在mac上，安装proxychains

yudeMacBook-Air:~ brite$ brew install proxychains-ng
==> Downloading https://homebrew.bintray.com/bottles/proxychains-ng-4.10.yosemit
######################################################################## 100.0%
==> Pouring proxychains-ng-4.10.yosemite.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink etc/proxychains.conf
Target /usr/local/etc/proxychains.conf
is a symlink belonging to proxychains. You can unlink it:
  brew unlink proxychains

To force the link and overwrite all conflicting files:
  brew link --overwrite proxychains-ng

To list all files that would be deleted:
  brew link --overwrite --dry-run proxychains-ng

Possible conflicting files are:
/usr/local/etc/proxychains.conf -> /usr/local/Cellar/proxychains/HEAD/etc/proxychains.conf
/usr/local/bin/proxychains4 -> /usr/local/Cellar/proxychains/HEAD/bin/proxychains4
/usr/local/lib/libproxychains4.dylib -> /usr/local/Cellar/proxychains/HEAD/lib/libproxychains4.dylib
==> Summary
  /usr/local/Cellar/proxychains-ng/4.10: 8 files, 92K
yudeMacBook-Air:~ brite$ brew link --overwrite proxychains-ng
Linking /usr/local/Cellar/proxychains-ng/4.10... 3 symlinks created
yudeMacBook-Air:~ brite$ proxychains
-bash: proxychains: command not found
yudeMacBook-Air:~ brite$ proxychains4

Usage: proxychains4 -q -f config_file program_name [arguments]
-q makes proxychains quiet - this overrides the config setting
-f allows to manually specify a configfile to use
for example : proxychains telnet somehost.com
More help in README file
yudeMacBook-Air:~ brite$

验证能够科学上网的唯一标准：能用wget下载google主页，什么curl ip.cn这种不一定准，虽然显示你的是国外IP了，说明这次curl走了代理，但不代表你能使用wget下载／能更新源码：

proxychains4 wget www.google.com

[proxychains] config file found: /usr/local/etc/proxychains.conf

[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib

[proxychains] DLL init: proxychains-ng 4.14

--2020-10-13 01:32:28--  http://www.google.com/

Resolving www.google.com... 224.0.0.1

Connecting to www.google.com|224.0.0.1|:80... [proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  timeout

[proxychains] Dynamic chain  ...  127.0.0.1:1080  ...  www.google.com:80  ...  OK

connected.

HTTP request sent, awaiting response... 200 OK

Length: unspecified [text/html]

Saving to: 'index.html'

index.html            [ <=>                  ]  11.76K  --.-KB/s   in 0s     

2020-10-13 01:32:29 (65.2 MB/s) - 'index.html' saved [12039]

－－－－－－－－－－－－－－－－

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. http://sourceforge.net/projects/proxychains-ng/files

ProxyChains-NG ver 4.11 README
=============================

  ProxyChains is a UNIX program, that hooks network-related libc functions
  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
  and redirects the connections through SOCKS4a/5 or HTTP proxies.
  It supports TCP only (no UDP/ICMP etc).

  The way it works is basically a HACK; so it is possible that it doesn't
  work with your program, especially when it's a script, or starts
  numerous processes like background daemons or uses dlopen() to load
  "modules" (bug in glibc dynlinker).
  It should work with simple compiled (C/C++) dynamically linked programs
  though.

  If your program doesn't work with proxychains, consider using an
  iptables based solution instead; this is much more robust.

  Supported Platforms: Linux, BSD, Mac.


*********** ATTENTION ***********

  this program can be used to circumvent censorship.
  doing so can be VERY DANGEROUS in certain countries.

  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
  BEFORE USING IT FOR ANYTHING SERIOUS.

  this involves both the program and the proxy that you're going to
  use.

  for example, you can connect to some "what is my ip" service
  like ifconfig.me to make sure that it's not using your real ip.

  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.

  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY
  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND
  THE RESULTING CONSEQUENCES.

