Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

PenTesting through Proxy Chaining

11 Aug 2013

I spent a tiny bit of my time over the weekend playing with a tool packaged in my default Backtrack 5 R3 machine – proxychains. proxychains is also part of the Kali Linux toolkit.


Unlike tools such as Nmap, Nessus, and Metasploit which are the de facto tools used in different phases of the penetration testing framework, proxychains is essential in its very unique ways – to provide anonymity when you perform fingerprinting, enumeration, and exploit.


Proxy chaining is a concept such that an attacker engineers his/her infiltrating traffics to pass through a number of proxies before reaching the target; making it difficult for incident investigators to attribute the offending traffic back to the original source.


Proxy chaining is not a concept uniquely to such scenario mentioned above. There may be many other reasons to tunnel your network traffics pass a number of proxies:

  • Access the Internet from behind a restrictive firewall;

  • Access Intranets from outside through reverse proxy; etc.


proxychains is an (*NIX-based) open source tool which allow TCP and DNS tunnelling through numerous proxies. It supports TOR, HTTP, SOCKS4, and SOCKS5 proxy servers, even allowing different proxy types to be mixed in the same chain.

I’m using a default installation of Backtrack 5 R3, proxychains is installed by default. If you are using your own *NIX machine, proxychains can be installed either by obtaining its source or via Packaging Tool (e.g. apt-get install proxychains).


All configurations are to be performed in its configuration file located at /etc/proxychains.conf. There are just two places you need to pay attention to get proxychains up and running.


First, choose how you want proxychains to operate – dynamic proxy chaining, strict proxy chaining, or random proxy chaining. Uncomment the technique you want proxychains to operate in.

Next, scroll to the very end of the configuration file and add some proxies. You can use http://proxychains.net/ to search for proxies.


Using proxychains is easy:

Here’s a screenshot of running nmap through proxychains:

I got my proxy list from http://www.xroxy.com/proxylist.htm.

Ethical Issues and Legality

In some jurisdiction, unauthorised port scanning is illegal. The best way to avoid controversy when using Nmap is to always get written authorisation from the target network representatives before initiating any scanning.

Reference: ProxyChains + Tor Backtrack 5 R3 Tutorial


Share on Facebook
Share on Twitter
Please reload


September 5, 2017

Please reload

Please reload

RSS Feed