When you visit a website like www.google.com, your browser sends a connection request from your computer to the web server. The server processes your request and sends back the web page you requested to visit.

This is a pretty simplified description of what happens when you visit a website, but the point is that these direct connections expose your privacy as the web server can see your IP address / location and knows you connected from there.

With proxychains, you can route connection attempts to a server through a number of proxies that will hide your IP from the destination server itself. The server will only see that the proxy server attempted to connect, not you.

What is Proxychains?

Proxychains allows dynamically linked applications to transparently route its TCP network traffic through a chain of proxy servers so that the destination sees the request as coming from the proxy server rather than your real IP address.

Once you understand simple concepts like how proxychains works, proxy types, chain modes, and configuration you should have no issues with the tool. It should make sense why it doesn’t work as straightforward in some apps and how to troubleshoot.

Official Repository: https://github.com/rofl0r/proxychains-ng

How Proxychains Works

Proxychains operates as a preloaded shared library that intercepts network-related system calls in dynamically linked programs, enabling transparent proxy redirection at the application layer.

• Preloaded Shared Library: Library that contains reusable code that is injected into other program’s memory space before other libraries load, allowing it to override standard functions.
• Dynamically Linked Program: Programs (most of them actually), that use external shared libraries (like .so files) to perform common functions rather than bundling all code into the binary itself.

In simpler words, proxychains intercept networking functions of applications to inject its proxy routing logic, all without the application know about it.

Library Injection and Function Interception

When an app is executed, proxychains injects the libproxychains.so library into the app process’s memory space before standard system libraries load.

This allows proxychains to intercept and replace networking functions from libc to add proxy redirection logic before establishing TCP connections.

Example libc functions intercepted:

• connect(): Captures outbound TCP connection attempts and redirects them through the proxy chain.
• getaddrinfo(): Handles DNS resolution requests via the POSIX standard API.
• close() / close_range(): Ensures proper socket and resource cleanup.

Traffic Redirection Flow

Once a connection attempt is intercepted, proxychains transparently reroutes the traffic through the configured proxy sequence (from proxychains.conf).

The application is completely unaware of the proxychains rerouting and continues to operate as usual. No change in the app is needed.

DNS Proxying and Leak Prevention

When proxy_dns is enabled in proxychains.conf, proxychains prevents DNS leaks by handling hostname resolution through the proxy chain rather than your local DNS resolver. This prevents DNS leaks that could expose your browsing activity to your ISP (internet service provider) or local network.

What’s a DNS leak? When you visit a website, your computer needs to translate the domain name (like www.google.com) into an IP address through DNS resolution. Even if all your traffic is going through proxies, those DNS queries might still be sent directly to your ISP’s DNS server (revealing which sites you’re trying to visit). DNS proxying fixes this by routing those queries through your proxy chain as well.

Protocol Support

Proxychains works with TCP-based traffic and supports several common proxy types:

• TCP Connections: Full support for all TCP-based network traffic.
• Proxy Types: SOCKS4, SOCKS4a, SOCKS5 (with or without authentication), and HTTP/HTTPS proxies.

Proxy Types

SOCKS4

• The basic SOCKS protocol that provides basic TCP proxying.
• Only supports IPv4 addresses and doesn’t handle DNS resolution (needs to resolve hostnames to IP addresses before connecting).
• Widely supported but limited compared to newer versions. Not recommended.

SOCKS4a

• An extension of SOCKS4 that adds hostname resolution support.
• Instead of requiring you to resolve domain names yourself, it lets the proxy server handle DNS lookups. This is useful for accessing resources by hostname rather than IP address.

SOCKS5 (Recommended)

• The recommended option due to its flexibility and features.
• Supports both IPv4 and IPv6, includes built-in authentication, and can handle various traffic types.
• Note that some SOCKS5 implementations support UDP traffic but proxychains doesn’t support UDP.

