1 00:00:00,420 --> 00:00:02,640 Welcome to Part 11 of this module. 2 00:00:03,300 --> 00:00:08,030 Well it's been a while but we're finally back in Cali in this video. 3 00:00:08,040 --> 00:00:14,430 We're going to be taking a look at proxy chains proxy chains is yet another method of staying anonymous 4 00:00:14,790 --> 00:00:16,520 while we do our work online. 5 00:00:16,560 --> 00:00:22,920 They can be set up on any Linux system really but proxy chains comes pre installed on Cowley. 6 00:00:23,040 --> 00:00:29,730 Proxy chains are a network of proxies that when properly configured will anonymize anything that you 7 00:00:29,730 --> 00:00:30,690 are doing online. 8 00:00:30,690 --> 00:00:39,170 B It s q well injection and map scan a brute force attack or even just browsing the web. 9 00:00:39,210 --> 00:00:45,390 Now you might be wondering what is the difference between a proxy and a proxy chain. 10 00:00:45,390 --> 00:00:52,380 Proxies are only used for browsers and won't tend to anonymous ize each TTP or web connections or whatever 11 00:00:52,380 --> 00:00:54,500 you're doing in the browser environment. 12 00:00:54,510 --> 00:01:01,230 Proxy chains on the other hand will anonymize all of the activity that you are doing online rather like 13 00:01:01,230 --> 00:01:08,700 a VPN that can in fact be used in conjunction with tor for further anonymity which I will be demonstrating 14 00:01:08,700 --> 00:01:10,480 towards the end of this tutorial. 15 00:01:10,560 --> 00:01:18,120 I said not to use taurine Carly and I stand by that because it's really not what Carly is intended for 16 00:01:18,270 --> 00:01:23,280 but this will add on some additional security and you can set up proxy chains. 17 00:01:23,280 --> 00:01:32,930 As I said on any Linux distribution and yes it is possible to use Tor proxy chains and a VPN all at 18 00:01:32,940 --> 00:01:34,110 the same time. 19 00:01:34,110 --> 00:01:40,140 The question of whether or not it is a good idea to use a VPN with Tor was addressed in the last video 20 00:01:40,140 --> 00:01:43,200 so I won't be covering that again here. 21 00:01:43,200 --> 00:01:49,380 I do encourage you to do some research on that question and make your own decision because as was said 22 00:01:49,440 --> 00:01:52,140 opinions do vary significantly. 23 00:01:52,140 --> 00:02:01,020 Also keep in mind that when using proxy chains or a VPN in virtual box your host operating system can 24 00:02:01,020 --> 00:02:06,470 still see whatever you're doing and its internet connection is not protected. 25 00:02:06,480 --> 00:02:06,830 All right. 26 00:02:06,860 --> 00:02:12,090 So the first thing we're going to do is we're going to open up a terminal window and before we get started 27 00:02:12,240 --> 00:02:16,900 we need to configure the proxy chains themselves to do this. 28 00:02:16,920 --> 00:02:23,490 We'll be using the proxy chains dot configuration file for that. 29 00:02:23,490 --> 00:02:27,690 We're gonna be using the Nano editor but if you prefer a different editor. 30 00:02:27,810 --> 00:02:29,060 Feel free to use that. 31 00:02:29,070 --> 00:02:35,760 I know some people are oddly attached and touchy when it comes to their favorite Ed in Linux. 32 00:02:35,760 --> 00:02:46,920 So assuming that you want to use nano we're going to do nano forward slash that's at C or ATC forward 33 00:02:46,920 --> 00:02:53,790 slash proxy chains dot c o and F for config. 34 00:02:53,850 --> 00:02:59,220 And do you remember its ATC because Kelly Linux is already in the root directory. 35 00:02:59,400 --> 00:03:04,500 If you're doing this on a different distribution of Linux or if you installed proxy change somewhere 36 00:03:04,500 --> 00:03:06,960 else your path may vary. 37 00:03:06,960 --> 00:03:08,630 There we are now. 38 00:03:08,820 --> 00:03:14,580 I suspect that most of you already know this but if you don't that's OK. 39 00:03:14,610 --> 00:03:24,110 These pound symbols or hashes at the start of each line basically tells the code to ignore that line. 40 00:03:24,150 --> 00:03:30,870 For those of you with some programming background these lines are effectively commented out so by removing 41 00:03:30,900 --> 00:03:38,100 a particular hash and then saving the configuration file we can essentially activate that particular 42 00:03:38,100 --> 00:03:39,910 feature. 