Proxychains is open source software for GNU/Linux systems.
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy.
How to install Tor and Polipo in Backtrack 5 R3
How to Use Tor in Backtrack 5 R3 Whole System Using Proxychains
Tor is an open source Anonymous Internet tool. It protects your personal identification from tracking systems by changing the source IP address frequently. Application will create many virtual tunnels through the tor network.By default Tor is not integrated in BackTrack 5. Why use Tor on Backtrack ? Normally Tor is used to protect the browsing security but Tor can be used for network scanning tools and other information gathering tools or by student for Educational Purpose.In this my article i will show you how to install TOR properly on Backtrack . Dont Be Hesitate If You are Unable to Take Advantage of this post . Put YOUR Question with Me I will quickly give your answer .
So Let Us Start I do not recommend just using TOR for your proxy. It's wise to layer your anonymity (Including your router, if you're working off a Desktop).
start. Open the Terminal. step 1. #cd /etc/apt #ls
step 2. #vi sources.list step 3. Press 'i' on your keyboard. step 4. Add this line at the bottom: deb http://deb.torproject.org/torproject.org lucid main step 5. Press ESC, type a colon, type wq and hit enter. step 6. Run this command: gpg --keyserver keys.gnupg.net --recv 886DDD89 step 7. Run this command: gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - step 8. apt-get update step 9. apt-get install tor tor-geoipdb step 10. Download Tor Browser Bundle for Ubuntu (To your desktop). https://www.torproject.org/projects/torbrowser.html.en
step 11. cd Desktop step 12. Download the architecture-appropriate file above, save it somewhere, then run one of the following two commands to extract the package archive:
tar -xvzf tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz or tor-browser-gnu-linux-i686-2.2.37-2-dev-en-US.tar.gz
step 13. chown -R root:root ./tor-browser_en-US step 14. Open the folder 'Tor-Browser_en-US" step 15. Open the file 'start-tor-browser in gedit. step 16. Find the line: "if [ "`id -u`" -eq 0 ]; then complain "The Tor Browser Bundle should not be run as root. Exiting." exit 1
17. Change to:
if [ "`id -u`" -eq 1 ]; then complain "The Tor Browser Bundle should not be run as root. Exiting." exit 1
now install polipo
18. apt-get install polipo 19. cd /etc/polipo 20. mv config conf-backup.txt 21. Download and copy polipo config 22. vi config 23. Press 'i' on your keyboard. 24. Paste the text you just copied. 25. Press ESC, type a colon, type wq and hit enter. 26. service polipo start 27. service tor start 28. Start tor browser bundle (From the file on your desktop). To run the Tor Browser Bundle, execute the start-tor-browser script: # ./start-tor-browser
Remember, polipo runs on port 8118, TOR runs on 9050
Be sure to stop both when you need to update anything:
Awhile back Bernardo Damele showed a cool method for utilizing an executable to deliver alphanumeric shellcode straight into memory. This was an awesome attack vector and allowed for AV and other security mechanisms such as HIPS and others to be circumvented extremely easy. You can download shellcodeexec here. Since then, Matthew Graeber came out with a technique for injecting shellcode straight into memory through Powershell. This technique eventually made it into the Social-Engineer Toolkit (SET) as a method for the Java Applet and never touching disk. You can read the blog post here.
The Social-Engineer Toolkit (SET) version 4.7 codename “Headshot” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the reverse ports outbound. What’s nice with this technique is it never touches disk and also uses already white listed processes. So it should never trigger anything like anti-virus or whitelisting/blacklisting tools. In addition to multi-powershell injector, there are a total of 30 new features and a large rewrite of how SET handles passing information within different modules.
removed a prompt that would come up when using the powershell injection technique, port.options is now written in prep.py versus a second prompt with information that was already provided
began an extremely large project of centralizing the SET config file by moving all of the options to the set.options file under src/program_junk
moved all port.options to the central routine file set.options
moved all ipaddr.file to the central routine file set.options
changed spacing on when launching the SET web server
changed the wording to reflect what operating systems this was tested on versus browsers
removed an un-needed print option1 within smtp_web that was reflecting a message back to user
added the updated java bean jmx exploit that was updated in Metasploit
added ability to specify a username list for the SQL brute forcing, can either specify sa, other usernames, or a filename with usernames in it
added new feature called multi-powershell-injection – configurable in the set config options, allows you to use powershell to do multiple injection points and ports. Useful in egress situations where you don’t know which port will be allowed outbound.
enabled multi-pyinjection through java applet attack vector, it is configured through set config
removed check for static powershell commands, will load regardless – if not installed user will not know regardless – better if path variables aren’t the same
fixed a bug that would cause linux and osx payloads to be selected even when disabled
fixed a bug that would cause the meta_config file to be empty if selecting powershell injection
added automatic check for Kali Linux to detect the default moved Metasploit path
removed a tail comma from the new multi injector which was causing it to error out
added new core routine check_ports(filename, ports) which will do a compare to see if a file already contains a metasploit LPORT (removes duplicates)
added new check to remove duplicates into multi powershell injection
made the new powershell injection technique compliant with the multi pyinjector – both payloads work together now
added encrypted and obfsucated jar files to SET, will automatically push new repos to git everyday.
rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet.
added signed and unsigned jar files to the java applet attack vector
removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk
fixed a payload duplication issue in create_payload.py, will now check to see if port is there
removed a pefile check unless backdoored executable is in use
turned digital signature stealing from a pefile to off in the set_config file
converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly
