Me gustaría pedirle a la comunidad una ayuda sobre la forma correcta de configurar el proxy
En primer lugar, mi configuración de inicio era seguir la instalación recomendada en Kali, configurar el /etc/proxychains.conf y luego iniciar el nmap.
# proxychains.conf VER 4.x # # HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS. # The option below identifies how the ProxyList is treated. # only one option should be uncommented at time, # otherwise the last appearing option will be accepted # dynamic_chain # # Dynamic - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped) # otherwise EINTR is returned to the app # #strict_chain # # Strict - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # all proxies must be online to play in chain # otherwise EINTR is returned to the app # # Proxy DNS requests - no leak for DNS data #proxy_dns # Some timeouts in milliseconds tcp_read_time_out 15000 tcp_connect_time_out 8000 ### Examples for localnet exclusion ## localnet ranges will *not* use a proxy to connect. ## Exclude connections to 192.168.1.0/24 with port 80 # localnet 192.168.1.0:80/255.255.255.0 ## Exclude connections to 192.168.100.0/24 # localnet 192.168.100.0/255.255.255.0 ## Exclude connections to ANYwhere with port 80 # localnet 0.0.0.0:80/0.0.0.0 ## RFC5735 Loopback address range ## if you enable this, you have to make sure remote_dns_subnet is not 127 ## you'll need to enable it if you want to use an application that ## connects to localhost. # localnet 127.0.0.0/255.0.0.0 ## RFC1918 Private Address Ranges # localnet 10.0.0.0/255.0.0.0 # localnet 172.16.0.0/255.240.0.0 # localnet 192.168.0.0/255.255.0.0 # ProxyList format # type ip port [user pass] # (values separated by 'tab' or 'blank') # # only numeric ipv4 addresses are valid # # # Examples: # # socks5 192.168.67.78 1080 lamer secret # http 192.168.89.3 8080 justu hidden # socks4 192.168.1.49 1080 # http 192.168.39.93 8080 # # # proxy types: http, socks4, socks5 # ( auth types supported: "basic"-http "user/pass"-socks ) # [ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050
Esta configuración parece estar bien, pero el nmap "funciona" solo con estas opciones específicas: proxychains4 nmap -Ss -sT -Pn X.X.X.X -e eth0. Cualquier otra opción implica el siguiente error:
root@kali:~# proxychains4 nmap -sT -Pn X.X.X.X -e eth0 [proxychains] config file found: /usr/local/etc/proxychains.conf [proxychains] preloading /usr/local/lib/libproxychains4.so [proxychains] DLL init: proxychains-ng 4.11-git-5-ge527b9e Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-02 14:05 EDT nmap: netutil.cc:1348: int collect_dnet_interfaces(const intf_entry*, void*): Assertion 'rc == 0' failed. Aborted
Al configurar las opciones de vista previa, "parece" que funciona, como se muestra a continuación:
root@kali:~# proxychains4 nmap -Ss -sT -Pn X.X.X.X -e eth0 [proxychains] config file found: /usr/local/etc/proxychains.conf [proxychains] preloading /usr/local/lib/libproxychains4.so [proxychains] DLL init: proxychains-ng 4.11-git-5-ge527b9e WARNING: -S will only affect the source address used in a connect() scan if you specify one of your own addresses. Use -sS or another raw scan if you want to completely spoof your source address, but then you need to know what you're doing to obtain meaningful results. Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-02 11:52 EDT [proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:3306[proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:21 <--socket error or timeout! [proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:53 <--denied [proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:23 ... OK [proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:993 <--socket error or timeout! [proxychains] Strict chain ... 127.0.0.1:9050 ... X.X.X.X:80 ... OK
Usando la única opción que mencioné anteriormente, ingresa en un bucle de "[cadena de cadenas estrictas]", cambiando los puertos: esperé 40 minutos y el nmap no se inicia, luego detuve el proceso.
¿Alguien sabe la forma correcta de configurar / usar nmap con proxychains / tor?