Introduction
Happy (belated) Halloween from the VPN/Proxychain team! We’ve been working hard here at the LCDI, and as a result, our proxies are working! We divided tasks and worked separately, but also kept in each other in the loop to how each task was going. Two team members worked on configuring each proxy, and one team member created an Apache web page to view the IP addresses that were viewing the page.
Setting up the Proxies
To set up the proxies, we used an Ubuntu virtual machine to host the Proxychain tool. Then, we installed and configured Dante, a SOCKS5 proxy server, onto the two Raspberry Pis that we’re using as proxies.
Dante:
In order for us to use the proxy without opening up a shell (SSHing/opening PuTTy) we had to put the server onto the Raspberry Pis. It’s possible to use any Pi as a server with a simple OpenSSH server installed, but it requires an extra user step of creating the tunnel and does not lend itself well to the concept of a proxy “chain.” The solution was to install a dedicated proxy server software package. We chose Dante as our SOCKS5 proxy server. With this software installed we no longer have to open a tunnel connection. We only have to set up whatever service we’d like to proxy with the IP of our proxies. Then, we installed Dante onto two of the Pis and changed a few parts of the configuration file. We added the ip and network mask of our Pis into the client pass and socks pass methods in the configuration file. Based on this configuration, when the Dante server is brought up, the Pi will become a proxy. Then, we were able to pass the connection to the other Pi, thus creating a proxy chain.
Testing the Proxies
After setting up the Pis, we used the service Proxifier as a proxy client on a Ubuntu client machine. We set up Proxifier to use our established proxy, and when we tested it, it worked! Our web page’s logs shows that the IP address it saw changed from the Windows virtual machine to the Pis’! Here’s a photo of our Apache web page’s logs that show the change:
After making sure that success was consistent, we began to check and see how the proxy responded if one of the Pis was unplugged, and then if both of the Pis were unplugged. By adding settings in Proxifier, we settled on leaving the Proxychain on a “load balancing” configuration. This is so if one of the Pis goes down, the other will take over as the proxy, and the machine using the proxy will use the second Pi’s IP address. If both go down, the machine will stop connecting to the page. The machine will also stop connecting if load balancing isn’t set and the first Pi in the chain disconnects. This is a positive outcome, because it shows that if the proxies stop working, the user is not tricked into thinking their connection is still secure.
Proxychains
One of the most well-known proxy chaining tool available on Linux is a tool called Proxychains. Proxychains exists to “proxify” applications that don’t have built in proxy settings. On the Ubuntu client VM we installed Proxychains through the terminal. There are several chaining options within Proxychains. We used Dynamic Chaining, a safer option because it guarantees that all proxies in the chain work. It also guarantees that if any proxies in the chain are dead or pulled the chain will skip them. We then had to add the IP addresses of our proxy servers to the configuration file. The default setting connect you through Tor. All we did was input the types of servers we were using(SOCKS5), the IP addresses of our proxies, and which port they were communicating on.
To test the Proxychain’s dynamic chaining system, we setup Proxychains running through the Dante servers on both Pi’s to connect to our Apache test server. We started unplugging the Pi’s power individually and together to see if it would crash or continue to connect through the losses of proxies. The results were encouraging.
When one Pi lost connection, Proxychains was still able to connect by switching to the other proxy to conceal the IP address while connecting to the Apache server. When the connection to both proxies were lost, Proxychains was unable to connect to the Apache server. As long as there is a functioning proxy, Proxychains will be able to connect. But, by itself our setup of Proxychains will fail to connect.
Foxy Proxy
We also investigated the usage of the plugin FoxyProxy as an alternative to some of the other tools we were investigating. The Foxyproxy tool can be added on the Mozilla Firefox. Disclaimer: Foxyproxy is not a proxy chaining tool. It is a proxy use tool that is more in-depth and easier of use than the standard network proxy settings of Firefox.
To install Foxyproxy, the Firefox browser needs to be installed. Then, search Foxyproxy on your internet browser and add it to your browser through a download and executable. Foxyproxy can utilize the pre-setup proxies in our network. Once the proxy IPs are added, the application will be up and running. We plan on testing this plugins failsafe procedures.
Conclusion
Our proxies are all set and most everything on their end seems to be working great! Next, is getting the VPN to the same place inter terms of functionality and testing its failsafe procedures. Once both the proxies and the VPN are up and running on their own, our goal is to combine them. This is to see if everything still works the way it’s supposed to. Also to see how unplugging the combination of any of the three Pis affects the IP addresses seen by the Apache web page.