MAC proxychain-ng 使用详解

42 min read

Proxychains-ng 是经典的 Linux 下多代理链服务工具,能够让我们在开发、测试或者生产环境下更加便捷地访问目标资源或服务。

以下是 MAC 上如何使用 proxychain-ng 的详细说明:

  1. 安装 Proxychains-ng
brew install proxychains-ng
  1. 配置 Proxychains-ng

Proxychains-ng 的配置文件是 ~/.proxychains/proxychains.conf,使用编辑器打开该文件后,我们需要修改以下几个参数:

  • dynamic_chain 启用该参数,表示使用多个代理,而不是单个固定代理。

  • proxy_dns 启用该参数,表示支持 DNS 解析器。

    Dynamic_chain
proxy_dns

下面是 proxychains-ng 的配置文件详细说明,其中方括号内的为各个参数的说明:

# proxychains.conf  VER 4.x

# USER-AGENT ?
#dynamic_chain
# Strict-Chain
# Proxy DNS requests - no leaking
# socks4         127.0.0.1   9050
#syslog

# HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#
# This file is generated by proxychains-configurator.
# By the time you found this file it is probably generating wrong.
#

# preprocessor directive.
# by default the configuration enable all proxies types.
# set to "strict" only if you are sure of your proxy types.
#proxy_types = http, https, socks4, socks5, strict
proxy_types = socks5

# set the path of the proxytchains.conf file
# this file will be read at every program invocation.
strict_chain
# listen_port
#
# Indicates that proxychains will use a random port between the values 'from'
# and 'to' for the package to listen on, making the use of any given port
# unpredictable.
# listen_port range: beg end, default to 31337
# beware if modifying these values as some programs really don't like
# other programs messing with their sockets.
listen_port =
# test deafness of local listener.
# test_proxy
#
# Whether to connect to listen_port or the next port number following the
# listen_port value. With test_proxy enabled, proxychains will attempt to test
# whether the UDP packets it sends are indeed being dropped by the receiving
# socket. See RFC 2675 for more information. Not all proxies may support
# this feature. If the test proxy feature is to be used then the target host
# must support and listen on its own port (tcp or udp) for the test packets.
#test_proxy =
#
# Set torrent support to either 'on' or 'off'. When enabled (on), proxychains
# will try to use a random peer in the swarm via the local Socks5 proxy for all
# UDP connections. This is useful for masking tracker connections and ensuring
# a higher level of anonymity in general. When disabled (off), the Socks5 proxy
# will only handle your normal TCP/UDP connections.
#random_chain =
#
# Dynamic chain option. This will configure proxychains to use a different
# proxy for every new connection or when the current proxy fails. This is
# useful for avoiding blacklisted proxy servers and for sharing a large load
# between several servers. Proxychains is not designed for using every known
# proxy server on the planet, instead it focuses on the most reliable ones
# available to it at runtime by performing various tests like ping testing and
# throughput performance. The dynamic_chain option will cause each new
# connection to be the first one in a chain of proxies. If that proxy fails
# then proxychains will try to use the next proxy in the chain, if it has been
# previously tested and is still considered reliable, otherwise proxychains
# will test a new proxy server from the list of available proxies to see if it
# works. If this second proxy also fails then proxychains continues down the
# list until it reaches the end of the list of available proxies in the
# configuration file at which point it will fall back to use the 'strict'
# proxy mode.
dynamic_chain
# strict_chain option. This will configure proxychains to use only the first
# proxy specified, the proxy contained within the configuration file, for
# all connections. This is useful when you only want to use one proxy server
# at a time or need to use a particular proxy server for a particular
# application or website. The strict_chain option does not, however, support
# load balancing or redundancy but will provide a certain level of data
# integrity and authenticity as there is no chance of a later proxy in the
# chain intercepting your connection and modifying or redirecting your
# traffic.
#strict_chain
#
# Specifies what DNS names aren't to be proxied.
# Since the connect(2) method is used there is a limitation in the
# architecture which doesn't allow to specify separate proxy server
# for every address family.
# * Proxy everything through the proxies specified in this config file.
#   The wildcard can be used in place of a domain to match everything.
#   Ex. "*.domain.com" will match "a.domain.com", "b.domain.com", etc.
#
# * If a domain has multiple matches, the first match is used.
#   Ex. If domain matches both the examples below, only the first will be used.
#       domain = .example.com
#       domain = .wrongexample.com
#       proxy_dns =
#       proxy_dns_port =
#       domain =
#       domain =
#
# Examples:
#
#      domain = .mit.edu
#      domain = .domain.com
#      domain = *.somewhere.com
#      # Exclude the following domains from being proxied
#      # Exclude a single host with no preceding dot.
#      domain = google.com
#      # Exclude multiple hosts by separating them with a comma.
#      domain = sales.google.com,hr.google.com,info.google.com
#      # Exclude an entire TLD with the preceding dot.
#      domain = .google.com
#      # Exclude a specific site by listing and connecting to IP.
#      domain = 172.30.88.31

#proxy_dns
#
# The maximum number of times to rotate proxies in the chain before stopping
# rotation and using the last proxy until a new connection initiates.
#
# In this example, the proxies specified in the configuration file will be used
# up to 3 times each before the last proxy is used indefinitely.
#
#proxy_chain_repeat =
#
# To specify the IP address (or hostname) and port number of a SOCKS4, SOCKS4a,
# SOCKS5 or HTTP proxy server that proxychains will use to proxy connections made
# to a server, provide them on this line separated by a space. Multiple 'remote'
# lines may be included (with different ports or different types of proxy in use).
#
# The order in which the proxies are listed here is important. The first proxy
# listed will be contacted first and will be the first one in any rotation chain.
#
# The format of the lines is:
#
# type[+/-][username[:password]@]address[:port].
#
# The valid values for 'type' are 'socks4', 'socks5', and 'http'. 'address'
# should be a hostname or an IPv4 or IPv6 address.
#
# When using a SOCKS4 or SOCKS4a server set 'type' to 'socks4' and provide the
# 'address' and 'port' of the server. If required, also include a username and
# password for the SOCKS authentication in the form 'username:password'.
#
# When using a SOCKS5 server you must set 'type' to either 'socks5' or 'socks5h'.
# The latter is used when you don't want DNS resolution to be handled by the
# remote server, but instead by your local DNS server. To connect to a SOCKS5h
# server, set type = 'socks5h'. Also specify the 'address' and 'port' of the
# server and optionally a username and password.
#
# When using an HTTP proxy, set 'type' to 'http'. Provide the address and port
# of the server and optionally the username and password for the proxy. Note
# that HTTP traffic cannot, by specification, support UDP traffic like DNS lookups.
#
# A plus (‘+’) sign at the beginning of the line tells proxychains to connect
# through the proxy server specified in the previous remote line. For example,
# if the order for rotating through remotes is set to random, and if the first
# remote is localhost (our application), then the second remote could use
# “+proxy_ip:port” to proxy through an additional proxy server.
#
# A minus (‘-’) sign at the beginning of the line tells proxychains to connect
# directly to the server, bypassing any previously activated proxy server.
#
# An empty username and password is acceptable for lines that only specify a
# hostname/IP address and port.
#
# Example:
#
# The first line shown is an example of a socks5 proxy that requires a
# username and password. It is also the first in the chain.
#
# [ProxyList]
# socks5 192.168.5.5:1080   dark_knight:bluetooth
# socks