在mac上，安装proxychains

yudeMacBook-Air:~ brite$ brew install proxychains-ng
==> Downloading https://homebrew.bintray.com/bottles/proxychains-ng-4.10.yosemit
######################################################################## 100.0%
==> Pouring proxychains-ng-4.10.yosemite.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink etc/proxychains.conf
Target /usr/local/etc/proxychains.conf
is a symlink belonging to proxychains. You can unlink it:
  brew unlink proxychains

To force the link and overwrite all conflicting files:
  brew link --overwrite proxychains-ng

To list all files that would be deleted:
  brew link --overwrite --dry-run proxychains-ng

Possible conflicting files are:
/usr/local/etc/proxychains.conf -> /usr/local/Cellar/proxychains/HEAD/etc/proxychains.conf
/usr/local/bin/proxychains4 -> /usr/local/Cellar/proxychains/HEAD/bin/proxychains4
/usr/local/lib/libproxychains4.dylib -> /usr/local/Cellar/proxychains/HEAD/lib/libproxychains4.dylib
==> Summary
  /usr/local/Cellar/proxychains-ng/4.10: 8 files, 92K
yudeMacBook-Air:~ brite$ brew link --overwrite proxychains-ng
Linking /usr/local/Cellar/proxychains-ng/4.10... 3 symlinks created
yudeMacBook-Air:~ brite$ proxychains
-bash: proxychains: command not found
yudeMacBook-Air:~ brite$ proxychains4

Usage: proxychains4 -q -f config_file program_name [arguments]
-q makes proxychains quiet - this overrides the config setting
-f allows to manually specify a configfile to use
for example : proxychains telnet somehost.com
More help in README file
yudeMacBook-Air:~ brite$

验证能够科学上网的唯一标准：能用wget下载google主页，什么curl ip.cn这种不一定准，虽然显示你的是国外IP了，说明这次curl走了代理，但不代表你能使用wget下载／能更新源码：

proxychains4 wget www.google.com

[proxychains] config file found: /usr/local/etc/proxychains.conf

[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib

[proxychains] DLL init: proxychains-ng 4.14

--2020-10-13 01:32:28--  http://www.google.com/

Resolving www.google.com... 224.0.0.1

Connecting to www.google.com|224.0.0.1|:80... [proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  timeout

[proxychains] Dynamic chain  ...  127.0.0.1:1080  ...  www.google.com:80  ...  OK

connected.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/html]

Saving to: 'index.html'

index.html            [ <=>                  ]  11.76K  --.-KB/s   in 0s     

2020-10-13 01:32:29 (65.2 MB/s) - 'index.html' saved [12039]

－－－－－－－－－－－－－－－－

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. http://sourceforge.net/projects/proxychains-ng/files

ProxyChains-NG ver 4.11 README
=============================

  ProxyChains is a UNIX program, that hooks network-related libc functions
  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
  and redirects the connections through SOCKS4a/5 or HTTP proxies.
  It supports TCP only (no UDP/ICMP etc).

  The way it works is basically a HACK; so it is possible that it doesn't
  work with your program, especially when it's a script, or starts
  numerous processes like background daemons or uses dlopen() to load
  "modules" (bug in glibc dynlinker).
  It should work with simple compiled (C/C++) dynamically linked programs
  though.

  If your program doesn't work with proxychains, consider using an
  iptables based solution instead; this is much more robust.

  Supported Platforms: Linux, BSD, Mac.


*********** ATTENTION ***********

  this program can be used to circumvent censorship.
  doing so can be VERY DANGEROUS in certain countries.

  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
  BEFORE USING IT FOR ANYTHING SERIOUS.

  this involves both the program and the proxy that you're going to
  use.

  for example, you can connect to some "what is my ip" service
  like ifconfig.me to make sure that it's not using your real ip.

  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.

  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY
  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND
  THE RESULTING CONSEQUENCES.

*** Installation ***

  # needs a working C compiler, preferably gcc
  ./configure --prefix=/usr --sysconfdir=/etc
  make
  [optional] sudo make install
  [optional] sudo make install-config (installs proxychains.conf)

  if you dont install, you can use proxychains from the build directory
  like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80

Changelog:
----------
Version 4.11
- preliminary IPv6 support
- fixed bug in hostsreader
- preliminary support for usage on OpenBSD (caveat emptor)

Version 4.10
- fix regression in linking order with custom LDFLAGS
- fix segfault in DNS mapping code in programs with > ~400 different lookups

Version 4.9
- fix a security issue CVE-2015-3887
- add sendto hook to handle MSG_FASTOPEN flag
- replace problematic hostentdb with hostsreader
- fix compilation on OpenBSD (although doesn't work there)

Version 4.8.1:
- fix regression in 4.8 install-config Makefile target

Version 4.8:
- fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
  to test for a numeric ip instead of resolving it (fixes nmap).
- allow usage with programs that rely on LD_PRELOAD themselves
- reject wrong entries in config file
- print version number on startup

Version 4.7:
- new round_robin chaintype by crass.
- fix bug with lazy allocation when GCC constructor was not used.
- new configure flag --fat-binary to create a "fat" binary/library on OS X
- return EBADF rather than EINTR in close hook.
  it's legal for a program to retry close() calls when they receive
  EINTR, which could cause an infinite loop, as seen in chromium.

Version 4.6:
- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
  used as proxy server address.

Version 4.5:
- hook close() to prevent OpenSSH from messing with internal infrastructure.
  this caused ssh client to segfault when proxified.

Version 4.4:
- FreeBSD port
- fixes some installation issues on Debian and Mac.

Version 4.3:
- fixes programs that do dns-lookups in child processes (fork()ed),
  like irssi. to achieve this, support for compilation without pthreads
  was sacrified.
- fixes thread safety for gethostent() calls.
- improved DNS handling speed, since hostent db is cached.

