Topics In Demand
Notification
New

No notification found.

Defensive Evasion with ProxyChains
Defensive Evasion with ProxyChains

December 6, 2022

171

0

In today’s digital world, most adversaries are lurking in the background and try to keep attacks hidden for as long as possible. There are many techniques to do this and one of the common methods to prevent getting caught is known as defense evasion. By definition ‘Defense Evasion’ means, “The adversary is trying to avoid being detected.”

In this article we will discuss how to achieve Defense Evasion with the help of proxy chains, one of most famous red team tools, which allows us to reroute traffic through proxies so then it can bypass firewalls and other network security tools.

 

Bypassing Network Perimeter Defense

Traditionally, we could start attacking the target system using tools like running port scans. Through ProxyChains we can tunnel our traffic through the compromised server without being caught and reach other servers in the internal network. With that, we can then compromise other servers and use ProxyChains again to go even further into the network. It allows us to bypass firewalls and other network perimeter defense tools.

Defensive Evasion with ProxyChains

This tool was originally created by N3E7CR34TUR3. It has several major contributors, and we can get the source code from GitHub. https://github.com/haad/proxychains

Defensive Evasion with ProxyChains

For demo purpose we are going to use a Kali Linux as the attacker machine, as ProxyChains are already pre-installed and a victim machine. For obfuscating incoming traffic instead of directly pinging the system we can use a proxy on the internet to tunnel the traffic through the proxy. The victim system will only see the proxy IP as the source IP and the victim system will not see the real IP address of the attacker system.

If we use a system without any proxies we get our real IP address. In the figure below we get the actual IP address by accessing the website https://whatismyipaddress.com.

Defensive Evasion with ProxyChains

If we forward the traffic through an external proxy, then the victim will see the proxy IP instead of the real IP. TOR network is one of the most famous web proxies. For this we need to install the TOR proxy client. The command used to install TOR is sudo apt-get install tor. Once successfully installed the TOR client will create a tunnel between the system and the TOR network. We need to tell ProxyChains which proxy needs to be used. We need to configure /etc/proxychains4.conf. There are lot of interesting features like, using multiple proxies at the same time etc, but in this article we need to tunnel the traffic through the TOR network. ProxyChains already have a pre-configuration for the TOR network as given below

socks4 127.0.0.1:9050

socks4 define the type of proxy, the TOR client creates a socks4 type of proxy followed by the IP address and port used for the SOCKS proxy, the TOR client uses the port 9050. We can start the TOR by typing the command tor in the terminal.

Once the tor connection is successfully established, we get the output as shown in the figure above. Open another terminal and start the Firefox using ProxyChains.

Defensive Evasion with ProxyChains

This opens the Firefox browser connected to the ProxyChains. Check the IP address again.

Defensive Evasion with ProxyChains

 The original IP address is being hidden as all the traffic from the Firefox is going through TOR proxy. We can also use ProxyChains for ssh, Nmap etc.

 

Click here to know more:

https://futureskillsprime.in/course/pragmatic-approach-to-cyber-security?utm_source=CDACBlog_DefensiveEvasionwithProxyChain_CybersecurityCourse&utm_medium=Blog&utm_campaign=CDACBlog_DefensiveEvasionwithProxyChain_CybersecurityCourse

Register on FutureSkills Prime, the technology skilling hub of India and access cybersecurity courses aligned to industry standards and validated by the Government of India.

Submitted by C-DAC Thiruvananthapuram


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


A skilling ecosystem focused on emerging technologies, powered by a partnership between the Ministry of Electronics and Information Technology, Government of India, nasscom, and the IT industry. It seeks to propel India to become a global hub of talent in emerging technologies.

© Copyright nasscom. All Rights Reserved.