*** Installation ***

  # needs a working C compiler, preferably gcc
  ./configure --prefix=/usr --sysconfdir=/etc
  make
  [optional] sudo make install
  [optional] sudo make install-config (installs proxychains.conf)

  if you dont install, you can use proxychains from the build directory
  like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80

Changelog:
----------
Version 4.11
- preliminary IPv6 support
- fixed bug in hostsreader
- preliminary support for usage on OpenBSD (caveat emptor)

Version 4.10
- fix regression in linking order with custom LDFLAGS
- fix segfault in DNS mapping code in programs with > ~400 different lookups

Version 4.9
- fix a security issue CVE-2015-3887
- add sendto hook to handle MSG_FASTOPEN flag
- replace problematic hostentdb with hostsreader
- fix compilation on OpenBSD (although doesn't work there)

Version 4.8.1:
- fix regression in 4.8 install-config Makefile target

Version 4.8:
- fix for odd cornercase where getaddrinfo was used with AI_NUMERICHOST
  to test for a numeric ip instead of resolving it (fixes nmap).
- allow usage with programs that rely on LD_PRELOAD themselves
- reject wrong entries in config file
- print version number on startup

Version 4.7:
- new round_robin chaintype by crass.
- fix bug with lazy allocation when GCC constructor was not used.
- new configure flag --fat-binary to create a "fat" binary/library on OS X
- return EBADF rather than EINTR in close hook.
  it's legal for a program to retry close() calls when they receive
  EINTR, which could cause an infinite loop, as seen in chromium.

Version 4.6:
- some cosmetic fixes to Makefile, fix a bug when non-numeric ip was
  used as proxy server address.

Version 4.5:
- hook close() to prevent OpenSSH from messing with internal infrastructure.
  this caused ssh client to segfault when proxified.

Version 4.4:
- FreeBSD port
- fixes some installation issues on Debian and Mac.

Version 4.3:
- fixes programs that do dns-lookups in child processes (fork()ed),
  like irssi. to achieve this, support for compilation without pthreads
  was sacrified.
- fixes thread safety for gethostent() calls.
- improved DNS handling speed, since hostent db is cached.

Version 4.2:
- fixes compilation issues with ubuntu 12.04 toolchain
- fixes segfault in rare codepath

Version 4.1
- support for mac os x (all archs)
- all internal functions are threadsafe when compiled with -DTHREAD_SAFE
  (default).

Version 4.0
- replaced dnsresolver script (which required a dynamically linked "dig"
  binary to be present) with remote DNS lookup.
  this speeds up any operation involving DNS, as the old script had to use TCP.
  additionally it allows to use .onion urls when used with TOR.
- removed broken autoconf build system with a simple Makefile.
  there's a ./configure script though for convenience.
  it also adds support for a config file passed via command line switches/
  environment variables.

Version 3.0
- support for DNS resolving through proxy
  supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.
  Auth-types: socks - "user/pass" , http - "basic".

When to use it ?
1) When the only way to get "outside" from your LAN is through proxy server.
2) To get out from behind restrictive firewall which filters outgoing ports.
3) To use two (or more) proxies in chain:
 like: your_host <--> proxy1 <--> proxy2 <--> target_host
4) To "proxify" some program with no proxy support built-in (like telnet)
5) Access intranet from outside via proxy.
6) To use DNS behind proxy.
7) To access hidden tor onion services.

Some cool features:

* This program can mix different proxy types in the same chain
 like: your_host <-->socks5 <--> http <--> socks4 <--> target_host
* Different chaining options supported
 random order from the list ( user defined length of chain ).
 exact order  (as they appear in the list )
 dynamic order (smart exclude dead proxies from chain)
* You can use it with most TCP client applications, possibly even network
 scanners, as long as they use standard libc functionality.
 pcap based scanning does not work.
* You can use it with servers, like squid, sendmail, or whatever.
* DNS resolving through proxy.


Configuration:
--------------

proxychains looks for config file in following order:
1) file listed in environment variable PROXYCHAINS_CONF_FILE or
 provided as a -f argument to proxychains script or binary.
2) ./proxychains.conf
3) $(HOME)/.proxychains/proxychains.conf
4) $(sysconfdir)/proxychains.conf  **

** usually /etc/proxychains.conf

Usage Example:

 $ proxychains telnet targethost.com

in this example it will run telnet through proxy(or chained proxies)
specified by proxychains.conf

Usage Example:

 $ proxychains -f /etc/proxychains-other.conf telnet targethost2.com

in this example it will use different configuration file then proxychains.conf
to connect to targethost2.com host.

Usage Example:

 $ proxyresolv targethost.com

in this example it will resolve targethost.com through proxy(or chained proxies)
specified by proxychains.conf

Known Problems:
---------------
- newer versions of nmap try to determine the network interface to use
  even if it's not needed (like when doing simple syn scans which use the
  standard POSIX socket API. this results in errors when proxychains hands
  out an ip address to a reserved address space.
  possible workarounds: disable proxy_dns, use a numeric ip, or use nmap's
  native support for SOCKS proxies.