Version 4.2:
- fixes compilation issues with ubuntu 12.04 toolchain
- fixes segfault in rare codepath

Version 4.1
- support for mac os x (all archs)
- all internal functions are threadsafe when compiled with -DTHREAD_SAFE
  (default).

Version 4.0
- replaced dnsresolver script (which required a dynamically linked "dig"
  binary to be present) with remote DNS lookup.
  this speeds up any operation involving DNS, as the old script had to use TCP.
  additionally it allows to use .onion urls when used with TOR.
- removed broken autoconf build system with a simple Makefile.
  there's a ./configure script though for convenience.
  it also adds support for a config file passed via command line switches/
  environment variables.

Version 3.0
- support for DNS resolving through proxy
  supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
  Auth-types: socks - "user/pass" , http - "basic".

When to use it ?
1) When the only way to get "outside" from your LAN is through proxy server.
2) To get out from behind restrictive firewall which filters outgoing ports.
3) To use two (or more) proxies in chain:
 like: your_host <--> proxy1 <--> proxy2 <--> target_host
4) To "proxify" some program with no proxy support built-in (like telnet)
5) Access intranet from outside via proxy.
6) To use DNS behind proxy.
7) To access hidden tor onion services.

Some cool features:

* This program can mix different proxy types in the same chain
 like: your_host <-->socks5 <--> http <--> socks4 <--> target_host
* Different chaining options supported
 random order from the list ( user defined length of chain ).
 exact order  (as they appear in the list )
 dynamic order (smart exclude dead proxies from chain)
* You can use it with most TCP client applications, possibly even network
 scanners, as long as they use standard libc functionality.
 pcap based scanning does not work.
* You can use it with servers, like squid, sendmail, or whatever.
* DNS resolving through proxy.


Configuration:
--------------

proxychains looks for config file in following order:
1) file listed in environment variable PROXYCHAINS_CONF_FILE or
 provided as a -f argument to proxychains script or binary.
2) ./proxychains.conf
3) $(HOME)/.proxychains/proxychains.conf
4) $(sysconfdir)/proxychains.conf  **

** usually /etc/proxychains.conf

Usage Example:

 $ proxychains telnet targethost.com

in this example it will run telnet through proxy(or chained proxies)
specified by proxychains.conf

Usage Example:

 $ proxychains -f /etc/proxychains-other.conf telnet targethost2.com

in this example it will use different configuration file then proxychains.conf
to connect to targethost2.com host.

Usage Example:

 $ proxyresolv targethost.com

in this example it will resolve targethost.com through proxy(or chained proxies)
specified by proxychains.conf

Known Problems:
---------------
- newer versions of nmap try to determine the network interface to use
  even if it's not needed (like when doing simple syn scans which use the
  standard POSIX socket API. this results in errors when proxychains hands
  out an ip address to a reserved address space.
  possible workarounds: disable proxy_dns, use a numeric ip, or use nmap's
  native support for SOCKS proxies.

- Mac OS X 10.11 (El Capitan) ships with a new security feature called SIP
  that prevents hooking of system apps.
  workarounds are to partially disable SIP by issuing
  csrutil enable --without debug in recovery mode,
  or to copy the system binary into the home directory and run it from there.
  see github issue #78 for details.

- the glibc dynlinker has a bug or security feature that inhibits dlopen()ed
  modules from being subject to the same dlsym hooks as installed for the main
  program. this mainly affects scripting languages such as perl or python
  that heavily rely on dlopen() for modules written in C to work.
  there are unconfirmed reports that it works as root though.
  musl libc is unaffected from the bug.

from https://github.com/rofl0r/proxychains-ng

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

相关帖子：http://briteming.blogspot.com/2015/10/macosproxychains.html
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

配置

编辑配置文件 nano /usr/local/etc/proxychains.conf
在 [ProxyList] 下面（也就是末尾）加入代理类型，代理地址和端口
例如使用 TOR 代理，注释掉原来的代理并添加

socks5  127.0.0.1 9050

如果所在的网络很复杂，可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是：
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的

使用

proxychains4 wget twitter.com

配合 wget来下载，非常好用.
-----------------------------------------------------------

Mac OSX系统下,通过ProxyChains-NG,实现终端下的代理

起因:

我中华大地大局域网风云变幻,目前git push git pull git clone等,单反需要访问真互联网的操作总让人痛心!痛彻心扉~~
怎么办?shadowsocks可以让我访问真互联网,但是每次命令行都会遇到一些问题,开启全局代理依然无法git 到 GitHub.怎么办?之前试过tsocks,现在,我的体验是,它只能支持wget,不能git
为了方便快捷解决这个问题,这里推荐下ProxyChains-NG,下面具体操作.

项目主页：https://github.com/rofl0r/proxychains-ng
官方说明：

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.

安装配置

使用 Homebrew 安装:

brew install proxychains-ng

编辑配置文件 vim /usr/local/etc/proxychains.conf
在 [ProxyList] 下面（也就是末尾）加入代理类型，代理地址和端口
例如使用 TOR 代理，注释掉原来的代理并添加:

socks5 127.0.0.1 1080

注意,这里的端口号根据你自己的决定,比如我用的shadowsocks,本地端口是1080,那这里就是1080
如果所在的网络很复杂，可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是：
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的

使用

在命令的前面加上proxychains4即可:

proxychains4 git push

OSX10.11下，安装proxychains失败？

2015-12-05更新

由于 OSX 10.11 的 SIP 特性，会导致 proxychains-ng 安装失败，这里有三种解决方法：

1. 如果是使用 brew install proxychains-ng 安装的话，由于没有写入权限，必须暂时关闭 SIP，安装成功之后再打开 SIP。具体方法见 http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/
2. 如果不使用 brew install 的话，可以 clone 源码自己编译安装，关键是避免安装到 usr 目录（无法写入），手动指定写入目录，如 ./configure --prefix=$HOME/.local --sysconfdir=/etc，etc 有写入权限不必修改，记得添加环境变量即可。
3. 需要先安装 xcode7 ， 然后执行 xcode-select -s /Applications/Xcode-beta.app/Contents/Developer ，就能用 brew 安装 proxychains 了，可能以后 xcode7 正式版本出来，要记得改回来。 除此之外，OSX 自带的 git，curl 等版本过低，无法支持 proxychains-ng，请手动更新版本.

