proxychains-ng
proxychains-ng copied to clipboard
rofl0r
Not working on OS X 10.11 due to SIP
which error ?
generally it doesn't work.
version
$ brew info proxychains-ng
proxychains-ng: stable 4.10, HEAD
Hook preloader
https://sourceforge.net/projects/proxychains-ng/
/usr/local/Cellar/proxychains-ng/4.8.1 (8 files, 100K)
Built from source
/usr/local/Cellar/proxychains-ng/4.10 (8 files, 88K) *
Built from source
From: https://github.com/Homebrew/homebrew/blob/master/Library/Formula/proxychains-ng.rb
==> Options
--universal
Build a universal binary
--HEAD
Install HEAD version
testcase
Config
strict_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
localnet 127.0.0.0/255.0.0.0
[ProxyList]
socks5 127.0.0.1 30039
Test
$ proxychains4 curl http://ifconfig.co/
[proxychains] config file found: /Users/User/.proxychains/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.10/lib/libproxychains4.dylib
{{an ip resulted from DIRECT accessed http://ifconfig.co/ }}
why does your proxychains not print version information ? (it should)
like [proxychains] DLL init: proxychains-ng 4.10 ?
on my non-el-capitan OS X, it does and it works
if that is so, someone needs to research which changes were introduced in 10.11 that breaks LD_PRELOAD and how to fix it. possibly it's the guilt of this new "feature": https://en.wikipedia.org/wiki/System_Integrity_Protection
any idea how to fix it?
you could try to disable the system integrity protection (as described in the wikipedia article) temporarily to see if it makes proxychains work. if so, we can try to seek a permanent workaround.
yes, disabling it would led to success in working of proxy chains
Disabling SIP
Run csrutil disable in Recovery mode
@Willian-Zhang thanks for testing. now we can look if there's a way to disable the LD_PRELOAD "protection" "feature" for handpicked applications, in our case proxychains-ng.
@rofl0r any luck with this problem?
i haven't found any documentation about the LD_PRELOAD specific protection so far. we need to wait until more information is available (probably after the official release).
It only happens if you execute a system binary using proxychains, e.g. proxychains4 ssh user@server. For now, a workaround is to copy the executable to another location (e.g. cp /usr/bin/ssh ~/XXX), and use it (e.g. proxychains4 ~/XXX/ssh user@server). You can modify the path variable so that ~/XXX/ssh is executed instead of /usr/bin/ssh, when you just type "ssh".
In OSX 10.11 something workaround is to turn off debug flag in SIP in recovery mode csrutil enable --without debug
otherwise, proxychains cannot apply to /bin/* /usr/bin/* /System* ... unfortunately most script with #!/usr/bin/env XXX
I find that if you move the executable file(proxychains4) to your home folder(like ~/bin), and then you need to change the PATH value. If you do this, you don't have to disable the SIP, , it will works with no error @Willian-Zhang
If do not want to disalbe SIP, you can use pyenv to solve this. Use pyenv install a local python version(of cuz, you can install a python use make && make install from source).
And then run command like this
proxychains4 ~/.pyenv/versions/2.7.9/bin/python /usr/local/Cellar/youtube-dl/2015.10.24/bin/youtube-dl
Update
Run
csrutil disablein Recovery mode
For those who's disabling SIP to make it work: There is no need to disable all SIP:debug mode will also work
Disabling partial SIP
Run csrutil enable --without debug in Recovery mode
Nice. Disabling SIP's debug indeed works. Though it did complain and echo
requesting an unsupported configuration. This is likely to break in the future and leave your machine in an unknown state
For anyone who wanna have a better sense of what SIP does and how to configure it, you can read it up here (which I stumbled upon it while I was reading a SE post) or just check out the apple doc
For those like me who do not wish to disable SIP, note that it is possible to use proxychains-ng with Homebrew-installed executables (or linked dupes) as SIP doesn't cover /usr/local. E.g. to use Homebrew's curl (with Tor in the .conf file here):
$ brew install curl
Then:
$ proxychains4 /usr/local/bin/curl http://ifconfig.co/
[proxychains] config file found: /Users/me/.proxychains/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib
[proxychains] DLL init: proxychains-ng 4.11
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... 188.113.88.193:80 ... OK
171.25.193.132
Perhaps this could be added to the README section where this issue is mentioned?