- Mac OS X 10.11 (El Capitan) ships with a new security feature called SIP
  that prevents hooking of system apps.
  workarounds are to partially disable SIP by issuing
  csrutil enable --without debug in recovery mode,
  or to copy the system binary into the home directory and run it from there.
  see github issue #78 for details.

- the glibc dynlinker has a bug or security feature that inhibits dlopen()ed
  modules from being subject to the same dlsym hooks as installed for the main
  program. this mainly affects scripting languages such as perl or python
  that heavily rely on dlopen() for modules written in C to work.
  there are unconfirmed reports that it works as root though.
  musl libc is unaffected from the bug.

from https://github.com/rofl0r/proxychains-ng

－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

相关帖子：http://briteming.blogspot.com/2015/10/macosproxychains.html
－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－－

配置

编辑配置文件 nano /usr/local/etc/proxychains.conf
在 [ProxyList] 下面（也就是末尾）加入代理类型，代理地址和端口
例如使用 TOR 代理，注释掉原来的代理并添加

socks5  127.0.0.1 9050

如果所在的网络很复杂，可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是：
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的

使用

proxychains4 wget twitter.com

配合 wget来下载，非常好用.
-----------------------------------------------------------

Mac OSX系统下,通过ProxyChains-NG,实现终端下的代理

起因:

我中华大地大局域网风云变幻,目前git push git pull git clone等,单反需要访问真互联网的操作总让人痛心!痛彻心扉~~
怎么办?shadowsocks可以让我访问真互联网,但是每次命令行都会遇到一些问题,开启全局代理依然无法git 到 GitHub.怎么办?之前试过tsocks,现在,我的体验是,它只能支持wget,不能git
为了方便快捷解决这个问题,这里推荐下ProxyChains-NG,下面具体操作.

项目主页：https://github.com/rofl0r/proxychains-ng
官方说明：

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.

安装配置

使用 Homebrew 安装:

brew install proxychains-ng

编辑配置文件 vim /usr/local/etc/proxychains.conf
在 [ProxyList] 下面（也就是末尾）加入代理类型，代理地址和端口
例如使用 TOR 代理，注释掉原来的代理并添加:

socks5 127.0.0.1 1080

注意,这里的端口号根据你自己的决定,比如我用的shadowsocks,本地端口是1080,那这里就是1080
如果所在的网络很复杂，可能需要在配置文件中启用
dynamic_chain - 按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的
然后在 [ProxyList] 下添加多个代理
默认是：
strict_chain - 按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的

使用

在命令的前面加上proxychains4即可:

proxychains4 git push

OSX10.11下，安装proxychains失败？

2015-12-05更新

由于 OSX 10.11 的 SIP 特性，会导致 proxychains-ng 安装失败，这里有三种解决方法：

1. 如果是使用 brew install proxychains-ng 安装的话，由于没有写入权限，必须暂时关闭 SIP，安装成功之后再打开 SIP。具体方法见 http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/
2. 如果不使用 brew install 的话，可以 clone 源码自己编译安装，关键是避免安装到 usr 目录（无法写入），手动指定写入目录，如 ./configure --prefix=$HOME/.local --sysconfdir=/etc，etc 有写入权限不必修改，记得添加环境变量即可。
3. 需要先安装 xcode7 ， 然后执行 xcode-select -s /Applications/Xcode-beta.app/Contents/Developer ，就能用 brew 安装 proxychains 了，可能以后 xcode7 正式版本出来，要记得改回来。 除此之外，OSX 自带的 git，curl 等版本过低，无法支持 proxychains-ng，请手动更新版本.

