Chain Proxy Servers
Proxy Chains – Proxifier
With Proxifier you can work through a chain of proxy servers. Connection to a remote host will be performed sequentially from one proxy server to another.
This mode can be useful when a remote host is only accessible through multiple proxies or when Proxifier is used to ensure a high level of anonymity.
When working through a proxy chain, keep in mind the following:
A chain can contain proxy servers of different types: SOCKS v4, SOCKS v5, HTTPS. If you use HTTP proxy it must be the last one in the chain.
If at least one proxy is not functioning, the entire chain will not work.
The total lag will be the sum of all lags at all proxy servers in the chain.
If the connection is broken at one proxy, the entire connection to the remote host is lost.
To create a chain of proxy servers, click Proxy Settings in the Profile menu and add two or more proxies. If the proxy chains area is not visible click the Proxy Chains… button and then click Create to create an empty chain. Now you can populate this chain with proxy servers from the list by drag-and-drop operation.
Connections between proxy servers will be established in the order they are displayed in the list (from top to bottom). You can change the order using the drag-and-drop operation on proxies within the chain. Uncheck a proxy to disable it.
To rename a chain left-click its label. Use the Remove button to remove a selected chain.
If a chain contains no proxies the connection will be made directly.
ProxyChains Tutorial – Linux Hint
There are a lot of “hackers” around the world, some are good, and some are evil. The evil, hack either for money, stealing or just for fun. They like to create havoc in the cyber world or spread malware. The good also could do hacking for money, but in the right way, such as taking part in a bug bounty program, help others to backup lost data, or learn what vulnerabilities exist to educate administrators, etc. What i mean by hacker here is not solely limited to whom are able to break into restricted access. They are an IT expert who has the capability to manage the company’s property security.
Hackers want to be anonymous and hard to be detected while doing their work. Tools can be used in order to hide the hacker’s identity from being exposed. VPN (Virtual Private Network), Proxyservers and RDP (Remote Desktop Protocol) are some of the tools to guard their identity.
In order to do penetration testing anonymously and decrease the possibility of identity detection, hackers need to use an intermediary machine whose IP address will be left on the target system. This can be done by using a proxy. A proxy or proxy server is a dedicated computer or software system running on a computer which acts as an intermediary between an end device, such as a computer and another server which a client is requesting any services from. By connecting to the Internet through proxies, the client IP address will not be shown but rather the IP of the proxy server. it can provide a client with more privacy then if simply connecting directly to the Internet.
In this article, i will discuss about a built-in anonymity service in Kali Linux and or others penetration testing based systems, it is Proxychains.
Support SOCKS5, SOCKS4, and HTTP CONNECT proxy servers.
Proxychains can be mixed up with a different proxy types in a list
Proxychains also supports any kinds of chaining option methods, like: random, which takes a random proxy in the list stored in a configuration file, or chaining proxies in the exact order list, different proxies are separated by a new line in a file. There is also a dynamic option, that lets Proxychains go through the live only proxies, it will exclude the dead or unreachable proxies, the dynamic option often called smart option.
Proxychains can be used with servers, like squid, sendmail, etc.
Proxychains is capable to do DNS resolving through proxy.
Proxychains can handle any TCP client application, ie., nmap, telnet.
Instead of running a penetration test tool, or creating multiple requests to any target directly using our IP, we can let Proxychains cover and handle the job. Add command “proxychains” for every job, that means we enable Proxychains service. For example, we want to scan available hosts and its ports in our network using Nmap using Proxychains the command should look like this:
proxychains nmap 192. 168. 1. 1/24
Lets take a minute to break up the syntax above:
– proxychains: tell our machine to run proxychains service
– nmap: what job proxychains to be covered
– 192. 1/24 or any arguments needed by certain job or tool, in this case is our scan range needed by Nmap to run the scan.
Wrap up, the syntax is simple, as it is only adds proxychains on start of every command. The rest after the proxychain command is the job and its arguments.
HOW TO USE PROXYCHAINS
Before we are using proxychains, we need to setup proxychains configuration file. We also need a list of proxy server. Proxychains configuration file located on /etc/
Open file in your desirable text editor and set up some configuration. Scroll down until you reach the bottom, at the end of file you will find:
# add proxy here…
# defaults set to &amp;amp;amp;amp;quot;tor&amp;amp;amp;amp;quot;
socks4 127. 0. 1 9050
By default proxychains directly sends the traffic first through our host at 127. 1 on port 9050 (the default Tor configuration). If you are using Tor, leave this as it is. If you are not using Tor, you will need to comment out this line.
Now, we need to add more proxies. There are free proxy servers on the Internet, you may look at Google for it or click this link Here I am using NordVPN free proxy service, as it has very detailed information on their web site as you see below.
Comment the default proxy for Tor if you are not using Tor then add the proxy on Proxychains config file, then save it. it should look like this:
DYNAMIC_CHAIN VS RANDOM_CHAIN
Dynamic chaining will enable us to run our traffic through every proxy on our list, and if one of the proxies is down or not responding, the dead proxies are skipped, it will automatically go to the next proxy in the list without throwing an error. Each connection will be done via chained proxies. All proxies will be chained in the order as they appear in the list. Activating dynamic chaining allows for greater anonymity and trouble-free hacking experience. To enable dynamic chaining, in the configuration file, uncomment “dynamic_chains” line.
Random chaining will allow proxychains to randomly choose IP addresses from our list and each time we use proxychains, the chain of proxy will look different to the target, making it harder to track our traffic from its source.
To activate random chaining comment out “dynamic chains” and uncomment “random chain”. Since we can only use one of these options at a time, make certain that you comment out the other options in this section before using proxychains.
You may also want to uncomment the line with “chain_len”. This option will determine how many of the IP addresses in your chain will be used in creating your random proxy chain.
Ok, now you know how hackers use proxychains to cover their identity and stay anonymous without worrying about being detected by target IDS or forensic investigators.
About the author
Hy, I am Bima, i am a Freelance Writer and Penetration Tester. Do you have any questions or sharable opportunities? Contact me personally on: dk3ferdiandoo [AT]
Tor vs. Proxies, Proxy Chains and VPNs – Whonix
Proxies are famous for “anonymity on demand”. Acting as an intermediary, proxy servers relay your traffic to the destination and send the answer back to you so that the destination server potentially only sees the proxy and not your IP address: 
Instead of connecting directly to a server that can fulfill a requested resource, such as a file or web page for example, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems.
There are two basic types of proxy server: 
Open proxies: these forward requests from and to anywhere on the Internet and are accessible by any Internet user. 
Anonymous proxies reveal their identity as a proxy server but do not disclose the client’s originating IP address.
Transparent proxies also reveal their identity as a proxy server, but the originating IP address is accessible due to factors such as the X-Forwarded-For HTTP header. The benefit of these proxies is the ability to cache websites for faster retrieval.
Reverse proxies: these connect the Internet to an internal network. Therefore, users making requests connect to the proxy and may not be aware of the internal network as the response is returned as if it came from the original server.
There are no known HTTP(S) or SOCKS4(a)/5 proxies that offer an encrypted connection between itself and the user. Therefore, the Internet Service Provider or any man-in-the-middle [archive] can see connection details, including the destination IP address. If the destination server is not using SSL/TLS, then the entire content of traffic is vulnerable as well.
As noted above, some open HTTP(S) proxies send the “HTTP forwarded for” header which discloses a user’s IP address. HTTP(S) proxies that do not send this header are sometimes called “elite” or “anonymous” proxies. There are no known legitimate and free public HTTP(S) or SOCKS4(a)/5 proxies.
The tables below briefly compare the features offered by proxies found on many proxy sharing websites with various anonymization services.
Table: Proxy Type Feature Comparison
Hides IP 
Table: Anonymization Service Feature Comparison
Premium only 
Proxies are highly susceptible to the misuse and theft of user data: many proxies (HTTP/HTTPS/SOCKS) are computers that have been hijacked by hackers or criminals, or are honeypots exclusively offered for the purpose of user observation. Even if they were legitimate, any single operator can decide to enable logging. In addition, some proxies automatically reveal the user’s IP address to the destination server.
