Total Pageviews

Thursday, 18 February 2016

在mac上,安装proxychains

yudeMacBook-Air:~ brite$ brew install proxychains-ng
==> Downloading https://homebrew.bintray.com/bottles/proxychains-ng-4.10.yosemit
######################################################################## 100.0%
==> Pouring proxychains-ng-4.10.yosemite.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink etc/proxychains.conf
Target /usr/local/etc/proxychains.conf
is a symlink belonging to proxychains. You can unlink it:
  brew unlink proxychains

To force the link and overwrite all conflicting files:
  brew link --overwrite proxychains-ng

To list all files that would be deleted:
  brew link --overwrite --dry-run proxychains-ng

Possible conflicting files are:
/usr/local/etc/proxychains.conf -> /usr/local/Cellar/proxychains/HEAD/etc/proxychains.conf
/usr/local/bin/proxychains4 -> /usr/local/Cellar/proxychains/HEAD/bin/proxychains4
/usr/local/lib/libproxychains4.dylib -> /usr/local/Cellar/proxychains/HEAD/lib/libproxychains4.dylib
==> Summary
  /usr/local/Cellar/proxychains-ng/4.10: 8 files, 92K
yudeMacBook-Air:~ brite$ brew link --overwrite proxychains-ng
Linking /usr/local/Cellar/proxychains-ng/4.10... 3 symlinks created
yudeMacBook-Air:~ brite$ proxychains
-bash: proxychains: command not found
yudeMacBook-Air:~ brite$ proxychains4

Usage: proxychains4 -q -f config_file program_name [arguments]
-q makes proxychains quiet - this overrides the config setting
-f allows to manually specify a configfile to use
for example : proxychains telnet somehost.com
More help in README file

yudeMacBook-Air:~ brite$
----------------

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. 

ProxyChains-NG ver 4.11 README
=============================

  ProxyChains is a UNIX program, that hooks network-related libc functions
  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
  and redirects the connections through SOCKS4a/5 or HTTP proxies.
  It supports TCP only (no UDP/ICMP etc).

  The way it works is basically a HACK; so it is possible that it doesn't
  work with your program, especially when it's a script, or starts
  numerous processes like background daemons or uses dlopen() to load
  "modules" (bug in glibc dynlinker).
  It should work with simple compiled (C/C++) dynamically linked programs
  though.

  If your program doesn't work with proxychains, consider using an
  iptables based solution instead; this is much more robust.

  Supported Platforms: Linux, BSD, Mac.


*********** ATTENTION ***********

  this program can be used to circumvent censorship.
  doing so can be VERY DANGEROUS in certain countries.

  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
  BEFORE USING IT FOR ANYTHING SERIOUS.

  this involves both the program and the proxy that you're going to
  use.

  for example, you can connect to some "what is my ip" service
  like ifconfig.me to make sure that it's not using your real ip.

  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.

  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY
  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND
  THE RESULTING CONSEQUENCES.

*** Installation ***

  # needs a working C compiler, preferably gcc
  ./configure --prefix=/usr --sysconfdir=/etc
  make
  [optional] sudo make install
  [optional] sudo make install-config (installs proxychains.conf)

  if you dont install, you can use proxychains from the build directory
  like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80

Changelog:
----------
Version 4.11
- preliminary IPv6 support
- fixed bug in hostsreader
- preliminary support for usage on OpenBSD (caveat emptor)

Version 4.10
- fix regression in linking order with custom LDFLAGS
- fix segfault in DNS mapping code in programs with > ~400 different lookups

Version 4.9
- fix a security issue CVE-2015-3887
- add sendto hook to handle MSG_FASTOPEN flag
- replace problematic hostentdb with hostsreader
- fix compilation on OpenBSD (although doesn't work there)

Version 4.8.1:
- fix regression in 4.8 install-config Makefile target

Version 4.8:
- fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
  to test for a numeric ip instead of resolving it (fixes nmap).
- allow usage with programs that rely on LD_PRELOAD themselves
- reject wrong entries in config file
- print version number on startup

Version 4.7:
- new round_robin chaintype by crass.
- fix bug with lazy allocation when GCC constructor was not used.
- new configure flag --fat-binary to create a "fat" binary/library on OS X
- return EBADF rather than EINTR in close hook.
  it's legal for a program to retry close() calls when they receive
  EINTR, which could cause an infinite loop, as seen in chromium.

