A proxy server is a dedicated computer or a software system running on a computer that acts as an intermediary between an endpoint device, such as a computer, and another server from which a user or client is requesting a service. The proxy server may exist in the same machine as a firewall server or it may be on a separate server, which forwards requests through the firewall.
When a proxy server receives a request for an Internet resource (such as a Web page), it looks in its local cache of previous pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet. If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it to the user.
Socks 4 and 5 proxies provide proxy service for UDP data and DNS lookup operations in addition to Web traffic. Some proxy servers offer both Socks protocols.
Installing and configuring proxy
For this setup we are using a Centos 7 based machine, the commands may vary depending on the base OS used.
Installing required packages for compiling the source code.
yum install gcc make -y yum install wget -y
Making a temporary directory.
mkdir /tmp/proxy cd /tmp/proxy
Downloading the source code and extracting the package.
wget http://3proxy.ru/0.7.1.2/3proxy-0.7.1.2.tgz tar -xvzf 3proxy-0.7.1.2.tgz
Navigate to the extracted folder.
cd 3proxy/
Compile and installing 3proxy.
make -f Makefile.Linux make -f Makefile.Linux install
Creating a directory for installing the config file.
mkdir /usr/local/etc/3proxy/config
Installing the config file.
/usr/bin/install -m 644 scripts/3proxy.cfg scripts/add3proxyuser.sh /usr/local/etc/3proxy/config
Copying the config file to the parent directory.
cp /usr/local/etc/3proxy/config/3proxy.cfg /usr/local/etc/3proxy/3proxy.cfg
Creating a directory ‘bin’ for the executable file.
mkdir /usr/local/etc/3proxy/bin
Change the directory and copy the binary files to the bin directory.
cd src/ cp -af 3proxy countersutil dighosts ftppr icqpr msnpr mycrypt pop3p proxy smtpp socks tcppm udppm /usr/local/etc/3proxy/bin
Creating a directory for a log file.
mkdir -p /usr/local/etc/3proxy/log/
Change the current working directory to the 3proxy installation directory.
cd /usr/local/etc/3proxy/
Creating an authorized user login for password-based authentication.
echo username:`/usr/local/etc/3proxy/bin/mycrypt $$ password` >> /usr/local/etc/3proxy/passwd
Open the 3proxy configuration file and edit the code similar to the one given below.
vi 3proxy.cfg
The config file is given below.
#!/usr/local/bin/3proxy daemon pidfile /usr/local/etc/3proxy/3proxy.pid nscache 65536 nserver 127.0.0.1 config /usr/local/etc/3proxy/3proxy.cfg monitor /usr/local/etc/3proxy/3proxy.cfg monitor /usr/local/etc/3proxy/counters monitor /usr/local/etc/3proxy/passwd monitor /usr/local/etc/3proxy/bandlimiters log /usr/local/etc/3proxy/log/log D rotate 60 counter /usr/local/etc/3proxy/3proxy.3cf users $/usr/local/etc/3proxy/passwd include /usr/local/etc/3proxy/counters include /usr/local/etc/3proxy/bandlimiters deny * * 127.0.0.1 #socks5# auth strong allow username flush socks
Here socks proxy is running with default port 1080, the custom port can be enabled for proxy service by adding a flag ‘-p’ along with port number i.e. socks -p1880 .
Password-based authentication is buggy and it is always advised to use IP based authentication which will make the proxy server accessible only from predefined IP.
IP based authentication can be enabled in 3proxy by adding required IP after changing auth value to iponly in 3proxy configuration file. A sample configuration is given below for reference,
#socks5# auth iponly ##allowing IP eg. allow * <IP> allow * 1.2.3.4 ##deny all connections from other IP to the proxy port deny * * flush socks
Here the authentication is switched to IP based and the proxy will accept the request from this IP only all other requests from other IP’s will be denied.
Start the proxy by executing the following command.
3proxy
Verify that 3proxy service is started and the assigned port is listening for incoming connection using the following commands.
ps aux | grep 3proxy netstat -tuplan | grep 3proxy
The sample output of these commands will be,
# ps aux | grep 3proxy root 5748 0.0 0.5 77324 4336 ? Ssl 13:42 0:00 3proxy # netstat -tuplan | grep 3proxy tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 5748/3proxy
Managing 3proxy
To start the proxy execute the command:
3proxy
To stop the proxy, kill the process after grepping the PID.
ps aux | grep 3proxy kill -9 PID
Verifying the proxy service
This method works only in 3proxy setup with IP based authentication.
Proxy service can be verified using the command from the IP addresses which are whitelisted in the 3proxy configuration file.
curl<space>--socks5<space>ipaddress of proxy server:port of proxy server<space>url
For example
curl –socks5 1.2.3.4:1080 google.com