(brew install proxychains-ng

由于OSX升级后的SIP限制，在proxychains.conf文件中设置ss的socks5代理，无效了。解决办法是在重启后，在Recovery mode下关闭SIP，但对于强迫症来说，不能忍(安全问题)。详见
rofl0r/proxychains-ng/issues/78

➜  ~ proxychains4 curl ip.cn
[proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.12/lib/libproxychains4.dylib
当前 IP：112.64.xxx.xx 来自：上海市 联通

配置文件/usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf:

 111 [ProxyList]
 112 # add proxy here ...
 113 # meanwile
 114 # defaults set to "tor"
 115 #socks4     127.0.0.1 9050
 116 socks5  127.0.0.1 1080 )

------------------------

通过 ProxyChains-NG 实现终端下任意应用代理

如果要让终端下的命令行工具也能使用代理，这时我们就要用上proxychains-ng这款神器了。

什么是 proxychains-ng

项目主页：https://github.com/rofl0r/proxychains-ng

proxychains-ng 介绍

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.

proxychains-ng是proxychains的加强版，主要有以下功能和不足：

• 支持http/https/socks4/socks5
• 支持认证
• 远端dns查询
• 多种代理模式
• 不支持udp/icmp转发
• 少部分程序和在后台运行的可能无法代理

proxychains-ng 原理

简单的说就是这个程序 Hook 了 sockets 相关的操作，让普通程序的 sockets 数据走 SOCKS/HTTP 代理。

其核心就是利用了 LD_PRELOAD 这个环境变量（Mac 上是 DYLD_INSERT_LIBRARIES）。

在 Unix 系统中，如果设置了 LD_PRELOAD 环境变量，那么在程序运行时，动态链接器会先加载该环境变量所指定的动态库。也就是说，这个动态库的加载优先于任何其它的库，包括 libc。

ProxyChains 创建了一个叫 libproxychains4.so（Mac 上是 libproxychains4.dylib）的动态库。里面重写了 connect、close 以及 sendto 等与 socket 相关的函数，通过这些函数发出的数据将会走代理，详细代码可以参考 libproxychains.c。

在主程序里，它会读取配置文件，查找 libproxychains4 所在位置，把这些信息存入环境变量后执行子程序。这样子程序里对 socket 相关的函数调用就会被 Hook 了，对子程序来说，跟代理相关的东西都是透明的。

可以用 printenv 程序来查看增加的环境变量，在 Mac 上输出结果类似于：

1 2 3 4 5 6 7 8 9

$ proxychains4 printenv [proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf [proxychains] preloading /usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib [proxychains] DLL init: proxychains-ng 4.11 ... PROXYCHAINS_CONF_FILE=/usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=/usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib

一共设置了三个环境变量，其中 PROXYCHAINS_CONF_FILE 保存的是配置文件路径，DYLD_INSERT_LIBRARIES 保存的是动态库路径，在 Mac 中，必须使DYLD_FORCE_FLAT_NAMESPACE 为 1 才能保证 DYLD_INSERT_LIBRARIES 起作用。

安装 proxychains-ng

通过源代码安装

• 下载源码

1	$ git clone https://github.com/rofl0r/proxychains-ng

• 编译安装

1 2 3 4

$ ./configure --prefix=/usr --sysconfdir=/etc $ make $ make install $ make install-config (安装proxychains.conf配置文件)

MAC下安装

关闭 SIP

macOS 10.11 后下由于开启了 SIP（System Integrity Protection） 会导致命令行下 proxychains-ng 代理的模式失效，如果你要使用 proxychains-ng 这种简单的方法，就需要先关闭 SIP。

具体的关闭方法如下：

• 部分关闭 SIP

重启Mac，按住Option键进入启动盘选择模式，再按⌘ + R进入Recovery模式。
实用工具（Utilities）-> 终端（Terminal）。
输入命令csrutil enable --without debug运行。
重启进入系统后，终端里输入 csrutil status，结果中如果有 Debugging Restrictions: disabled 则说明关闭成功。

• 完全关闭 SIP

重启Mac，按住Option键进入启动盘选择模式，再按⌘ + R进入Recovery模式。
实用工具（Utilities）-> 终端（Terminal）。
输入命令csrutil disable运行。
重启进入系统后，终端里输入 csrutil status，结果中如果有 System Integrity Protection status:disabled. 则说明关闭成功。

