From 0febe37477482d22ae31bd3086bf77541867267d Mon Sep 17 00:00:00 2001 From: Lokesh Sharma Date: Sun, 29 Oct 2017 23:07:08 +0530 Subject: [PATCH 1/4] Improve README --- README => README.md | 167 ++++++++++++++++++++++---------------------- 1 file changed, 83 insertions(+), 84 deletions(-) rename README => README.md (62%) diff --git a/README b/README.md similarity index 62% rename from README rename to README.md index cb0e15e..63d8a04 100644 --- a/README +++ b/README.md @@ -1,58 +1,54 @@ -ProxyChains-NG ver 4.12 README -============================= +## ProxyChains-NG ver 4.12 - ProxyChains is a UNIX program, that hooks network-related libc functions - in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD) - and redirects the connections through SOCKS4a/5 or HTTP proxies. - It supports TCP only (no UDP/ICMP etc). +ProxyChains is a UNIX program, that hooks network-related libc functions +in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD) +and redirects the connections through SOCKS4a/5 or HTTP proxies. +It supports TCP only (no UDP/ICMP etc). - The way it works is basically a HACK; so it is possible that it doesn't - work with your program, especially when it's a script, or starts - numerous processes like background daemons or uses dlopen() to load - "modules" (bug in glibc dynlinker). - It should work with simple compiled (C/C++) dynamically linked programs - though. +The way it works is basically a HACK; so it is possible that it doesn't +work with your program, especially when it's a script, or starts +numerous processes like background daemons or uses dlopen() to load +"modules" (bug in glibc dynlinker). +It should work with simple compiled (C/C++) dynamically linked programs +though. - If your program doesn't work with proxychains, consider using an - iptables based solution instead; this is much more robust. +If your program doesn't work with proxychains, consider using an +iptables based solution instead; this is much more robust. - Supported Platforms: Linux, BSD, Mac. +Supported Platforms: Linux, BSD, Mac. -*********** ATTENTION *********** +> ### Attentaion - this program can be used to circumvent censorship. - doing so can be VERY DANGEROUS in certain countries. +> this program can be used to circumvent censorship. +> doing so can be VERY DANGEROUS in certain countries. - ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED - BEFORE USING IT FOR ANYTHING SERIOUS. +> ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED BEFORE USING IT FOR ANYTHING SERIOUS. - this involves both the program and the proxy that you're going to - use. +> this involves both the program and the proxy that you're going to use. - for example, you can connect to some "what is my ip" service - like ifconfig.me to make sure that it's not using your real ip. +> for example, you can connect to some "what is my ip" service like ifconfig.me to make sure that it's not using your real ip. - ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING. +> ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING. - THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY - RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND - THE RESULTING CONSEQUENCES. +> THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND THE RESULTING CONSEQUENCES. -*** Installation *** +### Installation - # needs a working C compiler, preferably gcc - ./configure --prefix=/usr --sysconfdir=/etc - make - [optional] sudo make install - [optional] sudo make install-config (installs proxychains.conf) +``` +# needs a working C compiler, preferably gcc +./configure --prefix=/usr --sysconfdir=/etc +make +[optional] sudo make install +[optional] sudo make install-config (installs proxychains.conf) - if you dont install, you can use proxychains from the build directory - like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80 +if you dont install, you can use proxychains from the build directory +like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80 +``` -Changelog: ----------- -Version 4.12 +### Changelog: + +#### Version 4.12 - fix several build issues - for MAC - with -pie @@ -62,32 +58,32 @@ Version 4.12 - fix several warnings for cleaner build on debian - fix random_chain on OSX (0f6b226) -Version 4.11 +#### Version 4.11 - preliminary IPv6 support - fixed bug in hostsreader - preliminary support for usage on OpenBSD (caveat emptor) -Version 4.10 +#### Version 4.10 - fix regression in linking order with custom LDFLAGS - fix segfault in DNS mapping code in programs with > ~400 different lookups -Version 4.9 +#### Version 4.9 - fix a security issue CVE-2015-3887 - add sendto hook to handle MSG_FASTOPEN