At best, proxies only offer weak protection against destination website logging, and they offer no protection against third party eavesdropping. For these reasons their use is strongly discouraged.
This section compares the use of CGIproxies [archive] in Mozilla Firefox on the host without utilizing a platform like Whonix ™ or Tails. A CGI web proxy: … accepts target URLs using a Web form in the user’s browser window, processes the request, and returns the results to the user’s browser. Consequently, it can be used on a device or network that does not allow “true” proxy settings to be changed.
This means CGIproxies provide Internet pages with a form field in which the user can input the target address they wish to visit anonymously. The web proxy subsequently delivers the content of the requested website and automatically patches all links to use the web proxy when clicked. When using web proxy services the browser configuration does not need to be changed.
It is also important to note that CGIproxies can potentially only anonymize browser traffic and not the traffic of other applications; but to be fair, they do not claim more than anonymizing browser traffic.
To interpret the table below, refer the Wikipedia CGIProxy entry [archive] and the following legend.
Broken: The real IP address is revealed.
OK: no leak found.? : Untested and therefore unknown.
NI: Not installed by default.
DE: Deactivated even if installed.
RA: Recommended against by maintainers.
1 Encrypted connection to the CGI proxy (SSL/TLS) 2 or Tor exit relay.
2 Uses a proper SSL/TLS certificate recognized by certificate authorities.
Table: CGIproxies vs. Anonymization Software/Platforms
Software / Provider
NI DE RA OK
NI DE RA?
NI DE RA (Broken)
Broken (if allowed)*
Links to Software / Provider and Tests
In the following table, “(check manually)” means enter the test link manually in the browser.
click [archive] (check manually)
Tor Browser [archive]
webproxy USA [archive]
In comparison to Tor, CGIproxies are only one hop proxies. This means they know who is connecting and the details of the requested destination server resource. This makes CGIproxies far inferior to Tor because they could potentially read all transmissions, even if entering SSL/TLS protected domain names.
Due to these serious disadvantages, it is not worthwhile discussing other security features which have been canvassed in other wiki chapters comparing Whonix ™, Tails and Tor Browser (such as UTC timezone and fingerprinting).
Isn’t seven proxies (proxy chains) better than Tor with only three Hops?
Some readers might be familiar with the Internet meme: “Good luck, I’m behind 7 proxies”, which is sarcastic retort sometimes used when somebody threatens to report you to authorities, or claims they can identify your location. 
In short, multiple proxies used in combination are not more secure than Tor; many people are unaware of this fact. As outlined above, proxies are not very secure.
In contrast, the Tor design ensures the first hop (Tor relay) is unable to see the IP address of the last hop because it cannot decrypt the message for the second hop. If one hop can be trusted, then the connection is secure; see Which Tor node knows what? [archive],, How Tor Works [archive] and the onion design to learn more.
Quote The Tor Project, Aren’t 10 proxies (proxychains) better than Tor with only 3 hops? [archive]:
Proxychains is a program that sends your traffic through a series of open web proxies that you supply before sending it on to your final destination. Unlike Tor, proxychains does not encrypt the connections between each proxy server. An open proxy that wanted to monitor your connection could see all the other proxy servers you wanted to use between itself and your final destination, as well as the IP address that proxy hop received traffic from.
Because the Tor protocol requires encrypted relay-to-relay connections, not even a misbehaving relay can see the entire path of any Tor user.
While Tor relays are run by volunteers and checked periodically for suspicious behavior, many open proxies that can be found with a search engine are compromised machines, misconfigured private proxies not intended for public use, or honeypots set up to exploit users.
The information available to each of the three Tor relays is summarized below.
Table: Tor Node (Relay) Information Awareness 
Bridge Node/Entry Guard
Tor user’s IP/location
IP of bridge node or entry guard
Message for bridge node or entry guard
IP of middle node
Message for middle node
IP of exit node
Message for exit node
IP of destination server
Message for destination server
In comparison to Tor, proxies have serious weaknesses, even when SOCKS proxies or “elite”/”anonymous” proxies are utilized. Firstly, all connections between the user and all proxies in the chain are unencrypted. This holds true irrespective of the use of SSL/TLS. For demonstration purposes, assume a user is connecting to an SSL/TLS protected web server. In human terms, this is basic sketch of how the package for the first proxy in the proxy chain would appear:
Proxy1, please forward “forward to Proxy3; forward to Proxy4; forward to Proxy5; forward to [archive] ‘c8e8df895c2cae-some-garbage-here-(encrypted)-166bad027fdf15335b'” to Proxy2?
