Posted on

Learn Ethical Hacking Episode #18: Staying Anonymous with ProxyChains (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m just going to pick off from where I left off in the previous one.

As I said before, you have a type of proxy here, and you always want to be using socks5. You don’t want to be using HTTP because it isn’t a very secure protocol, and socks4 doesn’t support very many options. Anyway, this is the IP address of the proxy server, we will enter a few of them manually later on, and this here is the port number on which the proxy server is listening, the port that is open. Over here, these two words, now what some proxy servers, especially paid ones, will always have is a username and a password. You can type them here in plain text, unfortunately, but it is assumed that only you, and you alone, have access to this computer. Besides, not everyone can read this file. So if you type in the username and password here, you will gain access to a certain proxy that you have chosen. These are just examples. We won’t actually be using these proxies. We need to go down below, and here is the end of the file. So if I press ENTER a couple of times, there we go. There is only one proxy active at the moment, it’s socks4, and all traffic is being routed through there. Now tor by default listens on this port, and our connections will be going through tor now, but just in case I want to add socks, and you should really do this, socks5, press tab, and type in exactly the same IP address. By the way, this 127.0.0.1 is the loopback address of your computer. This is for inter device communication. If you ping this address, you’re pinging yourself, basically, and usually people ping this address in order to make sure that the IP protocol is set up correctly. So, let’s just type in 127.0.0.1, same port number, space here, no tabs, 9050. There we go. Press Ctrl + O to save the file, press ENTER, and by the way you don’t need to use Nano to edit this file. You can also use VI or some other text editor in order to edit it. I like using nano. It’s practical and it’s fairly simple. It’s much simpler than VI. I know how to use VI as well but it’s a bit more complicated, so I prefer to keep it out of the tutorials. Anyway, press Ctrl + O to save. It doesn’t hurt to save the file as many times as you like, and then press Ctrl + X to exit. There we go. Now we have the file saved. Clear the screen. You always want to make sure that you are working in a very neat environment. Then go ahead and type in service tor status to see if tor is running. Tor is not running so it gives you an answer, and what we want is to start tor up. So service tor start, press ENTER, there we go. Now the tor service has started, and it is up and running.

So the next thing that we need to do is use proxychains in combination with tor, and in combination with our internet browser, in order to be able to access a third party in order to verify that all of is working properly, and that we are anonymous. A lot of people do the configuration, and they type in service tor start, and that’s it. They don’t verify these settings. They start to scan and what happens? Of course, they get detected because they most likely misconfigured something. What you want to do is go ahead and type in proxychains, so proxychains. Remember, we do not want to browse the Internet as a root user. We’re just going to use it to verify our proxychains settings, and then I’m going to close the web browser. So, I’m only using it for that purpose. We will use proxychains later on for a different purpose, for scanning, and so on and so forth, and then we can use it as root. But, it’s not a good idea for web browsing, for security reasons. Anyway, proxychains and then type in Firefox, or you can type in your preferred web browser. I think Firefox works the best with proxychains since that is the default browser of Kali Linux. Even though it says iceweasel, it’s Firefox, trust me. So type in proxychains Firefox, and we can type in the web site that we wish to visit. So, let’s just type in www.duckduckgo.com. Now duckduckgo is a search engine that also helps to anonymize you. You will have a far greater extent of anonymity than you do when using Google, or an equivalent popular search engine, as they record your traffic, they record your IP addresses, and that can be problematic in itself, especially when you’re doing some sort of footprinting. You do not want to be recorded anywhere. Anyway, let’s just go ahead and press enter, and the web browser is loading. You can see that the loading time is definitely not the fastest, it’s a bit slow, but it has loaded it up. We will just go ahead back to our terminal and see, excellent, so you see that the link has been established here. There are some problems as it says denied somewhere, but that’s OK. You’re bound to encounter errors here, especially when you’re using custom chains. You will see that there will be more error messages than there will be okay messages. But, believe it or not, the connection still manages to pass through somehow and still manages the function in spite of that. Anyway, I’ll just go back and open up our web browser once again, and just type in check for DNS leaks, and press Enter. Okay, so DNS leak test, excellent! Let’s go ahead and click on this one and see what happens. Hello, this is my public IP address now, 217.13.197.5, and it says that I am from Germany. I assure you that I am not from Germany. If you wish to to verify all of this you can open up a new terminal and type in service tor stop, and then open up your regular web browser without the proxychains command, do the same test again, and you will see that you will get a completely different IP address, which will be your real IP address. Anyway, it says hello, this is me from Germany. I’m going to perform a standard test, I’m not going to do an extended test, it’s the same thing for the most part. This one does more rounds but you get the same information, more or less. So it goes query one, excellent! This is my DNS, this is my ISP provider. So look this is what they have concluded in regards to my DNS: it’s level 3 communications, and it says the country is the United States. This makes no sense whatsoever, so I am anonymous now. I can’t be detected, which is a very good thing to have indeed.

