brainfucksec / kalitorify

Transparent proxy through Tor for Kali Linux OS
GNU General Public License v3.0
1.04k stars 225 forks source link

Kalitorify Block Scripts #62

Closed calilkhalil closed 2 years ago

calilkhalil commented 2 years ago

Guys, I have a problem.

When I enable kalitorify I get an IP address, that's fine, but when I try an nmap (for example) I can't run.

I think my Iptables blocking connections when I use kalitorify as it put some rules in iptables with drop flag. I've tried setting it to ACCEPT everything, but I can't proxy with Nmap.

IPTABLES RULES with Kalitorify:
hain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             state INVALID
ACCEPT     all  --  anywhere             anywhere             state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             owner UID match debian-tor tcp flags:FIN,SYN,RST,ACK/SYN state NEW
ACCEPT     all  --  anywhere             localhost           
ACCEPT     tcp  --  anywhere             localhost            tcp dpt:9040 flags:FIN,SYN,RST,ACK/SYN
DROP       all  --  anywhere             anywhere            

Without Kalitorify:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

I just can use internet when I set INPUT and Output accept, because kalitorify set as DROP and I can't do anything.

brainfucksec commented 2 years ago

Hi @Aleadar, nmap ..or other similar programs should work normally with kalitorify, it must be a problem in your configuration and not related to the program.

calilkhalil commented 2 years ago

@brainfucksec

I think it's a problem with the tor rules, because with anonsurf it doesn't work either. How I can open all rules on Iptables using Kalitorify?

brainfucksec commented 2 years ago

I have tested nmap and other scanners or similar programs and they work correctly, you have to be careful with changing the iptables rules. See:

https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy https://www.netfilter.org/projects/iptables/index.html