Big Problems using Proxychains in Whonix!

General Tor and Anonymity Talk
1

Ok, I’ve been trying to get it work for about a week now and I’ve been incredibly frustrated, probably close to beating my laptop against the wall. I’ve tried seemingly everything so I’m sure it’s got to be something really small and obvious. As it stands I’m willing to send someone a couple bucks worth of BTC for fixing my problem for me since it’s been driving me absolutely nuts. I appreciate all helpful comments, here goes:

I get proxychains via “sudo apt-get install proxychains”

open /etc/proxychains.config with either nano or kdeseudo

comment out dynamic

Here’s where the problem’s got to be:

[ProxyList]

add proxy here …

meanwile

defaults set to “tor”

socks4 127.0.0.1 9050

I tried commenting out “socks4 127.0.0.1”

tried erasing “socks5 127.0.0.1”

tried added “socks5 127.0.0.1”

tried adding proxies (socks-proxy.net only socks5) directly below socks4 127.0.0.1 9050

tried adding after commenting out socks4

tried changing the custom settings in torbrowser to “9050”

after everything I change I’ll just hit control O, enter, control X, open up a new konsole and type “proxychains torbrowser” and EVERY SINGLE TIME I’ll get timedout, no matter how long I set the timeouts for. Tried strict chain, tried seemingly everything

All help is appreciated and like I said, if it works for me I’ll send you some BTC

2

Have you seen our documentation on the topic already? proxychains is possible and documented.
Check out:

3

[quote=“Patrick, post:2, topic:465”]Have you seen our documentation on the topic already? proxychains is possible and documented.
Check out:

of course, I’m still getting timeouts for seemingly no reason. Given what I described could you suggest what the problem might be?

Edit: will of course make a nice donation to the project if I get this working, thanks

4

You overlooked some points in documentation.

tried changing the custom settings in torbrowser to "9050"
Mistake. -> Do not forget to Remove Proxy Settings from Tor Browser: https://www.whonix.org/wiki/Tor_Browser#Change.2FRemove_Proxy_Settings
[ProxyList] # add proxy here ... # meanwile # defaults set to "tor" socks4 127.0.0.1 9050

I tried commenting out “socks4 127.0.0.1”

tried erasing “socks5 127.0.0.1”

tried added “socks5 127.0.0.1”

tried adding proxies (socks-proxy.net only socks5) directly below socks4 127.0.0.1 9050

tried adding after commenting out socks4


Documentation advises otherwise.

The first test it supposed to do is this:

Go to the bottom of the settings file. Comment out “socks4 127.0.0.1 9050” and add for example “socks5 192.168.0.10 9152” (for Tor stream isolation) or “socks5 ip port” with an IP and port of your choice to set the proxy settings.

[ProxyList]

add proxy here …

meanwhile

defaults set to “tor”

#socks4 127.0.0.1 9050
socks5 192.168.0.10 9152

socks5 x.x.x.x xxxx

When that worked, you can replace that IP with your actual proxy. You’re probably better off using IP rather than some.host.name.

open up a new konsole and type "proxychains torbrowser"
Mistake. -> Documentation suggests. 
proxychains ~/tor-browser_en-US/App/Firefox/firefox --profile ~/tor-browser_en-US/Data/profile

You somehow missed the Combining Tunnels with Tor chapter which also contains advice to test non-Tor Browser applications (wget.whonix-orig) with proxychains first.

There also is a chapter “required knowledge”:

5

[quote=“Patrick, post:4, topic:465”]You overlooked some points in documentation.

Mistake. → Do not forget to Remove Proxy Settings from Tor Browser:

Documentation advises otherwise.

The first test it supposed to do is this:

Go to the bottom of the settings file. Comment out “socks4 127.0.0.1 9050” and add for example “socks5 192.168.0.10 9152” (for Tor stream isolation) or “socks5 ip port” with an IP and port of your choice to set the proxy settings.