flag - replace problematic hostentdb with hostsreader - fix compilation on OpenBSD (although doesn't work there) -Version 4.8.1: +#### Version 4.8.1: - fix regression in 4.8 install-config Makefile target -Version 4.8: +#### Version 4.8: - fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST to test for a numeric ip instead of resolving it (fixes nmap). - allow usage with programs that rely on LD_PRELOAD themselves - reject wrong entries in config file - print version number on startup -Version 4.7: +#### Version 4.7: - new round_robin chaintype by crass. - fix bug with lazy allocation when GCC constructor was not used. - new configure flag --fat-binary to create a "fat" binary/library on OS X @@ -95,35 +91,35 @@ Version 4.7: it's legal for a program to retry close() calls when they receive EINTR, which could cause an infinite loop, as seen in chromium. -Version 4.6: +#### Version 4.6: - some cosmetic fixes to Makefile, fix a bug when non-numeric ip was used as proxy server address. -Version 4.5: +#### Version 4.5: - hook close() to prevent OpenSSH from messing with internal infrastructure. this caused ssh client to segfault when proxified. -Version 4.4: +#### Version 4.4: - FreeBSD port - fixes some installation issues on Debian and Mac. -Version 4.3: +#### Version 4.3: - fixes programs that do dns-lookups in child processes (fork()ed), like irssi. to achieve this, support for compilation without pthreads was sacrified. - fixes thread safety for gethostent() calls. - improved DNS handling speed, since hostent db is cached. -Version 4.2: +#### Version 4.2: - fixes compilation issues with ubuntu 12.04 toolchain - fixes segfault in rare codepath -Version 4.1 +#### Version 4.1 - support for mac os x (all archs) - all internal functions are threadsafe when compiled with -DTHREAD_SAFE (default). -Version 4.0 +#### Version 4.0 - replaced dnsresolver script (which required a dynamically linked "dig" binary to be present) with remote DNS lookup. this speeds up any operation involving DNS, as the old script had to use TCP. @@ -133,22 +129,22 @@ Version 4.0 it also adds support for a config file passed via command line switches/ environment variables. -Version 3.0 +#### Version 3.0 - support for DNS resolving through proxy supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers. Auth-types: socks - "user/pass" , http - "basic". -When to use it ? -1) When the only way to get "outside" from your LAN is through proxy server. -2) To get out from behind restrictive firewall which filters outgoing ports. -3) To use two (or more) proxies in chain: +### When to use it ? +1. When the only way to get "outside" from your LAN is through proxy server. +2. To get out from behind restrictive firewall which filters outgoing ports. +3. To use two (or more) proxies in chain: like: your_host <--> proxy1 <--> proxy2 <--> target_host -4) To "proxify" some program with no proxy support built-in (like telnet) -5) Access intranet from outside via proxy. -6) To use DNS behind proxy. -7) To access hidden tor onion services. +4. To "proxify" some program with no proxy support built-in (like telnet) +5. Access intranet from outside via proxy. +6. To use DNS behind proxy. +7. To access hidden tor onion services. -Some cool features: +### Some cool features: * This program can mix different proxy types in the same chain like: your_host <-->socks5 <--> http <--> socks4 <--> target_host @@ -163,41 +159,45 @@ Some cool features: * DNS resolving through proxy. -Configuration: --------------- +### Configuration: proxychains looks for config file in following order: -1) file listed in environment variable PROXYCHAINS_CONF_FILE or - provided as a -f argument to proxychains script or binary. -2) ./proxychains.conf -3) $(HOME)/.proxychains/proxychains.conf -4) $(sysconfdir)/proxychains.conf ** +1. file listed in environment variable PROXYCHAINS_CONF_FILE or provided as a -f argument to proxychains script or binary. +2. `./proxychains.conf` +3. `$(HOME)/.proxychains/proxychains.conf` +4. `$(sysconfdir)/proxychains.conf` ** ** usually /etc/proxychains.conf -Usage Example: +#### Usage Example: - $ proxychains telnet targethost.com +``` +proxychains telnet targethost.com +``` in this example it will run telnet through proxy(or chained proxies) specified by proxychains.conf -Usage Example: +#### Usage Example: - $ proxychains -f /etc/proxychains-other.conf telnet targethost2.com +``` +proxychains -f /etc/proxychains-other.conf telnet targethost2.com +``` in this example it will use different configuration file then proxychains.conf to connect to targethost2.com host. -Usage Example: +#### Usage Example: - $ proxyresolv