How to Setup PROXYCHAINS in Kali-Linux by Terminal
proxychains is open source software for Linux systems and comes pre-installed with Kali Linux, the tool redirects TCP connections through proxies like TOR, SOCKS4, SOCKS5, and HTTP (S) and it allows us to chain proxy servers. With proxychains, we can hide the IP address of the source traffic and evade IDS and setup proxychains you will first need the tor service, most of the time the service is preinstalled. To check if there is tor service available or not just use this Switch to ROOT usersudo -iType your password and enter, Now you’re in Root user. so type, [email protected]:~# service tor satusIf you get this output that means TOR is not installed in your system and not running, Means TOR is installed in your system and apt-get install torWe had already installed tor service before so there will be a difference in execution. If you get any error while doing this then do update && upgrade and reboot, and do TOR Successfully installs then, Start TOR service tor startNow to check the TOR service service tor statusctrl +c for If you want to stop TOR service, type service tor stopAfter installing tor service now we need to configure proxychains. To do so use the following you must in ROOT user. if you do not then switch to nano /etc/nfYou see this type of file in the terminal. you will see “#” which means bash language comments. if there is no “#” hash that means it defaults running. or if we remove “#” hash that means we want to run this. You can use arrow keys to scroll down & up and read file content and do the following changes as you you see in this there are three types of proxychains: 1)dynamic 2)strict 3)randomwe’re going to use dynamic chain, Remove Dynamic chain from commentcomment Strict chain and Random chainRemove proxy DNS from commentAlso, Remove Proxy DNS requests — no leak for DNS data from commentTips: here removing proxy DNS and no leak for DNS data, helps you to fully anonymous. 3. Now, write socks5 127. 0. 1 9050 in the last line of the proxy just write save by ctrl+o and enter and for exit the file ctrl+X, now exit the proxychains setup is Here, SOCKS is an internet protocol that routes packets between a server and a client using a proxy server. and socks4 and socks5 is the type of socks. 127. 1 is the loopback Internet protocol (IP) address also referred to as the localhost. 9050 is port number and By default, Tor listens on this port for socks Restart your machine, To start proxychains first restart the tor service and then launch proxychains in firefox with a link for a particular search engine like bing, duckduckgo. Use the following commands:[email protected]:~# service tor restartNow, [email protected]:~# proxychains firefox running the following commands firefox will launch and will load. When you run the command you must not get any error and bing should get loaded. Also please close all firefox tabs before executing the can see that after executing the proxychains bing loaded with some other language. Now let’s do a DNS leak test by searching DNS leak test and open any website providing the can see that my location is now changed from INDIA to GERMANY and the good thing is that proxychains keep on changing my IP address in a dynamic way without leaking my DNS. so that it provides good you want that you see a different result then you can just close the firefox and clear the terminal, restart tor service and again launch proxychains you will see some different results in DNS leak test as shown below:This is the result which we got after restarting tor service. Now If you facing any issues just comment.
Tor vs. Proxies, Proxy Chains and VPNs – Whonix
Proxies are famous for “anonymity on demand”. Acting as an intermediary, proxy servers relay your traffic to the destination and send the answer back to you so that the destination server potentially only sees the proxy and not your IP address: 
Instead of connecting directly to a server that can fulfill a requested resource, such as a file or web page for example, the client directs the request to the proxy server, which evaluates the request and performs the required network transactions. This serves as a method to simplify or control the complexity of the request, or provide additional benefits such as load balancing, privacy, or security. Proxies were devised to add structure and encapsulation to distributed systems.
There are two basic types of proxy server: 
Open proxies: these forward requests from and to anywhere on the Internet and are accessible by any Internet user. 
Anonymous proxies reveal their identity as a proxy server but do not disclose the client’s originating IP address.
Transparent proxies also reveal their identity as a proxy server, but the originating IP address is accessible due to factors such as the X-Forwarded-For HTTP header. The benefit of these proxies is the ability to cache websites for faster retrieval.
