以前、Windows 10 WSLのKali Linuxにproxychainsをインストールしたことがありました。
今回はCentOS 8にインストールしてみました。リポジトリを探したのですが、見つけられなかったのでGithubからです。
rofl0r/proxychains-ng: proxychains ng (new generation) – GitHub
https://github.com/rofl0r/proxychains-ng
proxychains ng (new generation) – a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
proxychains projectはすでに保守されていないようですね。
検証環境
・CentOS Linux release 8.2.2004 (Core)
・Kernel 4.18.0-193.6.3.el8_2.x86_64
- Githubからソースをダウンロード
- ./configure
- make
- make install
- make install-config
- ifconfig.meで確認
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@centos8 ~]# git clone https://github.com/rofl0r/proxychains-ng.git Cloning into 'proxychains-ng'... remote: Enumerating objects: 9, done. remote: Counting objects: 100% (9/9), done. remote: Compressing objects: 100% (9/9), done. remote: Total 1278 (delta 3), reused 2 (delta 0), pack-reused 1269 Receiving objects: 100% (1278/1278), 633.79 KiB | 964.00 KiB/s, done. Resolving deltas: 100% (840/840), done. [root@centos8 ~]# ll proxychains-ng/ total 56 -rw-r--r--. 1 root root 703 Jun 27 10:24 AUTHORS -rw-r--r--. 1 root root 15127 Jun 27 10:24 COPYING -rw-r--r--. 1 root root 2262 Jun 27 10:24 Makefile -rw-r--r--. 1 root root 8625 Jun 27 10:24 README -rw-r--r--. 1 root root 109 Jun 27 10:24 TODO -rw-r--r--. 1 root root 5 Jun 27 10:24 VERSION -rwxr-xr-x. 1 root root 5994 Jun 27 10:24 configure drwxr-xr-x. 2 root root 4096 Jun 27 10:24 src drwxr-xr-x. 2 root root 234 Jun 27 10:24 tests drwxr-xr-x. 2 root root 42 Jun 27 10:24 tools |
1 2 3 4 5 6 7 8 9 10 11 |
[root@centos8 ~]# cd proxychains-ng/ [root@centos8 proxychains-ng]# ./configure --prefix=/usr --sysconfdir=/etc checking whether we have GNU-style getservbyname_r() ... yes checking whether we have pipe2() and O_CLOEXEC ... yes checking whether $CC defines __APPLE__ ... no checking whether $CC defines __FreeBSD__ ... no checking whether $CC defines __OpenBSD__ ... no checking whether $CC defines __sun ... no checking whether we can use -Wl,--no-as-needed ... yes checking what's the option to use in linker to set library name ... --soname Done, now run make && make install |
1 2 3 4 5 |
[root@centos8 proxychains-ng]# make cc -DSUPER_SECURE -DHAVE_GNU_GETSERVBYNAME_R -DHAVE_PIPE2 -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe -DLIB_DIR=\"/usr/lib\" -DSYSCONFDIR=\"/etc\" -DDLL_NAME=\"libproxychains4.so\" -fPIC -c -o src/nameinfo.o src/nameinfo.c printf '#define VERSION "%s"\n' "$(sh tools/version.sh)" > src/version.h cc -DSUPER_SECURE -DHAVE_GNU_GETSERVBYNAME_R -DHAVE_PIPE2 -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe -DLIB_DIR=\"/usr/lib\" -DSYSCONFDIR=\"/etc\" -DDLL_NAME=\"libproxychains4.so\" -fPIC -c -o src/version.o src/version.c (snip) |
コマンドが/usr/bin/proxychains4になっていました。
1 2 3 |
[root@centos8 proxychains-ng]# make install ./tools/install.sh -D -m 644 libproxychains4.so /usr/lib/libproxychains4.so ./tools/install.sh -D -m 755 proxychains4 /usr/bin/proxychains4 |
1 2 |
[root@centos8 proxychains-ng]# make install-config ./tools/install.sh -D -m 644 src/proxychains.conf /etc/proxychains.conf |
Proxyリストの初期値にsocks4 127.0.0.1 9050が記載されています。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 |
