Posted on

Learn Ethical Hacking Episode #19: Staying Anonymous with ProxyChains (Part 3)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will be importing custom chains of proxies. Now I have done literally no prep work for this, deliberately, because I want to see if I
encounter any problems by doing this the first time around on Kali Linux. If I happen to come across any problems, I want to resolve them here together with you because chances are that you will encounter them as well. But, I don’t predict any unsolvable problems here, this should be fairly straightforward.

Let’s just go and type in free sock5 proxies and see if we can find any for ourselves. So, here have Socks proxies – free socks5 and socks4 proxy lists. Let’s see what this website has to offer. So we have a lot of things here that we can use anonymously. I suppose they all claim that they’re anonymous, but that’s very questionable. Generally, you want to be using proxies in countries that have a good reputation for not sharing your private browsing information. So, the countries that do have a good reputation with that, well China doesn’t share much with anybody else. Russia doesn’t share much data either. If they have the Netherlands here that would be awesome, because the Netherlands have fantastic privacy policies in terms of information, in terms of personal user information, and Germany is also not bad. Those are some of the countries which you can use that are fantastic in terms of privacy. They will not share your traffic with pretty much anyone, or so they claim. Who will you trust? That is completely up to you. Again, it doesn’t really matter that much for the sake of this tutorial series, because all of the work that we will be doing here is white hat, and all of it is legal. So, you can use any of these to simulate a real attack. Even if you can reverse tracks and find yourself it’s still okay, as long as you are using some sort of a proxy to give real-time circumstances, and encounter real time problems. Also, to circumvent firewalls and so on, if you want to use Netflix, or something like that, you will need a proxy in the United States. However, a proxy wouldn’t suffice due to the slow speeds, rather you will need a VPN.

Anyway, without further ado, you have the IP address here which we will need, you have a port number here, we won’t need this, we will need this, and we will need a version. Let’s see if there are any any proxies from the Netherlands. No, the Netherlands is not even listed here. Let’s go ahead and select the first five from the list. So I need to copy this, open up my terminal, and let’s arrange the windows to make copy/pasting convenient. There we go. Let’s grab the Firefox browser and just expand it accordingly. So I now have all of the information that I need. I have the port number, version, and the IP address. Let me clear the terminal, nano/etc/proxychain.conf, make sure that dynamic is selected and everything else is commented out. Go ahead and scroll down to the bottom, and let’s get started. Now we need to specify our proxychains. Anything special that we need to know here? No. Type in the host port, user values, nope, doesn’t specify anything special. Let’s go ahead and type in socks5. Let me confirm that this first one is socks5, yep, it is socks5, and paste the IP address. Let’s just go ahead and add tabs here to be on the safe side, so that it all is neatly done and sorted. So, it’s 33169, press ENTER, so socks5, tab, what is the next one? The next one is 9480. Paste it, tab, and the port number is 1080. Let’s add the next one, no this one is actually socks4, and the next one is actually socks5. As you can see, it’s a fairly simple process. I mean, there’s nothing really special that you need to do here, just create a list of proxies which we will end up using. I can assure you that most likely half of these proxies do not work. Not because I can see some information here on the screen that you can’t, but because I have experience with such proxies, and they generally do not tend to work. But, enough of them work for you to be able to anonymize yourself to a good extent. So the next one is 1806, and 0. Make sure you get the ports right. If you put in the wrong port your connections will be dropped by default for that IP address, and you’ll think that the proxy is malfunctioning when it’s not. It’s just you typing in the wrong port. So, again, we have socks5, an IP address here. What is the port number? 1080 again. You will see that some port numbers have been standardized, and they are just repeating, so you don’t need to do that much thinking there. Press Enter. Now I can save save the file, excellent! Okay, so, let’s exit nano.

Let’s go ahead and expand our beloved terminal, the holy grail of power, and type in pretty much the same thing as we typed in the previous tutorials, proxychains Firefox www.duckduckgo.com. Keep in mind you can type in any URL here, and as long as it’s valid it will open it. So let’s just go ahead and see what happens. Press Enter…nothing, literally nothing. What happened? It didn’t start proxychains. Why not? Well, you need to close the browser first, and we unfortunately had this list open that continuously keeps changing as well. That’s a problem, because you cannot have Firefox open and then start it again through proxychains. You need to close it completely, make sure that it is completely closed, I can see nothing in my working menu down there, and let’s try again. Same thing. See, now it’s taking a bit longer. As soon as you see that something flies through with proxychains, you know that something is wrong because there is no way it’s going to be fast. So what do we got here? Timed out, timed out, again we have timeouts, and it’s a dynamic chain so it’s trying to go through all of them, but it’s skipping those that are not functional. When I was first getting started I was like, I’m going to use 50 proxies, and I’m going to be completely anonymous. No, I wasn’t even able to load the most basic of sites, or issue even the most basic of requests with that. You need to keep it low, in terms of proxies, depending on their speed. So, hopefully one of them is going to pass, and one of them is going to work. This is one way of troubleshooting, another way is just looking at the screen and see what’s happening here. So, I’m just waiting for at least one of them, yes, there we go. One of them said, okay, but it needs to go through and try all of the other proxies in our chain. Hopefully, it’s not going to take too much time. So we have all of these timeouts, and only one of them was confirmed as being functional. Which proxy was okay? DNS response duckduckgo.com, there we go. It should be open now, no it is not. This was just a DNS response. Okay, it’s formulating a request again through a different series. Come on, please succeed…excellent! This one didn’t succeed, well, now it has. DNS response is DuckDuckGo.com is 50.18.192.250. Has it opened? No, it has not. Okay, we must wait a bit longer, and this is the sad reality of using free proxies. If I had confirmed that these proxies were functional prior to recording this tutorial it would have made this much simpler, but I just wanted to make a point here and show you that you’re not going to get very far using a lot of free proxies. Imagine scanning a hundred hosts using proxychains like this, and this would be the amount of time that it would take to even load a basic web site. Imagine how long a scan would take. It would take practically forever. Okay, finally it is requesting information on port 443. As you can see, all of the above communication was attempting to get a response from a DNS server. This is how much information has been processed before we even started to load duckduckgo.com. As you can see by the port names, it’s 53, the 53 is our DNS port. If we go down below, you can see that finally I’m looking for port 443 somewhere around here. I swear I saw it a moment ago. 1080, that’s a proxy port, this is a proxy port as well, 53 again, DNS resolution port, yes, there we go, 443 has begun here. It’s still loading it. I wonder if it has opened it? Yes, there we go. It is up and running, and the site is functional, but it has taken us a lot of time to open it using free proxies. I would recommend sticking to two or three at max and it should work, and stick with the ones that have the best grades, reviews, and so on. Stick with the ones that have the greatest up-time as well. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato