search

rofl0r / proxychains-ng

proxychains ng (new generation) - a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. the sf.net page is currently not updated, use releases from github release page instead.
http://sourceforge.net/projects/proxychains-ng/files
GNU General Public License v2.0
9.7k stars 1.07k forks source link

proxychains does not work with firefox #575

Closed krayneakkuraten closed 1 month ago

krayneakkuraten commented 1 month ago

I'm trying to launch Firefox via proxychains (and prxychains4) from the terminal, the browser opens, but in the end the site doesn't load. It says "Unable to connect", while the connection in the terminal is shown as OK. in proxychains and in proxychains4 it is the same thing.

Config proxychains

# proxychains.conf  VER 3.1
#
#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#       

# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
#strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see  chain_len) from the list.
# this option is good to test your IDS :)

# Make sense only if random_chain
#chain_len = 2

# Quiet mode (no output from library)
#quiet_mode

# Proxy DNS requests - no leak for DNS data
proxy_dns

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

# ProxyList format
#       type  host  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#
#        Examples:
#
#               socks5  192.168.67.78   1080    lamer   secret
#               http    192.168.89.3    8080    justu   hidden
#               socks4  192.168.1.49    1080
#               http    192.168.39.93   8080    
#               
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5  127.0.0.1 5090
socks5 208.65.90.21 4145
socks5 174.75.211.222 4145
socks5 70.166.167.55 57745

Config proxychains4 dynamic_chain -- uncommented

#method 1. this uses the proxychains4 style method to do remote dns:
# a thread is spawned that serves DNS requests and hands down an ip
# assigned from an internal list (via remote_dns_subnet).
# this is the easiest (setup-wise) and fastest method, however on
# systems with buggy libcs and very complex software like webbrowsers
# this might not work and/or cause crashes.
proxy_dns

method 1 is uncommented (tried the same with method 3, running proxychains4-daemon in one terminal and running Firefox in the second terminal, same result). remote_dns_subnet 224- uncommented

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050
socks5 161.35.70.249 1080
socks5 194.182.187.78 1080
socks5 23.17.244.109 1080
socks5 45.138.87.238 1080
socks5 31.170.22.127 1080
socks5 127.0.0.1 9050

The order of my actions: Start terminal, type sudo service tor start, check tor services sudo service tor status. Result:

tor.service - Anonymizing overlay network for TCP (multi-instance-master)
     Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; preset: disabled)
     Active: active (exited) since Fri 2024-08-02 хх:хх:хх ХХХ; 1h 7min ago
 Invocation: a0ddab19915745e2хххххххххххххххх
    Process: 7273 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 7273 (code=exited, status=0/SUCCESS) 

Aug 02 01:хх:хх kali systemd[1]: Starting tor.service - Anonymizing overlay network for TCP (mul>
Aug 02 01:хх:хх kali systemd[1]: Finished tor.service - Anonymizing overlay network for TCP (mul>

IP verification 

sudo curl 2ip.io       
хх.153.хх.хх

IP verification via proxychains

proxychains  curl 2ip.io
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Dynamic chain  ...  127.0.0.1:5090  ...  timeout
[proxychains] Dynamic chain  ...  208.65.90.21:4145  ...  174.75.211.222:4145  ...  70.166.167.55:57745  ...  2ip.io:80  ...  OK
70.166.167.55

Trying to launch Firefox from the terminal via proxychains proxychains firefox www.google.com or google.com causes the browser to open, take a very long time to load and eventually displays Unable to connect in the middle of the screen.

What is my mistake? Where to dig and what to do? I would be very grateful for an answer as I have not been able to google something like this.

rofl0r commented 1 month ago

your proxylist contains many entries, and i assume these are all "public" proxies. in other words, unreliable proxies. try with a single proxy you control and when it works, scale up. also adjust your timeouts. with a multi-threaded program like firefox, only the dns daemon method works reliably. also make sure your firefox is a native binary, not inside a "snap" or other form of container.

rofl0r commented 1 month ago

another option is to run a proxy server program, like microsocks, locally via proxychains, and put the address of that server into firefox' network config. make sure to check the "remote dns" (or similarly named) checkbox in the firefox proxy config. that way the simple local server app is proxified, and not the megaLOC ultra-complex browser beast.

rofl0r commented 1 month ago

oh, and dont forget to disable webrtc, otherwise you leak your identity regardless of the amount of proxies used.

krayneakkuraten commented 1 month ago

your proxylist contains many entries, and i assume these are all "public" proxies. in other words, unreliable proxies. try with a single proxy you control and when it works, scale up. also adjust your timeouts. with a multi-threaded program like firefox, only the dns daemon method works reliably. also make sure your firefox is a native binary, not inside a "snap" or other form of container.

