Proxychains Cheat Sheet
"Clase de la hoja" idbutton id="proxychains-copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="proxychains-pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada
Sinopsis
Proxychains es una herramienta que obliga a cualquier conexión TCP hecha por cualquier aplicación dada a seguir a través de servidores proxy como TOR, SOCKS4, SOCKS5, o HTTP(CONNECT) proxies. Es una herramienta esencial para los probadores de penetración y los profesionales de seguridad que necesitan para trazar el tráfico a través de múltiples servidores proxy, mantener el anonimato o evitar restricciones de red. Proxychains soporta configuraciones de cadena dinámica, cadena estricta y cadena aleatoria.
NOVEDAD Advertencia: Únicamente utilice Proxychains en entornos que posee o tenga permiso explícito para probar. El uso no autorizado puede violar términos de servicio o leyes locales.
Instalación
Instalación de paquete de sistema
# Ubuntu/Debian
sudo apt update
sudo apt install proxychains4
# Alternative package name on some systems
sudo apt install proxychains
# CentOS/RHEL/Fedora
sudo yum install proxychains-ng
# or
sudo dnf install proxychains-ng
# Arch Linux
sudo pacman -S proxychains-ng
# macOS with Homebrew
brew install proxychains-ng
Instalación manual
# Clone the repository
git clone https://github.com/rofl0r/proxychains-ng.git
cd proxychains-ng
# Configure and compile
./configure --prefix=/usr --sysconfdir=/etc
make
# Install
sudo make install
# Verify installation
proxychains4 --version
Docker Instalación
# Pull Docker image
docker pull alpine/proxychains
# Run with Docker
docker run --rm -it alpine/proxychains proxychains4 --help
# Create alias for easier usage
echo 'alias proxychains4="docker run --rm -it --network host alpine/proxychains proxychains4"' >> ~/.bashrc
source ~/.bashrc
Configuración
Archivo de configuración principal
# Edit main configuration file
sudo nano /etc/proxychains4.conf
# Or create user-specific configuration
mkdir -p ~/.proxychains
cp /etc/proxychains4.conf ~/.proxychains/proxychains.conf
nano ~/.proxychains/proxychains.conf
Opciones de configuración básica
# /etc/proxychains4.conf or ~/.proxychains/proxychains.conf
# Proxy DNS requests - no leak for DNS data
proxy_dns
# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000
# ProxyList format
# type host port [user pass]
# (values separated by 'tab' or 'blank')
#
# Examples:
#
# socks5 192.168.67.78 1080 lamer secret
# http 192.168.89.3 8080 justu hidden
# socks4 192.168.1.49 1080
# http 192.168.39.93 8080
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050
Tipos de cadena
# Dynamic chain (default)
# Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
dynamic_chain
# Strict chain
# Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#strict_chain
# Random chain
# Each connection will be done via random proxy
# (or proxy chain, see chain_len) from the list
#random_chain
# Make sense only if random_chain is selected
# chain_len = 2
Uso básico
Uso Proxy simple
# Basic usage with default configuration
proxychains4 curl http://httpbin.org/ip
# Use specific configuration file
proxychains4 -f /path/to/config.conf curl http://httpbin.org/ip
# Quiet mode (suppress proxychains output)
proxychains4 -q curl http://httpbin.org/ip
# Force DNS resolution through proxy
proxychains4 nslookup google.com
Herramientas de red a través de Proxy
