Proxychains Github
ProxyChains ver. 4.3.0 README – GitHub
ProxyChains is a UNIX program, that hooks network-related libc functions
in dynamically linked programs via a preloaded DLL and redirects the
connections through SOCKS4a/5 or HTTP proxies.
Warning
this program works only on dynamically linked programs.
also both proxychains and the program to call must use
the same dynamic linker (i. e. same libc)
Known limitations of the current version
when a process forks, does a DNS lookup in the child, and then uses
the ip in the parent, the corresponding ip mapping will not be found,
this is because the fork can’t write back into the parents mapping table.
IRSSI shows this behaviour, so you have to pass the resolved ip address
to it. (you can use the proxyresolv script (requires “dig”) to do so)
this means that you can’t currently use tor onion urls for irssi.
to solve this issue, an external data store (file, pipe, …) has to
manage the dns <→ ip mapping. of course there has to be proper locking.
shm_open, mkstemp, are possible candidates for a file based approach,
the other option is to spawn some kind of server process that manages the
map lookups. since connect() etc are hooked, this must not be a TCP server.
I am reluctant on doing this change, because the described behaviour
seems pretty idiotic (doing a fork only for a DNS lookup), and irssi
is currently the only known affected program.
Installation
Using release version
Proxychains-4. 3. 0 are available with pkgsrc to everyone using it on Linux,
NetBSD, FreeBSD, OpenBSD, DragonFlyBSD or Mac OS X. You just need to install
pkgsrc-wip repository and run
make install
in a wip/proxychains directory.
Installing on Mac OS X with homebrew
You can install current proxychains on Mac OS X with an homebrew. You have to
download unofficial homebrew formula from
to your BREW_HOME by default /usr/local/Library/Formula/ and run
$ brew install proxychains
Running Current Source code version
# needs a working C compiler, preferably gcc. /configure
make
sudo make install
Changelog
Version (4. x) removes the dnsresolver script which required a dynamically
linked "dig" binary to be present with remote DNS lookup.
this speeds up any operation involving DNS, as the old script had to use TCP.
additionally it allows to use urls when used with TOR.
also it removed the broken autoconf build system with a simple Makefile.
there’s a. /configure script though for convenience.
it also adds support for a config file passed via command line switches/
environment variables.
Version (3. x) introduces support for DNS resolving through proxy
it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
Auth-types
socks - "user/pass",
- "basic"
When to use it
When the only way to get "outside" from your LAN is through proxy server.
To get out from behind restrictive firewall which filters outgoing ports.
To use two (or more) proxies in chain:
like: your_host <--> proxy1 <--> proxy2 <--> target_host
To “proxify” some program with no proxy support built-in (like telnet)
Access intranet from outside via proxy.
To use DNS behind proxy.
Some cool features
This program can mix different proxy types in the same chain
like: your_host <-->socks5 <--> <--> socks4 <--> target_host
Different chaining options supported
random order from the list ( user defined length of chain).
exact order (as they appear in the list)
dynamic order (smart exclude dead proxies from chain)
You can use it with any TCP client application, even network scanners
yes, yes – you can make portscan via proxy (or chained proxies)
for example with Nmap scanner by fyodor ().
proxychains nmap -sT -PO -p 80 -iR (find some webservers through proxy)
You can use it with servers, like squid, sendmail, or whatever.
DNS resolving through proxy.
Configuration
proxychains looks for configuration in the following order:
SOCKS5 proxy port in environment variable ${PROXYCHAINS_SOCKS5}
(if set, no further configuration will be searched)
file listed in environment variable ${PROXYCHAINS_CONF_FILE} or
provided as a -f argument to proxychains script or binary.. /
$(HOME)/. proxychains/
/etc/
see more in /etc/
Usage Example
$ proxychains telnet
in this example it will run telnet through proxy(or chained proxies)
specified by
$ proxychains -f /etc/
in this example it will use different configuration file then
to connect to host.