I uninstalled all the old proxychains and installed the new proxychayns-ng from github Now I'm trying other proxy-servers and encountered that even the proxychains4 curl 2ip.io command fails and gives socket error or timeout!

krayneakkuraten commented 1 month ago

also make sure your firefox is a native binary, not inside a "snap" or other form of container.

file $(which firefox)
/usr/bin/firefox: POSIX shell script, ASCII text executable

krayneakkuraten commented 1 month ago

All of your other tips I'm about to put to the test

krayneakkuraten commented 1 month ago

On the advice of others, I decided to download the new version of proxychains directly from GitHub. I downloaded it, assembled it and started new attempts to launch it, having previously bought a separate working proxy server. I added the working proxy server, port, username and password to proxychains.conf I start tor, check its status (working) I try to check my IP via terminal with proxychains and get the result:

proxychains4 curl 2ip.io       
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  1xx.x.211.xxx:1xxx0 <--socket error or timeout!
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  2ip.io:80 <--socket error or timeout!
curl: (7) Failed to connect to 2ip.io port 80 after 1 ms: Couldn't connect to server

I run proxychains4-daemon in one terminal and firefox in the second terminal and get the result:

proxychains4 firefox www.google.com
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  1xx.x.2xx.1xx:1xxx0 <--socket error or timeout!
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  www.google.com:443 <--socket error or timeout!
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  firefox.settings.services.mozilla.com:443 ^CExiting due to channel error.

After that I download microsocks from GitHub, try to run it and I get 

└─$ microsocks -i 1хх.0.ххх.хх -p 14780 -u userххххх -P ххххx7
server_setup: Cannot assign requested address

If you add the proxy server to the Firefox configuration, it works there, but trying to run Firefox from the terminal via proxychains results in the same "socket error or timeout!" errors.

rofl0r commented 1 month ago

curl: (7) Failed to connect to 2ip.io port 80 after 1 ms: Couldn't connect to server

1 ms timeout ? this will work only in your homelan.

server_setup: Cannot assign requested address

you can't use a listen ip that you dont have assigned to your network adapter. use 127.0.0.1 or 0.0.0.0.

krayneakkuraten commented 1 month ago

1 ms timeout ? this will work only in your homelan.

That's the error it's showing me. The settings in my configuration file are as follows

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

And just out of interest, I enabled AdGuardVPN in the terminal and tried using curl 

└─$ proxychains4 curl 2ip.io
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  127.0.0.1:9050 <--denied
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780  ...  2ip.io:80  ...  OK
ххх.0.хх1.1хх

This way I can see the proxy server IP I bought, but launching Firefox gives this result

$ proxychains4 firefox www.duckduckgo.com
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/libproxychains4.so
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] DLL init: proxychains-ng 4.17-git-2-g821249f
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  127.0.0.1:9050 <--denied
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  166.0.ххх.ххх:1ххх0  ...  www.duckduckgo.com:80  ...  OK
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  166.0.ххх.ххх:1ххх0  ...  cloudflare-dns.com:443  ...  OK
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  166.0.ххх.ххх:1ххх0 ...  push.services.mozill

but the browser won't load the page anyway.

rofl0r commented 1 month ago

you should use strict chain and not specify the tor proxy twice

krayneakkuraten commented 1 month ago

you should use strict chain and not specify the tor proxy twice

I decided to reinstall proxychains-ng and encountered the following problems

./configure --prefix=/usr --sysconfdir=/etc
./configure: cannot create temporary file ./conf65877-3210-51.c

