Wednesday 23 April 2014

Anonymizing yourself with Proxychains and TOR

Today I watched an excellent talk by Adrian Crenshaw on darknets and how they can be used to protect your privacy as well as leak information if not used correctly. The talk can be found at: http://www.youtube.com/watch?v=F3taxVjKCdY

I decided to learn how to use the TOR network to protect my privacy as well as run automated scans through the tor network. The first two things you need are Tor and Proxychains. I  believe these come pre-installed on Kali Linux but can be manually downloaded using the command "sudo apt-get install tor proxychains" if they are not already installed. 

The next step is to configure proxychains to use the tor network:
cd to /etc
open proxychains.conf in a text editor. Note you will have to open this as root. 
Uncomment the "dynamic chain" line and comment out the "strict chain" line. This will skip over any dead proxies along the way and continue until an online proxy is found. You also want to ensure proxy_dns is uncommented. This stops DNS leaks as explained in Adrians talk linked above.

 
Next you want to scroll right to the bottom of the file and add these lines:
socks4  127.0.0.1 9050
socks5 127.0.0.1 9050
localnet 127.0.0.1 000 255.255.255.255





This tells the chains to listen on your local ip and forward all traffic through port 9050 on socks4 and 5. (Tor port)
The localnet line tells the chains to ignore any connections connecting to your local host. This is required for things like connecting to local databases etc.

Save your config file and exit. The next step is to start the tor service with the command "sudo service tor start"

That is basically it. TOR is running in the background and proxychains can be called with any command to pipe it through tor. When you run any command with proxychains you should see a list output of the packets being sent through the chains. 

Example opening firefox and checking external IP:
proxychains firefox www.ipchicken.com



One last check should be to ensure there are no DNS leaks. This can be acheived by either monitoring wireshark for packets going to port 53 or simply going to http://dnsleaktest.com/ The IP should be the same as for your IP Chicken address. 


Most commands can be run through proxychains. 
Examples:
sudo proxychains nmap -sS <website>
sudo proxychains msfconsole
proxychains sqlmap -u <website>

In everycase you should always see the output of the chains as your packets leave your network. If you do not see this you are not using the TOR network.


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)