(brew install proxychains-ng

由于OSX升级后的SIP限制，在proxychains.conf文件中设置ss的socks5代理，无效了。解决办法是在重启后，在Recovery mode下关闭SIP，但对于强迫症来说，不能忍(安全问题)。详见
rofl0r/proxychains-ng/issues/78

➜  ~ proxychains4 curl ip.cn
[proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.12/lib/libproxychains4.dylib
当前 IP：112.64.xxx.xx 来自：上海市 联通

配置文件/usr/local/Cellar/proxychains-ng/4.12/etc/proxychains.conf:

 111 [ProxyList]
 112 # add proxy here ...
 113 # meanwile
 114 # defaults set to "tor"
 115 #socks4     127.0.0.1 9050
 116 socks5  127.0.0.1 1080 )

------------------------

通过 ProxyChains-NG 实现终端下任意应用代理

如果要让终端下的命令行工具也能使用代理，这时我们就要用上proxychains-ng这款神器了。

什么是 proxychains-ng

项目主页：https://github.com/rofl0r/proxychains-ng

proxychains-ng 介绍

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project.

proxychains-ng是proxychains的加强版，主要有以下功能和不足：

• 支持http/https/socks4/socks5
• 支持认证
• 远端dns查询
• 多种代理模式
• 不支持udp/icmp转发
• 少部分程序和在后台运行的可能无法代理

proxychains-ng 原理

简单的说就是这个程序 Hook 了 sockets 相关的操作，让普通程序的 sockets 数据走 SOCKS/HTTP 代理。

其核心就是利用了 LD_PRELOAD 这个环境变量（Mac 上是 DYLD_INSERT_LIBRARIES）。

在 Unix 系统中，如果设置了 LD_PRELOAD 环境变量，那么在程序运行时，动态链接器会先加载该环境变量所指定的动态库。也就是说，这个动态库的加载优先于任何其它的库，包括 libc。

ProxyChains 创建了一个叫 libproxychains4.so（Mac 上是 libproxychains4.dylib）的动态库。里面重写了 connect、close 以及 sendto 等与 socket 相关的函数，通过这些函数发出的数据将会走代理，详细代码可以参考 libproxychains.c。

在主程序里，它会读取配置文件，查找 libproxychains4 所在位置，把这些信息存入环境变量后执行子程序。这样子程序里对 socket 相关的函数调用就会被 Hook 了，对子程序来说，跟代理相关的东西都是透明的。

可以用 printenv 程序来查看增加的环境变量，在 Mac 上输出结果类似于：

1 2 3 4 5 6 7 8 9

$ proxychains4 printenv [proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf [proxychains] preloading /usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib [proxychains] DLL init: proxychains-ng 4.11 ... PROXYCHAINS_CONF_FILE=/usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=/usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib

一共设置了三个环境变量，其中 PROXYCHAINS_CONF_FILE 保存的是配置文件路径，DYLD_INSERT_LIBRARIES 保存的是动态库路径，在 Mac 中，必须使DYLD_FORCE_FLAT_NAMESPACE 为 1 才能保证 DYLD_INSERT_LIBRARIES 起作用。

安装 proxychains-ng

通过源代码安装

• 下载源码

1	$ git clone https://github.com/rofl0r/proxychains-ng

• 编译安装

1 2 3 4

$ ./configure --prefix=/usr --sysconfdir=/etc $ make $ make install $ make install-config (安装proxychains.conf配置文件)

MAC下安装

关闭 SIP

macOS 10.11 后下由于开启了 SIP（System Integrity Protection） 会导致命令行下 proxychains-ng 代理的模式失效，如果你要使用 proxychains-ng 这种简单的方法，就需要先关闭 SIP。

具体的关闭方法如下：

• 部分关闭 SIP

重启Mac，按住Option键进入启动盘选择模式，再按⌘ + R进入Recovery模式。
实用工具（Utilities）-> 终端（Terminal）。
输入命令csrutil enable --without debug运行。
重启进入系统后，终端里输入 csrutil status，结果中如果有 Debugging Restrictions: disabled 则说明关闭成功。

• 完全关闭 SIP

重启Mac，按住Option键进入启动盘选择模式，再按⌘ + R进入Recovery模式。
实用工具（Utilities）-> 终端（Terminal）。
输入命令csrutil disable运行。
重启进入系统后，终端里输入 csrutil status，结果中如果有 System Integrity Protection status:disabled. 则说明关闭成功。

