Proxychains Cheat Sheet

Overview

Proxychains is a tool that forces any TCP connection made by any given application to follow through proxy servers like TOR, SOCKS4, SOCKS5, or HTTP(CONNECT) proxies. It's an essential tool for penetration testers and security professionals who need to route traffic through multiple proxy servers, maintain anonymity, or bypass network restrictions. Proxychains supports dynamic chain, strict chain, and random chain configurations.

⚠️ Warning: Only use Proxychains in environments you own or have explicit permission to test. Unauthorized use may violate terms of service or local laws.

Installation

System Package Installation

# Ubuntu/Debian
sudo apt update
sudo apt install proxychains4

# Alternative package name on some systems
sudo apt install proxychains

# CentOS/RHEL/Fedora
sudo yum install proxychains-ng
# or
sudo dnf install proxychains-ng

# Arch Linux
sudo pacman -S proxychains-ng

# macOS with Homebrew
brew install proxychains-ng

Manual Installation

# Clone the repository
git clone https://github.com/rofl0r/proxychains-ng.git
cd proxychains-ng

# Configure and compile
./configure --prefix=/usr --sysconfdir=/etc
make

# Install
sudo make install

# Verify installation
proxychains4 --version

Docker Installation

# Pull Docker image
docker pull alpine/proxychains

# Run with Docker
docker run --rm -it alpine/proxychains proxychains4 --help

# Create alias for easier usage
echo 'alias proxychains4="docker run --rm -it --network host alpine/proxychains proxychains4"' >> ~/.bashrc
source ~/.bashrc

Configuration

Main Configuration File

# Edit main configuration file
sudo nano /etc/proxychains4.conf

# Or create user-specific configuration
mkdir -p ~/.proxychains
cp /etc/proxychains4.conf ~/.proxychains/proxychains.conf
nano ~/.proxychains/proxychains.conf

Basic Configuration Options

# /etc/proxychains4.conf or ~/.proxychains/proxychains.conf

# Proxy DNS requests - no leak for DNS data
proxy_dns

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

# ProxyList format
# type  host  port [user pass]
# (values separated by 'tab' or 'blank')
#
# Examples:
#
#        socks5  192.168.67.78   1080    lamer   secret
#        http    192.168.89.3    8080    justu   hidden
#        socks4  192.168.1.49    1080
#        http    192.168.39.93   8080

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050

Chain Types

# Dynamic chain (default)
# Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
dynamic_chain

# Strict chain
# Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#strict_chain

# Random chain
# Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list
#random_chain

# Make sense only if random_chain is selected
# chain_len = 2

Basic Usage

Simple Proxy Usage

# Basic usage with default configuration
proxychains4 curl http://httpbin.org/ip

# Use specific configuration file
proxychains4 -f /path/to/config.conf curl http://httpbin.org/ip

# Quiet mode (suppress proxychains output)
proxychains4 -q curl http://httpbin.org/ip

# Force DNS resolution through proxy
proxychains4 nslookup google.com

Network Tools Through Proxy

# SSH through proxy
proxychains4 ssh user@target.com

# Telnet through proxy
proxychains4 telnet target.com 80

# FTP through proxy
proxychains4 ftp target.com

# Netcat through proxy
proxychains4 nc target.com 80

# Wget through proxy
proxychains4 wget http://target.com/file.txt

# Curl through proxy
proxychains4 curl -v http://target.com

Security Tools Through Proxy

# Nmap through proxy (TCP connect scan only)
proxychains4 nmap -sT -Pn target.com

# Nikto through proxy
proxychains4 nikto -h http://target.com

# Dirb through proxy
proxychains4 dirb http://target.com

# SQLmap through proxy
proxychains4 sqlmap -u "http://target.com/page.php?id=1"

# Metasploit through proxy
proxychains4 msfconsole

# Hydra through proxy
proxychains4 hydra -l admin -P passwords.txt target.com ssh

Advanced Configuration

Multiple Proxy Chains

# Create configuration for TOR chain
cat > ~/.proxychains/tor.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks4  127.0.0.1 9050
EOF

