# πŸ‡·πŸ‡Ί RU ## Π‘ΠΎΠ΄Π΅Ρ€ΠΆΠ°Π½ΠΈΠ΅ * ОписаниС * (ΠŸΠΎΠ»Π½ΠΎΡΡ‚ΡŒΡŽ) Ρ€ΡƒΡ‡Π½ΠΎΠΉ запуск * АвтоматичСская настройка ⭐️ ### ОписаниС Набор инструкций ΠΈ нСбольшой скрипт для запуска flatpak прилоТСния Ρ‡Π΅Ρ€Π΅Π· Π»ΠΎΠΊΠ°Π»ΡŒΠ½Ρ‹ΠΉ прокси (ΠΊ ΠΏΡ€ΠΈΠΌΠ΅Ρ€Ρƒ 127.0.0.1:2080) ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΡ **proxychains-ng** \ МоТно ΠΈ Ρ‡Π΅Ρ€Π΅Π· ΠΏΡƒΠ±Π»ΠΈΡ‡Π½Ρ‹ΠΉ прокси Π½ΠΎ это Π½Π΅ бСзопасно. ### (ΠŸΠΎΠ»Π½ΠΎΡΡ‚ΡŒΡŽ) Ρ€ΡƒΡ‡Π½ΠΎΠΉ запуск 1. Π‘ΠΊΠ°Ρ‡Π°Ρ‚ΡŒ исходники ΠΈΠ· https://github.com/rofl0r/proxychains-ng/releases (`proxychains...tar.gz`) 2. Π Π°ΡΠΏΠ°ΠΊΠΎΠ²Π°Ρ‚ΡŒ Π³Π΄Π΅ ΡƒΠ΄ΠΎΠ±Π½ΠΎ ΠΈ Π·Π°ΠΉΡ‚ΠΈ Π² Π΄ΠΈΡ€Π΅ΠΊΡ‚ΠΎΡ€ΠΈΡŽ Π² Ρ‚Π΅Ρ€ΠΌΠΈΠ½Π°Π»Π΅ 3. Π‘ΠΎΠ±Ρ€Π°Ρ‚ΡŒ: ``` ./configure make ``` 4. Π‘ΠΎΠ·Π΄Π°Ρ‚ΡŒ ΠΏΠ°ΠΏΠΊΡƒ для ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΠΈ ΠΈ proxychains: `mkdir ~/proxychains` 5. Π‘ΠΊΠΎΠΏΠΈΡ€ΠΎΡΠ°Ρ‚ΡŒ Π±ΠΈΠ½Π°Ρ€Π½ΠΈΠΊΠΈ: `cp proxychains4 libproxychains4.so ~/proxychains/` 6. Π‘ΠΎΠ·Π΄Π°Ρ‚ΡŒ ΠΊΠΎΠ½Ρ„ΠΈΠ³ΡƒΡ€Π°Ρ†ΠΈΡŽ Π² `~/proxychains/proxychains4.conf` Π²ΠΈΠ΄Π°:
proxychains4.conf ``` # proxychains.conf VER 4.x # # HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS. # The option below identifies how the ProxyList is treated. # only one option should be uncommented at time, # otherwise the last appearing option will be accepted # #dynamic_chain # # Dynamic - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped) # otherwise EINTR is returned to the app # strict_chain # # Strict - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # all proxies must be online to play in chain # otherwise EINTR is returned to the app # #round_robin_chain # # Round Robin - Each connection will be done via chained proxies # of chain_len length # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped). # the start of the current proxy chain is the proxy after the last # proxy in the previously invoked proxy chain. # if the end of the proxy chain is reached while looking for proxies # start at the beginning again. # otherwise EINTR is returned to the app # These semantics are not guaranteed in a multithreaded environment. # #random_chain # # Random - Each connection will be done via random proxy # (or proxy chain, see chain_len) from the list. # this option is good to test your IDS :) # Make sense only if random_chain or round_robin_chain #chain_len = 2 # Quiet mode (no output from library) #quiet_mode ## Proxy DNS requests - no leak for DNS data # (disable all of the 3 items below to not proxy your DNS requests) # method 1. this uses the proxychains4 style method to do remote dns: # a thread is spawned that serves DNS requests and hands down an ip # assigned from an internal list (via remote_dns_subnet). # this is the easiest (setup-wise) and fastest method, however on # systems with buggy libcs and very complex software like webbrowsers # this might not work and/or cause crashes. proxy_dns # method 2. use the old proxyresolv script to proxy DNS requests # in proxychains 3.1 style. requires `proxyresolv` in $PATH # plus a dynamically linked `dig` binary. # this is a lot slower than `proxy_dns`, doesn't support .onion URLs, # but might be more compatible with complex software like webbrowsers. #proxy_dns_old # method 3. use proxychains4-daemon process to serve remote DNS requests. # this is similar to the threaded `proxy_dns` method, however it requires # that proxychains4-daemon is already running on the specified address. # on the plus side it doesn't do malloc/threads so it should be quite # compatible with complex, async-unsafe software. # note that if you don't start proxychains4-daemon before using this, # the process will simply hang. #proxy_dns_daemon 127.0.0.1:1053 # set the class A subnet number to use for the internal remote DNS mapping # we use the reserved 224.x.x.x