search

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
http://sourceforge.net/projects/proxychains-ng/files
GNU General Public License v2.0
9.82k stars 1.08k forks source link

weird behaviour on strict chain #536

Closed pstemporowski-prenode closed 11 months ago

pstemporowski-prenode commented 11 months ago

While attempting to execute an nmap command through an HTTP proxy, the tool consistently attempts to establish a connection on port 80, despite specifying port 8088. It's worth noting that SOME_IP is a valid and correct IP address. The issue wouldn't be significant if the entire process of connecting to port 80 took 10 seconds, even if 10.5 seconds were dedicated to the overall procedure.

CMD:

proxychains4 nmap -v --reason -packet-trace -p 8088 SOME_IP

nano /usr/local/etc/proxychains.conf

[Default stuff] ... [ProxyList] http 192.168.1.50 8899

LOG:

` [proxychains] config file found: /usr/local/etc/proxychains.conf [proxychains] preloading /usr/local/Cellar/proxychains-ng/4.16/lib/libproxychains4.dylib [proxychains] DLL init: proxychains-ng 4.16 Starting Nmap 7.94 ( https://nmap.org ) at 2023-12-05 13:28 CET Initiating Ping Scan at 13:28 Scanning SOME_IP [2 ports] [proxychains] Strict chain ... 192.168.1.50:8899 ... SOME_IP <--denied CONN (10.1364s) TCP localhost > SOME_IP => Connection refused Completed Ping Scan at 13:28, 10.11s elapsed (1 total hosts) NSOCK INFO [10.1360s] nsock_iod_new2(): nsock_iod_new (IOD #1) NSOCK INFO [10.1370s] nsock_connect_udp(): UDP connection requested to 192.168.1.1:53 (IOD #1) EID 8 NSOCK INFO [10.1370s] nsock_read(): Read request from IOD #1 [192.168.1.1:53] (timeout: -1ms) EID 18 Initiating Parallel DNS resolution of 1 host. at 13:28 NSOCK INFO [10.1370s] nsock_write(): Write request for 44 bytes to IOD #1 EID 27 [192.168.1.1:53] NSOCK INFO [10.1370s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [192.168.1.1:53] NSOCK INFO [10.1370s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [192.168.1.1:53] NSOCK INFO [10.1390s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [192.168.1.1:53] (44 bytes): .............221.237.52.20.in-addr.arpa..... NSOCK INFO [10.1390s] nsock_read(): Read request from IOD #1 [192.168.1.1:53] (timeout: -1ms) EID 34 NSOCK INFO [10.1390s] nsock_iod_delete(): nsock_iod_delete (IOD #1) NSOCK INFO [10.1390s] nevent_delete(): nevent_delete on event #34 (type READ) Completed Parallel DNS resolution of 1 host. at 13:28, 0.00s elapsed Initiating Connect Scan at 13:28 Scanning SOME-IP [1 port] [proxychains] Strict chain ... 192.168.1.50:8899 ... SOME_IP:8088 ... OK CONN (10.1731s) TCP localhost > SOME_IP:8088 => Connected Discovered open port 8088/tcp on SOME_IP RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Completed Connect Scan at 13:28, 0.03s elapsed (1 total ports) Nmap scan report for SOME_IP Host is up, received conn-refused (8.9s latency).

PORT STATE SERVICE REASON 8088/tcp open radan-http syn-ack

Read data files from: /usr/local/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 10.17 seconds `

rofl0r commented 11 months ago

a ping scan uses icmp, but proxychains-ng only supports TCP. use an nmap mode that uses only TCP.