# SSH through proxy
proxychains4 ssh user@target.com
# Telnet through proxy
proxychains4 telnet target.com 80
# FTP through proxy
proxychains4 ftp target.com
# Netcat through proxy
proxychains4 nc target.com 80
# Wget through proxy
proxychains4 wget http://target.com/file.txt
# Curl through proxy
proxychains4 curl -v http://target.com
Herramientas de seguridad a través de Proxy
# Nmap through proxy (TCP connect scan only)
proxychains4 nmap -sT -Pn target.com
# Nikto through proxy
proxychains4 nikto -h http://target.com
# Dirb through proxy
proxychains4 dirb http://target.com
# SQLmap through proxy
proxychains4 sqlmap -u "http://target.com/page.php?id=1"
# Metasploit through proxy
proxychains4 msfconsole
# Hydra through proxy
proxychains4 hydra -l admin -P passwords.txt target.com ssh
Configuración avanzada
Cadenas Proxy Múltiples
# Create configuration for TOR chain
cat > ~/.proxychains/tor.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
EOF
# Create configuration for HTTP proxy chain
cat > ~/.proxychains/http.conf << 'EOF'
dynamic_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
http proxy1.example.com 8080
http proxy2.example.com 3128
EOF
# Create configuration for SOCKS5 chain
cat > ~/.proxychains/socks5.conf ``<< 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks5 proxy.example.com 1080 username password
EOF
# Use specific configurations
proxychains4 -f ~/.proxychains/tor.conf curl http://httpbin.org/ip
proxychains4 -f ~/.proxychains/http.conf wget http://target.com
proxychains4 -f ~/.proxychains/socks5.conf ssh user@target.com
Cadenas Proxy Complejos
# Multi-hop proxy configuration
cat >`` ~/.proxychains/multihop.conf << 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
# First hop - SOCKS4 proxy
socks4 192.168.1.100 1080
# Second hop - HTTP proxy
http 10.0.0.50 8080
# Third hop - SOCKS5 proxy with authentication
socks5 proxy.example.com 1080 user pass
# Final hop - TOR
socks4 127.0.0.1 9050
EOF
# Random chain configuration
cat > ~/.proxychains/random.conf << 'EOF'
random_chain
chain_len = 3
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 proxy1.example.com 1080
socks4 proxy2.example.com 1080
socks5 proxy3.example.com 1080
http proxy4.example.com 8080
http proxy5.example.com 3128
socks5 proxy6.example.com 1080 user pass
EOF
Configuración de autenticación
# SOCKS5 with username/password
cat > ~/.proxychains/auth.conf << 'EOF'
strict_chain
proxy_dns
[ProxyList]
socks5 proxy.example.com 1080 myuser mypass
EOF
# HTTP proxy with authentication
cat > ~/.proxychains/http_auth.conf << 'EOF'
dynamic_chain
proxy_dns
[ProxyList]
http proxy.company.com 8080 domain\\username password
EOF
# Mixed authentication types
cat > ~/.proxychains/mixed_auth.conf ``<< 'EOF'
dynamic_chain
proxy_dns
[ProxyList]
socks4 192.168.1.100 1080
socks5 secure.proxy.com 1080 user1 pass1
http web.proxy.com 8080 user2 pass2
EOF
Penetration Testing Scenarios
Red Pivoting
# Scenario: Access internal network through compromised host
# 1. Set up SOCKS proxy on compromised host
# On compromised host (192.168.1.100):
ssh -D 1080 -N -f user@localhost
# 2. Configure proxychains to use the SOCKS proxy
cat >`` ~/.proxychains/pivot.conf ``<< 'EOF'
strict_chain
proxy_dns
[ProxyList]
socks4 192.168.1.100 1080
EOF
# 3. Scan internal network through proxy
proxychains4 -f ~/.proxychains/pivot.conf nmap -sT -Pn 10.0.0.0/24
# 4. Access internal services
proxychains4 -f ~/.proxychains/pivot.conf ssh admin@10.0.0.50