# Create configuration for HTTP proxy chain
cat > ~/.proxychains/http.conf << 'EOF'
dynamic_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
http    proxy1.example.com  8080
http    proxy2.example.com  3128
EOF

# Create configuration for SOCKS5 chain
cat > ~/.proxychains/socks5.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5  proxy.example.com  1080  username  password
EOF

# Use specific configurations
proxychains4 -f ~/.proxychains/tor.conf curl http://httpbin.org/ip
proxychains4 -f ~/.proxychains/http.conf wget http://target.com
proxychains4 -f ~/.proxychains/socks5.conf ssh user@target.com

Complex Proxy Chains

# Multi-hop proxy configuration
cat > ~/.proxychains/multihop.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
# First hop - SOCKS4 proxy
socks4  192.168.1.100  1080

# Second hop - HTTP proxy
http    10.0.0.50      8080

# Third hop - SOCKS5 proxy with authentication
socks5  proxy.example.com  1080  user  pass

# Final hop - TOR
socks4  127.0.0.1      9050
EOF

# Random chain configuration
cat > ~/.proxychains/random.conf << 'EOF'
random_chain
chain_len = 3
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks4  proxy1.example.com  1080
socks4  proxy2.example.com  1080
socks5  proxy3.example.com  1080
http    proxy4.example.com  8080
http    proxy5.example.com  3128
socks5  proxy6.example.com  1080  user  pass
EOF

Authentication Configuration

# SOCKS5 with username/password
cat > ~/.proxychains/auth.conf << 'EOF'
strict_chain
proxy_dns

[ProxyList]
socks5  proxy.example.com  1080  myuser  mypass
EOF

# HTTP proxy with authentication
cat > ~/.proxychains/http_auth.conf << 'EOF'
dynamic_chain
proxy_dns

[ProxyList]
http    proxy.company.com  8080  domain\\username  password
EOF

# Mixed authentication types
cat > ~/.proxychains/mixed_auth.conf << 'EOF'
dynamic_chain
proxy_dns

[ProxyList]
socks4  192.168.1.100     1080
socks5  secure.proxy.com  1080  user1  pass1
http    web.proxy.com     8080  user2  pass2
EOF

Penetration Testing Scenarios

Network Pivoting

# Scenario: Access internal network through compromised host

# 1. Set up SOCKS proxy on compromised host
# On compromised host (192.168.1.100):
ssh -D 1080 -N -f user@localhost

# 2. Configure proxychains to use the SOCKS proxy
cat > ~/.proxychains/pivot.conf << 'EOF'
strict_chain
proxy_dns

[ProxyList]
socks4  192.168.1.100  1080
EOF

# 3. Scan internal network through proxy
proxychains4 -f ~/.proxychains/pivot.conf nmap -sT -Pn 10.0.0.0/24

# 4. Access internal services
proxychains4 -f ~/.proxychains/pivot.conf ssh admin@10.0.0.50
proxychains4 -f ~/.proxychains/pivot.conf curl http://10.0.0.100/admin

TOR Network Usage

# Install and configure TOR
sudo apt install tor

# Start TOR service
sudo systemctl start tor
sudo systemctl enable tor

# Verify TOR is running
sudo netstat -tlnp | grep 9050

# Configure proxychains for TOR
cat > ~/.proxychains/tor.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks4  127.0.0.1 9050
EOF

# Test TOR connection
proxychains4 -f ~/.proxychains/tor.conf curl http://httpbin.org/ip

# Browse .onion sites
proxychains4 -f ~/.proxychains/tor.conf curl http://duckduckgogg42ts72.onion

# Use security tools through TOR
proxychains4 -f ~/.proxychains/tor.conf nmap -sT -Pn target.onion

Corporate Network Bypass

# Scenario: Bypass corporate firewall restrictions

# 1. Set up external SOCKS proxy (on your VPS)
# On VPS (external.server.com):
ssh -D 0.0.0.0:1080 -N user@localhost

# 2. Configure proxychains to use external proxy
cat > ~/.proxychains/bypass.conf << 'EOF'
strict_chain
proxy_dns

[ProxyList]
socks4  external.server.com  1080
EOF

# 3. Access blocked sites/services
proxychains4 -f ~/.proxychains/bypass.conf curl https://blocked-site.com
proxychains4 -f ~/.proxychains/bypass.conf git clone https://github.com/user/repo.git