Version 4.6:
- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
  used as proxy server address.

Version 4.5:
- hook close() to prevent OpenSSH from messing with internal infrastructure.
  this caused ssh client to segfault when proxified.

Version 4.4:
- FreeBSD port
- fixes some installation issues on Debian and Mac.

Version 4.3:
- fixes programs that do dns-lookups in child processes (fork()ed),
  like irssi. to achieve this, support for compilation without pthreads
  was sacrified.
- fixes thread safety for gethostent() calls.
- improved DNS handling speed, since hostent db is cached.

Version 4.2:
- fixes compilation issues with ubuntu 12.04 toolchain
- fixes segfault in rare codepath

Version 4.1
- support for mac os x (all archs)
- all internal functions are threadsafe when compiled with -DTHREAD_SAFE
  (default).

Version 4.0
- replaced dnsresolver script (which required a dynamically linked "dig"
  binary to be present) with remote DNS lookup.
  this speeds up any operation involving DNS, as the old script had to use TCP.
  additionally it allows to use .onion urls when used with TOR.
- removed broken autoconf build system with a simple Makefile.
  there's a ./configure script though for convenience.
  it also adds support for a config file passed via command line switches/
  environment variables.

Version 3.0
- support for DNS resolving through proxy
  supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
  Auth-types: socks - "user/pass" , http - "basic".

When to use it ?
1) When the only way to get "outside" from your LAN is through proxy server.
2) To get out from behind restrictive firewall which filters outgoing ports.
3) To use two (or more) proxies in chain:
 like: your_host <--> proxy1 <--> proxy2 <--> target_host
4) To "proxify" some program with no proxy support built-in (like telnet)
5) Access intranet from outside via proxy.
6) To use DNS behind proxy.
7) To access hidden tor onion services.

Some cool features:

* This program can mix different proxy types in the same chain
 like: your_host <-->socks5 <--> http <--> socks4 <--> target_host
* Different chaining options supported
 random order from the list ( user defined length of chain ).
 exact order  (as they appear in the list )
 dynamic order (smart exclude dead proxies from chain)
* You can use it with most TCP client applications, possibly even network
 scanners, as long as they use standard libc functionality.
 pcap based scanning does not work.
* You can use it with servers, like squid, sendmail, or whatever.
* DNS resolving through proxy.


Configuration:
--------------

proxychains looks for config file in following order:
1) file listed in environment variable PROXYCHAINS_CONF_FILE or
 provided as a -f argument to proxychains script or binary.
2) ./proxychains.conf
3) $(HOME)/.proxychains/proxychains.conf
4) $(sysconfdir)/proxychains.conf  **

** usually /etc/proxychains.conf

Usage Example:

 $ proxychains telnet targethost.com

in this example it will run telnet through proxy(or chained proxies)
specified by proxychains.conf

Usage Example:

 $ proxychains -f /etc/proxychains-other.conf telnet targethost2.com

in this example it will use different configuration file then proxychains.conf
to connect to targethost2.com host.

Usage Example:

 $ proxyresolv targethost.com

in this example it will resolve targethost.com through proxy(or chained proxies)
specified by proxychains.conf

Known Problems:
---------------
- newer versions of nmap try to determine the network interface to use
  even if it's not needed (like when doing simple syn scans which use the
  standard POSIX socket API. this results in errors when proxychains hands
  out an ip address to a reserved address space.
  possible workarounds: disable proxy_dns, use a numeric ip, or use nmap's
  native support for SOCKS proxies.

- Mac OS X 10.11 (El Capitan) ships with a new security feature called SIP
  that prevents hooking of system apps.
  workarounds are to partially disable SIP by issuing
  csrutil enable --without debug in recovery mode,
  or to copy the system binary into the home directory and run it from there.
  see github issue #78 for details.