安装 Proxychains-ng

安装好 Homebrew 后，终端中输入

1	$ brew install proxychains-ng

配置 proxychains-ng

proxychains-ng默认配置文件名为proxychains.conf。

• 通过源代码编译安装的默认为/etc/proxychains.conf。
• Mac下用Homebrew安装的默认为/usr/local/etc/proxychains.conf。

proxychains-ng的配置非常简单，只需将代理加入[ProxyList]中即可。

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

$ vim proxychains.conf quiet_mode dynamic_chain chain_len = 1 #round_robin_chain和random_chain使用 proxy_dns remote_dns_subnet 224 tcp_read_time_out 15000 tcp_connect_time_out 8000 localnet 127.0.0.0/255.0.0.0 localnet 10.0.0.0/255.0.0.0 localnet 172.16.0.0/255.240.0.0 localnet 192.168.0.0/255.255.0.0 [ProxyList] socks5 127.0.0.1 1086 http 127.0.0.1 1087

proxychains-ng支持多种代理模式,默认是选择 strict_chain。

• dynamic_chain ：动态模式,按照代理列表顺序自动选取可用代理
• strict_chain ：严格模式,严格按照代理列表顺序使用代理，所有代理必须可用
• round_robin_chain ：轮询模式，自动跳过不可用代理
• random_chain ：随机模式,随机使用代理

proxychains-ng 使用

proxychains-ng 语法

proxychains-ng用法非常简单，使用格式如下:

1	$ proxychains4 程序 参数

proxychains-ng 测试

1	$ proxychains4 curl ip.cn

proxychains-ng 优化

alias

给proxychains4增加一个别名，在 /.zshrc或/.bashrc末尾加入如下行：

1 2 3 4

# --------------------------------------- # proxychain-ng config # --------------------------------------- alias pc='proxychains4'

以后就可以类似$ pc curl http://www.google.com这样调用proxychains4，简化了输入。

自动补全

你输了很长一段命令，然后你突然想使用代理功能，怎么办？

• iTerm中前缀补全

在 iTerm -> Preferences -> Profiles -> Keys 中，新建一个快捷键，例如 ⌥ + p ，Action 选择 Send Hex Code，键值为 0x1 0x70 0x63 0x20 0xd，保存生效。

以后命令要代理就直接敲命令，然后 ⌥ + p 即可，这样命令补全也能保留了。

附上 Hex Code 对应表，获取工具为keycodes(http://manytricks.com/keycodes/)

Hex Code	Key
0x1	⌃ + a
0x70	p
0x63	c
0x20	[space]
0xd	↩︎

• oh-my-zsh中前缀补全

1 2	$ git clone git@github.com:six-ddc/zsh-proxychains-ng.git ~/.oh-my-zsh/custom/plugins/zsh-proxychains-ng $ echo "plugins+=(zsh-proxychains-ng)" >> ~/.zshrc

使用时按[ESC]-P ，自动添加(去除)proxychains4 -q命令前缀，支持 emacs 和 vi mode 。

• 通过代理SHELL实现全局代理

如果你还是觉得每次使用都要输入proxychains4或其别名，比较麻烦。你还可以用proxychains-ng代理一个shell，在shell中执行的命令就会自动使用代理了。

方法一

手动设置环境变量

1 2 3

$ export PROXYCHAINS_CONF_FILE=/usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf $ export DYLD_INSERT_LIBRARIES=/usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib $ export DYLD_FORCE_FLAT_NAMESPACE=1

方法二

proxychains-ng直接调用SHELL

BASH

1	$ proxychains4 -q /bin/bash

ZSH

1	$ proxychains4 -q /bin/zsh

这样在当前 shell 中运行的所有程序的网络请求都会走代理了。可以把上面的命令加入到用户目录的.bashrc或者.zshrc中,用户登录后自动代理一个shell,这就类似一个全局代理了。在这个SHELL下的所有命令都可以使用代理了。

参考文档

http://t.cn/R4tiUB1
http://t.cn/Rxg7oJR
http://t.cn/RG1Hbs3

-----------------------

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" for SOCKS4/5, "basic" for HTTP.http://proxychains.sourceforge.net/

ProxyChains ver. 4.2.0 README

ProxyChains is a UNIX program, that hooks network-related libc functions in dynamically linked programs via a preloaded DLL and redirects the connections through SOCKS4a/5 or HTTP proxies.

Warning

this program works only on dynamically linked programs. also both proxychains and the program to call must use the same dynamic linker (i.e. same libc)

Known limitations of the current version

when a process forks, does a DNS lookup in the child, and then uses the ip in the parent, the corresponding ip mapping will not be found. this is because the fork can’t write back into the parents mapping table. IRSSI shows this behaviour, so you have to pass the resolved ip address to it. (you can use the proxyresolv script (requires "dig") to do so)

this means that you can’t currently use tor onion urls for irssi. to solve this issue, an external data store (file, pipe, …​) has to manage the dns <→ ip mapping. of course there has to be proper locking. shm_open, mkstemp, are possible candidates for a file based approach, the other option is to spawn some kind of server process that manages the map lookups. since connect() etc are hooked, this must not be a TCP server.