HTTP/HTTPS

• HTTP proxies were originally designed for web traffic but can handle other TCP connections through the HTTP CONNECT method.
• The connection to the proxy is encrypted, but once the connect tunnel is established, the proxy sees your traffic in whatever form you send it. If you’re accessing HTTP sites, that traffic is still unencrypted inside the tunnel.

Protocol Limitations

Proxychains intercepts TCP connection functions in dynamically linked programs only. Protocols that don’t use these cannot be intercepted.

• UDP Traffic: Generally not supported because UDP is connectionless and bypasses the connect() calls that proxychains intercepts.
• ICMP Packets: Tools like ping and traceroute can’t be proxied since they use ICMP.
• Raw Sockets: Applications using raw socket operations communicate directly with the kernel, bypassing the libc functions that proxychains intercepts.

Chain Modes

These are the types of chains / routing that will be used by proxychains.

Dynamic Chain Mode (Recommended)

Routes traffic through all listed proxies in sequence. Automatically skips unresponsive proxies.

• Requires at least 1 proxy to be online.
• Automatically continues operation even when some proxies are unreachable.
• This is the recommended chain. Commonly used when proxy availability is inconsistent and uptime is critical.

Strict Chain Mode

Routes traffic through all listed proxies in the exact order specified, otherwise it fails.

• All proxies must be online.
• The whole connection fails if any single proxy in the chain is unreachable.
• This chain ensures a consistent and predictable network path for all connections.

Round-Robin Chain Mode

Distributes traffic sequentially across all proxies in round-robin rotation.

• Requires at least 1 proxy to be online.
• Each new connection uses the next proxy in the sequence and circles back to the first proxy after reaching the end of the chain.
• This chain provides load distribution across the proxies, preventing an individual proxy from being overloaded or having your connection rate-limited.

Random Chain Mode

Routes traffic through a randomly selected proxy from the configured listed.

• Requires at least 1 proxy to be online.
• Control how many proxies from the list are used per connection with the chain_len config parameter.
• This chain enhances anonymity due to the random proxy selection but may have variable performance due to different proxy server location and speed.

Configuration File

Proxychains looks for its config file in this order:

• $PROXYCHAINS_CONF_FILE environment variable
  • Environment variable for a custom config file path.
  • Takes highest priority when set.
• -f <config_file_path> command line option
  • Command option for proxychains binary execution.
  • Specifies the config file directly when running proxychains.
• ~/.proxychains/proxychains.conf or ~/.proxychains/proxychains4.conf
  • User-specific config file path.
  • Filename depends on Linux distro.
  • Overrides system-wide configuration.
• /etc/proxychains.conf or /etc/proxychains4.conf
  • System-wide config file path.
  • Filename depends on Linux distro.
  • Used when no user-specific config exists.

Proxy Lists

Free Proxy Services

Same as VPNs, I don’t recommend free public proxies as they often have security/privacy risks and reliability issues. Instead, you can self-host your own proxy infrastructure (future post) or use a paid one.

• ProxyScrape: https://proxyscrape.com/free-proxy-list
• Proxifly (GitHub): https://github.com/proxifly/free-proxy-list
• ProxyDB: https://proxydb.net/
• GeoNode: https://geonode.com/free-proxy-list

Paid Proxy Services

• Oxylabs: https://oxylabs.io/
• Bright Data: https://brightdata.com/
• IPBurger: https://www.ipburger.com/
• Decodo: https://decodo.com/

Note: These are common proxy services, but do your own research before choosing one.

Good to Know Information

Advantages and Limitations

Advantages

• Application Transparency: Applications work without any configuration changes (they’re unaware of the proxy).
• Protocol Flexibility: You can mix SOCKS4/5 and HTTP proxies in the same chain.
• Multi-Proxy Chaining: Route traffic through multiple proxies for better anonymity.
• DNS Privacy: Routes DNS queries through proxies to prevent leaks.

Limitations

• Protocol Restrictions: TCP only (limited UDP support).
• Dynamic Linking Only: Doesn’t work with statically compiled binaries.
• Compatibility Issues:
  • Static binaries bypass the interception mechanism.
  • Apps using dlopen() or raw sockets may not work.
  • Direct syscalls can’t be intercepted.
  • AppArmor/SELinux may block functionality.
• Performance Impact:
  • Added latency per proxy hop.
  • Bandwidth limited by slowest proxy.