Reverse proxies: these connect the Internet to an internal network. Therefore, users making requests connect to the proxy and may not be aware of the internal network as the response is returned as if it came from the original server.
There are no known HTTP(S) or SOCKS4(a)/5 proxies that offer an encrypted connection between itself and the user. Therefore, the Internet Service Provider or any man-in-the-middle [archive] can see connection details, including the destination IP address. If the destination server is not using SSL/TLS, then the entire content of traffic is vulnerable as well.
As noted above, some open HTTP(S) proxies send the “HTTP forwarded for” header which discloses a user’s IP address. HTTP(S) proxies that do not send this header are sometimes called “elite” or “anonymous” proxies. There are no known legitimate and free public HTTP(S) or SOCKS4(a)/5 proxies.
The tables below briefly compare the features offered by proxies found on many proxy sharing websites with various anonymization services.
Table: Proxy Type Feature Comparison
Hides IP 
Table: Anonymization Service Feature Comparison
Premium only 
Proxies are highly susceptible to the misuse and theft of user data: many proxies (HTTP/HTTPS/SOCKS) are computers that have been hijacked by hackers or criminals, or are honeypots exclusively offered for the purpose of user observation. Even if they were legitimate, any single operator can decide to enable logging. In addition, some proxies automatically reveal the user’s IP address to the destination server.
At best, proxies only offer weak protection against destination website logging, and they offer no protection against third party eavesdropping. For these reasons their use is strongly discouraged.
This section compares the use of CGIproxies [archive] in Mozilla Firefox on the host without utilizing a platform like Whonix ™ or Tails. A CGI web proxy: … accepts target URLs using a Web form in the user’s browser window, processes the request, and returns the results to the user’s browser. Consequently, it can be used on a device or network that does not allow “true” proxy settings to be changed.
This means CGIproxies provide Internet pages with a form field in which the user can input the target address they wish to visit anonymously. The web proxy subsequently delivers the content of the requested website and automatically patches all links to use the web proxy when clicked. When using web proxy services the browser configuration does not need to be changed.
It is also important to note that CGIproxies can potentially only anonymize browser traffic and not the traffic of other applications; but to be fair, they do not claim more than anonymizing browser traffic.
To interpret the table below, refer the Wikipedia CGIProxy entry [archive] and the following legend.
Broken: The real IP address is revealed.
OK: no leak found.? : Untested and therefore unknown.
NI: Not installed by default.
DE: Deactivated even if installed.
RA: Recommended against by maintainers.
1 Encrypted connection to the CGI proxy (SSL/TLS) 2 or Tor exit relay.
2 Uses a proper SSL/TLS certificate recognized by certificate authorities.
Table: CGIproxies vs. Anonymization Software/Platforms
Software / Provider
NI DE RA OK
NI DE RA?
NI DE RA (Broken)
Broken (if allowed)*
Links to Software / Provider and Tests
In the following table, “(check manually)” means enter the test link manually in the browser.
click [archive] (check manually)
Tor Browser [archive]
webproxy USA [archive]
In comparison to Tor, CGIproxies are only one hop proxies. This means they know who is connecting and the details of the requested destination server resource. This makes CGIproxies far inferior to Tor because they could potentially read all transmissions, even if entering SSL/TLS protected domain names.
Due to these serious disadvantages, it is not worthwhile discussing other security features which have been canvassed in other wiki chapters comparing Whonix ™, Tails and Tor Browser (such as UTC timezone and fingerprinting).
Isn’t seven proxies (proxy chains) better than Tor with only three Hops?
Some readers might be familiar with the Internet meme: “Good luck, I’m behind 7 proxies”, which is sarcastic retort sometimes used when somebody threatens to report you to authorities, or claims they can identify your location. 
In short, multiple proxies used in combination are not more secure than Tor; many people are unaware of this fact. As outlined above, proxies are not very secure.