I am reluctant on doing this change, because the described behaviour seems pretty idiotic (doing a fork only for a DNS lookup), and irssi is currently the only known affected program.

Installation

Using release version

Proxychains-4.2.0 are available with pkgsrc to everyone using it on Linux, NetBSD, FreeBSD, OpenBSD, DragonFlyBSD orMac OS X. You just need to install pkgsrc-wip repository and run make install in a wip/proxychains directory.

You can find out more about pkgsrc on pkgsrc and about pkgsrc-wip on Pkgsrc-wip homepage

Installing on Mac OS X with homebrew

You can install current proxychains on Mac OS X with an homebrew. You have to download unofficial homebrew formulafrom to your BREW_HOME by default /usr/local/Library/Formula/ and run

$ brew install proxychains

Running Current Source code version

# needs a working C compiler, preferably gcc
./configure
make
sudo make install

Changelog

Version (4.x) removes the dnsresolver script which required a dynamically linked "dig" binary to be present with remote DNS lookup. this speeds up any operation involving DNS, as the old script had to use TCP. additionally it allows to use .onion urls when used with TOR. also it removed the broken autoconf build system with a simple Makefile. there’s a ./configure script though for convenience. it also adds support for a config file passed via command line switches/ environment variables.

Version (3.x) introduces support for DNS resolving through proxy it supports SOCKS4, SOCKS5 and HTTP CONNECT proxy servers.

• Auth-types
  • socks - "user/pass",
  • http - "basic"

When to use it

• When the only way to get "outside" from your LAN is through proxy server.
• To get out from behind restrictive firewall which filters outgoing ports.
• To use two (or more) proxies in chain:

   like: your_host <--> proxy1 <--> proxy2 <--> target_host

• To "proxify" some program with no proxy support built-in (like telnet)
• Access intranet from outside via proxy.
• To use DNS behind proxy.

Some cool features

• This program can mix different proxy types in the same chain

  like: your_host <-->socks5 <--> http <--> socks4 <--> target_host

• Different chaining options supported random order from the list ( user defined length of chain ). exact order (as they appear in the list ) dynamic order (smart exclude dead proxies from chain)
• You can use it with any TCP client application, even network scanners yes, yes - you can make portscan via proxy (or chained proxies) for example with Nmap scanner by fyodor (www.insecire.org/nmap).

  proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)

• You can use it with servers, like squid, sendmail, or whatever.
• DNS resolving through proxy.

Configuration

proxychains looks for configuration in the following order:

• SOCKS5 proxy port in environment variable ${PROXYCHAINS_SOCKS5} (if set, no further configuration will be searched)
• file listed in environment variable ${PROXYCHAINS_CONF_FILE} or provided as a -f argument to proxychains script or binary.
• ./proxychains.conf
• $(HOME)/.proxychains/proxychains.conf
• /etc/proxychains.conf

see more in /etc/proxychains.conf

Usage Example

$ proxychains telnet targethost.com

in this example it will run telnet through proxy(or chained proxies) specified by proxychains.conf

Usage Example

$ proxychains -f /etc/proxychains-other.conf targethost2.com

in this example it will use different configuration file then proxychains.conf to connect to targethost2.com host.

Usage Example

$ proxyresolv targethost.com

in this example it will resolve targethost.com through proxy(or chained proxies) specified by proxychains.conf

Usage Example:

$ ssh -fN -D 4321 some.example.com
$ PROXYCHAINS_SOCKS5=4321 proxychains zsh

in this example, it will run a shell with all traffic proxied through OpenSSH’s "dynamic proxy" (SOCKS5 proxy) on localhost port 4321.

from https://github.com/haad/proxychains
-----------

发现了这个程序proxychains, 他可以在原命令前面另加一个代理程序来运行该命令, 从而使得本来不能配置运行代理的程序可以使用代理运行.
该程序原理是通过和网络相关libc动态相关库的函数进行绑定(hook), 使这些函数走一个预加载的动态库并重定向链接. 因为这个工作原理, 他只能对动态连接的程序起效(就是调用动态库的), 另外proxychains和被代理程序需要调用同一个动态连接库.
该程序如名字, 可以使用代理链(一般我们只采用一个代理), 即可以代理接一个代理传输信号, 这样可以使得使用身份更隐蔽. 另外这种代理链可以混杂各种不同的协议, 如HTTP+SOCKS4+SOCKS5的混合. 这种”代理链”的方式可以轻松帮你解决 外网 -> 网关机 -> 内网机 的internet 访问 intranet的功能.
该程序现在主要在Github上维护, 新版本为 ng 版(更新到4.X), 另外也可以从SourceForge下载. 另外原版旧版的Github也有到4.2的, 旧版的sourceforge 上有旧的3.1版. 不过推荐使用最新版本啦~

