The Ultimate Guide to Stay Hidden Online: TOR and Proxy Chaining
Hi, it’s me again. I’ve been superbly busy with college since this is my final year as a university student. I need to pass two more thesis presentations until it’s done, but I am kind of missing writing in Medium, so here I am before my page turns into spiderwebs. As a student, I met a lot of people here. The Math prodigy, computer freak, or that one friend who actively joins every organization they possibly can. For me, I’m definitely none of them. If I can portray myself, I am probably one of your friends who like to sit in the back of the class and read memes, totally invisible *LMAO.
Well, are you a Potterhead? If you know the Tale of Three Brothers, you probably could guess that the younger brother is my favorite. The three brothers seek to cheat death and are granted magical objects. The first brother receives the Elder Wand, the second the Resurrection Stone, and the third the Cloak of Invisibility. The Elder Wand is said to be unbeatable in a duel, the Resurrection Stone can bring back the dead, and the Cloak of Invisibility makes the wearer invisible. However, the objects ultimately lead to the downfall of the brothers due to their greed and arrogance.
In the internet world, having the elder wand and the resurrection stone is dope but the more important thing you need to consider is how to be hidden as if you wear the invisibility cloak. The Internet you saw is nothing but an iceberg, the more you go deeper, the darker it gets. By staying hidden, you reduce the risk of being tracked by law enforcement or hackers who might want to steal your personal information or use your device for illegal purposes. To reach that certain anonymity level, I’ll show you how to wear the cloak — I mean utilizing the TOR and proxy chains.
The Concept
Okay let's begin with the concept, said you are a hacker, and you want to scan the FBI website (strictly not recommended *LOL). You got some information about the FBI systems by running several commands on your computer. The open ports, the operating systems used by the FBI, the service that runs on their system, literally everything. You could utilize that and exploit the vulnerability of the system even to penetrate in. Then a few hours later the police knocked on your door and said that you are under arrest. Well, how that could possibly happen?
Well by the time you scan the FBI website and gain several information about them, they also learn a few things about you. The scan that you sent to them has a FROM address. Only by analyzing the logs, they’ll know immediately your IP address and then track you down in Canada. Simple as that. But don’t worry I’m not going to ruin the fun, below is the answer, yup ProxyChains. ProxyChains could help you to run applications through a proxy server, which can help to hide your IP address and encrypt your internet traffic. However, ProxyChains alone does not provide anonymity on the internet. To achieve anonymity, we need a combination of ProxyChains and Tor.
Why do we need a lot of proxy servers? Well, personally I do not believe in things such as perfect anonymity, when you use only one proxy server, and your target knows that the IP address belongs to that proxy server, they can contact the provider asking for logs and boom you got caught. Using many proxy servers also did not guarantee that you wouldn’t get caught, but at least, that simple brainfuck game will make you a bit harder to find.
The Installation
Before I do the installation, I’ll make it clear that I myself do not promote any illegal activities by sharing this. I’m consciously writing this speaking on ethical hacking matters. Okay, the first thing you need to know is that ProxyChains comes preinstalled in Kali Linux, so now we just need to install the Tor service.
sudo apt install tor
If the TOR is successfully installed, we need to activate the service with the command below.
sudo service tor start
Now you need to locate where exactly the configuration file is needed to set up the ProxyChains on our computer. Just like in Harry Potter where you could use the accio spell, we’ll use the locate here. Hit the command below.
locate proxychains
Now you know the configuration file, I need you to open that using the command below and we’ll see what we can do next.
sudo nano /etc/proxychains4.conf
Okay, there are four options of ProxyList that we can utilize. There are Dynamic Chain, Strict Chain, Round Robin Chain and also Random Chain. The choice between strict, dynamic, random, or round-robin in ProxyChains depends on the specific needs and requirements of the user. Each method has its own advantages and disadvantages. Below you could see that strict_chain is coloured with white. That is because it comes to default. If you want to change the option, just uncommented the configuration using the “#” sign.
Because we can only choose one and I want to use the round-robin chain, I put the “#” sign in strict_chain and delete the “#” sign in round_robin_chain to activate it.
Well, for the last touch put the “socks5 127.0.0.1 9050” entry at the end of the file to specify the local SOCKS proxy server and port that ProxyChains will use to forward the traffic. Port 9050 is the default port that the Tor client software listens on for incoming SOCKS5 connections. Why do we need the SOCKS5 when we already got the SOCKS4? SOCKS5 is generally considered to be more secure than SOCKS4, as it supports authentication and can encrypt the traffic between the client and the proxy server. If you are done, just save the configuration file by pressing the CTRL button and X at the same time.
The moment of truth, now you can use the ProxyChains to hide yourself. Here I try to access the browser — Firefox and do the DNS leak test.
Below is the IP address that I got, and I suppose my location. Currently, I’m not in Vienna and ProxyChains will keep changing my IP Address and also the location for the next few times. You can add your own configuration by adding a free IP that you obtain from free Proxy Servers available online. You can make them guess where actually your location is, imagine someone searching for you on the other side of the world and finding nothing. It can be quite frustrating, mate:”))
Conclusion
Good luck finding me in Vienna — cheerio 🤙
