This tutorial is an attempt to help you re-route all internet winsock applications in ms windows trough a socks chain, thus making your connections much more anonymous.
Theory
The more different hops you make your data jump, the more difficult it will be to trace it back. take this route for example:
you –> socks1 –> socks2 –> socks3 –> … –> socksx –> target
People who want to trace you will have to contact x persons to ask their them for their logs. chances are one of them didn’t log… and if they logged, the ip seen by each host/socks is the ip of the previous host/socks in the chain.
This works for:
- icq-like tools
- ftp clients
- mail clients
- telnet clients
- portscanners
- (just about anything that uses the internet)
and proxies.
Now let’s do it
1) First you need to find some boxes running wingate, we look for wingates since the default installation of wingate includes a non-logging socks server on port 1080
Visit http://www.samair.ru/proxy/socks.htm or http://www.proxyleecher.com/socks.php for some wide-known wingate ips, or even better: you could try to find some yourself.
To do this, i would suggest you use ‘proxy hunter’, available for download at http://www.proxys4all.com/tools.shtml be sure to look for wingates (port 23) and not for socks, as we only want wingate socks.
You could also use wingatescan, available for download at http://packetstormsecurity.org/wingate-scanner/
Speed is very important since we will be using multiple socks, and we don’t want our programs to time out. with the klever dipstick tool, you can find out which are the fastest ones. (get the klever dipstick program at http://klever.net/kin/static/dipstick.exe)
Just fire off Dipstick. Rightclick in the small green rectangular and choose Show main window. To import a list of wingates, just click on Advanced, choose Import List and select your file.
You can also manually ping a simple host by clicking on Manual Ping. Use those wingates with the smallest average time. *duh*
2) Second, check if the wingates from the list are actually running
There are a lot of programs that can help you with this.
3) Third, install a program that will intercept all outgoing networking calls.
I use the great tool sockscap for this purpose. you can get it at: http://www.socks.permeo.com/Download/SocksCapDownload/index.asp
we have some people to say cant find any links to sockscaps looks like they went down or something..
google wont give me anything even with deepsearching.
OKAY!!! below you have the link to download SocksCap in attachment:)
http://security-sh3ll.com/showthread.php?t=861&highlight=sockscap
In the setting, enter this as socks server : 127.0.0.1 port 8000. Click on ’socks version 5′. click ‘resolve all names remotely’. Uncheck ’supported authentication’.
In the main window, choose new and then browse to create a shortcut for the internet client you want to give socks support.
Repeat this step for every program you want.
4) Install SocksChain
Download it at http://www.ufasoft.com/socks
In the service menu, click on new. enter ‘Chain’ as name and ‘8000′ as port to accept connections on.
Click on new and fill in the ips of the fastest wingates you found, but this time, use port 1080 for this (and not the port 23)
Using the ‘<' and '>‘, you can add and remove socks. be sure to test all socks one by one before adding them all to the list in once, because if one of them is bad, you chain will not work and you will not be able to locate the bad socks in the chain.
If all of them seem to work, you use the ‘<' key to add them all (mind speed problems. 4 or less is fine. i think 10 or 13 is the limit put by tcp/ip)
Testing your anonymous setup
To check what socks your computer is connecting to, you can use x-ploiters totostat (http://tucows.mundofree.com/preview/7534.html). look for connections to port 1080, the remote ip found there should be the first ip found in your chain in sockschain.
use the shortcut in sockscap that points to your browser, and connect to http://cavency.virtualave.net/cgi-bin/env.cgi or
http://www.junkbuster.com/cgi-bin/show_http_headers
Use your shortcut in sockcap to start your telnet client then telnet to ukanaix.cc.ukans.edu
In all the above cases, the remote server should show you the ip of the last server in the sockschain. if you look at the sockschain program while surfing you should see the chain being built up.
Some final remarks
Never use internet explorer to do tricky stuff as it might reveal your ip. my personal favorite browser is opera (http://www.opera.com/), security-shell recommends Firefox.
To avoid info being sent out, we could install another proxy between the sockscap and the sockschainer proxy that would filter out those things. A4proxy is an example of a proxy capable of doing such things or Proximitron
Remember, if you want to do the real stuff, better switch to Linux like Ubuntu.
enjoy