安装 Proxychains-ng

安装好 Homebrew 后，终端中输入

1	$ brew install proxychains-ng

配置 proxychains-ng

proxychains-ng默认配置文件名为proxychains.conf。

• 通过源代码编译安装的默认为/etc/proxychains.conf。
• Mac下用Homebrew安装的默认为/usr/local/etc/proxychains.conf。

proxychains-ng的配置非常简单，只需将代理加入[ProxyList]中即可。

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

$ vim proxychains.conf quiet_mode dynamic_chain chain_len = 1 #round_robin_chain和random_chain使用 proxy_dns remote_dns_subnet 224 tcp_read_time_out 15000 tcp_connect_time_out 8000 localnet 127.0.0.0/255.0.0.0 localnet 10.0.0.0/255.0.0.0 localnet 172.16.0.0/255.240.0.0 localnet 192.168.0.0/255.255.0.0 [ProxyList] socks5 127.0.0.1 1086 http 127.0.0.1 1087

proxychains-ng支持多种代理模式,默认是选择 strict_chain。

• dynamic_chain ：动态模式,按照代理列表顺序自动选取可用代理
• strict_chain ：严格模式,严格按照代理列表顺序使用代理，所有代理必须可用
• round_robin_chain ：轮询模式，自动跳过不可用代理
• random_chain ：随机模式,随机使用代理

proxychains-ng 使用

proxychains-ng 语法

proxychains-ng用法非常简单，使用格式如下:

1	$ proxychains4 程序 参数

proxychains-ng 测试

1	$ proxychains4 curl ip.cn

proxychains-ng 优化

alias

给proxychains4增加一个别名，在 /.zshrc或/.bashrc末尾加入如下行：

1 2 3 4

# --------------------------------------- # proxychain-ng config # --------------------------------------- alias pc='proxychains4'

以后就可以类似$ pc curl http://www.google.com这样调用proxychains4，简化了输入。

自动补全

你输了很长一段命令，然后你突然想使用代理功能，怎么办？

• iTerm中前缀补全

在 iTerm -> Preferences -> Profiles -> Keys 中，新建一个快捷键，例如 ⌥ + p ，Action 选择 Send Hex Code，键值为 0x1 0x70 0x63 0x20 0xd，保存生效。

以后命令要代理就直接敲命令，然后 ⌥ + p 即可，这样命令补全也能保留了。

附上 Hex Code 对应表，获取工具为keycodes(http://manytricks.com/keycodes/)

Hex Code	Key
0x1	⌃ + a
0x70	p
0x63	c
0x20	[space]
0xd	↩︎

• oh-my-zsh中前缀补全

1 2	$ git clone git@github.com:six-ddc/zsh-proxychains-ng.git ~/.oh-my-zsh/custom/plugins/zsh-proxychains-ng $ echo "plugins+=(zsh-proxychains-ng)" >> ~/.zshrc

使用时按[ESC]-P ，自动添加(去除)proxychains4 -q命令前缀，支持 emacs 和 vi mode 。

• 通过代理SHELL实现全局代理

如果你还是觉得每次使用都要输入proxychains4或其别名，比较麻烦。你还可以用proxychains-ng代理一个shell，在shell中执行的命令就会自动使用代理了。

方法一

手动设置环境变量

1 2 3

$ export PROXYCHAINS_CONF_FILE=/usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf $ export DYLD_INSERT_LIBRARIES=/usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib $ export DYLD_FORCE_FLAT_NAMESPACE=1

方法二

proxychains-ng直接调用SHELL

BASH

1	$ proxychains4 -q /bin/bash

ZSH

1	$ proxychains4 -q /bin/zsh

这样在当前 shell 中运行的所有程序的网络请求都会走代理了。可以把上面的命令加入到用户目录的.bashrc或者.zshrc中,用户登录后自动代理一个shell,这就类似一个全局代理了。在这个SHELL下的所有命令都可以使用代理了。

参考文档

http://t.cn/R4tiUB1
http://t.cn/Rxg7oJR
http://t.cn/RG1Hbs3

-----------------------

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.http://proxychains.sourceforge.net/

ProxyChains ver. 4.2.0 README

ProxyChains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections through SOCKS4a/5 or HTTP proxies.

Warning

this program works only on dynamically linked programs. also both proxychains and the program to call must use the same dynamic linker (i.e. same libc)

Known limitations of the current version

when a process forks, does a DNS lookup in the child, and then uses the ip in the parent, the corresponding ip mapping will not be found. this is because the fork can’t write back into the parents mapping table. IRSSI shows this behaviour, so you have to pass the resolved ip address to it. (you can use the proxyresolv script (requires "dig") to do so)

this means that you can’t currently use tor onion urls for irssi. to solve this issue, an external data store (file, pipe, …​) has to manage the dns <→ ip mapping. of course there has to be proper locking. shm_open, mkstemp, are possible candidates for a file based approach, the other option is to spawn some kind of server process that manages the map lookups. since connect() etc are hooked, this must not be a TCP server.

I am reluctant on doing this change, because the described behaviour seems pretty idiotic (doing a fork only for a DNS lookup), and irssi is currently the only known affected program.

Installation

Using release version

Proxychains-4.2.0 are available with pkgsrc to everyone using it on Linux, NetBSD, FreeBSD, OpenBSD, DragonFlyBSD orMac OS X. You just need to install pkgsrc-wip repository and run make install in a wip/proxychains directory.

You can find out more about pkgsrc on pkgsrc and about pkgsrc-wip on Pkgsrc-wip homepage

Installing on Mac OS X with homebrew

You can install current proxychains on Mac OS X with an homebrew. You have to download unofficial homebrew formulafrom to your BREW_HOME by default /usr/local/Library/Formula/ and run

$ brew install proxychains

Running Current Source code version

# needs a working C compiler, preferably gcc
./configure
make
sudo make install

Changelog

Version (4.x) removes the dnsresolver script which required a dynamically linked "dig" binary to be present with remote DNS lookup. this speeds up any operation involving DNS, as the old script had to use TCP. additionally it allows to use .onion urls when used with TOR. also it removed the broken autoconf build system with a simple Makefile. there’s a ./configure script though for convenience. it also adds support for a config file passed via command line switches/ environment variables.

Version (3.x) introduces support for DNS resolving through proxy it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.