# 4. Tunnel specific applications
proxychains4 -f ~/.proxychains/bypass.conf firefox
proxychains4 -f ~/.proxychains/bypass.conf thunderbird

Automation Scripts

Proxy Chain Tester

#!/bin/bash
# Test proxy chain connectivity

CONFIG_FILE="$1"
TEST_URL="${2:-http://httpbin.org/ip}"

if [ -z "$CONFIG_FILE" ]; then
    echo "Usage: $0 <config_file> [test_url]"
    exit 1
fi

if [ ! -f "$CONFIG_FILE" ]; then
    echo "Error: Configuration file not found: $CONFIG_FILE"
    exit 1
fi

echo "[+] Testing proxy chain with config: $CONFIG_FILE"
echo "[+] Test URL: $TEST_URL"

# Test basic connectivity
echo "[+] Testing basic connectivity..."
if proxychains4 -f "$CONFIG_FILE" -q curl -s --connect-timeout 10 "$TEST_URL" >/dev/null; then
    echo "✓ Basic connectivity: PASS"
else
    echo "✗ Basic connectivity: FAIL"
    exit 1
fi

# Test DNS resolution
echo "[+] Testing DNS resolution..."
if proxychains4 -f "$CONFIG_FILE" -q nslookup google.com >/dev/null 2>&1; then
    echo "✓ DNS resolution: PASS"
else
    echo "✗ DNS resolution: FAIL"
fi

# Test IP detection
echo "[+] Testing IP detection..."
PROXY_IP=$(proxychains4 -f "$CONFIG_FILE" -q curl -s "$TEST_URL" | grep -o '"origin": "[^"]*"' | cut -d'"' -f4)
DIRECT_IP=$(curl -s "$TEST_URL" | grep -o '"origin": "[^"]*"' | cut -d'"' -f4)

echo "Direct IP: $DIRECT_IP"
echo "Proxy IP: $PROXY_IP"

if [ "$PROXY_IP" != "$DIRECT_IP" ]; then
    echo "✓ IP masking: PASS"
else
    echo "✗ IP masking: FAIL"
fi

# Test performance
echo "[+] Testing performance..."
START_TIME=$(date +%s.%N)
proxychains4 -f "$CONFIG_FILE" -q curl -s "$TEST_URL" >/dev/null
END_TIME=$(date +%s.%N)
RESPONSE_TIME=$(echo "$END_TIME - $START_TIME" | bc)

echo "Response time: ${RESPONSE_TIME}s"

if (( $(echo "$RESPONSE_TIME < 30" | bc -l) )); then
    echo "✓ Performance: ACCEPTABLE"
else
    echo "⚠ Performance: SLOW"
fi

echo "[+] Proxy chain test completed"

Multi-Proxy Scanner

#!/bin/bash
# Scan target through multiple proxy configurations

TARGET="$1"
SCAN_TYPE="${2:-basic}"

if [ -z "$TARGET" ]; then
    echo "Usage: $0 <target> [scan_type]"
    echo "Scan types: basic, full, stealth"
    exit 1
fi

PROXY_CONFIGS=(
    "/etc/proxychains4.conf"
    "$HOME/.proxychains/tor.conf"
    "$HOME/.proxychains/http.conf"
    "$HOME/.proxychains/socks5.conf"
)

