Welcome back, my tenderfoot hackers!
Well, the first season of Mr. Robot just ended and Elliot and fsociety successfully took down Evil Corp! They have effectively destroyed over 70% of the world's consumer and student debt! Free at last! Free at last!
Of course, global financial markets crashed as well, but that's another story.
Although there were many elements that made the hack successful, such as Darlene developing a zero-day exploit (I'll showing you how to do that in a future article) that none of the intrusion detection systems, firewalls, or antivirus softwares detected, Elliot also made certain that the hack could not be traced back to him by using proxies.
Early in the last episode, Lenny, the former boyfriend of Elliot's therapist, Krista, reveals to Krista that he had been hacked by Elliot. He points out that Elliot is nearly untraceable as he uses a proxy from Estonia. In this tutorial, I will show how Elliot bounced his attack off an Estonian (or other) proxy in order to make his hacks untraceable.
How Proxies Work
As you know, whenever you visit (or hack) a website or server over the Internet, your unique Interpret Protocol (IP) address travels with you. It would then be very easy to trace the source of an attack by simply tracing the source IP address.
Hackers, though, often use proxies to hide or obscure their IP address. In this way, they send their traffic to an intermediary proxy, who then sends the traffic on to the destination, replacing the source IP address with its own. In this way, the malicious traffic appears to be coming from the proxy and not the original sender.
Before I start, I want to point out that there are multiple types of proxies. One of the more popular, anonymous proxies is Tor. Although Tor is effective in anonymizing your traffic from Google and other commercial tracking, it is not effective in anonymizing your traffic from law enforcement, especially the NSA.
As Elliot points out in the pilot episode, when he is explaining to the coffee shop owner who is also a child pornographer, "Whoever's in control of the exit nodes is also in control of the traffic, which makes me the one in control." He owns the exit node, owns the traffic, and hence, the identity of the users.
Now, let's see how Elliot and fsociety hid their identity in their hacks!
Step 1: Fire Up Kali
To get started, fire up Kali Linux. If don't already have Kali, you can download it here.
Step 2: Go to Proxychains
Next, let's go to proxychains. Type:
kali > proxychains
When you do so, it shows you the simple proxychains syntax. Basically, after setting up proxychains, all you need to do is precede the command you want to run with the command "proxychains" and all of your Internet traffic will go through your chosen proxy. As we will see later in this tutorial, if we want to browse the Web with our browser, we can simply start our browser by preceding it with proxychains, such as:
kali > proxychains iceweasel
Step 3: Search for Proxies
In order to set up proxychains to hide our IP address, we will need to select a proxy. There are many sites on the Web with lists of free and paid proxies. Some of these include, but are not limited to:
Let's try using SamAir Security. When we navigate there, we can see their list of free proxies.
Near the bottom of the page, we can see that they have sorted the proxies by country. Remember, Elliot was using a proxy in Estonia. This list has one proxy listed in Estonia.
When click on it, we can see that this one proxy in Estonia is a transparent proxy. This means it won't hide our IP. That won't work!
Instead, let's try the list of Russian proxies. Many hackers use Russian proxies as EU and U.S. law enforcement do not have jurisdiction in Russia. This means there is little or no chance of tracing their identity.
We can see that there are five "high-anonymous" proxies in Russia on this list. Let's us one of those.
Step 4: Configure Proxychains
Now that we have a list of potential anonymous proxies, we have to configure proxychains to use it. Like nearly all Linux/Unix applications, configuration is done by a plain text file. These files are generally found in the /etc directory. In this case, the configuration file for proxychains is found at:
/etc/proxychains.conf
We can open it with any text editor, but I will use Leafpad here.
kali > leafpad /etc/proxychains.conf
This opens the configuration file for proxychains as seen below. Near the bottom of the file is the critical part. Here is where we tell proxychains which proxy to use.
By default, proxychains is setup to use Tor. As Elliot expressed in episode one, he who controls the exit node of Tor controls the traffic. Elliot is certainly aware that the NSA and law enforcement know this as well and would not want to use Tor. To disable Tor, simply put a comment mark (#) before line #64.
Now, to use one of our Russian proxies, we simply need to add the type of proxy (http) and the IP address and port for that proxy as I have done above. Then, save the proxychain.conf file and close it.
Step 5: Send Traffic Through Proxy
Lastly, if we want to send our HTTP traffic while browsing the Web through that Russian proxy, we simply open our Iceweasel browser by typing:
kali > proxychains iceweasel
Now, all of our traffic will go through the proxy and will appear to be coming from that proxy should anyone inspect the traffic.
Stay Tuned for More Hacking Lessons
If you want to learn more about hacking, please take the time to explore Null Byte. If you are interested in becoming a professional hacker, check out my article "How to Use Null Byte to Study to Become a Professional Hacker." Finally, keep coming back my tenderfoot hackers, as I continue to demonstrate each of Elliot's and fsociety's hacks!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
63 Comments
Great article, thanks OTW. Fired up iceweasel with proxychains (I'm using proxychains4 btw) and accessed whatismyip.com, it showed my real IP... I'm pretty sure the proxies are working (using 3). Could they be using some different method to retrieve it?
finally i knew how these proxies work.Thanks.