• Auth-types
  • socks - "user/pass",
  • http - "basic"

When to use it

• When the only way to get "outside" from your LAN is through proxy server.
• To get out from behind restrictive firewall which filters outgoing ports.
• To use two (or more) proxies in chain:

   like: your_host <--> proxy1 <--> proxy2 <--> target_host

• To "proxify" some program with no proxy support built-in (like telnet)
• Access intranet from outside via proxy.
• To use DNS behind proxy.

Some cool features

• This program can mix different proxy types in the same chain

  like: your_host <-->socks5 <--> http <--> socks4 <--> target_host

• Different chaining options supported random order from the list ( user defined length of chain ). exact order (as they appear in the list ) dynamic order (smart exclude dead proxies from chain)
• You can use it with any TCP client application, even network scanners yes, yes - you can make portscan via proxy (or chained proxies) for example with Nmap scanner by fyodor (www.insecire.org/nmap).

  proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)

• You can use it with servers, like squid, sendmail, or whatever.
• DNS resolving through proxy.

Configuration

proxychains looks for configuration in the following order:

• SOCKS5 proxy port in environment variable ${PROXYCHAINS_SOCKS5} (if set, no further configuration will be searched)
• file listed in environment variable ${PROXYCHAINS_CONF_FILE} or provided as a -f argument to proxychains script or binary.
• ./proxychains.conf
• $(HOME)/.proxychains/proxychains.conf
• /etc/proxychains.conf

see more in /etc/proxychains.conf

Usage Example

$ proxychains telnet targethost.com

in this example it will run telnet through proxy(or chained proxies) specified by proxychains.conf

Usage Example

$ proxychains -f /etc/proxychains-other.conf targethost2.com

in this example it will use different configuration file then proxychains.conf to connect to targethost2.com host.

Usage Example

$ proxyresolv targethost.com

in this example it will resolve targethost.com through proxy(or chained proxies) specified by proxychains.conf

Usage Example:

$ ssh -fN -D 4321 some.example.com
$ PROXYCHAINS_SOCKS5=4321 proxychains zsh

in this example, it will run a shell with all traffic proxied through OpenSSH’s "dynamic proxy" (SOCKS5 proxy) on localhost port 4321.

from https://github.com/haad/proxychains
-----------

发现了这个程序proxychains, 他可以在原命令前面另加一个代理程序来运行该命令, 从而使得本来不能配置运行代理的程序可以使用代理运行.
该程序原理是通过和网络相关libc动态相关库的函数进行绑定(hook), 使这些函数走一个预加载的动态库并重定向链接. 因为这个工作原理, 他只能对动态连接的程序起效(就是调用动态库的), 另外proxychains和被代理程序需要调用同一个动态连接库.
该程序如名字, 可以使用代理链(一般我们只采用一个代理), 即可以代理接一个代理传输信号, 这样可以使得使用身份更隐蔽. 另外这种代理链可以混杂各种不同的协议, 如HTTP+SOCKS4+SOCKS5的混合. 这种”代理链”的方式可以轻松帮你解决 外网 -> 网关机 -> 内网机 的internet 访问 intranet的功能.
该程序现在主要在Github上维护, 新版本为 ng 版(更新到4.X), 另外也可以从SourceForge下载. 另外原版旧版的Github也有到4.2的, 旧版的sourceforge 上有旧的3.1版. 不过推荐使用最新版本啦~

安装

proxychains: 执行命令时

• Ubuntu 里面: sudo apt-get install proxychains 装的是3.1的旧版.
• Mac 里面: brew install proxychains-ng

# needs a working C compiler, preferably gcc
./configure
make
# install proxychains4 and dy-lib
# /usr/local/bin/proxychains4
# /usr/local/lib/libproxychains4.dylib
sudo make install
# installs /etc/proxychains.conf
sudo make install-config 

配置

配置文件

如果是ubuntu或者直接安装, 配置文件一般是 /etc/proxychains.conf , 如果是Mac用brew安装, /usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf. (其中版本号会有区别,这里是4.11)
一般地, 配置文件查找顺序为:

1. ${PROXYCHAINS_SOCKS5} 环境变量定义的端口
2. ${PROXYCHAINS_CONF_FILE} 定义的配置文件或者-f 选项指定的文件
3. ./proxychains.conf
4. ${HOME}/.proxychains/proxychains.conf
5. ${sysconfdir}/proxychains.conf (e.g. /etc/proxychains.conf or /usr/local/etc/proxychains.conf or /usr/local/…/etc/proxychains.conf)

代理模式

代理模式在配置文件最开头, 有四种模式供选择, 关闭某模式就是注释掉就可以了. 默认模式是strict_chain

• dynamic_chain，按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的。
• strict_chain，按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的
• round_robin_chain, 类似dynamic_chain, 但是只读取chain_len 长度
• random_chain，列表中的任何一个代理服务器都可能被选择使用，这种方式很适合网络扫描操作（参数chain_len对random_chain有效）。

默认是选择的strict_chain，一般我们不用多个代理造成链, 只要一个就好了, 所以一般不改变代理模式部分。

配置代理服务器

在最下面的部分就是代理服务器列表配置了, 支持HTTP, SOCKS4, SOCKS5, 貌似新版本还支持HTTPS.
例如:
对于SS代理, 在最后一行加入这句话 socks5 127.0.0.1 1080. 另外把socks4 127.0.0.1 9050 一行# 注释掉或者直接删掉.
http 12.34.56.78 8080 user passwd 可以配置有用户名密码验证的HTTP代理.
一般地, http 采用8080端口, 而 socks4/socks5 采用1080 端口.

