There are many reasons you might want to direct your traffic through a proxy. To name a few:
- It’s the only way to get out of a restricted network
- To avoid being tracked
- To use DNS behind proxy
Most popular applications have native options to configure proxy server settings. Browsers like Firefox and Chrome (as well as Linux utilities like curl) can be easily configured to direct traffic through a specific proxy. This can cover the vast majority of everyday, “vanilla” uses.
However, for more advanced “proxying,” such as using a chain of proxy servers, or forcing traffic for any applications to go through a proxy, you’d have to use a utility such as ProxyChains.You can either install it by downloading and compiling from source code, but I would recommend installing it as a Debian package with:
apt-get install proxychains
If you are using a proxy server in your enterprise environment then you can get the IP and port information from your IT administrator.
If you are looking to direct your traffic through third party proxy servers you can just google “public proxy servers list” and you will get several pages of free servers that will satisfy your needs. In this post, I experimented with servers from this list. Keep in mind that some of the servers you find online for free might not work as expected, and will require experimentation with a few different ones before you will iron everything out. For what it’s worth, I found that the servers out of Russia are some of the most reliable ones…
Once installed you will need to edit the file /etc/proxychains.conf to set up your proxy access configuration. The main options you’ll have to mess with are the following:
Type of chain:
- dynamic_chain: it tries to use all provided proxies in the given order, but it dynamically excludes proxies that are offline
- strict_chain: it tries to use all provided proxies in the given order, even though they might appear offline
- random_chain: it randomizes the number and order of proxies from the given list
- chan_len: number of proxies to be used in a chain
- List of proxies together with their port number and type (socks4, socks5, http)
For my configuration, I left most options untouched, only editing the “[ProxyList]” section at the bottom of /etc/proxychains.conf as follows:
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" #socks4 127.0.0.1 9050 socks4 22.214.171.124 31618
I commented out the preconfigured line “socks4 127.0.0.1 9050” and added “socks4 126.96.36.199 31618” server found in this list.
Then I ran a curl to google.com using proxychains as follows:
netbeez.net$ proxychains curl google.com ProxyChains-3.1 (http://proxychains.sf.net) |DNS-request| google.com |S-chain|-<>-188.8.131.52:31618-<><>-184.108.40.206:53-<><>-OK |DNS-response| google.com is 220.127.116.11 |S-chain|-<>-18.104.22.168:31618-<><>-22.214.171.124:80-<><>-OK <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML>
ProxyChains gives logs to list which proxies are being used to get to the destination of “google.com.” As you can see, it starts with a DNS query to 126.96.36.199 that goes through the proxy 188.8.131.52:31618, and then it does the actual fetch to 184.108.40.206:80. If you configure multiple servers (depending on the type of chaining you chose), you might see the fetch going through multiple servers.
When you use ProxyChains to cover your identity and browsing information, keep in mind that your information is subject to the proxy’s country-specific laws and restrictions. Hopefully, you will never have to worry about that though…