2

I would like to ask the community a help about some correct way to configure the proxy

First of all, my start configuration was to follow the recommended, installing tor in Kali, configuring the /etc/proxychains.conf and then start the nmap.

 # proxychains.conf  VER 4.x
#
#        HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS.


# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
#strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#

# Proxy DNS requests - no leak for DNS data
#proxy_dns


# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

### Examples for localnet exclusion
## localnet ranges will *not* use a proxy to connect.
## Exclude connections to 192.168.1.0/24 with port 80
# localnet 192.168.1.0:80/255.255.255.0

## Exclude connections to 192.168.100.0/24
# localnet 192.168.100.0/255.255.255.0

## Exclude connections to ANYwhere with port 80
# localnet 0.0.0.0:80/0.0.0.0

## RFC5735 Loopback address range
## if you enable this, you have to make sure remote_dns_subnet is not 127
## you'll need to enable it if you want to use an application that 
## connects to localhost.
# localnet 127.0.0.0/255.0.0.0

## RFC1918 Private Address Ranges
# localnet 10.0.0.0/255.0.0.0
# localnet 172.16.0.0/255.240.0.0
# localnet 192.168.0.0/255.255.0.0

# ProxyList format
#       type  ip  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#       only numeric ipv4 addresses are valid
#
#
#        Examples:
#
#               socks5  192.168.67.78   1080    lamer   secret
#       http    192.168.89.3    8080    justu   hidden
#       socks4  192.168.1.49    1080
#           http    192.168.39.93   8080    
#       
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050

This configuration seems fine, but the nmap "works" only with these specific options:proxychains4 nmap -Ss -sT -Pn X.X.X.X -e eth0. Any other options implies the follow error:

root@kali:~# proxychains4 nmap -sT -Pn X.X.X.X -e eth0
[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.11-git-5-ge527b9e

Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-02 14:05 EDT
nmap: netutil.cc:1348: int collect_dnet_interfaces(const intf_entry*, void*): Assertion `rc == 0' failed.
Aborted

Setting the previews options it "seems" works, as is show bellow:

root@kali:~# proxychains4 nmap -Ss -sT -Pn X.X.X.X -e eth0
[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.11-git-5-ge527b9e

WARNING: -S will only affect the source address used in a connect() scan if you specify one of your own addresses.  Use -sS or another raw scan if you want to completely spoof your source address, but then you need to know what you're doing to obtain meaningful results.

Starting Nmap 7.12 ( https://nmap.org ) at 2016-08-02 11:52 EDT
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:3306 


[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:21 <--socket error or timeout!
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:53 <--denied
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:23  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:993 <--socket error or timeout!
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  X.X.X.X:80  ...  OK

Using the only option as I mentioned before, it enters in a loop of "[proxychains] Strict chain", changing the ports - I waited for 40 minutes and the nmap does not start then I stopped the process.

Does anyone knows the correct way to configure/use nmap with proxychains/tor?

Andriel
  • 21
  • 1
  • 3
  • @SteffenUllrich, I do now imagine that is duplicate of this link, I checked it before but my problem is also related with the commands that does not work in nmap when it uses proxychains. – Andriel Aug 03 '16 at 11:58

1 Answers1

0

If you are using tor as a proxy, know that it is TCP only. Which is why you should add the "-n" argument for no resolution.

Bob Ebert
  • 246
  • 2
  • 11
  • I just follow some walkthrougths as I mentioned at the comment to Steffen, please check it. The strange behavior is the error that shows every time when I try to use a different option with Nmap. – Andriel Aug 03 '16 at 11:30