PenTesting through Proxy Chaining
Unlike tools such as Nmap, Nessus, and Metasploit which are the de-facto tools used in different phases of the penetration testing framework, proxychains is essential in its very unique ways – to provide anonymity when you perform fingerprinting, enumeration, and exploit.
Proxy chaining is a concept that allows an attacker to engineer his/her infiltrating traffics to pass through a number of proxies before reaching the target — making it difficult for incident investigators to attribute the offending traffic back to the original source.
There may be many other applications to tunnel your network traffics pass a no. of proxies:
Access the Internet from behind a restrictive firewall;
Access Intranets from outside through reverse proxy; etc.
proxychains is an (*NIX-based) open-source tool which allows TCP and DNS tunnelling through numerous proxies. It supports TOR, HTTP, SOCKS4, and SOCKS5 proxy servers, even allowing different proxy types to be mixed in the same chain.
proxychains In Action
I’m using a default installation of Backtrack 5 R3 and proxychains is installed by default. If you are using your own *NIX machine, proxychains can be installed either by obtaining its source or via Packaging Tool (e.g. apt-get install proxychains).
All configurations are performed in its configuration file located at /etc/proxychains.conf. There are just two places you need to pay attention to get proxychains up and running.
1st, choose how you want proxychains to operate – dynamic proxy chaining, strict proxy chaining, or random proxy chaining. Uncomment the technique you want proxychains to operate in.
2nd, scroll to the very end of the configuration file and add some proxies. You can use http://proxychains.net/ to search for proxies.
Using proxychains is easy:
Running nmap through proxychains:
I got my proxy list from http://www.xroxy.com/proxylist.htm.
Ethical Issues & Legality
In some jurisdiction, unauthorised port scanning is illegal. The best way to avoid controversy when using Nmap is to always get written authorisation from the target network representatives before initiating any scanning.
Shared by Emil Tan, Skipper & Co-Founder of Div0.