$ proxyresolv
in this example it will resolve through proxy(or chained proxies)
Usage Example:
$ ssh -fN -D 4321
$ PROXYCHAINS_SOCKS5=4321 proxychains zsh
in this example, it will run a shell with all traffic proxied through
OpenSSH’s “dynamic proxy” (SOCKS5 proxy) on localhost port 4321.
$ export PROXY_DNS_SERVER=8. 8. 8
in this example, it will telnet to using the 8. 8
nameserver supplied by the user through the PROXY_DNS_SERVER
rofl0r/proxychains-ng – GitHub
ProxyChains-NG ver 4. 15 README
=============================
ProxyChains is a UNIX program, that hooks network-related libc functions
in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
and redirects the connections through SOCKS4a/5 or HTTP proxies.
It supports TCP only (no UDP/ICMP etc).
The way it works is basically a HACK; so it is possible that it doesn’t
work with your program, especially when it’s a script, or starts
numerous processes like background daemons or uses dlopen() to load
“modules” (bug in glibc dynlinker).
It should work with simple compiled (C/C++) dynamically linked programs
though.
If your program doesn’t work with proxychains, consider using an
iptables based solution instead; this is much more robust.
Supported Platforms: Linux, BSD, Mac, Haiku.
*********** ATTENTION ***********
this program can be used to circumvent censorship.
doing so can be VERY DANGEROUS in certain countries.
ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
BEFORE USING IT FOR ANYTHING SERIOUS.
this involves both the program and the proxy that you’re going to
use.
for example, you can connect to some “what is my ip” service
like to make sure that it’s not using your real ip.
ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU’RE DOING.
THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY
RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND
THE RESULTING CONSEQUENCES.
*** Installation ***
# needs a working C compiler, preferably gcc. /configure –prefix=/usr –sysconfdir=/etc
make
[optional] sudo make install
[optional] sudo make install-config (installs)
if you dont install, you can use proxychains from the build directory
like this:. /proxychains4 -f src/ telnet 80
Changelog:
———-
Version 4. 15
– fix configure script for buggy binutils version
– initialize rand_seed with nano-second granularity
– add support for numeric ipv6 in getaddrinfo
– fix bug in getaddrinfo when node is null and! passive
– add dnat feature
– add raw proxy type
– add haiku support
– add proxy_dns_old to emulate proxychains 3. 1 behaviour
– add new proxy_dns_daemon feature (experimental)
– various other fixes
Version 4. 14
– allow alternative protouser:pass@ip:port syntax for proxylist
– fix endless loop in round robin mode when all proxies are down (#147)
– fix compilation on android (#265)
– fix fd leak in forked processes (#273)
– skip connection attempt to nullrouted ips
– allow hostnames for proxylist under specific circumstances
Version 4. 13
– fix robustness of DNS lookup thread and a segfault
– fix socks5 user/pass auth on non-conforming servers
– fix memory leak
– add support for Solaris
Version 4. 12
– fix several build issues
– for MAC
– with -pie
– with custom CC
– compatibility fix for some GUI apps (8870140)
– compatibility fix for some HTTP proxies (cf9a16d)
– fix several warnings for cleaner build on debian
– fix random_chain on OSX (0f6b226)
Version 4. 11
– preliminary IPv6 support
– fixed bug in hostsreader
– preliminary support for usage on OpenBSD (caveat emptor)
Version 4. 10
– fix regression in linking order with custom LDFLAGS
– fix segfault in DNS mapping code in programs with > ~400 different lookups
Version 4. 9
– fix a security issue CVE-2015-3887
– add sendto hook to handle MSG_FASTOPEN flag
– replace problematic hostentdb with hostsreader
– fix compilation on OpenBSD (although doesn’t work there)
Version 4. 8. 1:
– fix regression in 4. 8 install-config Makefile target
Version 4. 8:
– fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
to test for a numeric ip instead of resolving it (fixes nmap).
– allow usage with programs that rely on LD_PRELOAD themselves
– reject wrong entries in config file
– print version number on startup
Version 4. 7:
– new round_robin chaintype by crass.