This IP address will change from time to time. Let me just copy it, and I am going to go ahead and show you that it actually does change. So, accessories, I’m pretty sure there is a text editor here, excellent! So I’m just going paste this IP address, and now what I’m going to do is go ahead and close this browser. I don’t need this, so service tor stop, it’s stopping it, service tor start, it’s starting it. So, you don’t need to actually write start/stop, you can also do service tor restart, and it’s going to do the whole process for you. So you can save a little bit of time there. Let’s just repeat the process. I’m going to go ahead and type in proxychains Firefox, and I will request the same search engine as well. Will it open? Now don’t be discouraged if it doesn’t open it straight away. If it says you don’t have connectivity, or the website is not available, just try typing in the service tor restart command a couple of times until you get it. Sometimes certain IP addresses are blocked and you need to be assigned the one that is not, so don’t immediately jump to a conclusion. Just try resetting it a couple of times and you will resolve the problem. A different IP address will be assigned to you each time. Anyway, let’s just go ahead and type in check for DNS leaks, press Enter, and here we go. I’m just going use the same website, dnsleaktest.com, that’s the name of it, excellent! So you see now I don’t even need to compare the IP, obviously it’s different. So this one is 217.13, this one is 91.109, so completely different IP address here, and from a completely different place. Now it says that I am from the United Kingdom, apparently somewhere in London. I’ll go ahead and issue a standard test to see what sort of resolutions I get here. This might take a while, that’s why I’m doing the standard test, this one was a bit slower. It depends on how far away the servers are. I suppose I’m a bit closer to Germany than I am to United Kingdom. I suppose this depends on the speed of the server’s as well. Anyway, you can see my DNS resolutions here, it’s level 3 communications, again. Yeah, I am completely anonymous with this. I am unlikely to be detected by pretty much anything.

If you wanted to, for example, use proxychains with nmap, I’m not going to go into great detail now, I will show you this when we get to the nmap section, but before we do we can see some verbose output here on how this is actually functioning. So, there are certain domains which are being contacted, you can see pretty much everything that is going on here. It isn’t a bad idea to sometimes go through this sort of information, especially if you do not have connectivity, or if you wish to better understand exactly where your traffic going, where it is passing through, and how is it spinning around. Anyway, let’s just go ahead and clear the screen and use, let’s say, proxychains nmap, and this is all that you would need to do in order to route all of nmaps traffic through proxychains. This is pretty much true for any application. Just invoke the application as you would, so normal nmap invocation would be nmap, and then some IP address here, and then a port number here, and some arguments as well to go along with it. But instead of just typing it like that, you can use proxychains and hide yourself. How would you invoke a browser on a regular basis? You would type in Firefox, press enter, and that would of course open up a Firefox browser. So, any application that you can start through your terminal, and you can start all of them through your terminal, just type in proxychains in front of it, and all the network information generated by that application will be routed through proxychains. Now will it use a preset of proxies or will it use tor? That is up to how you have configured it. There will be a part three to this chapter. I will show you how you can import custom chains of proxies, and how you can use those proxies to access things on the net, or to hide your activity behind them. In any case, I bid you farewell, and I thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato