Closed ylluminarious closed 7 years ago
there are 2 possible scenarios where you would need to hide the data: 1) multi-user system with trusted admin. you could prevent others from reading the file by setting the right permissions. 2) untrusted system under someone else's control (for example a shared VPS). you could hide the config file contents using crypto but then the SOCKS/HTTP passwords would still be sent in cleartext over the wire, so the rogue admin could grab them with wireshark or tcpdump. so imo its questionable whether such a feature makes sense.
@rofl0r Thanks for the response and the info. For now, I'll do what you mentioned in your 1st point, i.e., hide the data via permissions. In reply to your 2nd point, traffic-sniffing only applies if the data in transit is not being encrypted. So encrypting the proxychains.conf
file will still make sense so long as the user also makes sure that their traffic is being encrypted.
how would you encrypt your traffic ? you mean like in using proxychains4 curl https://someserver
? in that case even though the HTTP procol is encrypted, the SOCKS5 requests themselfes still aren't.
@rofl0r Well, yes, but VPN also comes to mind.
how do you prevent your VPN credentials from being stolen though ?
What do you mean, exactly?
@rofl0r I simply mean to turn on a VPN connection before even making any SOCKS requests so that all traffic is encrypted through the VPN... not sure how that allows any credentials to be stolen.
well i suppose you need a password or private key file to use VPN ?
@rofl0r Yes, at least for all the ones that I know.
ok, and how do you hide that ?
@rofl0r Do you mean how do you hide it locally on your machine?
@rofl0r The reason I asked that last question is because I'm not exactly sure what you're getting at -- OpenVPN, at least, is secured by SSL so there's no worry about the credentials being stolen there. If you are referring to locally securing credentials, well, I would also store the credentials in an encrypted location or just use a password manager such as 1password or pass.
well yes, since you're worried about getting your proxychains.conf leaked, you might as well worry about your VPN private keys, assuming they're used on the same box.
@rofl0r Ok, yes, you are right and that does make sense... just wasn't sure what sort of leakage you were referring to.
So are you interested in supporting GPG (or other) encryption for proxychains.conf
? If not, I'll just close this ticket, or you can. Maybe in the future I'll submit a patch which adds support for this feature.
tbh i think this feature is overkill and adding it could have considerable regressions, if it involves running a subprocess or a third-party library since any usage of libc functions inside a foreign process can have unwanted consequences. the imo only feasible way to implement this feature would be by using embedded tweetnacl crypto.
@rofl0r Alright, understood. Thanks anyway.
Given that one may need to enter sensitive data into the
proxychains.conf
file (e.g. username and password for proxy servers), is it possible for me to somehow encrypt this file via GPG or similar and still be able to use proxychains?