proxychains

Installation

sudo apt install proxychains4

Command execution

proxychains <command>

1. proxychains preloads a library (LD_PRELOAD) that hooks system network calls like connect().

2. When your program tries to open a TCP connection:

   • proxychains intercepts it.

   • Instead of connecting directly to the target, it connects to a proxy listed in your config (proxychains.conf).

3. If the first proxy is available, the connection is forwarded through it; otherwise, it tries the next proxy (unless using strict chaining mode).

4. If you have a chain of proxies, the data is forwarded hop by hop until it reaches the final destination.

Configuration

Edit the file /etc/proxychains.conf for system-wide ~/.proxychains/proxychains.conf per-user (optional).

For the specification of another configuration file:

proxychains -f /path/to/config.conf <command>

[ProxyList]
socks5 127.0.0.1 1080
http   127.0.0.1 3128

• Your traffic will go through the first available proxy in the list.

• If chain mode is enabled, traffic must pass through all proxies in order.

Modes of operation

# Dynamic vs strict chain
# dynamic_chain     # pick a random proxy for each connection
strict_chain      # use all proxies in order

# Quiet mode (suppress output)
# quiet_mode

# Force DNS through proxy
proxy_dns

Keyword	Mode	Notes
dynamic_chain	Random proxy per connection	Skips unavailable proxies
strict_chain	Chained proxies	Must pass through all in order
proxy_dns	DNS through proxy	Avoids DNS leaks
quiet_mode	Silent output	Suppresses logs (optional)

Types of proxies supported

[ProxyList]
# format: type host port [user pass]

# SOCKS5 proxy on localhost:1080
socks5 127.0.0.1 1080

# HTTP proxy with authentication
http 192.168.1.100 3128 username password

# SOCKS4 proxy
socks4 10.0.0.2 1080

proxychains supports proxies over:

• socks4

• socks5

• http

Example - Configuration file

# Global Settings
strict_chain
proxy_dns
quiet_mode

[ProxyList]
# Local SSH SOCKS5 proxy
socks5 127.0.0.1 1080

# Remote SOCKS5 proxy
socks5 10.0.0.2 1080

# HTTP proxy with authentication
http 192.168.1.100 3128 myuser mypass

Network configuration

Method 1

strict_chain: traffic MUST go through all the proxies in order

/etc/proxychains.conf on PC

strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5 127.0.0.1 1080   # PC-1
socks5 127.0.0.2 1081   # PC-2
socks5 127.0.0.3 1082   # PC-3 (last PC)

Only TCP-using commands are affected by proxychains (e.g. curl example.com, ssh remotehost, etc.)

Local-only commands like whoami, pwd, ls, etc., are completely unaffected.

proxychains CMD

Method 2

strict_chain: traffic MUST go through all the proxies in order

/etc/proxychains.conf on PC

strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000

[ProxyList]
socks5 127.0.0.1 1080   # PC-1
socks5 127.0.0.2 1081   # PC-2

To execute local commands, connect using SSH to the last proxy instead of opening a SOCKS proxy and then from that session, execute the commands.

proxychains ssh user@10.0.0.4

proxychains is a tool to force any TCP application to go through a proxy (SOCKS or HTTP).

• It intercepts network calls made by programs.

• Works even if the program doesn’t natively support proxies.

• Useful for anonymizing connections, routing traffic through specific hosts, or chaining multiple proxies.