[ProxyList]

add proxy here …

meanwhile

defaults set to “tor”

#socks4 127.0.0.1 9050
socks5 192.168.0.10 9152

socks5 x.x.x.x xxxx

When that worked, you can replace that IP with your actual proxy. You’re probably better off using IP rather than some.host.name.

Mistake. → Documentation suggests.

proxychains ~/tor-browser_en-US/App/Firefox/firefox --profile ~/tor-browser_en-US/Data/profile

You somehow missed the Combining Tunnels with Tor chapter which also contains advice to test non-Tor Browser applications (wget.whonix-orig) with proxychains first.

There also is a chapter “required knowledge”:

Thanks for the help, I did mess up the browser settings but I still can’t get a proxy IP!

With the stream isolation IP the chain “works” according to konsole (didn’t remove the wrapper though) and still an exit node as IP, put up a few proxies and I’m still getting tor exit nodes! Commented out stream and still getting exit nodes.

proxychains ~/tor-browser_en-US/App/Firefox/firefox --profile ~/tor-browser_en-US/Data/profile

This code doesn’t work either, I’ve been testing with

proxychains /usr/bin/wget.whonix-orig https://check.torproject.org

and it says |D-chain|-<>-192.168.0.10:9152-<><>-xx.xxx.x.xxx:xxx-<><>-OK

but still giving me an exit node

I’m gonna keep playing around but it’s getting kinda frustrating. I’ll be sure to make a good size donation if this works out, thanks

6

I am also on IRC at the moment.

7

/usr/bin/wget.whonix-orig is best for testing. Tor Browser comes with its own issues.

Comment updated, because The Tor Project chagned the paths.

8

Later when you got /usr/bin/wget.whonix-orig working… Don’t wonder if Tor Browser will say.

Something Went Wrong!

Tor is not working in this browser.

This means, that Tor Button is not able to access Tor’s ControlPort. And I am not surprised about that. proxychains forces the browser through a chain of proxies. Naturally, 127.0.0.1 9150 (Tor Button default Tor ControlPort) can no longer be accessed. Accessing https://check.torproject.org however should work (if the other issues are sorted out).

9

I’ve got Tor Browser working through proxychains.
Did set Tor Button to transparent proxyfication. Which means “no proxy”, but that is fine, since you are going to use proxychains to enforce proxy settings. So setting up a proxy in two places, as in Tor Button as well as in proxychains would fail.
Restarted Tor Browser.

My /etc/proxychains.conf is a bit lame, though.

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050

127.0.0.1 9050 is redirected to Whonix-Gateway by rinetd [/etc/rinetd.conf], so I am still just using Tor. Because I do not know any proxies that I could use legally. I guess there are some, but it takes some time finding them. (Perhaps JonDo could help out.)

10

I’ve set to /etc/proxychains.conf to non-existing proxy for testing purposes.

As expected doesn’t work as opposed to.

So I guess, once you have a working proxy, and it works with wget, it should also work with Tor Browser.

11

I haven’t tried with wget yet but so far just the standard

[ProxyList]

add proxy here …

meanwile

defaults set to “tor”

#socks4 127.0.0.1 9050
socks5 socks5 192.168.0.10 9152
socks5 xxx.xx.xxx.xx xxxxx
socks xxx.xx.xxx.xx xxxx

Isn’t working.

I know it’s supposed to show a warning (was getting it before) saying I was exiting from a non-tor node (as it’s supposed to) but now I’m not getting anything different.

just opens up a new browser, doesn’t seem to reset connection. Tried running a whole new browser to no avail. What could I be doing wrong? It seems like I tried everything, is there any way you could make it step by step and I try all over again? Thanks again