使用

使用就很简单了, 就是在原有的运行命令前面加入proxychains4, 例如我要wget 进行代理抓取

proxychains4 wget www.google.com

指定配置文件的话, 是:

proxychains4 -f proxy.conf wget www.google.com

例如结合ssh隧道:

ssh -fN -D 4321 some.example.com
PROXYCHAINS_SOCKS5=4321 proxychains zsh

这个例子使用ssh隧道来用某个服务端4321端口作动态代理, 然后用 PROXYCHAINS_SOCKS5 来指明端口后直接用proxycains 来代理一个zsh, zsh所有命令均走这个ssh代理. 注意这里走的都是 SOCKS5 代理.
如果嫌打那么长命令很麻烦, 那还可以在启动sh配置文件.bashrc 里面加入:
alias pc4=proxychains4
这样只要用pc4 wget www.google.com 就可以进行代理咯.

附录: 一些常用命令自带的代理使用

git

电信访问git来下载那就是一个慢! 所以代理是需要的!
做法很简单, 运行两条命令将代理加到配置.gitconfig 就可以了.

git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'

注意这是对git全局都使用代理, 但如果使用gitcafe 或者coding.io 这些国内的git仓库, 代理反而走远路了. 这时proxychains就起到作用啦.

wget 和 curl

wget 使用 -Y on 来打开代理设置, 用 -e "http_proxy=http://ip_address:port" 来指定代理地址.
wget -Y on -e "http_proxy=http://10.0.0.172:8080" "www.google.com"
遗憾的是, wget 只能采用http代理, 不能使用 socks5 代理.
curl 使用 -x ip_address:port 来指定代理服务器IP和端口.

curl -x 10.0.0.172:8080 www.google.com

--socks5 ip:port 和 --socks5-hostname hostname:port 可以使用socks5 来代理.
------------

proxychains-ng原理解析

提起 proxychains 相信大家都并不陌生，这个程序可以方便的让你在终端使用 SOCKS5, SOCKS4, HTTP 等协议代理网络访问，而不需要为了转换 SOCKS5 协议再搭建一个 HTTP 的代理来使用 http_proxy, https_proxy 这些 Shell 内置的环境变量来访问网络了。不过 proxychains 并不对所有的应用程序有效，一个典型的情况是 Golang 编写的 程序是无法使用 proxychains 进行代理的。在使用 proxychains 的时候会报这样的错误:

dial tcp 224.0.0.1:80: connect: network is unreachable

下面就通过对 proxychains-ng 的原理的解析，来解答这个问题，并且为 golang 编写的程序提供一个解决方案。

Shared Libraries The content is recoverd from Wordpress Blog, for more details please check HERE

Linux 下的很多程序都依赖着多种多样的动态链接库(shared library)，使用动态链接库既可以节省磁盘的空间大小（你编译出来的程序不会特别大），同时也会节省程序的运行内存，多个共享动态链接库的进程只需要一份库在内存中。若是静态链接的话，则每一个进程都要带一份库。通过 ls -l /usr/lib (根据发行版不同路径可能会有不同)即可看到很多动态链接库。

首先来介绍几个动态链接库的基本知识，大家会发现这个文件夹下面有很多链接，比如

lrwxrwxrwx   1 root root        19 Aug  7 00:22 libzmf-0.0.so -> libzmf-0.0.so.0.0.2                                                                                                                         
lrwxrwxrwx   1 root root        19 Aug  7 00:22 libzmf-0.0.so.0 -> libzmf-0.0.so.0.0.2

有两个指向 libzmf-0.0.so.0.0.2 的软连接这些文件的名字很相似，那么具体都代表什么呢，下面就来进行说明。

对于一个动态链接库来说，有三个名字，分别是 soname, linkername 和 realname

• linkername: libxxx.so (没有任何版本号) 在安装 library 的时候建立，是一个链接到 realname 的软链接
• soname: libxxx.so.(VER) (带有版本号) 在安装 library 的时候建立，是一个链接到 realname 的软链接
• realname: libxxx.so.(VER).(MINOR).[RELEASE] (必须带有版本号和 minor number, 可选的为带有 release number) 是该 library 本身

对于上面这个例子来说 libzmf-0.0 的 soname 就是 libzmf-0.0.so.0， linkername 是 libzmf-0.0.so，realname 是 libzmf-0.0.so.0.0.2

当一个程序指定要链接的动态链接库的时候，他们指定的是这个链接库的 soname, 而不是 realname 这样的考量是在链接库更新 minor number 的时候，不需要对这个程序进行重新链接，至于为什么没有用 linkername 是为了 ABI 兼容性考虑，当一个库升级后 ABI 发生了变化时，依赖这个库的程序必须要重新编译才能使用，否则就会因为 ABI 不兼容导致段错误等问题发生。因而当一个库的 MAJOR VER NUMBER 更新时，说明它有 ABI Breaking Change. 而当一个库只是更新了 MINOR/RELEASE NUMBER 的时候 这时我们不需要进行重新编译。

Dynamic Loading Progress The content is recoverd from Wordpress Blog, for more details please check HERE

本文重点在于讲解 proxychains 的原理，因而对 loader 部分只提及相关部分，下述过程并不是完整的程序加载过程

在 Linux 上所有动态链接的程序都会链接一个 ld-linux-xxxx.so(下面简称 ld-linux.so) 的动态链接库，这个动态链接库很特殊，它会解析该程序所需的 shared libraires ，并且加载他们以及他们必要的依赖 我们可以通过查看每一个动态链接的程序的 Dynamic Section 了解到其依赖的链接库都是什么。

-----------------------

https://github.com/yunlingz/TermuxSocks/tree/master/proxychains-ng

-------------------------

相关帖子：http://briteming.blogspot.com/2015/09/tsocksproxychains-linux.html

------------------------------------------------------------

Proxychains.exe - Proxychains for Windows README

README | 简体中文文档

Proxychains.exe is a proxifier for Win32(Windows) or Cygwin/Msys2 programs. It hijacks most of the Win32 or Cygwin programs' TCP connection, making them through one or more SOCKS5 proxy(ies).