OUTPUT_DIR="multi_proxy_scan_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$OUTPUT_DIR"

echo "[+] Starting multi-proxy scan of: $TARGET"
echo "[+] Scan type: $SCAN_TYPE"
echo "[+] Output directory: $OUTPUT_DIR"

for config in "${PROXY_CONFIGS[@]}"; do
    if [ ! -f "$config" ]; then
        echo "[-] Skipping missing config: $config"
        continue
    fi
    
    config_name=$(basename "$config" .conf)
    echo "[+] Scanning through: $config_name"
    
    case "$SCAN_TYPE" in
        "basic")
            proxychains4 -f "$config" -q nmap -sT -Pn -p 80,443,22,21,25 "$TARGET" > "$OUTPUT_DIR/${config_name}_basic.txt" 2>&1
            ;;
        "full")
            proxychains4 -f "$config" -q nmap -sT -Pn -p 1-1000 "$TARGET" > "$OUTPUT_DIR/${config_name}_full.txt" 2>&1
            ;;
        "stealth")
            proxychains4 -f "$config" -q nmap -sT -Pn -p 80,443 -T2 "$TARGET" > "$OUTPUT_DIR/${config_name}_stealth.txt" 2>&1
            ;;
    esac
    
    # Add delay between scans
    sleep 30
done

echo "[+] Multi-proxy scan completed"
echo "[+] Results saved to: $OUTPUT_DIR"

# Generate summary
echo "[+] Generating summary..."
for result_file in "$OUTPUT_DIR"/*.txt; do
    if [ -f "$result_file" ]; then
        echo "=== $(basename "$result_file") ===" >> "$OUTPUT_DIR/summary.txt"
        grep -E "(open|filtered)" "$result_file" >> "$OUTPUT_DIR/summary.txt" 2>/dev/null || echo "No open ports found" >> "$OUTPUT_DIR/summary.txt"
        echo "" >> "$OUTPUT_DIR/summary.txt"
    fi
done

Proxy Chain Builder

#!/bin/bash
# Build custom proxy chain configurations

create_config() {
    local name="$1"
    local chain_type="$2"
    local proxies="$3"
    
    config_file="$HOME/.proxychains/${name}.conf"
    
    cat > "$config_file" << EOF
# Generated proxy configuration: $name
# Created: $(date)

${chain_type}_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
$proxies
EOF
    
    echo "[+] Created configuration: $config_file"
}

# TOR configuration
create_config "tor" "strict" "socks4  127.0.0.1 9050"

# Corporate proxy configuration
create_config "corporate" "dynamic" "http    proxy.company.com  8080"

# VPN + TOR configuration
create_config "vpn_tor" "strict" "socks5  vpn.server.com  1080
socks4  127.0.0.1 9050"

# Random proxy configuration
cat > "$HOME/.proxychains/random_proxies.conf" << 'EOF'
random_chain
chain_len = 2
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks4  proxy1.example.com  1080
socks4  proxy2.example.com  1080
socks5  proxy3.example.com  1080
http    proxy4.example.com  8080
http    proxy5.example.com  3128
EOF

echo "[+] Proxy configurations created in ~/.proxychains/"
ls -la "$HOME/.proxychains/"

Integration with Security Tools

Metasploit Integration

# Configure Metasploit to use proxychains
cat > ~/.proxychains/msf.conf << 'EOF'
strict_chain
proxy_dns

[ProxyList]
socks4  127.0.0.1 9050
EOF

# Start Metasploit through proxy
proxychains4 -f ~/.proxychains/msf.conf msfconsole

# Within Metasploit, set additional proxy options
# msf6 > setg Proxies socks4:127.0.0.1:9050
# msf6 > use exploit/multi/handler
# msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
# msf6 exploit(multi/handler) > run

Burp Suite Integration

# Configure Burp Suite to work with proxychains

# 1. Start Burp Suite through proxy
proxychains4 -f ~/.proxychains/tor.conf java -jar burpsuite.jar

# 2. Configure Burp to use upstream proxy
# In Burp: User options > Connections > Upstream Proxy Servers
# Add: 127.0.0.1:9050 (SOCKS4)