43 00:03:39,970 --> 00:03:47,620 All right so the first line that we're going to concern ourselves with is this one each Sox for Sox 44 00:03:47,620 --> 00:03:52,420 5 tunneling proxy fire with DNS each TTP proxies. 45 00:03:52,630 --> 00:03:57,880 I trust you are all familiar with the are used in the Tor Browser. 46 00:03:58,030 --> 00:04:05,770 Sucks for is a very old method that is really not that popular anymore but it is offered and Sox 5 is 47 00:04:05,770 --> 00:04:08,190 what we'll be using their not demise. 48 00:04:08,230 --> 00:04:12,730 Everything that you are doing on the system on the Internet so using the down arrow. 49 00:04:12,820 --> 00:04:24,900 We're going to move down to this entry here for dynamic chains dynamic chains basically creates a network 50 00:04:24,960 --> 00:04:29,910 of change proxies all linked together. 51 00:04:29,910 --> 00:04:36,310 This is your quintessential bouncing your connection about from one proxy to another. 52 00:04:36,360 --> 00:04:40,620 These chains can change as you go. 53 00:04:40,620 --> 00:04:48,600 Strict chain on the other hand would just stick to specific proxies in order and you might want to do 54 00:04:48,600 --> 00:04:49,640 that instead. 55 00:04:49,650 --> 00:04:57,120 If you have certain proxies that you trust such as those you set up yourself or if you pay for proxies 56 00:04:57,600 --> 00:05:03,540 but for this demonstration we're going to go ahead and put a comment or hash or pound symbol if you 57 00:05:03,540 --> 00:05:12,770 prefer in front of strict chains and then we're going to go up here and we're going to remove the comment 58 00:05:12,830 --> 00:05:15,130 in front of dynamic chains. 59 00:05:15,400 --> 00:05:20,330 And when I say comment I mean the hash symbol or pound sign. 60 00:05:20,330 --> 00:05:24,320 And this is going to have the effect of turning dynamic chains on. 61 00:05:24,320 --> 00:05:30,080 So basically what this will do is go through a series of IP addresses or proxies in different countries 62 00:05:30,530 --> 00:05:34,760 and we will specify down below in the configuration section. 63 00:05:34,760 --> 00:05:42,860 So now we're gonna scroll down even further to proxy DNS requests in this section here. 64 00:05:42,860 --> 00:05:47,090 This is really where the beginners tend to make mistakes. 65 00:05:47,120 --> 00:05:57,170 What I mean is usually when anonymized your system you can use a proxy but you also have to change your 66 00:05:57,170 --> 00:05:58,600 DNS. 67 00:05:58,600 --> 00:06:05,330 The mistake most people make is they use a proxy which changes your location maybe every 10 to 15 minutes 68 00:06:05,750 --> 00:06:12,560 your connection is bouncing around the world but your DNS is still in the country that you're in now 69 00:06:12,560 --> 00:06:19,880 a good VPN with a strong client is already correcting this and provided there are no leaks. 70 00:06:19,880 --> 00:06:24,740 You should be good but this is not true by default with proxy chains. 71 00:06:24,740 --> 00:06:32,450 So when you use a proxy in let's say Switzerland and then 10 minutes later you're using one in Belgium 72 00:06:32,930 --> 00:06:39,560 and 10 minutes later in Germany but your DNS data is leaking all over the place and showing that you're 73 00:06:39,560 --> 00:06:40,750 in the United States. 74 00:06:40,760 --> 00:06:41,780 Let's say. 75 00:06:41,780 --> 00:06:50,360 Well it's not hard for a Web site like YouTube to log your proxy IP while also seeing your host country. 76 00:06:50,510 --> 00:06:55,970 And yes YouTube will probably already know that you're using a proxy because they can see that using 77 00:06:55,970 --> 00:06:59,860 different eyepiece but can also see that your DNS is in one country. 78 00:06:59,990 --> 00:07:01,690 So the moral of the story. 