How to Use Proxychains 2024 (Kali, Linux & Windows)

Proxychains

Are you looking to remain anonymous online or bypass geographical restrictions? Are you searching for information on how to pivot with proxychains?  Well, you’ve come to the right place.

In this article, we’ll explain proxychains, its use cases, how to install it on Kali and Ubuntu, and whether you can use it on Windows. 

We’ll walk through configuring it and how to use it to pivot via SSH and Metasploit and show you some of its advanced features.

You’ll learn how to use it with Tor, and finally, we’ll discuss any considerations you should be aware of before using it. 

Let's begin if you’re ready to embark on this proxychains journey.

What Are Proxychains?

Before we discuss proxychains, let’s quickly discuss what a proxy is.

What Is a Proxy?

A proxy is an intermediate server that acts as a gateway between you and the internet. 

How a Proxy Server Works

Let’s take an example of visiting google.com. Instead of sending packets directly to Google’s server, you first send them to the proxy, which then forwards them to Google. When Google replies, it sends the packets to the proxy, and the proxy forwards them back to you. 

In this way, the Google server thinks the conversation is happening between it and the proxy server, hiding your communication and IP address. 

This not only hides your IP address, allowing you to remain anonymous, but it can also serve other purposes, such as avoiding geo-restrictions.

Remember that the proxy server acts as a middleman. The destination server sees the proxy's information instead of yours, providing you with privacy and security.

So, What Are Proxychains?

Proxychains build upon the proxy example above. Instead of using only one proxy server, proxychains chain several servers, hence the term. 

So your traffic would go from your machine to the first proxy server, and then you’d proxy yourself into a second server, and so on, until you reach your final destination, wherever that may be. 

Chained Proxy Servers

These proxychains are an excellent way to remain anonymous online as they route your internet traffic through multiple proxy servers, making it difficult to trace back to your original IP address. 

Benefits include integration with Tor, SOCKS, and HTTP proxies, which allow for increased flexibility and security when browsing the Internet. 

Additionally, proxychains can be easily configured to work with applications like Nmap, SQLmap, etc. 

Use Cases for Proxychains

Now that you understand proxychains, let’s discuss their use cases. Proxychains are often used while penetration testing or red teaming to obfuscate the origin of traffic and make it appear as though it’s coming from a different location or IP address. 

By creating a chain of proxies, including the compromised system(s), red teamers can further obfuscate their movements within the network, making them harder to detect.

Additionally, it's possible to circumvent blocks put in place by the blue team by using proxy chains to bypass a restrictive firewall and access resources. This can be particularly useful for conducting reconnaissance or exfiltrating data without being detected. 

Another use of proxychains is in combination with pivoting tools like Chisel, SSHuttle, and Metasploit. Pivoting allows traffic routed through a compromised host to reach other hosts in internal networks that would normally not be accessible from your attacking machine. 

With proxychains, you can run tools from your machine to hosts within the internal network. We’ll take a look at pivoting further down in this article. 

Proxychains vs Proxychains-ng

Proxychains-ng, the ng standing for next generation, is an enhanced iteration of the defunct proxychains project. It offers improved functionality and enhanced compatibility.

Proxychains-ng is a UNIX program that hooks network-related libc functions in dynamically linked programs via a preloaded DLL. It redirects connections through proxy types such as SOCKS4a/5 or HTTP and supports TCP only.

Essentially, proxychains-ng forces other programs to route their traffic through proxies by intercepting and redirecting the traffic initiated by those programs. 

Except in cases where proxychains is more suitable due to limitations, proxychains-ng is generally advised.

We’ll be using proxychains-ng for our demos. 

Installing Proxychains on Kali

Proxychains-ng already comes pre-installed in Kali; you can check by entering the command:

proxychains4 

Installing Proxychains on Kali

Installing Proxychains on Ubuntu

The proxychains tool isn’t installed on Ubuntu, and you’ll need to install it. We’ll show you how to quickly have it up and running in no time. 

First, ensure you have the most up-to-date repositories. To do this, enter the command:

sudo apt update -y

Installing Proxychains on Ubuntu

Next, enter sudo apt install proxychains4 to install proxychains-ng.

Sudo apt install proxychains4

Now, to verify it's downloaded, enter proxychains4 into the terminal. 

Enter proxychains4 into the terminal

Installing Proxychains on Windows

The proxychains tool was built and designed for Linux, so installing it in Windows is not straightforward. 

There is an open-source tool called proxychains-windows. Although it hasn't been updated in a few years, and the author doesn't guarantee anonymity, it's worth checking out if you're interested in using proxychains on Windows using an open-source project.

If you’re looking for a reliable proxy service for Windows, we recommend looking into a tool such as Proxifier. 

Proxifier is a tool that enables running Windows applications through a proxy server, bypassing firewall restrictions, tunneling the entire system, resolving DNS names, using flexible Proxification Rules, ensuring privacy, and working through a chain of proxy servers. 

It supports SOCKS4, SOCKS4A, SOCKS5, HTTPS, HTTP, full IPv6 support, 64-bit applications, and AES 256-bit profile password encryption.