proxychains4 -f ~/.proxychains/pivot.conf curl http://10.0.0.100/admin
TOR Uso de redes
# Install and configure TOR
sudo apt install tor
# Start TOR service
sudo systemctl start tor
sudo systemctl enable tor
# Verify TOR is running
sudo netstat -tlnp|grep 9050
# Configure proxychains for TOR
cat >`` ~/.proxychains/tor.conf ``<< 'EOF'
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 127.0.0.1 9050
EOF
# Test TOR connection
proxychains4 -f ~/.proxychains/tor.conf curl http://httpbin.org/ip
# Browse .onion sites
proxychains4 -f ~/.proxychains/tor.conf curl http://duckduckgogg42ts72.onion
# Use security tools through TOR
proxychains4 -f ~/.proxychains/tor.conf nmap -sT -Pn target.onion
Corporate Network Bypass
# Scenario: Bypass corporate firewall restrictions
# 1. Set up external SOCKS proxy (on your VPS)
# On VPS (external.server.com):
ssh -D 0.0.0.0:1080 -N user@localhost
# 2. Configure proxychains to use external proxy
cat >`` ~/.proxychains/bypass.conf << 'EOF'
strict_chain
proxy_dns
[ProxyList]
socks4 external.server.com 1080
EOF
# 3. Access blocked sites/services
proxychains4 -f ~/.proxychains/bypass.conf curl https://blocked-site.com
proxychains4 -f ~/.proxychains/bypass.conf git clone https://github.com/user/repo.git
# 4. Tunnel specific applications
proxychains4 -f ~/.proxychains/bypass.conf firefox
proxychains4 -f ~/.proxychains/bypass.conf thunderbird
Scripts de automatización
Proxy Chain Tester
#!/bin/bash
# Test proxy chain connectivity
CONFIG_FILE="$1"
TEST_URL="$\\\\{2:-http://httpbin.org/ip\\\\}"
if [ -z "$CONFIG_FILE" ]; then
echo "Usage: $0 <config_file> [test_url]"
exit 1
fi
if [ ! -f "$CONFIG_FILE" ]; then
echo "Error: Configuration file not found: $CONFIG_FILE"
exit 1
fi
echo "[+] Testing proxy chain with config: $CONFIG_FILE"
echo "[+] Test URL: $TEST_URL"
# Test basic connectivity
echo "[+] Testing basic connectivity..."
if proxychains4 -f "$CONFIG_FILE" -q curl -s --connect-timeout 10 "$TEST_URL" >/dev/null; then
echo "✓ Basic connectivity: PASS"
else
echo "✗ Basic connectivity: FAIL"
exit 1
fi
# Test DNS resolution
echo "[+] Testing DNS resolution..."
if proxychains4 -f "$CONFIG_FILE" -q nslookup google.com >/dev/null 2>&1; then
echo "✓ DNS resolution: PASS"
else
echo "✗ DNS resolution: FAIL"
fi
# Test IP detection
echo "[+] Testing IP detection..."
PROXY_IP=$(proxychains4 -f "$CONFIG_FILE" -q curl -s "$TEST_URL"|grep -o '"origin": "[^"]*"'|cut -d'"' -f4)
DIRECT_IP=$(curl -s "$TEST_URL"|grep -o '"origin": "[^"]*"'|cut -d'"' -f4)
echo "Direct IP: $DIRECT_IP"
echo "Proxy IP: $PROXY_IP"
if [ "$PROXY_IP" != "$DIRECT_IP" ]; then
echo "✓ IP masking: PASS"
else
echo "✗ IP masking: FAIL"
fi
# Test performance
echo "[+] Testing performance..."
START_TIME=$(date +%s.%N)
proxychains4 -f "$CONFIG_FILE" -q curl -s "$TEST_URL" >/dev/null
END_TIME=$(date +%s.%N)
RESPONSE_TIME=$(echo "$END_TIME - $START_TIME"|bc)
echo "Response time: $\\\\{RESPONSE_TIME\\\\}s"
if (( $(echo "$RESPONSE_TIME < 30"|bc -l) )); then
echo "✓ Performance: ACCEPTABLE"
else
echo "⚠ Performance: SLOW"
fi
echo "[+] Proxy chain test completed"
Escáner multiproxy
#!/bin/bash
# Scan target through multiple proxy configurations
TARGET="$1"
SCAN_TYPE="$\\\\{2:-basic\\\\}"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target> [scan_type]"
echo "Scan types: basic, full, stealth"
exit 1
fi
PROXY_CONFIGS=(