Proxychains.exe hooks network-related Ws2_32.dll Winsock functions in dynamically linked programs via injecting a DLL and redirects the connections through SOCKS5 proxy(ies).

Proxychains.exe is a port or rewrite of proxychains4 or proxychains-ng to Win32 and Cygwin. It also uses uthash for some data structures and minhook for API hooking.

Proxychains.exe is tested on Windows 10 x64 1909 (18363.418), Windows 7 x64 SP1, Windows XP x86 SP3 and Cygwin 64-bit 3.1.2. Target OS should have Visual C++ Redistributable for Visual Studio 2015 installed.

WARNING: ANONYMITY IS NOT GUARANTEED!

WARNING: this program works only on dynamically linked programs. Also both proxychains.exe and the program to call must be the same platform and architecture (use proxychains_x86.exe to call x86 program, proxychains_x64.exe to call x64 program; use Cygwin builds to call Cygwin program).

WARNING: this program is based on hacks and is at its early development stage. Any unexpected situation may happen during usage. The called program may crash, not work, produce unwanted results etc. Be careful when working with this tool.

WARNING: this program can be used to circumvent censorship. doing so can be VERY DANGEROUS in certain countries. ALWAYS MAKE SURE THAT PROXYCHAINS.EXE WORKS AS EXPECTED BEFORE USING IT FOR ANYTHING SERIOUS. This involves both the program and the proxy that you're going to use. For example, you can connect to some "what is my ip" service like ifconfig.me to make sure that it's not using your real ip.

ONLY USE PROXYCHAINS.EXE IF YOU KNOW WHAT YOU'RE DOING. THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND THE RESULTING CONSEQUENCES.

Download

Download the pre-built binaries from Release Page.

Build

If you want to buid proxychains.exe yourself...

First you need to clone this repository and run git submodule update --init --recursive in it to retrieve all submodules.

Win32 Build

Open proxychains.exe.sln with a recent version Visual Studio (tested with Visual Studio 2019) with platform toolset v141_xp on a 64-bit Windows.

Select the configuration (Debug/Release) and the platform (x86/x64).

Build the whole solution and you will see DLL file and executable file generated under win32_output/.

Cygwin/Msys2 Build

Install Cygwin/Msys2 and various build tool packages (gcc, w32api-headers, w32api-runtime etc). Run bash, switch to cygwin_build / msys_build directory and run make.

Install

Copy proxychains*.exe, [cyg/msys-]proxychains_hook*.dll to some directory included in your PATH environment variable. You can rename the main executable (like proxychains_win32_x64.exe) to names you favor, like proxychains.exe.

Last you need to create the needed configuration file in correct place. See "Configuration".

Configuration

Proxychains.exe looks for configuration in the following order:

On Win32

• file listed in environment variable PROXYCHAINS_CONF_FILE or provided as a -f argument
• %USERPROFILE%\.proxychains\proxychains.conf
• (CSIDL_APPDATA)\Proxychains\proxychains.conf (On modern Windows versions, a typical path is C:\Users\<user name>\AppData\Roaming\ Proxychains\proxychains.conf)
• (CSIDL_COMMON_APPDATA)\Proxychains\proxychains.conf (On modern Windows versions, a typical path is C:\ProgramData\Proxychains\ proxychains.conf)

On Cygwin

• file listed in environment variable PROXYCHAINS_CONF_FILE or provided as a -f argument
• $HOME/.proxychains/proxychains.conf
• (SYSCONFDIR)/proxychains.conf
• /etc/proxychains.conf

For options, see proxychains.conf.

Usage Example

proxychains ssh some-server

proxychains "Some Path\firefox.exe"

proxychains /bin/curl https://ifconfig.me

Run proxychains -h for more command line argument options.

How It Works

• Main program hooks CreateProcessW Win32 API call.
• Main program creates child process which is intended to be called.
• After creating process, hooked CreateProcessW injects the Hook DLL into child process. When child process gets injected, it hooks the Win32 API call below:
  • CreateProcessW, so that every descendant process gets hooked;
  • connect, WSAConnect and ConnectEx, so that TCP connections get hijacked;
  • GetAddrInfoW series, so that Fake IP is used to trace hostnames you visited, allowing remote DNS resolving;
  • etc.
• Main program does not exit, but serves as a named pipe server. Child process communicates with the main program to exchange data including logs, hostnames, etc. Main program does most of the bookkeeping of Fake IP and presence of descendant processes.
• When all descendant processes exit, main program exits.
• Main program terminates all descendant processes when it receives a SIGINT (Ctrl-C).

About Cygwin/Msys2 and Busybox

Cygwin is fully supported since 0.6.0!

Switching the DLL injection technique from CreateRemoteThread() to modifying the target process' entry point, proxychains.exe now supports proxifying Cygwin/Msys2 process perfectly. (Even when you call them with Win32 version of proxychains.exe). See DevNotes.

If you want to proxify MinGit busybox variant, replace its busybox.exe with this version modified by me. See DevNotes.