In contrast, the Tor design ensures the first hop (Tor relay) is unable to see the IP address of the last hop because it cannot decrypt the message for the second hop. If one hop can be trusted, then the connection is secure; see Which Tor node knows what? [archive],, How Tor Works [archive] and the onion design to learn more.
Quote The Tor Project, Aren’t 10 proxies (proxychains) better than Tor with only 3 hops? [archive]:
Proxychains is a program that sends your traffic through a series of open web proxies that you supply before sending it on to your final destination. Unlike Tor, proxychains does not encrypt the connections between each proxy server. An open proxy that wanted to monitor your connection could see all the other proxy servers you wanted to use between itself and your final destination, as well as the IP address that proxy hop received traffic from.
Because the Tor protocol requires encrypted relay-to-relay connections, not even a misbehaving relay can see the entire path of any Tor user.
While Tor relays are run by volunteers and checked periodically for suspicious behavior, many open proxies that can be found with a search engine are compromised machines, misconfigured private proxies not intended for public use, or honeypots set up to exploit users.
The information available to each of the three Tor relays is summarized below.
Table: Tor Node (Relay) Information Awareness 
Bridge Node/Entry Guard
Tor user’s IP/location
IP of bridge node or entry guard
Message for bridge node or entry guard
IP of middle node
Message for middle node
IP of exit node
Message for exit node
IP of destination server
Message for destination server
In comparison to Tor, proxies have serious weaknesses, even when SOCKS proxies or “elite”/”anonymous” proxies are utilized. Firstly, all connections between the user and all proxies in the chain are unencrypted. This holds true irrespective of the use of SSL/TLS. For demonstration purposes, assume a user is connecting to an SSL/TLS protected web server. In human terms, this is basic sketch of how the package for the first proxy in the proxy chain would appear:
Proxy1, please forward “forward to Proxy3; forward to Proxy4; forward to Proxy5; forward to [archive] ‘c8e8df895c2cae-some-garbage-here-(encrypted)-166bad027fdf15335b'” to Proxy2?
Notably, the actual transmission is safely encrypted and can only be decrypted by the HTTPS protected webserver, but every proxy will see its predecessor IP address and all successor IP addresses. There is simply no way to encrypt that information in an attempt to mirror Tor onion functions. The proxy protocols (HTTP(S), SOCKS4(a)/5) do not support encryption.
It is clear that proxy chains require trust to be placed in every successor proxy concerning the IP address. However, placing trust in open proxies is also misguided for the following reasons:
Most are a simple misconfiguration; the owners are not aware of the situation and did not intend on public access in the first place.
Many are compromised machines (worm infected).
Some are honeypots that engage in logging or active exploits (DNS spoofing, protocol spoofing, SSL/TLS spoofing).
Few are provided by generous people who only have good intentions in providing the best possible anonymity (similar to most Tor server administrators).
The above factors may not apply for proxy chains of SSH and/or encrypted VPN servers, but this has not been researched yet. Nevertheless, it is not possible to access numerous SSH and/or VPN servers for free (without hacking) and/or anonymous payment.
Overall, there are a number of serious security and anonymity risks in wholly relying on VPNs; objectively speaking, Tor is a far safer configuration.
Table: Tor vs. VPN Comparison
Even when a virtual or physical VPN-Gateway is used, browser fingerprinting problems means it is only pseudonymous rather than anonymous.
It is trivial to trick client applications behind a VPN to connect in the clear. 
Fail Open Risk
Most VPNs fail open and do not configure basic cryptography properly — if they even use a proper cipher at all. 
VPN software normally does not ensure that users have an uniform appearance on the Internet aside from common IP addresses; see Data Collection Techniques. By merging the data, this means users are distinguishable and easily identifiable.
Any local observer on the network (ISP, WLAN) can make estimates of websites requested over the VPN by simply analyzing the size and timing of the encrypted VPN data stream (Website Fingerprinting Attacks). In contrast, Tor is quite resilient against this attack; see footnote. 
Unlike Tor, VPN hosts can track and save every user action since they control all VPN servers. The administrators and anyone else who has access to their servers, either knowingly or unknowingly, will have access to this information.
Advertisements for double, triple or multi-hop VPNs are meaningless. Unless the user builds their own custom VPN chain by carefully choosing different VPN providers, operated by different companies, then they are fully trusting only one provider.
Some VPN providers require their proprietary closed source software to be used and do not provide an option for other reputable VPN software, such as OpenVPN.
Tor code is fully open source.
The fundamental design of VPN systems means they do not normally filter or replace the computer’s TCP packets. Therefore, unlike Tor they cannot protect against TCP timestamp attacks.
VPN providers only offer privacy by policy, while Tor offers privacy by design:
Any VPN provider can make claims they do not log activity, but this is unverifiable.
When using Tor, it is also unknown if any of the three hops is keeping logs. However, one malicious node will have less impact. The entry guard will not know where you are connecting to, thus it is not a fatal problem if they log. The exit relay will not know who you are, but can see any unencrypted traffic — this is only a problem if sensitive data is sent over this channel (which is unrecommended). Tor’s model is only broken in the unlikely (but not impossible) event that an adversary controls all three nodes in the circuit.  Tor distributes trust, while using VPN providers places all trust in the policy of one provider.
If VPN software is run directly on the same machine that also runs client software such as a web browser, then Active Web Contents can read the real IP address. This can be prevented by utilizing a virtual or physical VPN-Gateway or a router. However, be aware that active contents can still reveal a lot of data concerning the computer and network configuration.
VPN Server Security
The Snowden documents describe a successful Internet-wide campaign by advanced adversaries for covert access to VPN providers’ servers. 
Whether it is worth combining Tor with a VPN — either as pre-Tor-VPN (user → VPN → Tor) or as post-Tor-VPN (user → Tor → VPN) — is a controversial topic and discussed on the Tor plus VPN [archive] (w [archive]) page. If this configuration is preferred, it is easy to set up with Whonix ™; see Tunnel Support.
Criteria for Reviewing VPN Providers
place of incorporation
incorporation verifiable 
ownership / shareholders
usability votes, token system required
has a free service or limited use free service
accepts Bitcoin payments
accepts other anonymous cryptocurrency payments like Monero
accepts cash payments
anonymous sign-up allowed
sign-up does not require email address
VPN client software is Freedom Software
can be used with Freedom Software like OpenVPN
no log policy
third party audited
popularity in Whonix ™ forums
popularity in external VPN reviews
overall popularity online
known cases of malicious activity
long term track record
can be connected to by TCP
can be connected to by UDP
supports tunneling TCP
supports tunneling UDP
VPN with Remote Port Forwarding (for Hosting Location Hidden Services)
Freedom Software server source code
Tor and Proxies Comparison
This was originally posted by adrelanos (proper) to the TorifyHOWTO/proxy [archive] (w [archive]) (license [archive]) (w [archive]). Adrelanos didn’t surrender any copyrights and can therefore re-use it here. It is under the same license as the rest of the page.
Gratitude is expressed to JonDos [archive] for permission [archive] to use material from their website. (w [archive]) (w [archive])  The “Tor and Proxies Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym Other Services [archive] documentation page.
Whonix ™, Tails, Tor Browser and CGIproxies Comparison
Appreciation is expressed to JonDos [archive] (Permission [archive]). The “Whonix ™, Tails, Tor Browser and CGIproxies Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym documentation Other Services [archive] page.
Tor and Proxy Chains Comparison
This was originally posted by adrelanos (proper) to the TorFAQ [archive] (w [archive]) (license [archive]) (w [archive]). It is under the same license as the rest of the page.