"/etc/proxychains4.conf"
"$HOME/.proxychains/tor.conf"
"$HOME/.proxychains/http.conf"
"$HOME/.proxychains/socks5.conf"
)
OUTPUT_DIR="multi_proxy_scan_$(date +%Y%m%d_%H%M%S)"
mkdir -p "$OUTPUT_DIR"
echo "[+] Starting multi-proxy scan of: $TARGET"
echo "[+] Scan type: $SCAN_TYPE"
echo "[+] Output directory: $OUTPUT_DIR"
for config in "$\\\\{PROXY_CONFIGS[@]\\\\}"; do
if [ ! -f "$config" ]; then
echo "[-] Skipping missing config: $config"
continue
fi
config_name=$(basename "$config" .conf)
echo "[+] Scanning through: $config_name"
case "$SCAN_TYPE" in
"basic")
proxychains4 -f "$config" -q nmap -sT -Pn -p 80,443,22,21,25 "$TARGET" > "$OUTPUT_DIR/$\\\\{config_name\\\\}_basic.txt" 2>&1
;;
"full")
proxychains4 -f "$config" -q nmap -sT -Pn -p 1-1000 "$TARGET" > "$OUTPUT_DIR/$\\\\{config_name\\\\}_full.txt" 2>&1
;;
"stealth")
proxychains4 -f "$config" -q nmap -sT -Pn -p 80,443 -T2 "$TARGET" > "$OUTPUT_DIR/$\\\\{config_name\\\\}_stealth.txt" 2>&1
;;
esac
# Add delay between scans
sleep 30
done
echo "[+] Multi-proxy scan completed"
echo "[+] Results saved to: $OUTPUT_DIR"
# Generate summary
echo "[+] Generating summary..."
for result_file in "$OUTPUT_DIR"/*.txt; do
if [ -f "$result_file" ]; then
echo "=== $(basename "$result_file") ===" >> "$OUTPUT_DIR/summary.txt"
grep -E "(open|filtered)" "$result_file" >> "$OUTPUT_DIR/summary.txt" 2>/dev/null||echo "No open ports found" >> "$OUTPUT_DIR/summary.txt"
echo "" >> "$OUTPUT_DIR/summary.txt"
fi
done
Proxy Chain Builder
#!/bin/bash
# Build custom proxy chain configurations
create_config() \\\\{
local name="$1"
local chain_type="$2"
local proxies="$3"
config_file="$HOME/.proxychains/$\\\\{name\\\\}.conf"
cat > "$config_file" << EOF
# Generated proxy configuration: $name
# Created: $(date)
$\\\\{chain_type\\\\}_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
$proxies
EOF
echo "[+] Created configuration: $config_file"
\\\\}
# TOR configuration
create_config "tor" "strict" "socks4 127.0.0.1 9050"
# Corporate proxy configuration
create_config "corporate" "dynamic" "http proxy.company.com 8080"
# VPN + TOR configuration
create_config "vpn_tor" "strict" "socks5 vpn.server.com 1080
socks4 127.0.0.1 9050"
# Random proxy configuration
cat > "$HOME/.proxychains/random_proxies.conf" << 'EOF'
random_chain
chain_len = 2
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 proxy1.example.com 1080
socks4 proxy2.example.com 1080
socks5 proxy3.example.com 1080
http proxy4.example.com 8080
http proxy5.example.com 3128
EOF
echo "[+] Proxy configurations created in ~/.proxychains/"
ls -la "$HOME/.proxychains/"
Integración con Herramientas de Seguridad
Integración Metasploit
# Configure Metasploit to use proxychains
cat > ~/.proxychains/msf.conf << 'EOF'
strict_chain
proxy_dns
[ProxyList]
socks4 127.0.0.1 9050
EOF
# Start Metasploit through proxy
proxychains4 -f ~/.proxychains/msf.conf msfconsole
# Within Metasploit, set additional proxy options
# msf6 > setg Proxies socks4:127.0.0.1:9050
# msf6 > use exploit/multi/handler
# msf6 exploit(multi/handler) > set payload windows/meterpreter/reverse_tcp
# msf6 exploit(multi/handler) > run
Burp Suite Integration
# Configure Burp Suite to work with proxychains
# 1. Start Burp Suite through proxy
proxychains4 -f ~/.proxychains/tor.conf java -jar burpsuite.jar
# 2. Configure Burp to use upstream proxy
# In Burp: User options > Connections > Upstream Proxy Servers
# Add: 127.0.0.1:9050 (SOCKS4)
# 3. Use Burp with proxy chain
# All traffic will go: Browser -> Burp -> Proxychains -> Target
Integración del navegador