Be advised that fully utilizing this tool involves a one-time cost.

Using Proxychains

Alright, let's examine proxychains in action. We'll show you how to configure it, demonstrate its usage with several proxies, and walk you through how to use it when pivoting. All of this will be done from a Kali virtual machine. 

If you want to set up Kali in a virtual machine, see How to Install Kali Linux on VirtualBox & Start Hacking Now or How to Install Kali Linux on VMware: The Ultimate Guide.

Configure Proxychains

Before using proxychains, you'll need to configure it to hide your IP, which we'll demonstrate.

The first step is to add your proxies to the proxychains configuration. In another section, we’ll discuss where to find reliable proxies you can use.

Open the proxychains configuration file using a text editor. We’ll be using nano. 

sudo nano /etc/proxychains4.conf

Configure Proxychains

We need to add our proxies to the bottom of the file. Ensuring they are in the format of <protocol> <IP> <port>. If you are using authentication, add these next <username> <password>

For this demo, comment out the socks4 proxy currently there and add as many proxies as you want. 

Proxy List

You can also configure how proxychains uses the list of proxies you’ve provided. These can be dynamic, strict, round-robin, or random chains.

Dynamic Chain: With this setting, the tool will attempt to use the proxies in the listed order. However, if one fails, it’ll skip it and move on to the next one. 

Strict Chain: Every proxy is used in the listed order, from the first to the second, third, and so on. If one proxy fails, the entire connection fails.

Round-Robin Chain: The chained proxies are used circularly to distribute the connection amongst the provided proxies. Each connection request goes to the next one in the list, and once it reaches the end, it starts over again at the beginning. 

Random Chain: As the name suggests, a random chain selects proxies for each connection in a random order. It does not use the proxies in order and provides a unique path through each listed proxy. 

Choosing the right chain type depends on your needs:

  • Anonymity: Random chains can provide higher anonymity.
  • Reliability: Dynamic chains offer resilience by skipping failed proxies.
  • Predictability: Strict chains ensure traffic always follows the same path.
  • Load Balancing: Round Robin distributes connections evenly across proxies.

Ensure only the desired chain is uncommented; it will appear highlighted in white. We’ll be using a random chain.

Random Chain

Basic Proxychains Usage

Once you’ve configured proxychains, it's time to use it. 

First, open a terminal and enter curl ipinfo.io. This will provide you with information about your current IP address, location, and other details related to your internet connection.

Basic Proxychains Usage

To confirm that proxychains is working correctly, run the following command: proxychains4 curl ipinfo.io. This will allow you to see if the proxy server is masking your IP address.

Proxychains4 curl ipinfo.io

Great, it worked! 

Now you can browse the internet without revealing your IP address or location. 

Anytime you want to use an application or tool, simply prepend it with the command proxychains4 to route the connection through your proxies. 

For example, to open Firefox, you just need to enter the following command:

proxychains4 firefox

Proxychains4 firefox

Advanced Proxychains Features 

We've discussed some configurations you can set with proxychains. You may also want to change some more advanced features.

Proxy DNS Requests

Setting: proxy_dns

Forces DNS resolution through the proxy chain. This is important for maintaining anonymity, as it prevents DNS leaks that could reveal your IP address through unproxied DNS queries.

Remote DNS Subnet

Setting: remote_dns_subnet

Configures the fake IP subnet used for remote DNS requests. This is part of how proxychains handle DNS requests to avoid leaks.

TCP Read Time Out

Setting: tcp_read_time_out tcp_connect_time_out

This section specifies the TCP connection and read operations timeout in milliseconds. Adjusting these can improve performance.

Pivoting with SSH and Proxychains

You can also use proxychains with pivoting tools. We’ll show you how to pivot using SSH and proxychains to access internal networks from an external machine. You could use it with other pivoting tools such as SSHuttle or chisel. 

Before we start, let’s quickly look at a network diagram and where we want to pivot. 

Pivoting with SSH and Proxychains

In this scenario, we have our attacking machine, which sits within the 192.168.37.0/24 network, and let’s assume that we have breached the server on the same network. 

Upon further reconnaissance, we discover that the server is dual-homed, connected to the external network (the one our attacking machine is on) and an internal network within the 10.0.0.0/24 subnet

Because our attacking machine cannot directly communicate with this internal network, we need to perform pivoting to enable us to gain access to the internal network. 

Pivoting involves leveraging the compromised server as a jump host to access other parts of the network, allowing us to move laterally within the network. Setting up a pivot point on the breached server will enable us to route traffic and reach the internal network.

We’ll show you how to use SSH to pivot into the internal network using proxychains. To use this method, you must ensure SSH access to the jump box. 

First, edit the proxychains configuration file at /etc/proxychains4.conf and uncomment the socks proxy. 

Proxy List

In the terminal from your attacking machine, enter the command:

ssh -f -N -D 9050 user@jumphost

-f: Tells SSH to go into the background just before execution.

-N: Instructs SSH not to execute a remote command. This is useful for tunneling.