@MatzFan please elaborate on "linked dupes". is there a possibility to use e.g. ssh with a softlink or a hardlink ?
Using the curl example you can do brew link --force curl which will use Homebrew's curl before system installed version (as Homebrew insists /usr/local/bin comes before /usr/bin in your $PATH). If you do that you can simply do $ proxychains4 curl http://ifconfig.co/. Generally not advised to override (dupe) system binaries like this - hence my example using path to the Homebrew Cellar. Homebrew call this Keg only I think.
Not tried ssh, but any Homebrew-installed binary should work with proxychains like this on El Cap., as SIP doesn't affect the directory where all brewed symlinks go.
Homebrew openssh seems to work (using Tor in my .conf file):
$ brew install openssh
==> Installing openssh from homebrew/dupes
==> Downloading https://homebrew.bintray.com/bottles-dupes/openssh-7.1p2.el_capitan.bottle.tar.gz
Already downloaded: /Library/Caches/Homebrew/openssh-7.1p2.el_capitan.bottle.tar.gz
==> Pouring openssh-7.1p2.el_capitan.bottle.tar.gz
🍺 /usr/local/Cellar/openssh/7.1p2: 30 files, 3.9M
Macintosh:~ me$ which ssh
/usr/local/bin/ssh
Macintosh:~ me$ proxychains4 ssh -T [email protected]
[proxychains] config file found: /Users/me/.proxychains/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib
[proxychains] DLL init: proxychains-ng 4.11
[proxychains] Dynamic chain ... 127.0.0.1:9050 ... 192.30.252.130:22 ... OK
Hi MatzFan! You've successfully authenticated, but GitHub does not provide shell access.
because of SIP, you can't use proxychains-ng to proxy a execute which is in system dir like /usr/bin. But /usr/local/bin can works. Something like youtube-dl with call python which is in /usr/bin, install a Homebrew python or others can solve it.
$: proxychains4 /usr/local/bin/curl http://ifconfig.co/
[proxychains] config file found: /usr/local/Cellar/proxychains-ng/4.11/etc/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.11/lib/libproxychains4.dylib
proxychains can't load process....: No such file or directory
Hello all, i'm not expert to fellow up but it seems i have a problem may be similar and related to this SIP, and i would be gratefull if someone could help. i use proxychains4 in mac os sierra and have an issue with scp. for ssh, i counter the problem by copying the ssh from /usr/bin to /User/mylaptop then use this to ssh : proxychains4 /users/mylaptop/ssh user@host [proxychains] config file found: /etc/proxychains.conf [proxychains] preloading /opt/local/lib/libproxychains4.dylib [proxychains] DLL init: proxychains-ng 4.10 [proxychains] Strict chain ......... and i could connect to my host. but scp wont work. i ran out of idea.
@kakashisan how about trying the things recommended here ? and what is the error you get from scp ?
Thank you for the fast reply here when i scp: proxychains4 /Users/didisan/scp -vvv didi@host:.bashrc new.file [proxychains] config file found: /private/etc/proxychains.conf [proxychains] preloading /opt/local/lib/libproxychains4.dylib [proxychains] DLL init: proxychains-ng 4.10 Executing: program /usr/bin/ssh host user didi, command scp -v -f .bashrc OpenSSH_7.2p2, LibreSSL 2.4.1 debug1: Reading configuration data /Users/didisan/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 20: Applying options for * debug1: /etc/ssh/ssh_config line 56: Applying options for * debug2: resolving "host" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to host [host] port 22. debug1: connect to address host port 22: Connection refused ssh: connect to host host port 22: Connection refused
oh so the problem is that scp starts ssh from /usr/bin. maybe you can fix that by overriding PATH pointing to where your copy of the ssh binary is, for example:
PATH=/Users/didisan/ proxychains4 /Users/didisan/scp -vvv didi@host:.bashrc new.file
this assumes that "ssh" as well as "scp" are in /Users/didisan.
i did it before by adding the path but it stills excecutes the binary one : "Executing: program on /usr/bin/ssh" i think even if i copied the scp from usr/bin to my local folder, it is still somehow (may be because of proxychains lib or smth) linked to the ssh of the bin and executed it. my ssh still works with this trick and connect through proxy.