┌──(user㉿kali)-[/proxychains-ng]
└─$ make                               
printf '#define VERSION "%s"\n' "$(sh tools/version.sh)" > src/version.h
/bin/sh: 1: cannot create src/version.h: Permission denied
make: *** [Makefile:88: src/version.h] Error 2

┌──(user㉿kali)-[/proxychains-ng]
└─$ sudo make                                       
[sudo] password for mrghost:
printf '#define VERSION "%s"\n' "$(sh tools/version.sh)" > src/version.h
cc  -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe   -DLIB_DIR=\"/usr/local//lib\" -DSYSCONFDIR=\"/usr/local//etc\" -DDLL_NAME=\"libproxychains4.so\"  -fPIC -c -o src/version.o src/version.c
cc  -Wall -O0 -g -std=c99 -D_GNU_SOURCE -pipe   -DLIB_DIR=\"/usr/local//lib\" -DSYSCONFDIR=\"/usr/local//etc\" -DDLL_NAME=\"libproxychains4.so\"  -fPIC -c -o src/core.o src/core.c
In file included from src/core.c:38:
src/core.h:113:31: error: unknown type name ‘GN_NODELEN_T’
  113 |                               GN_NODELEN_T, char *, GN_SERVLEN_T, GN_FLAGS_T);
      |                               ^~~~~~~~~~~~
src/core.h:113:53: error: unknown type name ‘GN_SERVLEN_T’
  113 |                               GN_NODELEN_T, char *, GN_SERVLEN_T, GN_FLAGS_T);
      |                                                     ^~~~~~~~~~~~
src/core.h:113:67: error: unknown type name ‘GN_FLAGS_T’
  113 |                               GN_NODELEN_T, char *, GN_SERVLEN_T, GN_FLAGS_T);
      |                                                                   ^~~~~~~~~~
src/core.h:124:8: error: unknown type name ‘getnameinfo_t’
  124 | extern getnameinfo_t true_getnameinfo;
      |        ^~~~~~~~~~~~~
make: *** [Makefile:93: src/core.o] Error 1
─$ sudo make install-config 
./tools/install.sh -D -m 644 src/proxychains.conf /usr/local//etc/proxychains.conf

Then I decided to move proxychains-ng from / to /bin (moved it), the proxychains.conf file was in /usr/local/etc so I moved it to /etc. Added to $PATH the path to proxyresolv $ export PATH=$PATH:/bin/proxychains-ng/src I saw that the proxychains-ng directory is located at /usr/bin/proxychains-ng in addition to the /bin directory In $PATH I added the path to another proxyresolv $ export PATH=$PATH:/usr/bin/proxychains-ng/src The which command produces the following result

$ which proxyresolv
/bin/proxychains-ng/src/proxyresolv

After that, not knowing which proxychains-ng to remove (under /bin/ or /usr/bin/) I decided to check curl and got a message that proxychains4 is not installed.

$ proxychains4 curl 2ip.io           
Command 'proxychains4' not found, but can be installed with:
sudo apt install proxychains4
Do you want to install it? (N/y)y
sudo apt install proxychains4
Installing:                     
  proxychains4

Summary:
  Upgrading: 0, Installing: 1, Removing: 0, Not Upgrading: 0
  Download size: 20.2 kB
  Space needed: 67.6 kB / 95.5 GB available

Get:1 http://mirror-1.truenetwork.ru/kali kali-rolling/main amd64 proxychains4 amd64 4.17-1 [20.2 kB]
Fetched 20.2 kB in 1s (19.9 kB/s)                         
Selecting previously unselected package proxychains4.
(Reading database ... 399425 files and directories currently installed.)
Preparing to unpack .../proxychains4_4.17-1_amd64.deb ...
Unpacking proxychains4 (4.17-1) ...
Setting up proxychains4 (4.17-1) ...
update-alternatives: using /usr/bin/proxychains4 to provide /usr/bin/proxychains (proxychains) in auto mode
Processing triggers for man-db (2.12.1-2) ...
Processing triggers for kali-menu (2024.3.1) ...