Use Cases

Security Testing

• Anonymize penetration testing tools and vulnerability scans.
• Pivot through compromised systems to access isolated networks.
• Perform OSINT gathering and web app testing from different GEOs.

Privacy and Operations

• Bypass geographic restrictions and censorship.
• Access corporate resources through proxy tunnels.
• Maintain operational security during sensitive research.

Development & Testing

• Test APIs through different network paths.
• Simulate distributed user bases across regions.
• Validate application behavior under various network conditions.

Data Collection

• Bypass IP-based rate limiting by rotating through multiple proxy endpoints.
• Gather competitive intelligence anonymously.
• Avoid region-specific price discrimination.

Integration with Tor

Proxychains and Tor are often mentioned together, but they’re different tools for different purposes. Proxychains is tool that routes your application traffic through proxy servers, while Tor is a dedicated anonymity network with built-in cryptographic protections.

If you want to access the Tor network anonymously, just use Tor Browser or torsocks. These tools are designed for anonymous browsing through the Tor network. And use proxychains when you need to route regular application TCP traffic through proxy servers (not on the Tor network).

What NOT to Do:

• Don’t Use Tor Browser with Proxychains: Tor Browser already routes traffic through Tor, adding proxychains is redundant and could create potential security risks.
• Don’t Chain Tor with Additional Proxies: Unlike popular believe, adding proxies before or after Tor typically reduces anonymity rather than enhancing it.
• Don’t Run as Root: Running GUI applications as root usually creates security risks.

Correct Proxychains Usage with Tor: If you need to route command-line tools through Tor (not for anonymity, but for functionality), configure proxychains to use the local Tor SOCKS proxy:

# Add the Tor proxy to proxychains.conf
socks5 127.0.0.1 9050

# Start Tor service first
sudo systemctl start tor

# Use proxychains with apps
proxychains curl https://check.torproject.org
proxychains firefox  # For general browsing, NOT FOR TOR BROWSING

There will be another post dedicated to Tor, but take into consideration some pros and cons of using the Tor network with proxychains.

• When you use Tor, your traffic enters through an entry node and eventually exits through an exit node that could be run by anyone (regular people or malicious actors). Yes, you’re truly anonymous (the node operator has no way to see your real IP address), but they can see any unencrypted traffic passing through their node.
• If using using a paid proxy service, you know who the owner of the proxy is and its privacy policy, which creates some peace of mind for some users, but the owner can see your real IP and that you are using Tor.
• The choice depends on you, if you need anonymity from the destination server and don’t want anyone correlating your real identity with your traffic, Tor is the way to go. If you prefer working with accountable infrastructure where you know who’s running the servers, a reputable paid proxy service makes more sense.
• My recommendation is to use a zero-knowledge VPN (like Proton or Mullvad) alongside Tor, which hides your Tor usage from your ISP and prevents Tor entry guards from seeing your real IP address.

Proper Anonymity Techniques

1. Use Tor for Anonymity, Not Proxychains:
   • Tor provides cryptographic anonymity.
   • Proxychains is for pivoting and bypassing restrictions, not anonymity.
   • I don’t recommend chaining Tor with additional proxies, defeats the purpose.
2. VPN/Proxy Combinations:
   • Correct: VPN -> Tor (VPN then Tor browser or torsocks).
   • Incorrect: VPN -> Proxychains -> Tor (reduces anonymity).
3. Use Trusted Infrastructure:
   • Deploy your own proxy servers on trusted cloud providers.
   • Use reputable commercial proxy services (not free ones).
   • Audit and monitor your proxy infrastructure regularly (check leaks).

OpSec

Do’s:

• Verify if you have any DNS leak.
• Use end-to-end encryption and HTTPS as much as possible.
• Rotate proxies regularly.
• Use application-specific isolation (separate browser profiles, VMs).