Acorrding to Apple we should use path like /usr/local instead of /usr or /usr/bin etc since OS X El Capitan. See https://support.apple.com/en-us/HT204899. And my solved steps at OSX 10.11.6:
- Install Homebrew
- brew install proxychains-ng
==> Downloading https://homebrew.bintray.com/bottles/proxychains-ng-4.12_1.el_ca Already downloaded: /Users/futeli/Library/Caches/Homebrew/proxychains-ng-4.12_1.el_capitan.bottle.tar.gz ==> Pouring proxychains-ng-4.12_1.el_capitan.bottle.tar.gz 🍺 /usr/local/Cellar/proxychains-ng/4.12_1: 8 files, 74.8KB
-
Proxychains-ng now has been installed at path /usr/local/Cellar
-
brew install curl
==> Downloading https://homebrew.bintray.com/bottles/curl-7.53.1.el_capitan.bott ######################################################################## 100.0% ==> Pouring curl-7.53.1.el_capitan.bottle.tar.gz ==> Caveats (here has some caveats I don't use this time) ==> Summary 🍺 /usr/local/Cellar/curl/7.53.1: 390 files, 2.7MB
- Curl also has been installed at path /usr/local/Cellar
- cd /usr/local/etc && vim proxychains.conf
- Configure [ProxyList] in proxychains.conf
- Do not use proxychains4 curl xxxx.com but proxychains4 /usr/local/Cellar/curl/7.53.1/bin/curl xxxxx.com.
On mac 10.14.2, csrutil enable --without debug doesn't work. I had to disable completely to kind of work.
I would often get this error warning but everything works fine.
dyld: warning: could not load inserted library '/usr/local/Cellar/proxychains-ng/4.13/lib/libproxychains4.dylib' into hardened process because no suitable image found. Did find:
/usr/local/Cellar/proxychains-ng/4.13/lib/libproxychains4.dylib: code signature in (/usr/local/Cellar/proxychains-ng/4.13/lib/libproxychains4.dylib) not valid for use in process using Library Validation: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
/usr/local/Cellar/proxychains-ng/4.13/lib/libproxychains4.dylib: stat() failed with errno=1
How do I get rid of this error?
proxychains4 curl www.google.com ✔ 671 01:01:10
[proxychains] config file found: /usr/local/etc/proxychains.conf
[proxychains] preloading /usr/local/Cellar/proxychains-ng/4.13/lib/libproxychains4.dylib
curl: (7) Failed to connect to www.google.com port 80: Operation timed out
In mac 10.14, why ? and how do I solve this error?
same problem for me on macOS 10.13.6, ShadowsocksX-NG 1.7.1 proxychains-ng 4.14
I am using Ubuntu 19.04 and I still can't launch GUI programme in a graphic way. I saw the above discussion and the problem seems have been solved, but in your last release Release 4.14 the problem still occurs. Please find out a solution and solve it, thank you very much.
Please find out a solution and solve it
you volunteer? great!
btw, your comment has nothing to do with the issue discussed here, so post further updates about your work in a new issue/PR.
I can solve this problem!!!!
Problem
first
Gitl clone https://github.com/rofl0r/proxychains-ng.git
then make
./configure --prefix=/usr/local --sysconfdir=/etc
sudo make install
installed in /usr/local/bin/proxychains4
but
/usr/local/bin/proxychains4 curl -v -L https://ip.cn/
returns
{"ip": "xxx.xxx.xxx.xxx", "country": "上海市", "city": "移动”}
Same problem there
Solve it
install curl by brew
brew install curl
then do it
/usr/local/bin/proxychains4 /usr/local/opt/curl/bin/curl -v -L https://ip.cn
Solved
{"ip": "xxx.xxx.xxx.xxx", "country": "美国", "city": "阿里云”}
Finally
In case I use zsh.
echo 'export PATH="/usr/local/opt/curl/bin:$PATH"' >> ~/.zshrc
Then
proxychains4 curl -v -L https://ip.cn/
Got
{"ip": "xxx.xxx.xxx.xxx", "country": "美国", "city": "阿里云"}
Goal
