I followed this excellent tutorial:
This worked great, but it requires an SSH tunnel. This is great if you have access to a VPS. But what if you're using some kind of commercial VPN service ( such as PIA ). You need to set up proxychains to use SOCKS5.
This isn't very difficult. You simply need to add the following line to the [ProxyList] section of your proxychains.conf file:
socks5 IP Port Username Password
I set it up for PIA, so this was my config:
socks5 109.201.154.239 1080 username ( the one starting with x) password (yes hardcoded, but later on we have a work-around for this glaring security hole).
Unfortunately proxychains seems to not handle DNS names, so I used an IP for PIA's socks proxy (
The instructions are available at:
PIA Instructions Page
nslookup proxy-nl.privateinternetaccess.com yielded quite a few IPs:
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.138.234
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.154.245
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.154.165
Name: proxy-nl.privateinternetaccess.com
Address: 46.166.186.204
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.138.229
.
.
.
.
You can pick any one to use. Though, I imagine they are used in round-robbin to share the load of the users. So if your proxy stops working all of a sudden, try changing to another IP.
Also the default setting:
# socks4 127.0.0.1 9050
Should be disabled, if you are using strict_chain, since it will error at not being able to contact the DNS through the (non-existant) TOR tunnel.
Test the connection:
proxychains wget www.google.com
Last of all, is the security concern about having to hard-code your password in a .conf file. My workaround has been to use a local, user-only file. Instead of using the above in /etc/proxychains.conf, create the same file in:
~/.proxychains/proxychains.conf
Create the directory if its not already there. Then ensure that only your user may read the file:
chmod go-rwx ~/.proxychains/proxychains.conf
A hash or shadow file would be better, but I haven't quite figured out how to have proxychains use something like that unfortunately.
Hope this is helpful!
The instructions are available at:
PIA Instructions Page
nslookup proxy-nl.privateinternetaccess.com yielded quite a few IPs:
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.138.234
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.154.245
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.154.165
Name: proxy-nl.privateinternetaccess.com
Address: 46.166.186.204
Name: proxy-nl.privateinternetaccess.com
Address: 109.201.138.229
.
.
.
.
You can pick any one to use. Though, I imagine they are used in round-robbin to share the load of the users. So if your proxy stops working all of a sudden, try changing to another IP.
Also the default setting:
# socks4 127.0.0.1 9050
Should be disabled, if you are using strict_chain, since it will error at not being able to contact the DNS through the (non-existant) TOR tunnel.
Test the connection:
proxychains wget www.google.com
Last of all, is the security concern about having to hard-code your password in a .conf file. My workaround has been to use a local, user-only file. Instead of using the above in /etc/proxychains.conf, create the same file in:
~/.proxychains/proxychains.conf
Create the directory if its not already there. Then ensure that only your user may read the file:
chmod go-rwx ~/.proxychains/proxychains.conf
A hash or shadow file would be better, but I haven't quite figured out how to have proxychains use something like that unfortunately.
Hope this is helpful!
No comments:
Post a Comment