glad to see that project updated #10

franck09 opened this Issue Jan 26, 2012 · 4 comments


None yet
2 participants

Hi guys,

I'm happy to see that you decided to continue that project, which looked a bit abandoned for a while... I'm very interested by the possibility of chaining a bunch of proxies to anonymize any kind of ip traffic. However, from what I understand, the way proxychains currently works is that you launch it from the command line, and it's intercepting the systems call to the ip stack of the program specified in argument, and with that "hijacking" of the traffic in place, it is capable of anonymizing the traffic of any kind of program, even if the program in question doesnt support proxies.

This is great for a quick session of anonymous web browsing, however I'm wondering if It's currently possible to run proxychains as a kind of permanent open relay on a network, and to tunnel all traffic towards it ? From the readme it should work for http with Squid, but do you have an idea for a solution that would tunnel all traffic, dns, http, etc... ?

Keep up the great work !


rofl0r commented Jan 26, 2012

if you want to surf anonymously, you should definitely read the tor faq. there's tons of stuff in a browser that can leak your identity.
as for your question: no, it cannot route any traffic, because it doesnt support UDP.
but for TCP stuff, you can indeed run a proxified service.

I am aware of the risks browser information leakage, and about that, I was wondering if it would not be practical to have a kind of fail-safe in place against any info leakage, a IDS like Snort configured to analyse any outgoing traffic for any identity leak, and that would of course be able to drop any traffic that could possibly reveal your real identity.

To my understanding, it is certainly possible to run a browser with no extensions and restricted javascript support to prevent that, but since proxychains can proxy the traffic of any program, shouldn't we be worried that others programs than web browsers can leak info?


rofl0r commented Jan 26, 2012

there's a list on the tor faq that specifies which applications are considered safe and which not.
the rule of thumb is: the simpler the program, the easier it is to anonymify.
i.e. running netcat over tor to get a http page is completely safe, as long as you dont enter sensitive data...

the only secure way is to run apps in a complete isolated way which can not access any sensitive stuff.
checkout this here for a possible way to achieve this

franck09 commented Feb 2, 2012

Thanks for the info!

@franck09 franck09 closed this Feb 2, 2012

@ddoscomin ddoscomin referenced this issue in rofl0r/proxychains-ng Dec 18, 2012


Cant make on x86_64-linux-gnu Debian #7

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment