How to chain SOCKS proxies?
Just confirmed this worked with some VMs:
[A]$ ssh -tt -v -L8888:localhost:8157 user@B ssh -t -D 8157 user@C
From A, you open up a port forward tunnel from 8888 locally to 8157 on B -L8888:localhost:8157. Once you've established a connection to B, the remote command ssh -t -D 8157 user@C is run, which provides your SOCKS proxy through C. From what I've read, '-t' seems to be required, though I still have to figure out why.
Note, this is one command on the first host which invokes ssh twice, from A->B and from B->C. You could also break this into separate commands, as described below.
Bonus: for chaining three proxies...
Ie A->B->C->D->Internet
[hostA]$ ssh -2 -C -D 55557 -L 55556:127.0.0.1:55556 -L 55555:127.0.0.1:55555 user@B
[hostB]$ ssh -2 -C -D 55556 -L 55555:127.0.0.1:55555 user@C
[hostC]$ ssh -2 -C -D 55555 user@D
Note that for each hop, you need an additional matching forwarder -L on the previous hosts in the chain.
References:
- ssh tunnel via multiple hops
- This posting shows how to chain an arbitrary number of proxies: http://sophiedogg.com/ssh-proxy-through-multiple-servers/
- The template for this solution: http://sysextra.blogspot.com/2013/10/multi-hop-ssh-socks-proxy.html
- How can I use SSH with a SOCKS 5 proxy?
- http://www.jethrocarr.com/2013/03/13/ssh-via-socks-proxies/
glallen's excellent answer utilizing SSH will get the job done. However, the proper way to accomplish this is to use the proxychains program. ProxyChains is a powerful tool that allows you to easily leverage multiple proxy servers at the same time. For example, it's used by hackers use to hide their identify while performing internet attacks - by chaining a bunch of proxies around the world together, it becomes virtually impossible any forensic investigators to trace the traffic all the way back to them. Not to say that you are a malicious hacker - it will work for many different use-cases. ;)
ProxyChains is installed by default on some Linux distributions (like Kali Linux). On Ubuntu/Debian, for example, you can easily install it by doing a:
sudo apt-get install proxychains
Proxychains looks for a configuration file at /etc/proxychains.conf. Once you have it installed, backup the existing Proxychains configuration file (if it exists) and create a new one:
mv /etc/proxychains.conf /etc/proxychains-backup.confnano /etc/proxychains.conf
Now, paste in this example configuration that I've written for you:
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks4 192.168.1.1 8888
socks4 192.168.1.2 8157
socks4 192.168.1.3 6969
In this example, 192.168.1.1 is the IP address of the first SOCKS proxy server, 8888 is the port that the first SOCKS proxy is listening on, 192.168.1.2 is the IP address of the second SOCKS proxy server, 8157 is the port that the second SOCKS proxy is listening on, and so forth.
Now, leverage proxychains by doing proxychains firefox from the command line to launch Firefox. (Make sure that Firefox is closed first.) Now, whenever Firefox makes an outgoing connection, the proxychains program will encapsulate the traffic such that it will be proxied through all of the servers that you specified in this configuration file. To be clear, in your Firefox preferences, you should not be specifying ANY proxy servers - proxychains will take care of everything behind the scenes.
Note that, for troubleshooting purposes, you should probably try to get it working using 1 proxy at a time first before trying all 3. ;)
References:
- The official proxychains website (the latest version is 3.1, released in 2006): http://proxychains.sourceforge.net
- The website for
proxychains-ng(a fork of the original proxychains that is actually still maintained as of 2015): https://github.com/rofl0r/proxychains-ng