Tor and VPN Services Comparison
Appreciation is expressed to JonDos [archive] (Permission [archive]). The “Tor and VPN services Comparison” chapter of the “Tor vs. Proxies, Proxy Chains and VPNs” wiki page contains content from the JonDonym documentation Other Services [archive] page.
↑ 1. 0 1. 1 [archive]
↑ Hundreds of thousands are suspected to be in operation.
↑ 3. 0 3. 1 3. 2 3. 3 Connection to the destination server, for example to the webserver.
↑ 4. 0 4. 1 Transparent TCP Port.
↑ These do not support the connect method (see below). Therefore connections to SSL/TLS protected websites are impossible.
↑ 7. 0 7. 1 This is true only when being used as proxy settings and not when used as a transparent proxy.
↑ 8. 0 8. 1 8. 2 8. 3 8. 4 8. 5 Depends on the proxy.
↑ The term HTTPS proxy is misleading because the connection to the proxy is not encrypted. The proxy additionally supports the connect method, which is required to access SSL/TLS protected websites and other services other than HTTP.
↑ 14. 0 14. 1 eepsites only. Connections to clearnet are only possible through outproxies (no SSL/TLS to the destination site).
↑ I2P End-to-end Transport Layer [archive] allows TCP- or UDP-like functionality on top of I2P.
↑ For a more detailed review of the JonDonym network, see: JonDonym.
↑ The SOCKS interface is only available to paying users.
↑ Tor can offer a SocksPort (SOCKS4(a)/5), DnsPort and TransPort. A third party HTTP/2 socks converter (privoxy [archive]) is available.
↑ Tor offers a SOCKS5 interface but the Tor software does not support UDP itself yet [archive]. Whonix ™ provides a limited workaround for using UDP anyway, in the most secure manner available; see Tunnel UDP over Tor.
↑ 23. 0 23. 1 [archive]
↑ A scientific article demonstrating the attack is found here [archive]; the success rates are over 90% for VPNs.
↑ Or if they are a global passive adversary capable of monitoring the traffic between all the computers in a network at the same time.
VPN and VOIP Exploitation With HAMMERCHANT and HAMMERSTEIN [archive]
↑ Such as Companies House [archive] for the United Kingdom.
↑ Broken link: [archive]
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
We are looking for video makers to help create demonstration, promotional and conceptual videos or tutorials.
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why? )
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.
How to check if Network Proxy is really applied? – Ask Ubuntu
I’m trying to set Network Proxy to use my LAN’s internet connection to update packages.
while the proxy settings works on my firefox, but the package manager still cannot connect to Internet. I have set proxy in System >> Preferences >> Network Proxy and I have entered the user/pass for the proxy in ‘Details’ too.
How can I make sure that the Proxy Network is applied correctly?
Luis Alvarado197k157 gold badges524 silver badges691 bronze badges
asked Sep 7 ’10 at 14:32
First of all make sure you click on “Apply system-wide… ” whenever you change proxy settings in the gnome-network-properties (System -> Preferences -> Network Proxy). This sets _proxy and related environment variables. This should be available to all programs started after the proxy setting is “Applied system-wide… “. To be really sure, you can logout and back-in to double-check this.
If you open a terminal and use the command set | grep -i proxy you would see the relevant environment variables set. Ideally this should be enough.
However, I have faced situations where all the above still doesn’t work: Synaptic or apt-get (over commandline) can’t connect to the internet through the proxy even after it is set in the above way. In such cases, one solution is to add a file in /etc/apt/ with specific proxy configuration for apt (this will be used by apt-get, aptitude, synaptic and Ubuntu software center).
Follow the below steps:
gksudo gedit /etc/apt/
Put the following contents into it – modify the contents to suit your situation.
If you have a user-name & password you could encode the same in the proxy url (like so, ) or you can use something like ntlmaps for better control.