Notably, the actual transmission is safely encrypted and can only be decrypted by the HTTPS protected webserver, but every proxy will see its predecessor IP address and all successor IP addresses. There is simply no way to encrypt that information in an attempt to mirror Tor onion functions. The proxy protocols (HTTP(S), SOCKS4(a)/5) do not support encryption.
It is clear that proxy chains require trust to be placed in every successor proxy concerning the IP address. However, placing trust in open proxies is also misguided for the following reasons:
Most are a simple misconfiguration; the owners are not aware of the situation and did not intend on public access in the first place.
Many are compromised machines (worm infected).
Some are honeypots that engage in logging or active exploits (DNS spoofing, protocol spoofing, SSL/TLS spoofing).
Few are provided by generous people who only have good intentions in providing the best possible anonymity (similar to most Tor server administrators).
The above factors may not apply for proxy chains of SSH and/or encrypted VPN servers, but this has not been researched yet. Nevertheless, it is not possible to access numerous SSH and/or VPN servers for free (without hacking) and/or anonymous payment.
Overall, there are a number of serious security and anonymity risks in wholly relying on VPNs; objectively speaking, Tor is a far safer configuration.
Table: Tor vs. VPN Comparison
Even when a virtual or physical VPN-Gateway is used, browser fingerprinting problems means it is only pseudonymous rather than anonymous.
It is trivial to trick client applications behind a VPN to connect in the clear. 
Fail Open Risk
Most VPNs fail open and do not configure basic cryptography properly — if they even use a proper cipher at all. 
VPN software normally does not ensure that users have an uniform appearance on the Internet aside from common IP addresses; see Data Collection Techniques. By merging the data, this means users are distinguishable and easily identifiable.
Any local observer on the network (ISP, WLAN) can make estimates of websites requested over the VPN by simply analyzing the size and timing of the encrypted VPN data stream (Website Fingerprinting Attacks). In contrast, Tor is quite resilient against this attack; see footnote. 
Unlike Tor, VPN hosts can track and save every user action since they control all VPN servers. The administrators and anyone else who has access to their servers, either knowingly or unknowingly, will have access to this information.
Advertisements for double, triple or multi-hop VPNs are meaningless. Unless the user builds their own custom VPN chain by carefully choosing different VPN providers, operated by different companies, then they are fully trusting only one provider.
Some VPN providers require their proprietary closed source software to be used and do not provide an option for other reputable VPN software, such as OpenVPN.
Tor code is fully open source.
The fundamental design of VPN systems means they do not normally filter or replace the computer’s TCP packets. Therefore, unlike Tor they cannot protect against TCP timestamp attacks.
VPN providers only offer privacy by policy, while Tor offers privacy by design:
Any VPN provider can make claims they do not log activity, but this is unverifiable.
When using Tor, it is also unknown if any of the three hops is keeping logs. However, one malicious node will have less impact. The entry guard will not know where you are connecting to, thus it is not a fatal problem if they log. The exit relay will not know who you are, but can see any unencrypted traffic — this is only a problem if sensitive data is sent over this channel (which is unrecommended). Tor’s model is only broken in the unlikely (but not impossible) event that an adversary controls all three nodes in the circuit.  Tor distributes trust, while using VPN providers places all trust in the policy of one provider.
If VPN software is run directly on the same machine that also runs client software such as a web browser, then Active Web Contents can read the real IP address. This can be prevented by utilizing a virtual or physical VPN-Gateway or a router. However, be aware that active contents can still reveal a lot of data concerning the computer and network configuration.
VPN Server Security
The Snowden documents describe a successful Internet-wide campaign by advanced adversaries for covert access to VPN providers’ servers. 