# 3. Use Burp with proxy chain
# All traffic will go: Browser -> Burp -> Proxychains -> Target

Browser Integration

# Firefox through proxy
proxychains4 -f ~/.proxychains/tor.conf firefox

# Chrome through proxy
proxychains4 -f ~/.proxychains/tor.conf google-chrome

# Chromium through proxy
proxychains4 -f ~/.proxychains/tor.conf chromium-browser

# Configure browser proxy settings script
cat > setup_browser_proxy.sh << 'EOF'
#!/bin/bash
# Setup browser to use SOCKS proxy

PROXY_HOST="127.0.0.1"
PROXY_PORT="9050"

# Firefox profile setup
FIREFOX_PROFILE="$HOME/.mozilla/firefox/proxy_profile"
mkdir -p "$FIREFOX_PROFILE"

cat > "$FIREFOX_PROFILE/user.js" << EOL
user_pref("network.proxy.type", 1);
user_pref("network.proxy.socks", "$PROXY_HOST");
user_pref("network.proxy.socks_port", $PROXY_PORT);
user_pref("network.proxy.socks_version", 4);
user_pref("network.proxy.socks_remote_dns", true);
EOL

echo "Firefox proxy profile created: $FIREFOX_PROFILE"
echo "Start with: firefox -profile $FIREFOX_PROFILE"
EOF

chmod +x setup_browser_proxy.sh

Troubleshooting

Common Issues

Connection Failures

# Test proxy connectivity
proxychains4 -f /path/to/config.conf curl -v http://httpbin.org/ip

# Check proxy server status
nc -zv proxy.server.com 1080

# Test DNS resolution
proxychains4 -f /path/to/config.conf nslookup google.com

# Debug with verbose output
proxychains4 -f /path/to/config.conf -v curl http://httpbin.org/ip

Configuration Issues

# Validate configuration syntax
proxychains4 -f /path/to/config.conf echo "test"

# Check for common configuration errors
grep -E "^(strict|dynamic|random)_chain" /path/to/config.conf
grep -E "^\[ProxyList\]" /path/to/config.conf

# Test different chain types
sed 's/strict_chain/dynamic_chain/' config.conf > config_dynamic.conf
proxychains4 -f config_dynamic.conf curl http://httpbin.org/ip

Performance Issues

# Increase timeouts
sed -i 's/tcp_read_time_out 15000/tcp_read_time_out 30000/' config.conf
sed -i 's/tcp_connect_time_out 8000/tcp_connect_time_out 15000/' config.conf

# Use dynamic chain instead of strict
sed -i 's/strict_chain/dynamic_chain/' config.conf

# Reduce proxy chain length
sed -i 's/chain_len = 3/chain_len = 2/' config.conf

DNS Issues

# Disable proxy DNS if causing issues
sed -i 's/proxy_dns/#proxy_dns/' config.conf

# Test DNS resolution manually
proxychains4 -f config.conf dig google.com
proxychains4 -f config.conf host google.com

# Use alternative DNS servers
echo "nameserver 8.8.8.8" > /tmp/resolv.conf
proxychains4 -f config.conf -e /tmp/resolv.conf curl http://httpbin.org/ip

Debugging and Logging

# Enable debug output
export PROXYCHAINS_DEBUG=1
proxychains4 -f config.conf curl http://httpbin.org/ip

# Log all connections
strace -e trace=connect proxychains4 -f config.conf curl http://httpbin.org/ip

# Monitor network traffic
sudo tcpdump -i any -n host proxy.server.com

# Check system logs
journalctl -f | grep -i proxy

Resources

• Proxychains-ng GitHub Repository
• Original Proxychains Project
• TOR Project Documentation
• SOCKS Protocol Specification
• HTTP CONNECT Method
• Network Pivoting Techniques
• Penetration Testing with Proxy Chains

---

This cheat sheet provides a comprehensive reference for using Proxychains for network tunneling and proxy chaining. Always ensure you have proper authorization before using this tool in any environment.