- the glibc dynlinker has a bug or security feature that inhibits dlopen()ed
  modules from being subject to the same dlsym hooks as installed for the main
  program. this mainly affects scripting languages such as perl or python
  that heavily rely on dlopen() for modules written in C to work.
  there are unconfirmed reports that it works as root though.
  musl libc is unaffected from the bug.

from https://github.com/rofl0r/proxychains-ng
--------------------------------

相关帖子:http://briteming.blogspot.com/2015/10/macosproxychains.html
-----------------------------------

配置

编辑配置文件 nano /usr/local/etc/proxychains.conf
在 [ProxyList] 下面(也就是末尾)加入代理类型,代理地址和端口
例如使用 TOR 代理,注释掉原来的代理并添加
socks5  127.0.0.1 9050
如果所在的网络很复杂,可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链,如果有代理服务器失效,则自动将其排除,但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是:
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链,要求所有的代理服务器都是有效的

使用

proxychains4 curl twitter.com
配合 wget 和 curl 来下载,非常好用.
-------------------------------------------------------------------------------------------------------------------------------

Mac OSX系统下,通过ProxyChains-NG,实现终端下的代理


起因:
我中华大地大局域网风云变幻,目前git push git pull git clone等,单反需要访问真互联网的操作总让人痛心!痛彻心扉~~
怎么办?shadowsocks可以让我访问真互联网,但是每次命令行都会遇到一些问题,开启全局代理依然无法git 到 GitHub.怎么办?之前试过tsocks,现在,我的体验是,它只能支持wget,不能git
为了方便快捷解决这个问题,这里推荐下ProxyChains-NG,下面具体操作.
项目主页:https://github.com/rofl0r/proxychains-ng
官方说明:
proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.

安装配置

使用 Homebrew 安装


brew install proxychains-ng
编辑配置文件 vim /usr/local/etc/proxychains.conf
[ProxyList] 下面(也就是末尾)加入代理类型,代理地址和端口
例如使用 TOR 代理,注释掉原来的代理并添加


socks5  127.0.0.1 1080
注意,这里的端口号根据你自己的决定,比如我用的shadowsocks,本地端口是1080,那这里就是1080
如果所在的网络很复杂,可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链,如果有代理服务器失效,则自动将其排除,但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是:
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链,要求所有的代理服务器都是有效的

使用

在命令的前面加上proxychains4即可


proxychains4 git push

OSX 10.11安装失败?

2015-12-05更新
由于 OSX 10.11 的 SIP 特性,会导致 proxychains-ng 安装失败,这里有三种解决方法:
  1. 如果是使用 brew install proxychains-ng 安装的话,由于没有写入权限,必须暂时关闭 SIP,安装成功之后再打开 SIP。具体方法见 http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/
  2. 如果不使用 brew install 的话,可以 clone 源码自己编译安装,关键是避免安装到 usr 目录(无法写入),手动指定写入目录,如 ./configure --prefix=$HOME/.local --sysconfdir=/etc,etc 有写入权限不必修改,记得添加环境变量即可。
  3. 需要先安装 xcode7 , 然后执行 xcode-select -s /Applications/Xcode-beta.app/Contents/Developer ,就能用 brew 安装 proxychains 了,可能以后 xcode7 正式版本出来,要记得改回来。 除此之外,OSX 自带的 git,curl 等版本过低,无法支持 proxychains-ng,请手动更新版本.
------------------------
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.

