n the toolkit of a penetration tester, ProxyChains is a specialized utility that forces TCP connections from any application to be routed through a single proxy or a series of proxies.
It works by “hooking” into the networking libraries of dynamically linked programs using the LD_PRELOAD environment variable to intercept and redirect traffic.
Core Capabilities
-
Forcing Proxy Support: It allows applications that have no built-in proxy settings (like
nmap,ssh,telnet, orwget) to use proxies like SOCKS4, SOCKS5, or HTTP. -
Chaining Proxies: It can string multiple proxies together, making it nearly impossible for a target to identify the original source IP address.
-
Pivoting: In penetration testing, it is used to pivot deeper into a network by using a compromised host as a gateway to reach previously unreachable internal subnets.
-
DNS Leak Prevention: When properly configured with the
proxy_dnsdirective, it ensures that DNS resolution also happens through the proxy chain, preventing your real IP from leaking via DNS queries.
Common Chain Types
You can configure how the tool selects proxies by editing the configuration file (usually /etc/proxychains4.conf or /etc/proxychains.conf):
| Chain Type | Behavior |
|---|---|
| Dynamic Chain | Attempts proxies in the listed order. If one fails, it is automatically skipped. Highly recommended for reliability. |
| Strict Chain | Uses every proxy exactly in the assigned order. If a single proxy in the chain fails, the entire connection fails. |
| Random Chain | Picks a random proxy (or a specified number of proxies) from the list for each connection. Useful for bypassing IDS. |
| Round Robin | Cycles through the list of proxies to distribute connection requests evenly. |
Usage & Commands
The simplest way to use the tool is to prepend the command to whatever application you want to proxy.
| Command | Description |
|---|---|
proxychains [command] | Basic Run: Executes the specified command through the default proxy chain. |
proxychains -q [command] | Quiet Mode: Suppresses the chatty output that shows every connection attempt. |
proxychains -f [config.conf] [command] | Custom Config: Uses a specific configuration file instead of the system default. |
proxychains nmap -sT -Pn [Target_IP] | Nmap Scan: Scans a target through a proxy. (Note: Must use -sT for TCP Connect scan). |
⚠️ Critical Limitations
-
TCP Only: ProxyChains only supports TCP traffic; it cannot proxy UDP or ICMP (ping) traffic.
-
Dynamic Linking: It only works with dynamically linked programs. It will not work with statically compiled binaries or some Go-based tools that don’t use standard system libraries.
-
Speed: Each hop in the proxy chain adds latency, which can significantly slow down your tools.
ProxyChains
📝 Overview
What it is: A Linux-based utility that redirects TCP traffic from any application through a chain of proxies (SOCKS4/5, HTTP). Target Phase: Reconnaissance / Exploitation / Pivoting Operating System: Linux / UNIX (Native)
⚙️ Core Capabilities
- Pivoting: Uses compromised hosts as gateways to reach internal networks.
- Anonymization: Chains multiple proxies to hide the attacker’s source IP.
- DNS Proxying: Routes DNS requests through the chain to prevent leaks.
🏷️ Tags
ProxyChains CLItool Pivoting Anonymity TCP PenTestPlus Linux
Reconnaissance #Exploitation