[root@centos8 proxychains-ng]# cat /etc/proxychains.conf # proxychains.conf VER 4.x # # HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS. # The option below identifies how the ProxyList is treated. # only one option should be uncommented at time, # otherwise the last appearing option will be accepted # #dynamic_chain # # Dynamic - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped) # otherwise EINTR is returned to the app # strict_chain # # Strict - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # all proxies must be online to play in chain # otherwise EINTR is returned to the app # #round_robin_chain # # Round Robin - Each connection will be done via chained proxies # of chain_len length # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped). # the start of the current proxy chain is the proxy after the last # proxy in the previously invoked proxy chain. # if the end of the proxy chain is reached while looking for proxies # start at the beginning again. # otherwise EINTR is returned to the app # These semantics are not guaranteed in a multithreaded environment. # #random_chain # # Random - Each connection will be done via random proxy # (or proxy chain, see chain_len) from the list. # this option is good to test your IDS :) # Make sense only if random_chain or round_robin_chain #chain_len = 2 # Quiet mode (no output from library) #quiet_mode # Proxy DNS requests - no leak for DNS data proxy_dns # set the class A subnet number to use for the internal remote DNS mapping # we use the reserved 224.x.x.x range by default, # if the proxified app does a DNS request, we will return an IP from that range. # on further accesses to this ip we will send the saved DNS name to the proxy. # in case some control-freak app checks the returned ip, and denies to # connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x. # of course you should make sure that the proxified app does not need # *real* access to this subnet. # i.e. dont use the same subnet then in the localnet section #remote_dns_subnet 127 #remote_dns_subnet 10 remote_dns_subnet 224 # Some timeouts in milliseconds tcp_read_time_out 15000 tcp_connect_time_out 8000 ### Examples for localnet exclusion ## localnet ranges will *not* use a proxy to connect. ## Exclude connections to 192.168.1.0/24 with port 80 # localnet 192.168.1.0:80/255.255.255.0 ## Exclude connections to 192.168.100.0/24 # localnet 192.168.100.0/255.255.255.0 ## Exclude connections to ANYwhere with port 80 # localnet 0.0.0.0:80/0.0.0.0 ## RFC5735 Loopback address range ## if you enable this, you have to make sure remote_dns_subnet is not 127 ## you'll need to enable it if you want to use an application that ## connects to localhost. # localnet 127.0.0.0/255.0.0.0 ## RFC1918 Private Address Ranges # localnet 10.0.0.0/255.0.0.0 # localnet 172.16.0.0/255.240.0.0 # localnet 192.168.0.0/255.255.0.0 # ProxyList format # type ip port [user pass] # (values separated by 'tab' or 'blank') # # only numeric ipv4 addresses are valid # # # Examples: # # socks5 192.168.67.78 1080 lamer secret # http 192.168.89.3 8080 justu hidden # socks4 192.168.1.49 1080 # http 192.168.39.93 8080 # # # proxy types: http, socks4, socks5 # ( auth types supported: "basic"-http "user/pass"-socks ) # [ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[root@centos8 ~]# proxychains4 Usage: proxychains4 -q -f config_file program_name [arguments] -q makes proxychains quiet - this overrides the config setting -f allows one to manually specify a configfile to use for example : proxychains telnet somehost.com More help in README file [root@centos8 ~]# proxychains4 curl ifconfig.me [proxychains] config file found: /etc/proxychains.conf [proxychains] preloading /usr/lib/libproxychains4.so [proxychains] DLL init: proxychains-ng 4.14-git-8-gb8fa2a7 [proxychains] Strict chain ... 127.0.0.1:9050 ... ifconfig.me:80 ... OK 104.244.xx.xxx |
127.0.0.1:9050(Tor経由)で接続されています。
curlならsocks proxy設定ができるので下記でもいいのですが。
1 2 3 4 5 |
[root@centos8 ~]# curl --socks5 127.0.0.1:9050 ifconfig.me 77.247.xxx.xxx [root@centos8 ~]# curl --proxy socks5://127.0.0.1:9050 ifconfig.me 77.247.xxx.xxx |