79 00:07:01,720 --> 00:07:05,780 Sure that proxy DNS requests are not leaking data. 80 00:07:06,110 --> 00:07:11,610 OK so now let's scroll down to the proxy format examples. 81 00:07:11,660 --> 00:07:13,850 This is a list of proxy formats. 82 00:07:13,850 --> 00:07:17,500 There are several examples given here and they're pretty straightforward. 83 00:07:17,540 --> 00:07:20,410 We'll get into configuration down here at the bottom. 84 00:07:20,420 --> 00:07:28,760 One thing we want to notice is that we are by default using socks for if we glance up at our examples 85 00:07:31,220 --> 00:07:36,900 we can see that we have a socks 5 example and that is what we want to use. 86 00:07:36,920 --> 00:07:45,290 We have the address for the proxy which could be changed the port which again also could be changed 87 00:07:46,070 --> 00:07:51,290 and these examples are the user name and password. 88 00:07:51,350 --> 00:07:56,450 If you actually buy a proxy or a proxy fire for proxy chain. 89 00:07:56,450 --> 00:08:01,880 In most cases they will give you a user name and password and this is where you would enter them. 90 00:08:01,880 --> 00:08:09,170 We'll be using Tor and proxy chains together in this demonstration and we'll be using whatever defaults 91 00:08:09,170 --> 00:08:16,550 come with Cali Linux under the proxy list heading below the examples we can see the defaults have been 92 00:08:16,550 --> 00:08:18,080 set to Tor. 93 00:08:18,080 --> 00:08:26,770 However it is being used in socks for we could change this but instead let's go ahead and type in Sox 94 00:08:26,790 --> 00:08:27,990 5. 95 00:08:28,010 --> 00:08:36,830 We'll press the tab key wants to keep the format consistent will enter the same IP which references 96 00:08:36,830 --> 00:08:48,200 ourselves and the same port 9 0 5 0 and last but not least we need to come up to the line Sox 4 and 97 00:08:48,200 --> 00:08:54,840 we're gonna go ahead and we're going to comment it out with the hash or pound symbol and we're done. 98 00:08:54,890 --> 00:08:57,680 So now we need to write the changes to do that. 99 00:08:57,710 --> 00:08:59,740 If we're using nano we press control. 100 00:08:59,780 --> 00:09:10,760 Oh and enter to confirm wrote sixty five lines good and in control X will allow us to exit Nano for 101 00:09:10,760 --> 00:09:12,160 this next step. 102 00:09:12,170 --> 00:09:15,630 We will be assuming that you have tor installed. 103 00:09:15,740 --> 00:09:22,250 If you don't already have tor installed in Cali and it may not be by default you would simply type apt 104 00:09:22,280 --> 00:09:32,300 dash get install tor hit enter say yes and allow Tor to install it'll probably take you about five minutes 105 00:09:33,910 --> 00:09:35,600 assuming you have tor installed. 106 00:09:35,620 --> 00:09:43,300 We need to check if the tour service is currently running so we don't want it to be currently running. 107 00:09:43,300 --> 00:09:47,500 So what we're gonna do is we're going to say service tor status 108 00:09:50,400 --> 00:09:58,640 and it's fine it's not running so now what we're going to do is we're going to start things off. 109 00:09:58,640 --> 00:10:10,180 Fresh Service for start and this is going to start the tour service the way we test this is by typing 110 00:10:10,660 --> 00:10:12,770 proxy chains. 111 00:10:12,820 --> 00:10:15,130 We have started the tour service by the way. 112 00:10:15,130 --> 00:10:24,430 Proxy chains Firefox or your browser of choice but Firefox is recommended when using Tor. 113 00:10:24,430 --> 00:10:27,710 And then we will put in a Web site. 114 00:10:27,730 --> 00:10:33,630 We'll just pick Duck Duck Go. 115 00:10:33,640 --> 00:10:39,070 Dot com press enter and to be clear you can use any Web site you like. 116 00:10:39,070 --> 00:10:45,970 Proxy change is going to start and it's going to open firefox to our intended Web site. 117 00:10:45,970 --> 00:10:51,670 Keep in mind this is going to take a while because running it through proxy chains means that we're 118 00:10:52,060 --> 00:10:56,110 forming a lot of connections and kind of bouncing them around. 