Restarted tor $ sudo service tor restart

$ sudo service tor status
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
     Loaded: loaded (/usr/lib/systemd/system/tor.service; enabled; preset: disabled)
     Active: activating (start) since Tue 2024-08-06 00:06:27 MSK; 31s ago
 Invocation: 6c959a2b4ce74931ad2500da4856c3d6
   Main PID: 81436 (tor)
      Tasks: 17 (limit: 38187)
     Memory: 29.4M (peak: 30.4M)
        CPU: 384ms
     CGroup: /system.slice/tor.service
             ├─81436 /usr/bin/tor
             └─81439 /usr/bin/obfs4proxy

Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.739 [notice] Opening Socks listener on 127.0.0.1:9050
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.739 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [notice] Bootstrapped 0% (starting): Starting
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [notice] Starting with guard context "bridges"
Aug 06 00:06:27 kali tor[81436]: Aug 06 00:06:27.000 [notice] Delaying directory fetches: No running bridges
Aug 06 00:06:29 kali tor[81436]: Aug 06 00:06:29.000 [notice] Bootstrapped 1% (conn_pt): Connecting to pluggable transport
Aug 06 00:06:29 kali tor[81436]: Aug 06 00:06:29.000 [notice] Bootstrapped 2% (conn_done_pt): Connected to pluggable transport

In the end, the result of trying to run curl

$ proxychains4 curl 2ip.io                     
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  127.0.0.1:9050 <--denied
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  1xx.0.xxx.1xx:1xxxx <--socket error or timeout!
[proxychains] Dynamic chain  ...  127.0.0.1:9050  ...  2ip.io:80 <--socket error or timeout!
curl: (7) Failed to connect to 2ip.io port 80 after 0 ms: Couldn't connect to server

This result is obtained with both dynamic_chain #strict_chain and #dynamic_chain strict_chain and with proxy_dns and proxy_dns_daemon I've tried every possible option I can think of.

rofl0r commented 1 month ago

read my previous comment again. you still make both mistakes. if you continue ignoring my advice i'm not gonna repeat myself another time.

krayneakkuraten commented 1 month ago

read my previous comment again. you still make both mistakes. if you continue ignoring my advice i'm not gonna repeat myself another time.

Okay, im sorry, here's an excerpt from my config file

strict_chain
proxy_dns_daemon 127.0.0.1:1053
remote_dns_subnet 224

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5  127.0.0.1 9050
socks5  166.0.211.159 14780 userxxxxxx xxxxx7

Here are two results (proxychains-daemon pre-run in another terminal)

─$ proxychains4 curl 2ip.io
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780 <--socket error or timeout!
curl: (7) Failed to connect to 2ip.io port 80 after 1 ms: Couldn't connect to server
─$ proxychains4 firefox duckduckgo.com
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] DLL init: proxychains-ng 4.17
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780 <--socket error or timeout!
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780 <--socket error or timeout!
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780 <--socket error or timeout!
[proxychains] Strict chain  ...  127.0.0.1:9050  ...  166.0.211.159:14780 ^CExiting due to channel error.
Exiting due to channel error.
rofl0r commented 1 month ago

my very first advice was to start with one proxy… you shouldnt combine tor and a paid proxy because socks5 protocol is in clear text, that means that any exit node in the tor network you happen to connect to can read your username and password. maybe that's why your paid provider blocks incoming connections from tor exit nodes.

krayneakkuraten commented 1 month ago

my very first advice was to start with one proxy… you shouldnt combine tor and a paid proxy because socks5 protocol is in clear text, that means that any exit node in the tor network you happen to connect to can read your username and password. maybe that's why your paid provider blocks incoming connections from tor exit nodes.

You were right! When I commented out the #socks5 127.0.0.1 9050 line and left only my proxy server, the curl command worked and the browser opened. I checked the IP and DNS leaks - everything works fine! IP and DNS proxy is displayed as it should be. Please help me to fix tor

krayneakkuraten commented 1 month ago

Got it! I managed to get tor up and everything worked. Proxychains works fine with proxy_dns and proxy_dns_daemon. I mean both curlcommand and firefox browser launch. It was necessary to tweak tor configurations, namely in the files: /usr/lib/systemd/system/tor.service (write the path in the ExecStart line ExecStart=/usr/bin/tor/) and customize the configuration file /etc/tor/torrc. It was necessary to stop the tor service #systemctl stop tor after all edits to write and #systemctl restart tor Thank you very much again!