# Firefox through proxy
proxychains4 -f ~/.proxychains/tor.conf firefox
# Chrome through proxy
proxychains4 -f ~/.proxychains/tor.conf google-chrome
# Chromium through proxy
proxychains4 -f ~/.proxychains/tor.conf chromium-browser
# Configure browser proxy settings script
cat > setup_browser_proxy.sh << 'EOF'
#!/bin/bash
# Setup browser to use SOCKS proxy
PROXY_HOST="127.0.0.1"
PROXY_PORT="9050"
# Firefox profile setup
FIREFOX_PROFILE="$HOME/.mozilla/firefox/proxy_profile"
mkdir -p "$FIREFOX_PROFILE"
cat > "$FIREFOX_PROFILE/user.js" << EOL
user_pref("network.proxy.type", 1);
user_pref("network.proxy.socks", "$PROXY_HOST");
user_pref("network.proxy.socks_port", $PROXY_PORT);
user_pref("network.proxy.socks_version", 4);
user_pref("network.proxy.socks_remote_dns", true);
EOL
echo "Firefox proxy profile created: $FIREFOX_PROFILE"
echo "Start with: firefox -profile $FIREFOX_PROFILE"
EOF
chmod +x setup_browser_proxy.sh
Solución de problemas
Cuestiones comunes
Fallos de conexión
# Test proxy connectivity
proxychains4 -f /path/to/config.conf curl -v http://httpbin.org/ip
# Check proxy server status
nc -zv proxy.server.com 1080
# Test DNS resolution
proxychains4 -f /path/to/config.conf nslookup google.com
# Debug with verbose output
proxychains4 -f /path/to/config.conf -v curl http://httpbin.org/ip
Cuestiones de configuración
# Validate configuration syntax
proxychains4 -f /path/to/config.conf echo "test"
# Check for common configuration errors
grep -E "^(strict|dynamic|random)_chain" /path/to/config.conf
grep -E "^\[ProxyList\]" /path/to/config.conf
# Test different chain types
sed 's/strict_chain/dynamic_chain/' config.conf > config_dynamic.conf
proxychains4 -f config_dynamic.conf curl http://httpbin.org/ip
Cuestiones de ejecución
# Increase timeouts
sed -i 's/tcp_read_time_out 15000/tcp_read_time_out 30000/' config.conf
sed -i 's/tcp_connect_time_out 8000/tcp_connect_time_out 15000/' config.conf
# Use dynamic chain instead of strict
sed -i 's/strict_chain/dynamic_chain/' config.conf
# Reduce proxy chain length
sed -i 's/chain_len = 3/chain_len = 2/' config.conf
DNS Issues
# Disable proxy DNS if causing issues
sed -i 's/proxy_dns/#proxy_dns/' config.conf
# Test DNS resolution manually
proxychains4 -f config.conf dig google.com
proxychains4 -f config.conf host google.com
# Use alternative DNS servers
echo "nameserver 8.8.8.8" > /tmp/resolv.conf
proxychains4 -f config.conf -e /tmp/resolv.conf curl http://httpbin.org/ip
Debugging y Logging
# Enable debug output
export PROXYCHAINS_DEBUG=1
proxychains4 -f config.conf curl http://httpbin.org/ip
# Log all connections
strace -e trace=connect proxychains4 -f config.conf curl http://httpbin.org/ip
# Monitor network traffic
sudo tcpdump -i any -n host proxy.server.com
# Check system logs
journalctl -f|grep -i proxy
Recursos
- Repositorio Proxychains-ng GitHub
- Original Proxychains Project
- TOR Documentación del proyecto
- SOCKS Protocol Specification
- HTTP CONNECT Method
- Tecnicas de Pivoting en red
- Penetration Testing with Proxy Chains
-...
*Esta hoja de trampa proporciona una referencia completa para el uso de Proxychains para túneles de red y encadenamiento proxy. Siempre asegúrese de tener una autorización adecuada antes de usar esta herramienta en cualquier entorno. *