119 00:10:56,110 --> 00:11:00,750 So you have to be patient just like you are when you're using Tor. 120 00:11:00,910 --> 00:11:02,770 And after a very long wait. 121 00:11:02,830 --> 00:11:05,420 Firefox does eventually pop up. 122 00:11:05,440 --> 00:11:07,180 So how do we know we're anonymous. 123 00:11:07,180 --> 00:11:12,580 Well let's take a quick look at the terminal and you don't really have to be too concerned with the 124 00:11:12,580 --> 00:11:13,390 output here. 125 00:11:13,390 --> 00:11:20,860 However this is essentially a map of how our chains are working out so I'm going to minimize this once 126 00:11:20,860 --> 00:11:27,040 again and keep in mind that if you closed the terminal Firefox will close that will end the session. 127 00:11:27,040 --> 00:11:29,170 We're running this through the terminal. 128 00:11:29,170 --> 00:11:34,670 So now we need to check for DNS leaks. 129 00:11:34,780 --> 00:11:39,450 You can do this with your VPN provider as well if you feel so inclined. 130 00:11:39,490 --> 00:11:44,020 As I said before any good provider with a solid client should not be leaking. 131 00:11:44,050 --> 00:11:51,300 But if you set up your own VPN or if you're using something a bit sketchy then this is a good practice. 132 00:11:51,340 --> 00:11:57,430 Either way we're going to search up check for DNS leaks. 133 00:11:57,550 --> 00:12:03,580 There are quite a few sites to choose from but for this demonstration we'll just go ahead and use the 134 00:12:04,000 --> 00:12:10,720 DNS leak test official site and just as an aside I realize I've used Google quite a few times in the 135 00:12:10,720 --> 00:12:15,300 course of this class and some of you probably think I'm a bit crazy for doing so. 136 00:12:15,340 --> 00:12:21,610 Duck Duck Go is a very nice search engine because it does not log your IP whereas Google tracks just 137 00:12:21,610 --> 00:12:22,960 about everything you do. 138 00:12:23,110 --> 00:12:32,740 At any rate here we have the DNS leak test dot com Web site and as you can see it thinks that I'm currently 139 00:12:32,740 --> 00:12:38,030 in Liberia and it's presenting an IP address that is definitely not my own. 140 00:12:38,050 --> 00:12:45,010 So we know that this is all working properly and with that in mind let's go ahead and start a standard 141 00:12:45,130 --> 00:12:45,660 test. 142 00:12:45,670 --> 00:12:50,580 And this is going to take a while when doing it through proxy chains. 143 00:12:50,580 --> 00:12:52,750 So please keep that in mind. 144 00:12:52,750 --> 00:12:58,950 So currently it's running several rounds of tests and I must stress very very slowly and now the test 145 00:12:58,950 --> 00:13:00,660 to successfully complete. 146 00:13:00,880 --> 00:13:07,800 And if we scroll down we can see that it thinks that I am in Germany so good. 147 00:13:08,000 --> 00:13:09,780 I am definitely not in Germany. 148 00:13:09,920 --> 00:13:17,870 And again you can run this test when you are using your VPN of choice to make sure that your DNS is 149 00:13:17,870 --> 00:13:20,220 not leaking. 150 00:13:20,240 --> 00:13:20,600 All right. 151 00:13:20,810 --> 00:13:26,420 So if you'd like to take further steps to make sure this is working for you one more thing you can do 152 00:13:26,450 --> 00:13:31,220 is close out of Firefox and return to the terminal window 153 00:13:33,900 --> 00:13:45,690 then we're going to do service tor restart and once again we're going to do proxy chains Firefox 154 00:13:49,750 --> 00:13:52,750 duck dark go 155 00:13:56,590 --> 00:14:04,790 and we come back over to DNS leak tests dot com and we can see that we have a different IP and apparent 156 00:14:04,800 --> 00:14:08,070 geo location this time in Germany. 157 00:14:08,070 --> 00:14:08,770 All right. 158 00:14:08,850 --> 00:14:13,470 Now I could repeat the test but it takes forever and I think you get the idea. 159 00:14:13,470 --> 00:14:23,430 OK now the proxies that Carly is connecting to by default are pretty dodgy which is to say I have no 160 00:14:23,430 --> 00:14:31,070 idea who is running them or why they are free which means that for all I know they are compromised. 