range by default, # if the proxified app does a DNS request, we will return an IP from that range. # on further accesses to this ip we will send the saved DNS name to the proxy. # in case some control-freak app checks the returned ip, and denies to # connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x. # of course you should make sure that the proxified app does not need # *real* access to this subnet. # i.e. dont use the same subnet then in the localnet section #remote_dns_subnet 127 #remote_dns_subnet 10 remote_dns_subnet 224 # Some timeouts in milliseconds tcp_read_time_out 15000 tcp_connect_time_out 8000 ### Examples for localnet exclusion ## localnet ranges will *not* use a proxy to connect. ## note that localnet works only when plain IP addresses are passed to the app, ## the hostname resolves via /etc/hosts, or proxy_dns is disabled or proxy_dns_old used. ## Exclude connections to 192.168.1.0/24 with port 80 # localnet 192.168.1.0:80/255.255.255.0 ## Exclude connections to 192.168.100.0/24 # localnet 192.168.100.0/255.255.255.0 ## Exclude connections to ANYwhere with port 80 # localnet 0.0.0.0:80/0.0.0.0 # localnet [::]:80/0 ## RFC6890 Loopback address range ## if you enable this, you have to make sure remote_dns_subnet is not 127 ## you'll need to enable it if you want to use an application that ## connects to localhost. # localnet 127.0.0.0/255.0.0.0 # localnet ::1/128 ## RFC1918 Private Address Ranges # localnet 10.0.0.0/255.0.0.0 # localnet 172.16.0.0/255.240.0.0 # localnet 192.168.0.0/255.255.0.0 ### Examples for dnat ## Trying to proxy connections to destinations which are dnatted, ## will result in proxying connections to the new given destinations. ## Whenever I connect to 1.1.1.1 on port 1234 actually connect to 1.1.1.2 on port 443 # dnat 1.1.1.1:1234 1.1.1.2:443 ## Whenever I connect to 1.1.1.1 on port 443 actually connect to 1.1.1.2 on port 443 ## (no need to write :443 again) # dnat 1.1.1.2:443 1.1.1.2 ## No matter what port I connect to on 1.1.1.1 port actually connect to 1.1.1.2 on port 443 # dnat 1.1.1.1 1.1.1.2:443 ## Always, instead of connecting to 1.1.1.1, connect to 1.1.1.2 # dnat 1.1.1.1 1.1.1.2 # ProxyList format # type ip port [user pass] # (values separated by 'tab' or 'blank') # # only numeric ipv4 addresses are valid # # # Examples: # # socks5 192.168.67.78 1080 lamer secret # http 192.168.89.3 8080 justu hidden # socks4 192.168.1.49 1080 # http 192.168.39.93 8080 # # # proxy types: http, socks4, socks5, raw # * raw: The traffic is simply forwarded to the proxy without modification. # ( auth types supported: "basic"-http "user/pass"-socks ) # # !!!!! # Else proxy will redirect all to localhost localnet 127.0.0.0/255.0.0.0 [ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks5 127.0.0.1 2080 #socks5 127.0.0.1 9150 ```
7. ΠŸΠΎΠΌΠ΅Π½ΡΡ‚ΡŒ ΠΏΠΎΡ€Ρ‚ `2080` ΠΈ/ΠΈΠ»ΠΈ адрСс Π½Π° любой ΡƒΠ΄ΠΎΠ±Π½Ρ‹ΠΉ, Ссли это Π½ΡƒΠΆΠ½ΠΎ. 8. ΠŸΠΎΠ»ΡƒΡ‡ΠΈΡ‚ΡŒ ΠΊΠΎΠΌΠ°Π½Π΄Ρƒ запуска: `flatpak info --show-metadata YOUR.APP.HERE | grep command | cut -d '=' -f 2` 9. Π—Π°ΠΉΡ‚ΠΈ Π² ΠΆΠ΅Π»Π°Π΅ΠΌΠΎΠ΅ ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠ΅: `flatpak run --filesystem="~/proxychains:ro" --command="bash" YOUR.APP.HERE` 10. ΠŸΡ€ΠΎΠ²Π΅Ρ€ΠΈΡ‚ΡŒ Ρ€Π°Π±ΠΎΡ‚Ρƒ: `proxychains/proxychains4 -f proxychains/proxychains4.conf curl ipinfo.io` 11. Π—Π°ΠΏΡƒΡΡ‚ΠΈΡ‚ΡŒ ΠΊΠΎΠΌΠ°Π½Π΄Ρƒ запуска Ρ‡Π΅Ρ€Π΅Π· `proxychains/proxychains4 -f proxychains/proxychains4.conf YOUR_COMMAND_HERE` ### АвтоматичСская настройка ⭐️ 1. Π—Π°ΠΏΡƒΡΡ‚ΠΈΡ‚ΡŒ скрипт: `python setup.py` 2. Π‘Π»Π΅Π΄ΠΎΠ²Π°Ρ‚ΡŒ подсказкам: ΡƒΠΊΠ°Π·Π°Ρ‚ΡŒ адрСс прокси (ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ 127.0.0.1:2080), (ΠΊΠΎΠ΄ΠΎΠ²ΠΎΠ΅) Π½Π°Π·Π²Π°Π½ΠΈΠ΅ прилоТСния. 3. Π‘ΠΊΠΎΠΏΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ ΠΊΠΎΠΌΠ°Π½Π΄Ρƒ послС: `COMMAND: ` Π² Ρ€Π°Π·Π΄Π΅Π»Π΅ `Generated command` Π”Π°Π»Π΅Π΅ Π²Ρ‹ ΠΌΠΎΠΆΠ΅Ρ‚Π΅: * ΡΠΎΠ·Π΄Π°Ρ‚ΡŒ ярлык ΠΈ ΡƒΠΊΠ°Π·Π°Ρ‚ΡŒ Π² `Exec=` эту ΠΊΠΎΠΌΠ°Π½Π΄Ρƒ Π²ΠΈΠ΄Π°: `Exec=/usr/bin/flatpak run ...` * ΡΠΎΠ·Π΄Π°Ρ‚ΡŒ алиас для запуска .bashrc * ΡΠΎΠ·Π΄Π°Ρ‚ΡŒ скрипт для запуска # πŸ‡ΊπŸ‡Έ EN ## Content * Description * (Fully) manual start * Automatic setup ⭐️ ### ОписаниС Instructions set and small script for running flatpak app trought local proxy (for example 127.0.0.1:2080) using **proxychains-ng** You can run and trought public proxy but it's not safe. ### (Fully) manual start 1. Download source code from https://github.com/rofl0r/proxychains-ng/releases (`proxychains...tar.gz`) 2. Unarchive wherever you like and got to directory in the terminal 3. Compile: ``` ./configure make ``` 4. Create path for configuration and proxychains: `mkdir ~/proxychains` 5. Copy binaries: `cp proxychains4 libproxychains4.so ~/proxychains/` 6. Create configuration in `~/proxychains/proxychains4.conf` look like:
proxychains4.conf ``` # proxychains.conf VER 4.x # # HTTP, SOCKS4a, SOCKS5 tunneling proxifier with DNS. # The option below identifies how the ProxyList is treated. # only one option should be uncommented at time, # otherwise the last appearing option will be accepted # #dynamic_chain # # Dynamic - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped) # otherwise EINTR is returned to the app # strict_chain # # Strict - Each connection will be done via chained proxies # all proxies chained in the order as they appear in the list # all proxies must be online to play in chain # otherwise EINTR is returned to the app # #round_robin_chain # # Round Robin - Each connection will be done via chained proxies # of chain_len length # all proxies chained in the order as they appear in the list # at least one proxy must be online to play in chain # (dead proxies are skipped). # the start of the current proxy chain is the proxy after the last # proxy in the previously invoked proxy chain. # if the end of the proxy chain is reached while looking for proxies # start at the beginning again. # otherwise EINTR is returned to the app # These semantics are not guaranteed in a multithreaded environment. # #random_chain # # Random - Each connection will be done via random proxy # (or proxy chain, see chain_len) from the list. # this option is good to test your IDS :) # Make sense only if random_chain or round_robin_chain #chain_len = 2 # Quiet mode (no output from library) #quiet_mode ## Proxy DNS requests - no leak for DNS data # (disable all of the 3 items below to not proxy your DNS requests) # method 1. this uses the proxychains4 style method to do remote dns: # a thread is spawned that serves DNS requests and hands down an ip # assigned from an internal list (via remote_dns_subnet). # this is the easiest (setup-wise) and fastest method, however on # systems with buggy libcs and very complex software like webbrowsers # this might not work and/or cause crashes. proxy_dns # method 2. use the old proxyresolv script to proxy DNS requests # in proxychains 3.1 style. requires `proxyresolv` in $PATH # plus a dynamically linked `dig` binary. # this is a lot slower than `proxy_dns`, doesn't support .onion URLs, # but might be more compatible with complex software like webbrowsers. #proxy_dns_old # method 3. use proxychains4-daemon process to serve remote DNS requests. # this is similar to the threaded `proxy_dns` method, however it requires # that proxychains4-daemon is already running on the specified address. # on the plus side it doesn't do malloc/threads so it should be quite # compatible with complex, async-unsafe software. # note that if you don't start proxychains4-daemon before using this, # the process will simply hang. #proxy_dns_daemon 127.0.0.1:1053 # set the class A subnet number to use for the internal remote DNS mapping # we use the reserved 224.x.x.x range by default, # if the proxified app does a DNS request, we will return an IP from that range. # on further accesses to this ip we will send the saved DNS name to the proxy. # in case some control-freak app checks the returned ip, and denies to # connect, you can use another subnet, e.g. 10.x.x.x or 127.x.x.x. # of course you should make sure that the proxified app does not need # *real* access to this subnet. # i.e. dont use the same subnet then in the localnet section #remote_dns_subnet 127 #remote_dns_subnet 10 remote_dns_subnet 224 # Some timeouts in milliseconds tcp_read_time_out 15000 tcp_connect_time_out 8000 ### Examples for localnet exclusion ## localnet ranges will *not* use a proxy to connect. ## note that localnet works only when plain IP addresses are passed to the app, ## the hostname resolves via /etc/hosts, or proxy_dns is disabled or proxy_dns_old used. ## Exclude connections to 192.168.1.0/24 with port 80 # localnet 192.168.1.0:80/255.255.255.0 ## Exclude connections to 192.168.100.0/24 # localnet 192.168.100.0/255.255.255.0 ## Exclude connections to ANYwhere with port 80 # localnet 0.0.0.0:80/0.0.0.0 # localnet [::]:80/0 ## RFC6890 Loopback address range ## if you enable this, you have to make sure remote_dns_subnet is not 127 ## you'll need to enable it if you want to use an application that ## connects to localhost. # localnet 127.0.0.0/255.0.0.0 # localnet ::1/128 ## RFC1918 Private Address Ranges # localnet 10.0.0.0/255.0.0.0 # localnet 172.16.0.0/255.240.0.0 # localnet 192.168.0.0/255.255.0.0 ### Examples for dnat ## Trying to proxy connections to destinations which are dnatted, ## will result in proxying connections to the new given destinations. ## Whenever I connect to 1.1.1.1 on port 1234 actually connect to 1.1.1.2 on port 443 # dnat 1.1.1.1:1234 1.1.1.2:443 ## Whenever I connect to 1.1.1.1 on port 443 actually connect to 1.1.1.2 on port 443 ## (no need to write :443 again) # dnat 1.1.1.2:443 1.1.1.2 ## No matter what port I connect to on 1.1.1.1 port actually connect to 1.1.1.2 on port 443 # dnat 1.1.1.1 1.1.1.2:443 ## Always, instead of connecting to 1.1.1.1, connect to 1.1.1.2 # dnat 1.1.1.1 1.1.1.2 # ProxyList format # type ip port [user pass] # (values separated by 'tab' or 'blank') # # only numeric ipv4 addresses are valid # # # Examples: # # socks5 192.168.67.78 1080 lamer secret # http 192.168.89.3 8080 justu hidden # socks4 192.168.1.49 1080 # http 192.168.39.93 8080 # # # proxy types: http, socks4, socks5, raw # * raw: The traffic is simply forwarded to the proxy without modification. # ( auth types supported: "basic"-http "user/pass"-socks ) # # !!!!! # Else proxy will redirect all to localhost localnet 127.0.0.0/255.0.0.0 [ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks5 127.0.0.1 2080 #socks5 127.0.0.1 9150 ```
7. Change port `2080` and/or address to other if needed. 8. Get run command: `flatpak info --show-metadata YOUR.APP.HERE | grep command | cut -d '=' -f 2` 9. Go to the desired application: `flatpak run --filesystem="~/proxychains:ro" --command="bash" YOUR.APP.HERE` 10. Check work: `proxychains/proxychains4 -f proxychains/proxychains4.conf curl ipinfo.io` 11. Run running command trought `proxychains/proxychains4 -f proxychains/proxychains4.conf YOUR_COMMAND_HERE` ### Automatic setup ⭐️ 1. Run script: `python setup.py` 2. Follow the prompts: set proxy's address (by default 127.0.0.1:2080), (code) application name. 3. Copy the command after: `COMMAND: ` in the section `Generated command` Next you can: * create shortcut and set in `Exec=` this command look like: `Exec=/usr/bin/flatpak run ...` * create alias for start in .bashrc * create script for start