Anonymizing Recon Using Tor & Proxychains

Whenever we send a packet to our intended target, that packet contains information about network (like our public IP address) – which can ultimately then be traced back to us.  In the interest of remaining anonymous, our goal here is to perform recon on a public network (using something like NMAP) with the least risk of our work being traced back to us.

To achieve this, we need two tools: Tor and proxychains.  ProxyChains allows us to pipe TCP connections through a proxy, or a chain of multiple proxies, effectively masquerading our public IP address.

We can download our tools using the commands below:

apt-get install tor
apt-get install proxychains
apt-get install nmap (if you don’t already have it)

Before we get started, we want to make sure we don’t accidentally disclose our public IP to our victim by running the following command. Replace the below IP address with your target victim.

sudo iptables -A OUTPUT –dest 52.37.49.217 -j DROP

Once we do that, we can see what happens when we try to send packets to that IP address.

Capture1.1
Prior to using Tor and ProxyChains, we should (always) determine/check what our public IP address is:

Capture3

Next we need to get the Tor service running. We can run the following commands:

service tor start
service tor status

Capture1

With Tor running, we can now use ProxyChains to mask our public IP address by running the following command:

proxychains curl ipecho.net/plain

Capture4

We are now ready to do some NMAP scanning on our victim. This can be done using the following command:

proxychains nmap 52.37.49.217 -Pn -sV -sT -v -p 80,443

Capture5

Since we have access to the victim box, let’see what a tcpdump looks like while the NMAP scan is in progress:

Capture7

If we curl 52.37.49.217 using ProxyChains, we can also see that Apache logs (on the victim box) also show as coming from our new IP address on the Tor network:

Capture2Capture6

 

 

 

Advertisements

2 thoughts on “Anonymizing Recon Using Tor & Proxychains

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s