More info could be found here.
answered Sep 7 ’10 at 14:49
koushikkoushik4, 8044 gold badges24 silver badges35 bronze badges
Have you clicked the Apply System Wide (highlighted) button? If you don’t proxy settings are local to your Gnome session and therefore when root goes off to download packages, it won’t use the same network settings.
answered Sep 7 ’10 at 14:53
Oli♦Oli273k106 gold badges641 silver badges810 bronze badges
There’s a bunch of good answers above that will help you if you’re having problems (which is what your question implies). However, this is an answer to the narrow question of checking whether the Network proxy settings have been applied:
Start a new shell (xterm), then check the environment variables:% env | grep -i proxy
_proxy=ftp_proxy=all_proxy=socks172. 17. 0. 130:8080/…
Note that existing shells will not have updated environment variables. So if you’re executing a command that looks at environment variables for its proxy settings, start it in a shell created after the changes to the proxy settings.
Use gconftool to query the gconf settings (which are stored under ~/):% gconftool -R /system/proxy
old_ftp_port = 0
old_secure_port = 0
mode = manual
ftp_host = 172. 130
secure_host = 172. 130… % gconftool -R /system/_proxy
use_authentication = false
ignore_hosts = [localhost, 127. 0/8, *,… ]
use__proxy = true
port = 8080
use_same_proxy = true
host = 172. 130
As others have noted, be sure that your browser and other apps are set to “Use System Proxy Settings”.
answered Jan 30 ’12 at 22:47
craigstercraigster611 silver badge1 bronze badge
If you try:
from the command line, then if you get HTML back the proxy is working.
answered Jul 17 ’15 at 14:18
To set a proxy temporarily you can fire up a terminal and enter
Then start the program, e. g. Synaptic for package management. The console might give you helpful output on what goes wrong.
dv3500ea35. 2k13 gold badges96 silver badges150 bronze badges
answered Sep 9 ’10 at 23:15
PhiPhi1631 silver badge6 bronze badges
I’m using a proxy also, and I had to set the proxy settings specifically for Synergy and update manager (using Synergy: Configuration->Preferences->Network). There’s no option there to use the “system settings”, and even if it should work, changing the proxy server at the system level never made me able to update:-(
I’m interested in a solution that make it work though:-)
answered Sep 7 ’10 at 15:18
Little JawaLittle Jawa2, 5632 gold badges18 silver badges25 bronze badges
anyone thought to check/add settings to:
try it with:
answered Aug 29 ’11 at 20:55
t0m5k1t0m5k1811 silver badge2 bronze badges
Click on “Apply System-Wide… ” and check that all your internet applications are set to use the system proxy. There’s nothing more to it than this. There’s no need to tamper with configuration files and start-up scripts.
answered Sep 9 ’10 at 8:17
Applying system-wide is not enough! I think maybe ISA Server or maybe synaptic reset connection for each query to the web this issue that login and password authentication lie down. Or maybe ISA Server do not accept to transmit query that do not answer on HTTP protocol, but It’s not my favorite.
answered May 26 ’11 at 16:04
Not the answer you’re looking for? Browse other questions tagged networking package-management proxy or ask your own question.
Frequently Asked Questions about kali linux proxy
What do ProxyChains do?
ProxyChains is a tool that forces any TCP connection made by any given application to go through proxies like TOR or any other SOCKS4, SOCKS5 or HTTP proxies. It is an open-source project for GNU/Linux systems. Essentially, you can use ProxyChains to run any program through a proxy server.Mar 15, 2020
Is TOR a proxy chain?
Unlike Tor, proxychains does not encrypt the connections between each proxy server. … Because the Tor protocol requires encrypted relay-to-relay connections, not even a misbehaving relay can see the entire path of any Tor user.
How do I know if my proxy is working Linux?
Method 1: Start a new shell (xterm), then check the environment variables: % env | grep -i proxy http_proxy=http://172.17.0.130:8080/ ftp_proxy=ftp://172.17.0.130:8080/ all_proxy=socks://172.17.0.130:8080/ … Note that existing shells will not have updated environment variables.Sep 7, 2010