V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
wsgzao
V2EX  ›  程序员

proxychains 使用指北

  •  
  •   wsgzao ·
    wsgzao · 2018-04-17 17:36:24 +08:00 · 2839 次点击
    这是一个创建于 2408 天前的主题,其中的信息可能已经有所发展或是发生改变。

    前言

    proxychains 新的版本已经称为 proxychains-ng 由 rofl0r 托管在 GitHub 中维护,一般使用 proxychains 用于加速更新和下载国外的一些开源组件,比如 yum 和 pip。proxychains 使用十分简单,甚至都不必编译安装。

    proxychains ng (new generation)

    更新历史

    2017 年 04 月 16 日 - 初稿

    阅读原文 - https://wsgzao.github.io/post/proxychains/

    扩展阅读

    proxychains-ng - https://github.com/rofl0r/proxychains-ng


    ProxyChains 简介

    ProxyChains is a UNIX program, that hooks network-related libc functions in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD) and redirects the connections through SOCKS4a/5 or HTTP proxies. It supports TCP only (no UDP/ICMP etc).

    The way it works is basically a HACK; so it is possible that it doesn't work with your program, especially when it's a script, or starts numerous processes like background daemons or uses dlopen() to load "modules" (bug in glibc dynlinker).

    It should work with simple compiled (C/C++) dynamically linked programs though.

    If your program doesn't work with proxychains, consider using an iptables based solution instead; this is much more robust.

    Supported Platforms: Linux, BSD, Mac.

    proxychains 安装配置

    # needs a working C compiler, preferably gcc
    yum install gcc -y
    ./configure --prefix=/usr --sysconfdir=/etc
    make
    [optional] sudo make install
    [optional] sudo make install-config (installs proxychains.conf)
    
    # if you dont install, you can use proxychains from the build directory like this: 
    ./proxychains4 -f src/proxychains.conf telnet google.com 80
    
    # 一般编辑 proxychains.conf 添加 socks5 地址即可立即使用
    vim /etc/proxychains.conf
    
    [ProxyList]
    # add proxy here ...
    # meanwile
    # defaults set to "tor"
    #socks4 	127.0.0.1 9050
    socks5 172.28.70.26 1080
    
    # 测试
    [root@centos7 ~]# curl myip.ipip.net
    当前 IP:116.228.53.149  来自于:中国 上海 上海  电信
    [root@centos7 ~]# proxychains4 curl myip.ipip.net
    [proxychains] config file found: /etc/proxychains.conf
    [proxychains] preloading /usr/local/lib/libproxychains4.so
    [proxychains] DLL init: proxychains-ng 4.12
    [proxychains] Strict chain  ...  172.28.70.26:1080  ...  myip.ipip.net:80  ...  OK
    当前 IP:45.79.192.22  来自于:美国 乔治亚州 亚特兰大  linode.com
    
    

    proxychains.conf 配置文件

    [root@centos7 ~]# cat /etc/proxychains.conf 
    # proxychains.conf  VER 4.x
    #
    #        HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS.
    
    
    # The option below identifies how the ProxyList is treated.
    # only one option should be uncommented at time,
    # otherwise the last appearing option will be accepted
    #
    #dynamic_chain
    #
    # Dynamic - Each connection will be done via chained proxies
    # all proxies chained in the order as they appear in the list
    # at least one proxy must be online to play in chain
    # (dead proxies are skipped)
    # otherwise EINTR is returned to the app
    #
    strict_chain
    #
    # Strict - Each connection will be done via chained proxies
    # all proxies chained in the order as they appear in the list
    # all proxies must be online to play in chain
    # otherwise EINTR is returned to the app
    #
    #round_robin_chain
    #
    # Round Robin - Each connection will be done via chained proxies
    # of chain_len length
    # all proxies chained in the order as they appear in the list
    # at least one proxy must be online to play in chain
    # (dead proxies are skipped).
    # the start of the current proxy chain is the proxy after the last
    # proxy in the previously invoked proxy chain.
    # if the end of the proxy chain is reached while looking for proxies
    # start at the beginning again.
    # otherwise EINTR is returned to the app
    # These semantics are not guaranteed in a multithreaded environment.
    #
    #random_chain
    #
    # Random - Each connection will be done via random proxy
    # (or proxy chain, see  chain_len) from the list.
    # this option is good to test your IDS :)
    
