search

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
http://sourceforge.net/projects/proxychains-ng/files
GNU General Public License v2.0
9.85k stars 1.08k forks source link

Request: proxychain per destination address #249

Open br0xpl opened 6 years ago

br0xpl commented 6 years ago

Hi all, Hi @rofl0r What would you say for a feature to allow proxy through different paths depending to whom we want to connect (by IP address)?

This would be similar to tsocks path+reaches configuration.

I could try to implement this in my free time and make a PR if you like the idea?

Regards, br0x

rofl0r commented 6 years ago

i personally don't see much value in such an addition; i'd probably just use different config files for different programs/endpoints. but if you have usecases where it makes sense and can come up with a clean design we can try to get it merged. in the worst case even if it doesn't get merged, you and other people that require this functionality could still use your patch on top of vanilla proxychains-ng.

so as a first step: how would the config file look like for such a setup ?

shellster commented 6 years ago

@rofl0r Not sure what @br0xpl use case is, but this feature would be very useful for me. I do a lot of pentesting/redteam work. I often have multiple pivot points (socks proxies) throughout a network that allow me to gain access to different subnets. It is quite common for me to use a tool that needs to be proxied where I need to access two different subnets that must use different socks proxies. In some cases I can get around this by running two versions of my application with two different proxychain-ng configs. However, there are cases where I need to access both subnets simultaneously via the same instance of the application, and there is currently no way to do that. One example is file transfers between two subnets only available through different socks proxies. I can of course, copy the files down locally, then use a new instance to copy to the other side, but this is clunky.

Nothing4You commented 3 years ago

to add to this, it'd be beneficial to be able to send only traffic for specific destinations through the proxy at all, basically the reverse of localnet.

for example i have an application that accesses 1 resource that is only accessible via proxy and n other resources which I don't want to send through the proxy for performance and/or availability reasons. a workaround would probably be generating a proxychains configuration with localnet containing all subnets except the one i need to access via proxy.

an example of what it would look like for excluding 1.0.0.1 and 1.1.1.1.1 is this:

localnet 0.0.0.0/255.0.0.0
localnet 1.0.0.0/255.255.255.255
localnet 1.0.0.2/255.255.255.254
localnet 1.0.0.4/255.255.255.252
localnet 1.0.0.8/255.255.255.248
localnet 1.0.0.16/255.255.255.240
localnet 1.0.0.32/255.255.255.224
localnet 1.0.0.64/255.255.255.192
localnet 1.0.0.128/255.255.255.128
localnet 1.0.1.0/255.255.255.0
localnet 1.0.2.0/255.255.254.0
localnet 1.0.4.0/255.255.252.0
localnet 1.0.8.0/255.255.248.0
localnet 1.0.16.0/255.255.240.0
localnet 1.0.32.0/255.255.224.0
localnet 1.0.64.0/255.255.192.0
localnet 1.0.128.0/255.255.128.0
localnet 1.1.0.0/255.255.255.0
localnet 1.1.1.0/255.255.255.255
localnet 1.1.1.2/255.255.255.254
localnet 1.1.1.4/255.255.255.252
localnet 1.1.1.8/255.255.255.248
localnet 1.1.1.16/255.255.255.240
localnet 1.1.1.32/255.255.255.224
localnet 1.1.1.64/255.255.255.192
localnet 1.1.1.128/255.255.255.128
localnet 1.1.2.0/255.255.254.0
localnet 1.1.4.0/255.255.252.0
localnet 1.1.8.0/255.255.248.0
localnet 1.1.16.0/255.255.240.0
localnet 1.1.32.0/255.255.224.0
localnet 1.1.64.0/255.255.192.0
localnet 1.1.128.0/255.255.128.0
localnet 1.2.0.0/255.254.0.0
localnet 1.4.0.0/255.252.0.0
localnet 1.8.0.0/255.248.0.0
localnet 1.16.0.0/255.240.0.0
localnet 1.32.0.0/255.224.0.0
localnet 1.64.0.0/255.192.0.0
localnet 1.128.0.0/255.128.0.0
localnet 2.0.0.0/254.0.0.0
localnet 4.0.0.0/252.0.0.0
localnet 8.0.0.0/248.0.0.0
localnet 16.0.0.0/240.0.0.0
localnet 32.0.0.0/224.0.0.0
localnet 64.0.0.0/192.0.0.0
localnet 128.0.0.0/128.0.0.0
[ProxyList]
http 10.0.0.1 8080
rofl0r commented 3 years ago

for the record, tinyproxy has some features that could enable use cases as described above. for example, the use case described by @Nothing4You you'd run a tinyproxy on localhost that has config like:

port 8888
listen 127.0.0.1
upstream http 10.0.0.1:8080 "1.0.0.1/24"
upstream http 10.0.0.1:8080 "1.1.1.1/24"

and then in proxychains.conf http 127.0.0.1 8888. tinyproxy will then take care of routing over different proxy per destination.