– fix bug with lazy allocation when GCC constructor was not used.
– new configure flag –fat-binary to create a “fat” binary/library on OS X
– return EBADF rather than EINTR in close hook.
it’s legal for a program to retry close() calls when they receive
EINTR, which could cause an infinite loop, as seen in chromium.
Version 4. 6:
– some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
used as proxy server address.
Version 4. 5:
– hook close() to prevent OpenSSH from messing with internal infrastructure.
this caused ssh client to segfault when proxified.
Version 4. 4:
– FreeBSD port
– fixes some installation issues on Debian and Mac.
Version 4. 3:
– fixes programs that do dns-lookups in child processes (fork()ed),
like irssi. to achieve this, support for compilation without pthreads
was sacrified.
– fixes thread safety for gethostent() calls.
– improved DNS handling speed, since hostent db is cached.
Version 4. 2:
– fixes compilation issues with ubuntu 12. 04 toolchain
– fixes segfault in rare codepath
Version 4. 1
– support for mac os x (all archs)
– all internal functions are threadsafe when compiled with -DTHREAD_SAFE
(default).
Version 4. 0
– replaced dnsresolver script (which required a dynamically linked “dig”
binary to be present) with remote DNS lookup.
this speeds up any operation involving DNS, as the old script had to use TCP.
additionally it allows to use urls when used with TOR.
– removed broken autoconf build system with a simple Makefile.
there’s a. /configure script though for convenience.
it also adds support for a config file passed via command line switches/
environment variables.
Version 3. 0
– support for DNS resolving through proxy
supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
Auth-types: socks – “user/pass”, – “basic”.
When to use it?
1) When the only way to get “outside” from your LAN is through proxy server.
2) To get out from behind restrictive firewall which filters outgoing ports.
3) To use two (or more) proxies in chain:
like: your_host <--> proxy1 <--> proxy2 <--> target_host
4) To “proxify” some program with no proxy support built-in (like telnet)
5) Access intranet from outside via proxy.
6) To use DNS behind proxy.
7) To access hidden tor onion services.
Some cool features:
* This program can mix different proxy types in the same chain
like: your_host <-->socks5 <--> <--> socks4 <--> target_host
* Different chaining options supported
random order from the list ( user defined length of chain).
exact order (as they appear in the list)
dynamic order (smart exclude dead proxies from chain)
* You can use it with most TCP client applications, possibly even network
scanners, as long as they use standard libc functionality.
pcap based scanning does not work.
* You can use it with servers, like squid, sendmail, or whatever.
* DNS resolving through proxy.
Configuration:
————–
proxychains looks for config file in following order:
1) file listed in environment variable PROXYCHAINS_CONF_FILE or
provided as a -f argument to proxychains script or binary.
2). /
3) $(HOME)/. proxychains/
4) $(sysconfdir)/ **
** usually /etc/
Usage Example:
$ proxychains telnet
in this example it will run telnet through proxy(or chained proxies)
specified by
$ proxychains -f /etc/ telnet
in this example it will use different configuration file then
to connect to host.
$ proxyresolv
in this example it will resolve through proxy(or chained proxies)
Known Problems:
—————
– newer versions of nmap try to determine the network interface to use
even if it’s not needed (like when doing simple syn scans which use the
standard POSIX socket API. this results in errors when proxychains hands
out an ip address to a reserved address space.
possible workarounds: disable proxy_dns, use a numeric ip, or use nmap’s
native support for SOCKS proxies.
– Mac OS X 10. 11 (El Capitan) ships with a new security feature called SIP
that prevents hooking of system apps.
workarounds are to partially disable SIP by issuing
csrutil enable –without debug in recovery mode,
or to copy the system binary into the home directory and run it from there.
see github issue #78 for details.
– the glibc dynlinker has a bug or security feature that inhibits dlopen()ed
modules from being subject to the same dlsym hooks as installed for the main
program. this mainly affects scripting languages such as perl or python
that heavily rely on dlopen() for modules written in C to work.
there are unconfirmed reports that it works as root though.
musl libc is unaffected from the bug.