安装

proxychains: 执行命令时

• Ubuntu 里面: sudo apt-get install proxychains 装的是3.1的旧版.
• Mac 里面: brew install proxychains-ng

# needs a working C compiler, preferably gcc
./configure
make
# install proxychains4 and dy-lib
# /usr/local/bin/proxychains4
# /usr/local/lib/libproxychains4.dylib
sudo make install
# installs /etc/proxychains.conf
sudo make install-config 

配置

配置文件

如果是ubuntu或者直接安装, 配置文件一般是 /etc/proxychains.conf , 如果是Mac用brew安装, /usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf. (其中版本号会有区别,这里是4.11)
一般地, 配置文件查找顺序为:

1. ${PROXYCHAINS_SOCKS5} 环境变量定义的端口
2. ${PROXYCHAINS_CONF_FILE} 定义的配置文件或者-f 选项指定的文件
3. ./proxychains.conf
4. ${HOME}/.proxychains/proxychains.conf
5. ${sysconfdir}/proxychains.conf (e.g. /etc/proxychains.conf or /usr/local/etc/proxychains.conf or /usr/local/…/etc/proxychains.conf)

代理模式

代理模式在配置文件最开头, 有四种模式供选择, 关闭某模式就是注释掉就可以了. 默认模式是strict_chain

• dynamic_chain，按照列表中出现的代理服务器的先后顺序组成一条链，如果有代理服务器失效，则自动将其排除，但至少要有一个是有效的。
• strict_chain，按照后面列表中出现的代理服务器的先后顺序组成一条链，要求所有的代理服务器都是有效的
• round_robin_chain, 类似dynamic_chain, 但是只读取chain_len 长度
• random_chain，列表中的任何一个代理服务器都可能被选择使用，这种方式很适合网络扫描操作（参数chain_len对random_chain有效）。

默认是选择的strict_chain，一般我们不用多个代理造成链, 只要一个就好了, 所以一般不改变代理模式部分。

配置代理服务器

在最下面的部分就是代理服务器列表配置了, 支持HTTP, SOCKS4, SOCKS5, 貌似新版本还支持HTTPS.
例如:
对于SS代理, 在最后一行加入这句话 socks5 127.0.0.1 1080. 另外把socks4 127.0.0.1 9050 一行# 注释掉或者直接删掉.
http 12.34.56.78 8080 user passwd 可以配置有用户名密码验证的HTTP代理.
一般地, http 采用8080端口, 而 socks4/socks5 采用1080 端口.

使用

使用就很简单了, 就是在原有的运行命令前面加入proxychains4, 例如我要wget 进行代理抓取

proxychains4 wget www.google.com

指定配置文件的话, 是:

proxychains4 -f proxy.conf wget www.google.com

例如结合ssh隧道:

ssh -fN -D 4321 some.example.com
PROXYCHAINS_SOCKS5=4321 proxychains zsh

这个例子使用ssh隧道来用某个服务端4321端口作动态代理, 然后用 PROXYCHAINS_SOCKS5 来指明端口后直接用proxycains 来代理一个zsh, zsh所有命令均走这个ssh代理. 注意这里走的都是 SOCKS5 代理.
如果嫌打那么长命令很麻烦, 那还可以在启动sh配置文件.bashrc 里面加入:
alias pc4=proxychains4
这样只要用pc4 wget www.google.com 就可以进行代理咯.

