs are easier to use and more accessible. However, if you value ultimate secrecy and are ready to devote more time to setup and maintenance, a proxy chain may be a better option.
Conclusion
For the highest level of security and privacy for surfing the online world, proxy chains are a powerful tool. Actually, setting it up is a little bit harder than VPNs so not any normal person can use them without a little technical knowledge. For people who want a normal level of privacy and normal purposes, VPNs are an easier and more accessible option. But for people who need advanced tools for privacy for doing more important things, proxy chains are a better choice. Now that you know what are proxy chains used for, you can bring them to your online world.
Hello, everyone, my name is Lisa. I'm a passionate electrical engineering student with a keen interest in technology. I'm fascinated by the intersection of engineering principles and technological advancements, and I'm eager to contribute to the field by applying my knowledge and skills to solve real-world problems.