Community:
#proxychains on
Donations:
bitcoins donations are welcome – please send to this address:
1C9LBpuy56veBqw5N33sZMoZW8mwCw3tPh
proxychains/proxychains.conf at master · haad/proxychains
Permalink
Cannot retrieve contributors at this time
# VER 4
#
# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#dynamic_chain
# Dynamic – Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
strict_chain
# Strict – Each connection will be done via chained proxies
# all proxies must be online to play in chain
#random_chain
# Random – Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list.
# this option is good to test your IDS:)
# Make sense only if random_chain
#chain_len = 2
# Quiet mode (no output from library)
#quiet_mode
# Proxy DNS requests – no leak for DNS data
proxy_dns
# set the class A subnet number to usefor use of the internal remote DNS mapping
# we use the reserved 224. x. x range by default,
# if the proxified app does a DNS request, we will return an IP from that range.
# on further accesses to this ip we will send the saved DNS name to the proxy.
# in case some control-freak app checks the returned ip, and denies to
# connect, you can use another subnet, e. g. 10. x or 127. x.
# of course you should make sure that the proxified app does not need
# *real* access to this subnet.
# i. e. dont use the same subnet then in the localnet section
#remote_dns_subnet 127
#remote_dns_subnet 10
remote_dns_subnet 224
# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000
# By default enable localnet for loopback address ranges
# RFC5735 Loopback address range
localnet 127. 0. 0/255. 0
# RFC1918 Private Address Ranges
# localnet 10. 0
# localnet 172. 16. 240. 0
# localnet 192. 168. 255. 0
# Example for localnet exclusion
## Exclude connections to 192. 1. 0/24 with port 80
# localnet 192. 0:80/255. 0
## Exclude connections to 192. 100. 0/24
# localnet 192. 0
## Exclude connections to ANYwhere with port 80
# localnet 0. 0:80/0. 0
### Examples for dnat
## Trying to proxy connections to destinations which are dnatted,
## will result in proxying connections to the new given destinations.
## Whenever I connect to 1. 1 on port 1234 actually connect to 1. 2 on port 443
# dnat 1. 1:1234 1. 2:443
## Whenever I connect to 1. 1 on port 443 actually connect to 1. 2 on port 443
## (no need to write:443 again)
# dnat 1. 2:443 1. 2
## No matter what port I connect to on 1. 1 port actually connect to 1. 1 1. 2:443
## Always, instead of connecting to 1. 1, connect to 1. 2
# dnat 1. 2
# ProxyList format
# type host port [user pass]
# (values separated by ‘tab’ or ‘blank’)
# Examples:
# socks5 192. 67. 78 1080 lamer secret
# 192. 89. 3 8080 justu hidden
# socks4 192. 49 1080
# 192. 39. 93 8080
# proxy types:, socks4, socks5, raw
# * raw: The traffic is simply forwarded to the proxy without modification.
# ( auth types supported: “basic”- “user/pass”-socks)
[ProxyList]
# add proxy here…
# meanwhile
# defaults set to “tor”
socks4 127. 1 9050
Frequently Asked Questions about proxychains github
What is the difference between Proxychains and VPN?
Therefore, a VPN is essentially a piece of software which helps you connect to a proxy server. The only difference is the amount of encryption and protection between you and outside servers. While a proxy will simply prevent third parties from being able to accurately trace where your traffic is coming from.
What does proxychains do?
ProxyChains is a tool that forces any TCP connection made by any given application to go through proxies like TOR or any other SOCKS4, SOCKS5 or HTTP proxies. … Essentially, you can use ProxyChains to run any program through a proxy server.Mar 15, 2020
Can you use Proxychains on Windows?
Proxychains.exe – Proxychains for Windows. Proxychains.exe is a proxifier for Win32(Windows) or Cygwin/Msys2 programs. It hijacks most of the Win32 or Cygwin programs’ TCP connection, making them through one or more SOCKS5 proxy(ies).Jun 14, 2020