Developing

Line ending, encoding and BOM

Different file types are required to have different line endings, encodings. See .gitattributes for details.

from https://github.com/shunf4/proxychains-windows

----------------------------

Proxychains.exe - Proxychains for Windows 自述文件

README | 简体中文文档

Proxychains.exe 是一个适用于 Win32(Windows) 和 Cygwin 平台的命令行强制代理工具（Proxifier）。它能够截获大多数 Win32 或 Cygwin 程序的 TCP 连接，强制它们通过一个或多个 SOCKS5 代理隧道。

Proxychains.exe 通过给动态链接的程序注入一个 DLL，对 Ws2_32.dll 的 Winsock 函数挂钩子的方式来将应用程序的连接重定向到 SOCKS5 代理。

Proxychains.exe 是 proxychains4 或者 proxychains-ng 到 Win32 和 Cygwin 的移植产物。它也使用了 uthash 构建一些数据结构，以及使用了 minhook 进行 API 的挂钩。

Proxychains.exe 在 Windows 10 x64 1909 (18363.418)、Windows 7 x64 SP1、Windows XP x86 SP3 和 Cygwin 64-bit 3.1.2 经过测试。注意目标操作系统需要安装 Visual C++ Redistributable for Visual Studio 2015。

警告：此工具不能保证匿名性！

警告：此程序只对动态链接的程序有用。同时，Proxychains.exe 和需要运行的目标程序必须是同一架构和平台（用 proxychains_x86.exe 运行 x86 程序，用 proxychains_x64.exe 运行 x64 程序；用 Cygwin 下构建的版本来运行 Cygwin 程序）。

警告：此程序是基于 Hack 的，并且处于开发早期阶段。使用过程中可能会发生任何意外状况。被运行的程序可能会崩溃、无法工作、产生意想不到的运行结果等等。谨慎使用。

警告：此程序可能用于绕过审查。此举在某些国家或地区可能是危险、不符合法律的。 请在用于正式用途前，确保本程序和代理正常工作。 比如，你可以通过连接到一些查询本机 IP 的服务如 ifconfig.me ，确保你未暴露你的真实 IP 地址。

请在确保清楚你要执行的操作及其后果后使用本程序。

免责声明：本程序的作者不对任何滥用、误用此软件的行为以及其可能导致的后果负责。

下载

你可以从 Release 页 下载预先构建的二进制文件。

构建

如果你想自己构建的话……

首先你需要克隆本代码仓库，并且在其中运行 git submodule update --init --recursive 来拉取所有子模块的代码。

构建 Win32 版本

在 64 位 Windows 下使用较新版本的 Visual Studio 打开 proxychains.exe.sln （Visual Studio 2019 测试有效）。Visual Studio 应该安装 v141_xp 平台工具集。

选择配置（Debug/Release）和平台（x86/x64）。

构建整个解决方案，在 win32_output/ 找到输出的 EXE 和 DLL 文件。

构建 Cygwin 版本

安装 Cygwin 和各种构建工具程序包（gcc、w32api-headers、w32api-runtime 等）。运行 Cygwin bash，切换到 cygwin_build 目录下，执行 make。

安装

把生成的 proxychains*.exe、 [cyg/msys-]proxychains_hook*.dll 复制到 PATH 环境变量包含的某个目录下。你可以把主程序（如 proxychains_win32_x64.exe）改为你自己喜欢的名字，如 proxychains.exe。

最后你还需要在正确的位置创建配置文件。参见“配置”。

配置

Proxychains.exe 按照以下顺序寻找配置：

在 Win32 环境中

• 环境变量 %PROXYCHAINS_CONF_FILE% 或通过 -f 命令行参数指定的文件
• %USERPROFILE%\.proxychains\proxychains.conf（Win32 用户主目录）
• (CSIDL_APPDATA)\Proxychains\proxychains.conf（在现代 Windows 版本中，典型的路径如 C:\Users\<用户名>\AppData\Roaming\Proxychains\proxychains.conf）
• (CSIDL_COMMON_APPDATA)\Proxychains\proxychains.conf（在现代 Windows 版本中，典型的路径如 C:\ProgramData\Proxychains\proxychains.conf）

在 Cygwin 环境中

• 环境变量 $PROXYCHAINS_CONF_FILE 或通过 -f 命令行参数指定的文件
• $HOME/.proxychains/proxychains.conf（Cygwin 用户主目录）
• (SYSCONFDIR)/proxychains.conf
• /etc/proxychains.conf

关于配置选项，参见 proxychains.conf。

用例

proxychains ssh some-server

proxychains "Some Path\firefox.exe"

proxychains /bin/curl https://ifconfig.me

运行 proxychains -h 查看更多命令行参数选项。

工作原理

• 主程序 Hook CreateProcessW Win32 API 函数调用。
• 主程序创建按照用户给定的命令行启动子进程。
• 创建进程后，挂钩后的 CreateProcessW 函数将 Hook DLL 注入到子进程。当子进程被注入后，它也会 Hook 如下的 Win32 API 函数调用：
  • CreateProcessW，这样每一个后代进程都会被注入；
  • connect 和 ConnectEx，这样就劫持了 TCP 连接；
  • GetAddrInfoW 系列函数，这样可以使用 Fake IP 来追踪访问的域名，用于远程 DNS 解析；
  • 等等。
• 主程序并不退出，而是作为一个命名管道服务端存在。子进程与主程序通过命名管道交换包括日志、域名等内容在内的数据。主程序实施大多数关于 Fake IP 和子进程是否还存在的簿记工作。
• 当所有后代进程退出后，主程序退出。
• 主程序收到一个 SIGINT（Ctrl-C）后，终止所有后代进程。

关于 Cygwin/Msys2

Cygwin 自 0.6.0 开始完全得到支持！

自从将 DLL 注入的方法从 CreateRemoteThread() 改为修改目标进程的入口点之后，proxychains.exe 现在支持完美地强制代理 Cygwin/Msys2 进程了（即使从 Win32 构建版本来调用也是这样）。详见 DevNotes。

如果你想要强制代理 MinGit busybox 版本，请将 busybox.exe 换成我修改的这个版本。详见 DevNotes。

from https://github.com/shunf4/proxychains-windows/blob/master/README_zh-Hans.md