161 00:14:31,200 --> 00:14:42,360 So it isn't a bad idea if you want to use this method to investigate your own proxies either creating 162 00:14:42,360 --> 00:14:50,400 them yourself such as through a virtual private server somewhere you pay for anonymously or purchased 163 00:14:50,400 --> 00:14:59,490 anonymously from a reliable source if you just use whatever Carly is set up to connect to as the default 164 00:15:00,000 --> 00:15:09,420 you are taking your chances for a penetration tester on a burner laptop using Tor and proxy chains from 165 00:15:09,420 --> 00:15:15,210 let's say a coffee shop or something of the kind that's probably just fine. 166 00:15:15,240 --> 00:15:22,790 I certainly would not suggest sending any personal data through any proxy that you don't trust and yes 167 00:15:22,880 --> 00:15:26,840 as I said earlier you can add a VPN into the mix. 168 00:15:26,900 --> 00:15:32,030 You can go full out VPN plus tor plus proxy chains. 169 00:15:32,030 --> 00:15:38,870 And again I want to stress that you do need to do some research the various opinions of security professionals 170 00:15:38,870 --> 00:15:45,380 about whether or not that is really the right approach for whatever you're trying to do are quite unique 171 00:15:45,380 --> 00:15:48,850 and varied because there really is no right answer. 172 00:15:48,860 --> 00:15:54,950 I know I keep repeating this but there is a big difference between the aforementioned pen tester in 173 00:15:54,950 --> 00:16:02,990 a coffee shop doing illegal penetration test and a reporter in a hostile foreign country trying to avoid 174 00:16:02,990 --> 00:16:05,700 mass surveillance with their life on the line. 175 00:16:05,720 --> 00:16:13,280 The rule is simple If the proxy is free and or you don't know for sure who controls it. 176 00:16:13,430 --> 00:16:21,110 Don't trust it at least not completely build your anonymous izing approach from a position of skepticism. 177 00:16:21,200 --> 00:16:30,380 Balancing your connection between proxies under the cover of a VPN or Tor is some pretty darn good anonymous 178 00:16:30,380 --> 00:16:36,910 housing and it would take a very powerful and very determined adversary to identify and track you. 179 00:16:36,910 --> 00:16:44,060 And let's be honest for most of you that hopefully isn't ever going to be the case even so don't use 180 00:16:44,060 --> 00:16:47,970 a proxy you don't trust to do your online banking. 181 00:16:48,020 --> 00:16:52,200 Not that an online bank is likely to let you in using a proxy. 182 00:16:52,220 --> 00:16:54,250 But you know what I mean. 183 00:16:54,410 --> 00:16:58,010 Don't use Tor for your online banking either. 184 00:16:58,160 --> 00:17:02,660 Understand the risks and limitations of these techniques and plan accordingly. 185 00:17:02,660 --> 00:17:04,170 And you should be just fine. 186 00:17:04,190 --> 00:17:09,440 And remember most places you connect to with proxy chains will most likely recognize the fact that you're 187 00:17:09,440 --> 00:17:10,930 using a proxy. 188 00:17:11,060 --> 00:17:16,910 At least they're likely to recognize one of the default proxies the proxy chains is using. 189 00:17:16,910 --> 00:17:24,920 And any cyber defense worthy of the name should flag such proxies as being hacking related immediately. 190 00:17:24,920 --> 00:17:28,610 Once again this is a good reason to track down better proxies. 191 00:17:28,760 --> 00:17:33,920 And it is something to be aware of when you set up your own defenses for any company that you work for 192 00:17:34,400 --> 00:17:41,990 using a widely known proxy is a pretty obvious dead giveaway that you're up to some kind of shenanigans. 193 00:17:42,170 --> 00:17:43,300 So there we go. 194 00:17:43,400 --> 00:17:51,010 Virtual Private Networks tour proxies and encryption the four corners of the anonymity square. 195 00:17:51,020 --> 00:17:51,980 Use them wisely.