-   Linux - Networking (
-   -   How to use proxychains? (

Tyrant01 06-14-2008 07:16 PM

How to use proxychains?

I am behind a university proxy, which allows me to surf the internet without any filtering. However I would also like to be able to surf anonymously. I found this utility "proxychains".

1) Is it possible to, using this utilty:

surf the internet anonymously using multiple proxies, using Mozilla firefox?

2) How does one use it?

Now I checked the sourceforge readme file, tried as best I could to follow the intructions. I shoved some proxy server addresses at the bottom the proxychains.conf file (in the correct format, I hope).

I should note that the mode used was strict, and the top proxy was my university (http) proxy in dns form, so it went through this first. Is that correct?

I then typed in the the terminal:


proxychains firefox
firefox opened, I checked the ip, and it was still my normal ip, not the SOCKS proxies below the uni proxy.

Where I am going wrong?

I am still inexperienced, so bare with me. All help much appreciated.


unSpawn 06-16-2008 04:06 AM


Originally Posted by Tyrant01 (Post 3184937)
However I would also like to be able to surf anonymously. (..) 1) Is it possible to, (..) surf the internet anonymously using multiple proxies

There's a lot of docs on the 'net about "anonymous surfing". Most docs about anonymity expect you to research and know details yourself (which I think is good) but since you stated you're inexperienced I thought it best to provide you with some pointers for starting up your research to find out if you want it (or rather: need it).
- About TCP. TCP connects an endpoint to another endpoint. In essence this protocol does not allow for anonymity as (the operator of) each "next hop" has the addresses of both endpoints of the connection.
- About using open proxies. Using publicly accessable open proxies usually isn't legitimate because you'll be using what is not rightfully yours. Most of the proxies (HTTP, Wingates, etc cetera) are not accessable because the operators invite you to hog their bandwidth but because of misconfiguration. (And for anyone who succumbs to false reasoning saying it isn't all that bad, imagine you running a proxy on your network and someone maxing out on your bandwidth. Now tell me again it isn't all that bad.)
- Using services through proxies (or asking for proxy methods) usually is not associated with activities that are benign and legal. "Hiding" behind a proxy or chained proxies is not going to help for example in the case of IRC because IRC servers actively scan for them. A proxy may keep logs (even if they advertise they don't), be subverted (cracked) or be used for observation or be unreliable. Statistics of open connections and service logs provide an audit trail. Operators working together (or being forced to submit data) may yield the originating address.
- Using clients through proxies can lead to information leakage. For instance through name resolution (DNS: see SOCKS), browser "features" (Javascript or JAVA) or plugins (Flash scripting), by "tricking" the user to use a protocol that isn't proxied by default (HTTPS), trying to use direct connection to share files or any other flaw (and some clients are definately more equal than others).

- Privacy. The best prevention in general (when using more or less anonymous realtime electronic communication) is not to give people any reasons to try and pull tricks on you. Like not giving away personal details to people you don't know, run scripts you don't understand, accept direct connections from people you don't know or run scripts or binaries for people you don't know.
- General precautions. If you're concerned for privacy for the right reasons (citizens of certain states, those sharing sensitive information, etc, etc) you best take precautions first like strict firewalling (have an audit log yourself helps pinpoint problems) and content filtering (unwanted redirections), disabling any tracking and identity-revealing features, plugins and scripting and stay away from using applications that use a centralised setup (as in log audits).
- Alternatives There exist "alternatives" for different protocols:
- E-mail. No proxies needed. Just GnuPG your messages.
- HTTP. Mainly JAP and TOR. JAP is in the unpaid version deliberately very slow. TOR is low bandwidth (high latency) too and the TOR community does filter and doesn't take kindly to bandwidth hogging and any illegal activity.
- IRC. If you want a secured connection to the IRCd have a look at SILC.
- For some apps or services not listed there may be decentralised alternatives (research them yourself), but none should be perceived as "the ultimate guarantee" for anonimity.


unSpawn 09-02-2008 03:20 PM


Originally Posted by danny0085 (Post 3267468)
use firefox + tor

Awesome! The ability to convey so much information in one terse sentence! I must be stupid I did not mention TOR!

Tyrant01 09-21-2008 06:30 PM

Thanks for your input unspawn, I was also looking for pointers on the workings of "proxychains", but your pointers are duly noted. Yes, proxychaining a suspicious thing to do really, maybe I will look into some of your other suggestions (such as GNuPg-ing my messages, I get a lot of viagra mail for some reason). Also sorry for the really tardy reply (did read your response about a month back).

All times are GMT -5. The time now is 02:17 PM.