ProxyChains ver. 4.2.0 README

Build Status
ProxyChains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections through SOCKS4a/5 or HTTP proxies.
Warning
this program works only on dynamically linked programs. also both proxychains and the program to call must use the same dynamic linker (i.e. same libc)

Known limitations of the current version

when a process forks, does a DNS lookup in the child, and then uses the ip in the parent, the corresponding ip mapping will not be found. this is because the fork can’t write back into the parents mapping table. IRSSI shows this behaviour, so you have to pass the resolved ip address to it. (you can use the proxyresolv script (requires "dig") to do so)
this means that you can’t currently use tor onion urls for irssi. to solve this issue, an external data store (file, pipe, …​) has to manage the dns <→ ip mapping. of course there has to be proper locking. shm_open, mkstemp, are possible candidates for a file based approach, the other option is to spawn some kind of server process that manages the map lookups. since connect() etc are hooked, this must not be a TCP server.
I am reluctant on doing this change, because the described behaviour seems pretty idiotic (doing a fork only for a DNS lookup), and irssi is currently the only known affected program.

Installation

Using release version

Proxychains-4.2.0 are available with pkgsrc to everyone using it on LinuxNetBSDFreeBSDOpenBSDDragonFlyBSD orMac OS X. You just need to install pkgsrc-wip repository and run make install in a wip/proxychains directory.
You can find out more about pkgsrc on pkgsrc and about pkgsrc-wip on Pkgsrc-wip homepage

Installing on Mac OS X with homebrew

You can install current proxychains on Mac OS X with an homebrew. You have to download unofficial homebrew formulafrom to your BREW_HOME by default /usr/local/Library/Formula/ and run
$ brew install proxychains

Running Current Source code version

# needs a working C compiler, preferably gcc
./configure
make
sudo make install

Changelog

Version (4.x) removes the dnsresolver script which required a dynamically linked "dig" binary to be present with remote DNS lookup. this speeds up any operation involving DNS, as the old script had to use TCP. additionally it allows to use .onion urls when used with TOR. also it removed the broken autoconf build system with a simple Makefile. there’s a ./configure script though for convenience. it also adds support for a config file passed via command line switches/ environment variables.
Version (3.x) introduces support for DNS resolving through proxy it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
  • Auth-types
    • socks - "user/pass",
    • http - "basic"

When to use it

  • When the only way to get "outside" from your LAN is through proxy server.
  • To get out from behind restrictive firewall which filters outgoing ports.
  • To use two (or more) proxies in chain:
   like: your_host <--> proxy1 <--> proxy2 <--> target_host
  • To "proxify" some program with no proxy support built-in (like telnet)
  • Access intranet from outside via proxy.
  • To use DNS behind proxy.

Some cool features

  • This program can mix different proxy types in the same chain
  like: your_host <-->socks5 <--> http <--> socks4 <--> target_host
  • Different chaining options supported random order from the list ( user defined length of chain ). exact order (as they appear in the list ) dynamic order (smart exclude dead proxies from chain)
  • You can use it with any TCP client application, even network scanners yes, yes - you can make portscan via proxy (or chained proxies) for example with Nmap scanner by fyodor (www.insecire.org/nmap).
  proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)
  • You can use it with servers, like squid, sendmail, or whatever.
  • DNS resolving through proxy.

Configuration

proxychains looks for configuration in the following order:
  • SOCKS5 proxy port in environment variable ${PROXYCHAINS_SOCKS5} (if set, no further configuration will be searched)
  • file listed in environment variable ${PROXYCHAINS_CONF_FILE} or provided as a -f argument to proxychains script or binary.
  • ./proxychains.conf
  • $(HOME)/.proxychains/proxychains.conf
  • /etc/proxychains.conf
see more in /etc/proxychains.conf

Usage Example

$ proxychains telnet targethost.com
in this example it will run telnet through proxy(or chained proxies) specified by proxychains.conf

Usage Example

$ proxychains -f /etc/proxychains-other.conf targethost2.com
in this example it will use different configuration file then proxychains.conf to connect to targethost2.com host.

Usage Example

$ proxyresolv targethost.com
in this example it will resolve targethost.com through proxy(or chained proxies) specified by proxychains.conf

Usage Example:

$ ssh -fN -D 4321 some.example.com
$ PROXYCHAINS_SOCKS5=4321 proxychains zsh
in this example, it will run a shell with all traffic proxied through OpenSSH’s "dynamic proxy" (SOCKS5 proxy) on localhost port 4321.
from https://github.com/haad/proxychains