12

Try with /usr/bin/wget.whonix-orig first, otherwise you won’t even know if it’s your proxy(ies) that aren’t working or

socks5 socks5 192.168.0.10 9152
Using two times socks5 (socks5 socks5) is a mistake.
socks5 xxx.xx.xxx.xx xxxxx socks xxx.xx.xxx.xx xxxx
Don't try with so many for start. It could very well be the case that one proxy is offline. Then it wouldn't be a configuration fault, but wouldn't work nevertheless.
socks xxx.xx.xxx.xx xxxx
This probably is another mistake. Simply using "socks" but not "socks4" or "socks5" probably won't work.
I know it's supposed to show a warning (was getting it before) saying I was exiting from a non-tor node (as it's supposed to) but now I'm not getting anything different.
Used default homepage about:tor by chance? The about:tor page probably won't know about.

https://check.torproject.org/ should be able to figure out.

just opens up a new browser, doesn't seem to reset connection.
Not sure what you mean by "doesn't seem to reset connection" - Maybe it's this: you must make sure, that Tor Browser isn't running before trying to run Tor Browser using proxychains. 
ps aux | grep firefox

This is because proxychains won’t be able to proxyfy already running applications. It can only bend applications it will start itself.

is there any way you could make it step by step and I try all over again?
Instructions https://www.whonix.org/wiki/Tunnel_Proxy_or_SSH_or_VPN_through_Tor#proxychains are step by step and I tested them as per my last post. If they're not working for you, they need to be debugged by you as per my last post.
13

sorry, I bungled my last post spectacularly by trying to post it from android. There was no problem with typing “socks5” and I think having torbrowser shut off was one problem. I think there are some others though. For one, is the stream isolation supposed to be in gateway? If so that’s something I’ve been doing wrong, I’ve been doing everything in workstation so far. Basically:

proxychains.conf VER

3.1

HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.

The option below identifies how the ProxyList is treated.

only one option should be uncommented at time,

otherwise the last appearing option will be accepted

dynamic_chain

#Dynamic - Each connection will be done via chained proxies

all proxies chained in the order as they appear in the list

at least one proxy must be online to play in chain

(dead proxies are skipped)

otherwise EINTR is returned to the app

#strict_chain

Strict - Each connection will be done via chained proxies

all proxies chained in the order as they appear in the list

all proxies must be online to play in chain

otherwise EINTR is returned to the app

#random_chain

Random - Each connection will be done via random proxy

(or proxy chain, see chain_len) from the list.

this option is good to test your IDS :slight_smile:

Make sense only if random_chain

#chain_len = 2

Quiet mode (no output from library)

#quiet_mode

Proxy DNS requests - no leak for DNS data

proxy_dns

Some timeouts in milliseconds

tcp_read_time_out 55000
tcp_connect_time_out 80000

ProxyList format

type host port [user pass]

(values separated by ‘tab’ or ‘blank’)

Examples:

socks5 192.168.67.78 1080 lamer secret

http 192.168.89.3 8080 justu hidden

socks4 192.168.1.49 1080

http 192.168.39.93 8080

proxy types: http, socks4, socks5

( auth types supported: “basic”-http “user/pass”-socks )

[ProxyList]

add proxy here …

meanwile

defaults set to “tor”

#socks4 127.0.0.1 9050
socks5 192.168.0.10 9152
socks5 123.45.678.90 1111 (for example)

Input all this, save, close kwrite. Close Browser after making sure transparent proxying is on.

then

still getting tor exit nodes! Log is saying “ok” though

I’ve tried with the stream (socks5 192.168.0.10 9152) taken out as well and no difference. Any help? You must be getting frustrated but I appreciate the help. I’ll be sure to have my donation reflect this

14

Everything need to be done in Whonix-Workstation indeed.

[quote=“nestea, post:13, topic:465”]# proxychains.conf VER
3.1[/quote]
This is a mistake in config.
“3.1” has no # in front. That will probably break proxychains from working.

dynamic_chain
This is probably a mistake. If the proxy is unreachable - which might be very well be the case - you haven't debugged this - proxychains would simply skip it.

I advice to comment it out and to use:

strict_chain
Any help?
Debug this issue as advised in earlier posts.