Did you know that you can navigate the posts by swiping left and right?

Hiding behind proxies

24 Mar 2017 . category: tech . Comments
#redteam #kali #tor #proxychains

I decided to start a #redteam series of posts, so here we are! The setup we’ll use? Just a Kali linux installation, since it has everything we’ll ever need. I suggest setting it up in a live USB with persistence (and encrypted), so you can have your workstation always with you. You’ll be able to stick your USB on any computer you find and fire up Kali. If you’re using a mac, follow this guide.

So, what’s your goal? To get access to a resource that you are not authorized to do so. The caveat? The resource owner shouldn’t discover that you accessed it!

Let’s start by hiding your MAC address. Why hiding it? To avoid your physical unique machine identifier from being logged by your network provider (for example Starbucks’s WiFi network). Why can you spoof this unique identifier? Because your network provider has no way to verify that your MAC address is the one you’re claiming to be. In other words, it’s like someone asking what’s your name, without asking for a government issued document to verify that this is your real name! :smile:

Here’s how to change your MAC address if you’re using your WiFi:


ifconfig wlan0 down
macchanger -r wlan0 # -r for asking for a random MAC
ifconfig wlan0 up

If you’re on ethernet, then you need to specify the eth0 interface instead of the wlan0.

I suggest you put these commands in your bash profile, so you never forget to run them :wink:

Next, let’s hide your IP address. Your IP address can’t be spoofed. It’s like expecting to receive a mail, while you gave a fake address to the sender. What you can do instead, is to send the mail to another recipient and expect that recipient to send that mail to you. That’s how proxies work. You redirect all your traffic through another server. Let’s use the proxychains tool to hide behind a proxy easily.

First, let’s find our IP address:


curl https://canhazip.com/  
193.71.106.208

Now let’s use proxychains to issue the same command. By default proxychains uses the Tor network as a proxy, so let’s start the Tor service:


service tor start

In order to use the proxychains, you just need to add it before the command you want to execute. Normally you’ll want to perform a network scan (e.g.), like this:


proxychains nmap -sS 192.168.1.0/24

But for practical reasons (actually seeing our IP address changing), let’s GET the canhazip page through proxychains:

proxychains

You can verify that your IP is one of Tor’s exit nodes by searching for it here.

Now, let’s add one more proxy (located in Venezuela), after Tor in our chain:


nano /etc/proxychains.conf

proxychains

Of course you can chain as many proxies as you want, making it more and more difficult to trace you.

And now my favorite part, let’s randomize the chain order! Comment out the “strict_chain” option and uncomment the “random_chain”:

proxychains

Now my traffic is going through either the three Tor nodes and then the proxy in Venezuela, or it will start from the proxy in Venezuela and then go through the three Tor nodes.

Have fun scanning!


Me

Panos is a Computer Scientist with scientific publications in top conferences and journals, three patent applications, open-source contributions on privacy preserving products and a proven track record of delivering secure, reliable and fast cloud services. In the past, he worked as a Linux kernel developer at the CERN CERT team, did Data Mining research at the University of Athens and innovated on Microsoft’s Office 365 cloud services. Currently he is on a mission to accelerate Distributed Ledger Technologies.