    # Make sense only if random_chain or round_robin_chain
    #chain_len = 2
    
    # Quiet mode (no output from library)
    #quiet_mode
    
    # Proxy DNS requests - no leak for DNS data
    proxy_dns 
    
    # set the class A subnet number to use for the internal remote DNS mapping
    # we use the reserved 224.x.x.x range by default,
    # if the proxified app does a DNS request, we will return an IP from that range.
    # on further accesses to this ip we will send the saved DNS name to the proxy.
    # in case some control-freak app checks the returned ip, and denies to 
    # connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x.
    # of course you should make sure that the proxified app does not need
    # *real* access to this subnet. 
    # i.e. dont use the same subnet then in the localnet section
    #remote_dns_subnet 127 
    #remote_dns_subnet 10
    remote_dns_subnet 224
    
    # Some timeouts in milliseconds
    tcp_read_time_out 15000
    tcp_connect_time_out 8000
    
    ### Examples for localnet exclusion
    ## localnet ranges will *not* use a proxy to connect.
    ## Exclude connections to 192.168.1.0/24 with port 80
    # localnet 192.168.1.0:80/255.255.255.0
    
    ## Exclude connections to 192.168.100.0/24
    # localnet 192.168.100.0/255.255.255.0
    
    ## Exclude connections to ANYwhere with port 80
    # localnet 0.0.0.0:80/0.0.0.0
    
    ## RFC5735 Loopback address range
    ## if you enable this, you have to make sure remote_dns_subnet is not 127
    ## you'll need to enable it if you want to use an application that 
    ## connects to localhost.
    # localnet 127.0.0.0/255.0.0.0
    
    ## RFC1918 Private Address Ranges
    # localnet 10.0.0.0/255.0.0.0
    # localnet 172.16.0.0/255.240.0.0
    # localnet 192.168.0.0/255.255.0.0
    
    # ProxyList format
    #       type  ip  port [user pass]
    #       (values separated by 'tab' or 'blank')
    #
    #       only numeric ipv4 addresses are valid
    #
    #
    #        Examples:
    #
    #            	socks5	192.168.67.78	1080	lamer	secret
    #		http	192.168.89.3	8080	justu	hidden
    #	 	socks4	192.168.1.49	1080
    #	        http	192.168.39.93	8080	
    #		
    #
    #       proxy types: http, socks4, socks5
    #        ( auth types supported: "basic"-http  "user/pass"-socks )
    #
    [ProxyList]
    # add proxy here ...
    # meanwile
    # defaults set to "tor"
    #socks4 	127.0.0.1 9050
    
    3 条回复    2018-08-25 12:40:11 +08:00
    peihanw
        1
    peihanw  
       2018-04-18 14:34:11 +08:00
    ## 验证 proxychain 正常,具体代理 IP 隐藏了
    $ proxychains -q curl -s checkip.dyndns.org
    <html><head><title>Current IP Check</title></head><body>Current IP Address: 104.21x.xxx.xxx</body></html>
    ## golang 版本号
    $ go version
    go version go1.10.1 linux/amd64
    ## 编译 go-*socks2 报错,是 proxychains 造成的问题吗?(境外 VPS 上不带 proxychains 没问题的)
    $ proxychains go get -u -v github.com/shadowsocks/go-shadowsocks2
    [proxychains] config file found: /etc/proxychains.conf
    [proxychains] preloading /usr/lib/libproxychains4.so
    [proxychains] DLL init: proxychains-ng 4.12
    package github.com/shadowsocks/go-shadowsocks2: parse [proxychains] DLL init: proxychains-ng 4.12
    https://github.com/shadowsocks/go-shadowsocks2: first path segment in URL cannot contain colon
    wsgzao
        2
    wsgzao  
    OP
       2018-04-19 10:23:59 +08:00
    @peihanw #1 sorry,我不了解 go,如果 google 没有搜索到相关信息的话我想你可能需要 review 下 proxychains 的代码
    fangxing204
        3
    fangxing204  
       2018-08-25 12:40:11 +08:00
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   5413 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 07:00 · PVG 15:00 · LAX 23:00 · JFK 02:00
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.