Whether it is worth combining Tor with a VPN — either as pre-Tor-VPN (user → VPN → Tor) or as post-Tor-VPN (user → Tor → VPN) — is a controversial topic and discussed on the Tor plus VPN [archive] (w [archive]) page. If this configuration is preferred, it is easy to set up with Whonix ™; see Tunnel Support.
Criteria for Reviewing VPN Providers
place of incorporation
incorporation verifiable 
ownership / shareholders
usability votes, token system required
has a free service or limited use free service
accepts Bitcoin payments
accepts other anonymous cryptocurrency payments like Monero
accepts cash payments
anonymous sign-up allowed
sign-up does not require email address
VPN client software is Freedom Software
can be used with Freedom Software like OpenVPN
no log policy
third party audited
popularity in Whonix ™ forums
popularity in external VPN reviews
overall popularity online
known cases of malicious activity
long term track record
can be connected to by TCP
can be connected to by UDP
supports tunneling TCP
supports tunneling UDP
VPN with Remote Port Forwarding (for Hosting Location Hidden Services)
Freedom Software server source code
Tor and Proxies Comparison
This was originally posted by adrelanos (proper) to the TorifyHOWTO/proxy [archive] (w [archive]) (license [archive]) (w [archive]). Adrelanos didn’t surrender any copyrights and can therefore re-use it here. It is under the same license as the rest of the page.
Gratitude is expressed to JonDos [archive] for permission [archive] to use material from their website. (w [archive]) (w [archive])  The “Tor and Proxies Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym Other Services [archive] documentation page.
Whonix ™, Tails, Tor Browser and CGIproxies Comparison
Appreciation is expressed to JonDos [archive] (Permission [archive]). The “Whonix ™, Tails, Tor Browser and CGIproxies Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym documentation Other Services [archive] page.
Tor and Proxy Chains Comparison
This was originally posted by adrelanos (proper) to the TorFAQ [archive] (w [archive]) (license [archive]) (w [archive]). It is under the same license as the rest of the page.
Tor and VPN Services Comparison
Appreciation is expressed to JonDos [archive] (Permission [archive]). The “Tor and VPN services Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym documentation Other Services [archive] page.
↑ 1. 0 1. 1 [archive]
↑ Hundreds of thousands are suspected to be in operation.
↑ 3. 0 3. 1 3. 2 3. 3 Connection to the destination server, for example to the webserver.
↑ 4. 0 4. 1 Transparent TCP Port.
↑ These do not support the connect method (see below). Therefore connections to SSL/TLS protected websites are impossible.
↑ 7. 0 7. 1 This is true only when being used as proxy settings and not when used as a transparent proxy.
↑ 8. 0 8. 1 8. 2 8. 3 8. 4 8. 5 Depends on the proxy.
↑ The term HTTPS proxy is misleading because the connection to the proxy is not encrypted. The proxy additionally supports the connect method, which is required to access SSL/TLS protected websites and other services other than HTTP.
↑ 14. 0 14. 1 eepsites only. Connections to clearnet are only possible through outproxies (no SSL/TLS to the destination site).
↑ I2P End-to-end Transport Layer [archive] allows TCP- or UDP-like functionality on top of I2P.
↑ For a more detailed review of the JonDonym network, see: JonDonym.
↑ The SOCKS interface is only available to paying users.
↑ Tor can offer a SocksPort (SOCKS4(a)/5), DnsPort and TransPort. A third party HTTP/2 socks converter (privoxy [archive]) is available.
↑ Tor offers a SOCKS5 interface but the Tor software does not support UDP itself yet [archive]. Whonix ™ provides a limited workaround for using UDP anyway, in the most secure manner available; see Tunnel UDP over Tor.
↑ 23. 0 23. 1 [archive]
↑ A scientific article demonstrating the attack is found here [archive]; the success rates are over 90% for VPNs.
↑ Or if they are a global passive adversary capable of monitoring the traffic between all the computers in a network at the same time.
VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN [archive]
↑ Such as Companies House [archive] for the United Kingdom.
↑ Broken link: [archive]
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
We are looking for video makers to help create demonstration, promotional and conceptual videos or tutorials.
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why? )
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.