-D 9050: This creates a SOCKS proxy that listens on port 9050 (from the proxychains configuration file) on your local machine.

 ssh -f -N -D 9050 user@jumphost

Now, we can interact with the internal 10.0.0.0/24 network. 

Let’s say we’ve done some more reconnaissance and discovered a new host at 10.0.0.129. During our search, we found some credentials. We want to see if these will work with RDP. 

Let’s first see if RDP is open on the new host. We can use the command:

proxychains4 nmap -p 3389 10.0.0.129

ssh -f -N -D 9050 user@jumphost

Excellent, it's open. We can try to connect to it through proxychains using the command:

proxychains4 xfreerdp /u:username /p:password /v:host

Connect to it through proxychains using the command

We have pivoted into the internal network and now have RDP access to the new host. 

Pivoting with Metasploit and Proxychains

You can also use proxychains within a Meterpreter session in Metasploit. We’ll show you how you can set this up. We’ll be using the same network information as above. 

First, ensure you have a Meterpreter session. Next, you’ll need to background the session with ctrl-z or by entering: background

Next, enter: use multi/manage/autoroute

Use multimanageautoroute

Now, type options to set the necessary options. In our case, this will be “CMD,” “SESSION,” and “SUBNET.” 

set CMD add

set SESSION 1

set SUBNET 10.0.0.0

Type options

Alternatively, you could add the route by using the command route add <subnet/cidr> <session>.

Add the route

To check if you’ve set the route correctly, enter route.

To check if you’ve set the route correctly

Alright, now we have the correct route set up. However, we'll need to configure the socks proxy to interact with other hosts using tools outside Metasploit (e.g., nmap, netcat, etc.). 

The socks_proxy module creates a tunnel that allows you to pivot through the compromised host and use external tools.

Enter: use auxiliary/server/socks_proxy, and we’ll configure a few settings such as “SVRHOST,” “SVRPORT” and “VERSION.”

Configure a few settings

Once finished, enter: run. Now, set the proxychains config file to use the same proxy port you've set up in Metasploit.

Proxy List

To check if the proxy is running, use the command sudo netstat -lntp.

Use the command sudo netstat -lntp

Now, we can use tools from the command line to interact with the internal network as long as it's prepended with proxychains4.

We can use tools from the command line

Proxychains and Tor

Tor stands for "The Onion Router," a free and open-source software allowing anonymous communication over a network. 

It helps protect your privacy and security online by routing your Internet traffic through volunteer-operated servers worldwide.

Let’s look at some of the benefits and drawbacks of using it.

Benefits of Tor

Anonymity: its main selling point is its ability to provide anonymous web browsing by routing traffic through several relays, hiding your location and usage. 
Privacy: it can prevent websites and trackers from gathering personal information about your browsing activities.

Drawbacks of Tor

Reduced Speed: Tor uses multiple relays to route traffic, which can significantly slow down the speed at which you can browse the internet. 
Blocking of Tor: Some websites and services block known Tor exit node IP addresses due to abuse from other network users.

Using Tor and Proxychains

Here’s how to get Tor up and running with proxychains quickly. 

First, ensure Tor is installed on your system; if not, install it with sudo apt install tor.

Using Tor and Proxychains

Next, you’ll need to start the Tor service using the command: sudo service start tor.

Sudo service start tor

Ensure the proxychains /etc/proxychains4.conf file has the socks proxy configured to port 9050, the default port for Tor. 

Proxy List

Now let’s open Firefox using proxychains.

 Let’s open Firefox using proxychains

Let’s see where our Tor IP is located.

Tor IP

Proxychains Considerations

To fully take advantage of proxychains for anonymous browsing, you must choose reliable and anonymous proxies. For greater anonymity, these proxies should be located in different geographic locations. 

You can discover free proxies from places such as Github by searching for the term “free proxy list.” If you plan on using these, you should test them regularly so you don’t end up with dead proxies. 

Many sites, such as Webshare, provide reliable and anonymous proxies, although there’s usually a cost involved. It really all depends on your needs. 

There are also limitations to using proxychains, including the speed at which some tools work. For example, some Nmap scans may not work as expected or will take a very long time to complete. 

In this case, you may need other tools or methods to find the necessary information. 

Conclusion

As you’ve seen, proxychains is quite a powerful tool that can be used to provide a level of privacy and anonymity while surfing the web.

It can also help penetration testers or red teamers while performing functions, such as when pivoting to other networks.

If you want to learn more about privacy, anonymity, or cyber security, consider joining the StationX Accelerator program. 

We have everything you need to succeed, including a wide range of cyber security courses and labs. In addition, you’ll have access to mentorships, certification roadmaps, mastermind groups, and more. 

Frequently Asked Questions

Level Up in Cyber Security: Join Our Membership Today!

vip cta image
vip cta details
  • Richard Dezso

    Richard is a cyber security enthusiast, eJPT, and ICCA who loves discovering new topics and never stops learning. In his home lab, he's always working on sharpening his offensive cyber security skills. He shares helpful advice through easy-to-understand blog posts that offer practical support for everyone. Additionally, Richard is dedicated to raising awareness for mental health. You can find Richard on LinkedIn, or to see his other projects, visit his Linktree.

>