Don’ts:

• Don’t reuse the same chain long-term.
• Don’t mix personal and ops/research traffic.
• Don’t assume proxychains provides encryption (it doesn’t).
• Don’t run GUI apps as root with proxychains.

Working with Proxychains

Install Proxychains

There are 2 versions of proxychains: the legacy proxychains which is unmaintained, and the modern proxychains-ng (use this one). The naming differs between Linux distros, which can be confusing.

• RHEL-based distros (Fedora, CentOS, etc.): Only proxychains-ng is available. Install with package name proxychains-ng, run with proxychains command, and configure via proxychains.conf.
• Debian-based distros (Ubuntu, Debian, etc.): Both versions are available. The modern proxychains-ng is packaged as proxychains4 to avoid conflicts with the legacy version. Run with proxychains4 command and configure via proxychains4.conf.
• Recommendation: Always use proxychains-ng. On Debian systems, make sure you’re running proxychains4 (not proxychains - check you are running version 4.x, not 3.x).

# RHEL/Fedora
dnf install proxychains-ng

# Debian/Ubuntu
apt install proxychains4

Configure Proxychains

Edit /etc/proxychains.conf or ~/.proxychains/proxychains.conf.

vim ~/.proxychains/proxychains.conf

# Sample Proxychains Configuration File

# ============================================
# Chain Mode Selection (choose ONE)
# ============================================
dynamic_chain       # Recommended: skips dead proxies
# strict_chain      # All proxies must be online
# round_robin_chain # Rotate through proxies in round-robin
# random_chain      # Random proxy selection

# ============================================
# Random Chain Settings
# ============================================
# Only applies when random_chain is enabled
chain_len = 2       # Number of proxies per chain

# ============================================
# DNS Configuration
# ============================================
# Prevent DNS leaks by routing DNS through proxy
proxy_dns

# Remote DNS subnet for fake local responses
# Used internally to identify DNS requests
remote_dns_subnet 224

# ============================================
# Connection Timeouts (milliseconds)
# ============================================
tcp_read_time_out 15000     # Read timeout: 15 seconds
tcp_connect_time_out 8000   # Connect timeout: 8 seconds

# ============================================
# Output Control
# ============================================
# Suppress proxychains debug output
quiet_mode

# ============================================
# Local Network Exclusions
# ============================================
# Bypass proxy for local/private networks
localnet 127.0.0.0/255.0.0.0      # Localhost
localnet 10.0.0.0/255.0.0.0       # Private Class A
localnet 172.16.0.0/255.240.0.0   # Private Class B
localnet 192.168.0.0/255.255.0.0  # Private Class C

# ============================================
# Proxy List
# ============================================
# In this section is where you list the proxy servers to use
[ProxyList]
# Format: <type> <host> <port> [username] [password]

# SOCKS Proxies (no authentication)
socks4 192.168.1.100 1080
socks5 192.168.1.101 1080

# SOCKS5 with authentication
socks5 proxy.example.com 1080 username password

# Tor SOCKS Proxy (default)
socks5 127.0.0.1 9050

# HTTP Proxies
http 192.168.1.102 8080
http proxy.example.com 8080 username password

# HTTPS Proxy
http proxy.example.com 3128 user pass123

Using Proxychains

• Run proxychains alongside another program/app to cycle through proxies.
• -f <config_file_path>: Specify a custom proxychains.conf file to use.
• -q: Enable quiet mode (suppress proxychain output).

# Syntax
proxychains [options] <program> [program_options]

# Examples
# Simple command execution
proxychains nslookup example.com

# Launch Firefox
proxychains firefox

# Network scanning (requires specific flags)
proxychains nmap -sT -Pn -n target.com

# SSH connection
proxychains ssh user@remote-host

Test Proxy Anonymity

# Check anonymity level with proxy checker
curl -x socks5://proxy.example.com:1080 https://ip-api.com/json/

# Verify no IP leaks
proxychains curl https://ipleak.net/json/