targethost.com +``` +proxyresolv targethost.com +``` in this example it will resolve targethost.com through proxy(or chained proxies) specified by proxychains.conf -Known Problems: ---------------- +### Known Problems: + - newer versions of nmap try to determine the network interface to use even if it's not needed (like when doing simple syn scans which use the standard POSIX socket API. this results in errors when proxychains hands @@ -220,12 +220,11 @@ Known Problems: musl libc is unaffected from the bug. -Community: ----------- -#proxychains on irc.freenode.net +### Community: + +> #proxychains on irc.freenode.net + +### Donations: -Donations: ----------- -bitcoins donations are welcome - please send to this address: -1C9LBpuy56veBqw5N33sZMoZW8mwCw3tPh +Bitcoins donations are welcome - please send to this address `1C9LBpuy56veBqw5N33sZMoZW8mwCw3tPh` From 6acf73d4d7848fa050a8ce7d8223dfc16e79229d Mon Sep 17 00:00:00 2001 From: Lokesh Sharma Date: Sun, 29 Oct 2017 23:10:28 +0530 Subject: [PATCH 2/4] Improve attention and installation block --- README.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 63d8a04..7c431e1 100644 --- a/README.md +++ b/README.md @@ -19,32 +19,33 @@ Supported Platforms: Linux, BSD, Mac. > ### Attentaion - +> > this program can be used to circumvent censorship. > doing so can be VERY DANGEROUS in certain countries. - +> > ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED BEFORE USING IT FOR ANYTHING SERIOUS. - +> > this involves both the program and the proxy that you're going to use. - +> > for example, you can connect to some "what is my ip" service like ifconfig.me to make sure that it's not using your real ip. - +> > ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING. - +> > THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND THE RESULTING CONSEQUENCES. ### Installation +It needs a working C compiler, preferably gcc ``` -# needs a working C compiler, preferably gcc ./configure --prefix=/usr --sysconfdir=/etc make [optional] sudo make install [optional] sudo make install-config (installs proxychains.conf) +``` if you dont install, you can use proxychains from the build directory -like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80 -``` +like this: `./proxychains4 -f src/proxychains.conf telnet google.com 80` + ### Changelog: From 41881ebdbe120632c9034e59c7b745bb1f27c753 Mon Sep 17 00:00:00 2001 From: Lokesh Sharma Date: Sun, 29 Oct 2017 23:11:54 +0530 Subject: [PATCH 3/4] Fix attention spelling and community block --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7c431e1..9cee58b 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ iptables based solution instead; this is much more robust. Supported Platforms: Linux, BSD, Mac. -> ### Attentaion +> ### Attention > > this program can be used to circumvent censorship. > doing so can be VERY DANGEROUS in certain countries. @@ -223,7 +223,7 @@ specified by proxychains.conf ### Community: -> #proxychains on irc.freenode.net +`#proxychains` on irc.freenode.net ### Donations: From f20ff05495ed3722aa65381492d36a96140adf58 Mon Sep 17 00:00:00 2001 From: Lokesh Sharma Date: Sun, 29 Oct 2017 23:14:22 +0530 Subject: [PATCH 4/4] Improve attention block by bolding it --- README.md | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 9cee58b..e577117 100644 --- a/README.md +++ b/README.md @@ -18,20 +18,20 @@ iptables based solution instead; this is much more robust. Supported Platforms: Linux, BSD, Mac. -> ### Attention -> -> this program can be used to circumvent censorship. -> doing so can be VERY DANGEROUS in certain countries. -> -> ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED BEFORE USING IT FOR ANYTHING SERIOUS. -> -> this involves both the program and the proxy that you're going to use. -> -> for example, you can connect to some "what is my ip" service like ifconfig.me to make sure that it's not using your real ip. -> -> ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING. -> -> THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND THE RESULTING CONSEQUENCES. +### Attention + +this program can be used to circumvent censorship. +doing so can be VERY DANGEROUS in certain countries. + +__ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED BEFORE USING IT FOR ANYTHING SERIOUS.__ + +this involves both the program and the proxy that you're going to use. + +for example, you can connect to some "what is my ip" service like ifconfig.me to make sure that it's not using your real ip. + +__ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.__ + +__THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND THE RESULTING CONSEQUENCES.__ ### Installation