Great post like always you do
but lets keep this in mind if you could remember defcon 21 ( i quess if im not mistaken) there was spanish guy show that how he pawned 10000 ppl in one day with just a proxy in randome countery and small codes into it(without that much of money and organizing stuff)
so use one is trusted or most likely if you use it dont login on any of your importent works and after you done just clear your browser and all stuff you did with that proxy
i would personally recommend using VPN its not still safe but much safer than getting MIMT or MIBT so pls dont use proxy you dont know about.
Excellent point, Ma.
page not loading..
Can we say a hacked wifi from too far with a strong yagi antenna + no log vpn(bought via mixed bitcoins) + proxychains(highly anonymous offshore proxy) over TOR is nearly impossible to trace?
Nearly impossible, but not impossible. In addition, your connection will likely be slow and unstable.
Which proxy type we need to use to be more secure? What's difference between http and socks proxy?
Could you explain why Elliot used proxies? I thought VPNs were meant to be much more secure?
Not all VPNs are the same. If they don't accept an anonymous(ish) payment, i.e. bitcoin or prepaid card or if they keep logs that can be requested by the officials of the country under whose jurisdiction they fall then they may provide a false sense of security. This article is very informative when it comes to VPNs and what measures they claim to take to ensure anonymity. https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/
DAMN! I love this "Hacks of Mr.Robot" - Series ! :)
Keep up the good work !!!
Nice tutorial,
But i have a quistion, I thought all along that tor worked like this: ?
Like a "key system" I dont remember what its excatly called, but i think you understand.
What is the diffrent? Because im pretty sure this isnt a proxy, unless the place who gets the diffrent keys always are changing?!
Correct me if im wrong, I just need to make sure about this is how tor works?
They are similar, but ToR has been compromised.
i tried some proxies, and tried telnet with it, i keep getting error: kali not found please help
ok
So I can jsut type proxychains msfconsole to run all metasploit framework operations through proxies? Also can I do any data over HTTP proxies?
Nice guide. I have a question, should I use this proxies only or can I use tor in top of that for extra protection? Which is better for anti-law enforcement haha
I tried to run proxychains iceweasel for the last step Send Traffic Through Proxy but whenever iceweasel opens up and I try to search the web It doesn't go through as if I don't have an Internet Connection
Hey guys, i was trying to use proxy with https://null-byte.wonderhowto.com/how-to/hacks-mr-robot-elliot-fsociety-made-their-hack-evil-corp-untraceable-0164294/ this guide. I have edited my .config file.I checked proxy with SamAir's proxy checker and it says its elite :D.But when i type proxychains iceweasel to terminal. An iceweasel browser opens but i cannot surf. It says "Server not found" how can i do?
Marvin and Berk:
First, I assume you can connect without proxychains?
Second, if you can, can you send us a screenshot of your config file?
Third, make certain that you use tabs between the type of proxy and the IP address.
OTW
http://paste2.org/MgzBcBDb this is my config file. And yes i can connect without proxychains. Thanks for reply
You have a typo.
what is it?
We are not here to check your typing.I'm going to let you find it.
I swear I tried everything, 2 tabs, 1 tab, 2 spaces, 1 spaces ... But its always same. please help me senpai :/
Check your typing
2 Things:
1- You have a typo here:
http 1221.208.194.108 80 (i believe it should be 221.208...)
2- Try to ping the server to check if its alive before editing it in to the conf file... (Hint: its dead/unreachable for some other reason)
same problem here
Did you use tabs?
Yes, i try tabs but it doesnt work
I tried using numerous proxies from samair.ru that were highly anonymous using the above method but it didn't helped. I still had the same ip on whatismyip.org plus to provide more info i get this error while starting iceweasel with proxychains
GLib-CRITICAL *: gslicesetconfig: assertion 'syspagesize == 0' failed
and i live in saudi arabia which has strict internet laws for proxies like blocking proxy/vpn sites. (I accessed samair.ru using austriaproxy.com)
i have same problem too, and i cant find any solutions. did you find the solution?
Ignore the GLib-CRITICAL message. It has nothing to do with the connection problem and it looks like it's out since ages.
See my post below for a hint on getting it running.
Thanks for the info pal.
my proxychains is not working
i use kali linux in vmware
please tell me if their is any mistake
in your config file you may want to try removing the colon and using tab instead to seperate the proxy address from the port you are using, in the same way it is done in the 64th line.
For anyone who's not able to get it working (as for me before either), try uninstalling privoxy if you have installed it earlier (which is very likely the case when you followed one the tuts regarding tor and proxychains out in the wild)
$ sudo apt-get purge privoxy
$ proxychains iceweasel
If it's working then (like with me - no more timeouts), you might try to install it again to get a clean config file in /etc/privoxy/config.
Additionally check that you're using tabs as delimiter: 2 between "http" and the IP and 1 between IP and PORT - that's how it's working for me.
I tried this and found a proxy that samair.ru says is elite, but when I try to use a site that checks my IP, it still uses my normal IP. Here are the things I've tried:
Also I keep getting the error below:
GLib-CRITICAL *: gslicesetconfig: assertion 'syspagesize == 0' failed
It is said further up that this has no effect, but I just wanted to put it in.
