what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ZCsocksChainWin.txt

ZCsocksChainWin.txt
Posted May 22, 2000
Authored by Zoa_Chien

Guide to Anonymity with MS-Windows. This little tutorial will explain step by step how to add support for socks chains to all your windows programs like telnet, ftp, irc, http, portscanners... (even if they don't support socks).

tags | paper, web
systems | windows
SHA-256 | 85308b2f270d88709f59694d106453e931539131e8c90481eecf4eaf7cd32881

ZCsocksChainWin.txt

Change Mirror Download
+----------------------+----------------------------------------------------+
| SECURAX TUTORIAL | ANONYMOUS CONNECTIONS OVER THE NET: |
| | Socks Chains in Windows |
+----------------------+----------------------------------------------------+
| written by Zoa_Chien | HTML version with screenshots available at |
| design by nostalg1c | http://www.securax.org/ZC/anon/ |
+----------------------+----------------------------------------------------+


__/ introduction \___________________________________________________________

this tutorial is an attempt to help you re-route all internet winsock
applications in ms windows trough a socks chain, thus making your connections
much more anonymous.



__/ theory \_________________________________________________________________

the more different hops you make your data jump, the more difficult it will
be to trace it back. take this route for example:

you --> socks1 --> socks2 --> socks3 --> ... --> socksx --> target

people who want to trace you will have to contact x persons to ask their them
for their logs. chances are one of them didn't log... and if they logged, the
ip seen by each host/socks is the ip of the previous host/socks in the chain.

this works for:
. icq-like tools
. ftp clients
. mail clients
. telnet clients
. portscanners
. (just about anything that uses the internet)

it doesn't work on most irc servers since they often check for open wingates
and proxies.


__/ now let's do it \________________________________________________________

- first you need to find some boxes running wingate

we look for wingates since the default installation of wingate includes
a non-logging socks server on port 1080

visit
http://proxys4all.cgi.net/win-tel-socks.shtml or
http://www.cyberarmy.com/lists/wingate/ for some wide-known
wingate ips, or even better: you could try to find some yourself.
to do this, i would suggest you use 'proxy hunter', available for
download at http://www.securax.org/ZC/anon/proxyht300beta5.exe
be sure to look for wingates (port 23) and not for socks, as we only
want wingate socks.

you could also use wingatescan, available for download at
http://www.securax.org/ZC/anon/wgatescan-22.zip

speed is very important since we will be using multiple socks, and we
don't want our programs to time out. with the klever dipstick tool,
you can find out which are the fastest ones. (get the klever dipstick
program at http://klever.net/kin/static/dipstick.exe)

Just fire off Dipstick. Rightclick in the small green rectangular and
choose Show main window. To import a list of wingates, just click on
Advanced, choose Import List and select your file.
You can also manually ping a simple host by clicking on Manual Ping.
Use those wingates with the smallest average time. *duh*



- second, check if the wingates from the list are actually running :)

there are a lot of programs that can help you with this, one of them
is server 2000, available for download at
http://freespace.virgin.net/david.wood6/Server/Server.htm

- third, install a program that will intercept all outgoing networking
calls.

i use the great tool sockscap for this purpose. you can get it at
http://www.socks.nec.com/sockscap.html

in the setting, enter this as socks server : 127.0.0.1 port 8000.
click on 'socks version 5'. click 'resolve all names remotely'.
uncheck 'supported authentication'.

in the main window, choose new and then browse to create a shortcut
for the internet client you want to give socks support.

repeat this step for every program you want.

- install socks chainer

download it at http://www.ufasoft.com/socks

in the service menu, click on new. enter 'Chain' as name and '8000' as
port to accept connections on.

click on new and fill in the ips of the fastest wingates you found,
but this time, use port 1080 for this (and not the port 23)

using the '<' and '>', you can add and remove socks. be sure to test
all socks one by one before adding them all to the list in once,
because if one of them is bad, you chain will not work and you will
not be able to locate the bad socks in the chain.

if all of them seem to work, you use the '<' key to add them all
(mind speed problems. 4 or less is fine. i think 10 or 13 is the
limit put by tcp/ip)




__/ testing your anonymous setup \___________________________________________

to check what socks your computer is connecting to, you can use x-ploiters
totostat (http://idirect.tucows.com/files/totostat_install.exe).
look for connections to port 1080, the remote ip found there should be the
first ip found in your chain in sockschain.

use the shortcut in sockscap that points to your browser, and connect to
http://cavency.virtualave.net/cgi-bin/env.cgi or
http://internet.junkbuster.com/cgi-bin/show-http-headers

use your shortcut in sockcap to start your telnet client then telnet to
ukanaix.cc.ukans.edu

you can also use https://sites.inka.de:8001/cgi-bin/pyca/browser-check.py to
test ssl or ftp.zedz.net to verify your ip via ftp.

in all the above cases, the remote server should show you the ip of the last
server in the sockschain. if you look at the sockschain program while
surfing you should see the chain being built up.


__/ some final remarks \____________________________________________________

never use internet explorer to do tricky stuff as it might reveal your ip.
my personal favorite browser is opera 4.0 (http://www.opera.com/)

if you looked carefully to what is displayed when you go to
the http://internet.junkbuster.com/cgi-bin/show-http-headers page, you might
have noticed that a lot of stuff about our client is being sent.
to avoid this, we could install another proxy between the sockscap and the
sockschainer proxy that would filter out those things.
A4proxy is an example of a proxy capable of doing such things.


remember, if you want to do the real stuff, better switch to linux.


Zoa_chien, 22/5/error
#securax on EFNET
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close