Novel Proxychains OPSEC Tradecraft Guide
Ensure your operations VPS IP stays hidden from law enforcement.
Disclaimer: Based off the title some of the more experienced folks might assume that this guide is simply instructing you how to setup proxy chains with private proxies. This is not the case, this guide covers a unique setup where each private proxy that is utilized by proxy chains is first preceded by a Tor proxy. Given the current proxychains4 design, this is not possible to have multiple private proxies configured and still have each private proxy request preceded by a Tor socks proxy. As with the random_chain option, it will select a random proxy, and there is no guarantee that the Tor proxy will be used before the proxy proxy. Hence if law enforcement contacted the private proxy provider and received the IP logs of the proxy, without this setup, your VPS's IP address would be in that log file. With this approach, all requests proxied through your list of private proxies, will first be sent through the Tor Socks Proxy mitigating this risk.
First I will provide code blocks of the various shell scripts that you will need to use to utilize this method.
~/proxychains-conf/populate-configs.sh:
Code:
#!/bin/bash
#++++++++CONFIGURE THIS+++++++++
TOR_SOCKS_HOST="127.0.0.1"
TOR_SOCKS_PORT="9050"
PROXY_INPUT_FILE="proxies.txt"
TEMPLATE_CONF_FILE="master.conf"
#++++++++CONFIGURE THIS+++++++++
if [ -f $PROXY_INPUT_FILE ]; then
echo "Please correct the PROXY_INPUT_FILE configuration field within this script."
fi
if [ -f $TEMPLATE_CONF_FILE ]; then
echo "Please correct the TEMPLATE_CONF_FILE configuration field within this script."
fi
TOR_SOCKS_PROXY="socks5\t$TOR_SOCKS_HOST\t$TOR_SOCKS_PORT"
IFS=$'\n'
iter_count=0
for PROXY in $(cat $PROXY_INPUT_FILE); do
iter_count=$(expr $iter_count + 1)
cp $TEMPLATE_CONF_FILE proxychains-$iter_count.conf
echo -e "$TOR_SOCKS_PROXY\n$PROXY" | tee -a proxychains-$iter_count.conf
done
/usr/bin/anoncmd:
Code:
#!/bin/bash
NUMBER_OF_PROXIES=$(ls -l ~/proxychains-conf/ | grep proxychains-.*\.conf | wc -l)
RAND_PROXY_NUM=$(shuf -i 1-$NUMBER_OF_PROXIES -n 1)
proxychains4 -f ~/proxychains-conf/proxychains-$RAND_PROXY_NUM.conf $*
~/proxychains-conf/master.conf:
Code:
# proxychains.conf VER 3.1
strict_chain
quiet_mode
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
~/proxychains-conf/proxies.txt:
Code:
<populate this file with the proxy lines you would normally put at the bottom of a normal proxychains.conf[/align]
One proxy per line.
[align=left]MAKE SURE YOU USE THE proxychains4 proxy format.
INSTRUCTIONS
DISCLAIMER: The version of proxychains that comes with Kali and other distros is typically an older version that doesn't support the "-f <config-file>" argument for the proxychains command which without that flag this method won't work.
- uninstall any existing proxychains installation.
- clone and compile the latest proxychains4 from the official github repository at: https://github.com/haad/proxychains
- make sure you have the linux command "shuf" installed. Test by running "shuf" if it says command not found, then do some googling on how to install it for your distro.
- create a folder in the current users home directory: ~/proxychains-conf/
- create the ~/proxychains-conf/populate-configs.sh bash script using the code block above.
- populate ~/proxychains-conf/master.conf using the codeblock above.
- create an anoncmd bash script and place it in /usr/bin/anoncmd using the codeblock above.
- make the /usr/bin/anoncmd executable with chmod +x /usr/bin/anoncmd
- populate the ~/proxychains-conf/proxies.txt following the instructions in the codeblock above.
- install tor daemon and edit the /etc/tor/torrc to enable SocksPort for 127.0.0.1:9050
- Restart the tor daemon per your OS specifics.
- edit ~/proxychain-conf/populate-configs.sh and verify everything is correct in the "CONFIGURE" section.
- Now that all the setup is done. cd into ~/proxychains-conf/ and run ./populate-configs.sh
- The previous step should have created a separate proxychains config file for each proxy in proxies.txt.
- Done
Now instead of running the proxychains command directly. Just run "anoncmd curl google.com" for example.
"anoncmd <CMD> <ARGS>"
Now even if law enforcement gets their hands on the connection logs for the private proxies you use. All they will see is a Tor exit node IP address.
OMEMO Fingerprint:
4DBD9949 1C634952 8C492DB8 5F6B7C31
091F01F2 B6EFDD51 AC670532 70981329
4DBD9949 1C634952 8C492DB8 5F6B7C31
091F01F2 B6EFDD51 AC670532 70981329