Hello, master. Thanks for article but i have a problem. I configure my config file then i type proxychains iceweasel. When i type it an iceweasel browser opens but everything is normal, how can i fix this?
NOTE: yes, i use 2 tabs and i havent got provioxy.
What do mean by "everything is normal"?
My IP Adress is same, and nothing appears in terminal.
How are you checking your IP and what do you mean "nothing appears in the terminal"?
I use whatismyip.org for check my IP. and this is my terminal.
NOTE: sorry for bad English,i am trying to learn.
That is a critical piece of info you left out! Proxychains never ran it gave you a error.
Go back and check you config file for typos and use only one tab.
It looks like you failed to a colon between the IP and port.
I am doing everything right. And i think my proxies are working -i checked in samair.ru-, how can i fix this?
I searched for its solution but i can not find. And KEN STAR says; "Ignore the GLib-CRITICAL message. It has nothing to do with the connection problem and it looks like it's out since ages." so i just ignored it. Also i tried one tab too, but its same :/ is there a typo? i didn't saw it, if there is please help me.
You are obviously NOT doing everything right.
Did you fix the colon issue I pointed out earlier?
What you mean by "colon issue"? i tried this things:
http tab tab ip:port
http tab ip:port
http tab tab ip tab port
http tab ip tab port
http tab ip port
http tab tab ip tab port
works for me
For all the users here at nullbyte still having trouble getting proxychains up and working, what i found to help a lot is to uninstall the default proxychains that comes in kali linux and download the latest version which has many critical updates by using the following commands:
apt-get remove proxychains
git clone https://github.com/rofl0r/proxychains-ng.git
cd proxychains-ng
./configure --prefix=/usr --sysconfdir=/etc
make
make install
make install-config
after doing this you will have to use the proxychains4 command instead of only typing proxychains, other then that all you need is to edit your config file again (which is in the same directory) in order to add your proxys of choice. also an easy way to test if your proxy is working is with the command "curl icanhazip.com"
for a full video on using and testing proxychains4 please see this video link and be sure to watch the entire video: https://www.youtube.com/watch?v=h7HAT-7UsVc
THANKS SO MUCH !
this didnt work, and that video is no longer available. Now i'm in worse shape then i was before trying proxychains4.
Awesome i will be trying this, as i have yet to get proxychains to work!
hope it helps everyone
proxychains4 iceweasel
proxychains config file found: /etc/proxychains.conf
proxychains preloading /usr/lib/libproxychains4.so
proxychains DLL init: proxychains-ng 4.10-git-15-g1294d0a
(process:4376): GLib-CRITICAL *: gslicesetconfig: assertion 'syspagesize == 0' failed
still not working :(
does anyone know a good trustworthy place to find FREE proxies? Ive been trying some from SamAir Security but the ones ive been trying all time out.
For anybody who is still having trouble making the proxy work no matter how you change the text /etc/proxychains.conf I found a solution that worked for me and i am pretty sure it may work for you.
I am pretty sure that i installed proxychains 4 to the wrong place, so even though the command "leafpad /etc/proxychains.conf " does open up the .conf file that has the right version, no matter how many changes i made, nothing seemed to work.
Solution: open file folder and just search for "proxychains" or just "proxychains.conf", there you will see the proxychains.conf if you click to open the file and see at the bottom where you have made change using "leafpad /etc/proxychains.conf" that no changes have been made, that means that you have been updating the wrong file. Simply add your proxy, then save and enter "proxychains4 iceweasel" and it should be working.
i spent 3 days trying to solve this, thanks stroke of insight
if you don't know how to install proxychains 4, just check the above comments, somebody posted it already.
p.s to make sure that the two files are separate from each other, open one using the command provided in above and open the other from the folder, if both are able to open at the same time, they are separate files in different directories
I just realized that my earlier post was wrong, i will keep the above post in case it miraculously helped someone.
Turns out that all i needed to do was CLOSE ALL BROWSERS, at least the one your trying to run proxychains with, it worked perfectly fine without a single tab opened. It was never stated so i never thought to do it, it wasn't until i had 20 tabs open trying to find an answer that i was forced to close my browsers due to lag. Once i ran "proxychains4 iceweasel: it worked
I have a noob`s question here... So, Ok, my proxychain4 is working fine, but while testing it, I found something that`s bothering me. I entered in one site that showed me the proxychain IP, but it showed me my real LAN address, so it couldn`t be used to track me back? And if so, how I could hide it too?
I configured the proxychains file as the tutorial asked me too. However when I typed proxychains.iceweasel iget this message => exec: iceweasel: not found.
How can this be solved? PLease someone help me.
Do you have icewasel installed?
I just keep getting denied on multiple proxies lol. Thoughts anyone?
HEY
Umm, when making a payload (with metasploit) and setting the LHOST can i put a proxy thats on my proxychains.conf file or i must put my private ip which is 192.168.x.x??
HEHEHE SORRY FOR MY BAD ENGLISH,
Ty in advanced!
Share Your Thoughts