附录: 一些常用命令自带的代理使用

git

电信访问git来下载那就是一个慢! 所以代理是需要的!
做法很简单, 运行两条命令将代理加到配置.gitconfig 就可以了.

git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'

注意这是对git全局都使用代理, 但如果使用gitcafe 或者coding.io 这些国内的git仓库, 代理反而走远路了. 这时proxychains就起到作用啦.

wget 和 curl

wget 使用 -Y on 来打开代理设置, 用 -e "http_proxy=http://ip_address:port" 来指定代理地址.
wget -Y on -e "http_proxy=http://10.0.0.172:8080" "www.google.com"
遗憾的是, wget 只能采用http代理, 不能使用 socks5 代理.
curl 使用 -x ip_address:port 来指定代理服务器IP和端口.

curl -x 10.0.0.172:8080 www.google.com

--socks5 ip:port 和 --socks5-hostname hostname:port 可以使用socks5 来代理.
------------

proxychains-ng原理解析

提起 proxychains 相信大家都并不陌生，这个程序可以方便的让你在终端使用 SOCKS5, SOCKS4, HTTP 等协议代理网络访问，而不需要为了转换 SOCKS5 协议再搭建一个 HTTP 的代理来使用 http_proxy, https_proxy 这些 Shell 内置的环境变量来访问网络了。不过 proxychains 并不对所有的应用程序有效，一个典型的情况是 Golang 编写的 程序是无法使用 proxychains 进行代理的。在使用 proxychains 的时候会报这样的错误:

dial tcp 224.0.0.1:80: connect: network is unreachable

下面就通过对 proxychains-ng 的原理的解析，来解答这个问题，并且为 golang 编写的程序提供一个解决方案。

Shared Libraries The content is recoverd from Wordpress Blog, for more details please check HERE

Linux 下的很多程序都依赖着多种多样的动态链接库(shared library)，使用动态链接库既可以节省磁盘的空间大小（你编译出来的程序不会特别大），同时也会节省程序的运行内存，多个共享动态链接库的进程只需要一份库在内存中。若是静态链接的话，则每一个进程都要带一份库。通过 ls -l /usr/lib (根据发行版不同路径可能会有不同)即可看到很多动态链接库。

首先来介绍几个动态链接库的基本知识，大家会发现这个文件夹下面有很多链接，比如

lrwxrwxrwx   1 root root        19 Aug  7 00:22 libzmf-0.0.so -> libzmf-0.0.so.0.0.2                                                                                                                         
lrwxrwxrwx   1 root root        19 Aug  7 00:22 libzmf-0.0.so.0 -> libzmf-0.0.so.0.0.2

有两个指向 libzmf-0.0.so.0.0.2 的软连接这些文件的名字很相似，那么具体都代表什么呢，下面就来进行说明。

对于一个动态链接库来说，有三个名字，分别是 soname, linkername 和 realname

• linkername: libxxx.so (没有任何版本号) 在安装 library 的时候建立，是一个链接到 realname 的软链接
• soname: libxxx.so.(VER) (带有版本号) 在安装 library 的时候建立，是一个链接到 realname 的软链接
• realname: libxxx.so.(VER).(MINOR).[RELEASE] (必须带有版本号和 minor number, 可选的为带有 release number) 是该 library 本身

对于上面这个例子来说 libzmf-0.0 的 soname 就是 libzmf-0.0.so.0， linkername 是 libzmf-0.0.so，realname 是 libzmf-0.0.so.0.0.2

当一个程序指定要链接的动态链接库的时候，他们指定的是这个链接库的 soname, 而不是 realname 这样的考量是在链接库更新 minor number 的时候，不需要对这个程序进行重新链接，至于为什么没有用 linkername 是为了 ABI 兼容性考虑，当一个库升级后 ABI 发生了变化时，依赖这个库的程序必须要重新编译才能使用，否则就会因为 ABI 不兼容导致段错误等问题发生。因而当一个库的 MAJOR VER NUMBER 更新时，说明它有 ABI Breaking Change. 而当一个库只是更新了 MINOR/RELEASE NUMBER 的时候 这时我们不需要进行重新编译。

Dynamic Loading Progress The content is recoverd from Wordpress Blog, for more details please check HERE

本文重点在于讲解 proxychains 的原理，因而对 loader 部分只提及相关部分，下述过程并不是完整的程序加载过程

在 Linux 上所有动态链接的程序都会链接一个 ld-linux-xxxx.so(下面简称 ld-linux.so) 的动态链接库，这个动态链接库很特殊，它会解析该程序所需的 shared libraires ，并且加载他们以及他们必要的依赖 我们可以通过查看每一个动态链接的程序的 Dynamic Section 了解到其依赖的链接库都是什么。

-----------------------

https://github.com/yunlingz/TermuxSocks/tree/master/proxychains-ng

-------------------------

相关帖子：http://briteming.blogspot.com/2015/09/tsocksproxychains-linux.html