What's new
  • Welcome to PHCorner forums. Take a moment to sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial Blackhat anonymity basic

Not open for further replies.

Monki D. Rufi

Mar 22, 2013
Blackhat Basic Anonymity
Doing BlackHat häçking in the internet?
Defacing, carding, etc.
Don't get caught with LOGS,
Use this to remove ALL logs on your computer.
Don't let them trace you
A simple program that removes all logs, cookies, history on your browser and computer logs.

CCleaner Download it You do not have permission to view the full content of this post. Log in or register now.
My internet friends from uk told me that they're not using vpn to be anonymous they said it was just to risky. So they introduced me to Socks5..
SOCKet Secure (SOCKS) is an Internet protocol that routes network packets between a client and server through a proxy server. SOCKS5 additionally provides authentication so only authorized users may access a server. Practically, a SOCKS server will proxy TCP connections to an arbitrary IP address as well as providing a means for UDP packets to be forwarded.
Here's a long guide of SOCKS
Socks Basics (GUIDE)
by BOTMASTER (a good friend of mine)
Information about the socks protocol

1. Introduction
2. Versions
3. SOCKS Support
4. SOCKS Connections
5. Scanning
6. SocksCap Setup
7. Anonymity Checks
8. SOCKS Chaining
1. Introduction

SOCKS is the most powerful, flexible proxy standard protocol available. SOCKS is a shortened version of "SOCK-et-S" or "sockets," the term used for the data structures which describe a TCP connection. It was one of those "development names" that stuck. Very clever folks say its really to distingish these from the human variety that are worn on the feet ;-)

SOCKS is a networking proxy mechanism that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring any host pc to reveal their ip address to the remote host, diagramatically shown:

Host PC<------>|
Host PC<------>|Socks Proxy Server <---> Remote Host Web Site
Host PC<------>|
It works by redirecting connection requests from hosts on one side to hosts on the other side via a SOCKS server, which authenticates and authorizes the requests, establishes a proxy connection and passes data back and forth. Its usually described as a circuit level proxy for this reason i.e. it does'nt care about the data its transferring or its protocol.

Its typical use on an individual pc basis is to "sockisfy", which refers to the process of intercepting the networking calls and redirecting them, this enables the host pc behind a SOCKS server to gain full access to the Internet whilst preserving its anonymity, since the remote host will only see the ip address of the socks server in all connection requests. The SOCKS default port No. is 1080.
2. Versions:-
There are two major versions of SOCKS, Socks4 and Socks5. The main differences between Socks5 and Socks4 are:

Socks4 doesn't support authentication while Socks5 has a built-in mechanism to support a variety of authentication methods.
Socks4 doesn't support UDP proxy while Socks5 does.
Socks4 servers will not support the Socks5 protocol. Socks5 implementation from NEC does support the Socks4 protocol. The server supports both V5 and V4 clients and can communicate with other V5 and V4 servers.
Socks4 and Socks4.2 and earlier clients are required to be able to resolve IP address's of remote hosts. Socks5 now includes PROXY NAME support to move the name resolution process from the Socks clients to the Socks5 Server, or remote dns-request. Resolving is the process whereby addresses such as You do not have permission to view the full content of this post. Log in or register now. become 210.123.456.789.


3. Support for SOCKS:-
SOCKS is almost as widely supported as HTTP proxies. All major Windows NT–based proxy servers, including Microsoft Proxy Server, Netscape Proxy Server, and WinGate, support SOCKS. SOCKS is also supported by proxy servers for alternative operating systems, including all variations of UNIX.

SOCKS clients must be specially coded to work with the proxy protocol. Fortunately, it is common for application developers to allow their application-layer protocols to work with SOCKS. Microsoft Internet Explorer and Netscape Navigator both support SOCKS proxying for HTTP and all other protocols they support. Other applications that may need to pass through a proxy server, such as FTP and RealAudio, support the SOCKS proxy. If you are unsure whether a certain application supports SOCKS, check the documentation for that application.


4. SOCKS Connections:

Example Use:

IRCii / BitchX / etc:

irc: /server (SOCKS) 1080
irc: /server (irc server) (port [666{6-9} usually])

Go to the Setup folder
Click on the "Firewall" tab
Check the box reading "Use SOCKS Firewall"
Go down to "Hostname:" and enter the SOCKS IP / hostname
Click on the "IRC servers" tab, and click on "Connect"

Open Proxy/SOCKS:
Many irc nets and isp's will use a security check whenever you connect to their network here they will look for Open Proxy/SOCKS. This means that when you connect it will check port 23 (telnet port, checking for a wingate telnet bounce) and port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or SOCKS5 Proxy (anonymously accessible), you will be k-lined (banned from the network). When using a wingate socks connection, occasionally if the wingate uses its own identd daemon then it will return its info to the requesting host, so your connection request might be accepted.


5. Scanning:-

Indirect method:
A simple but effective method for finding socks proxies is to employ a search engine. Enter in the search engine something like: "free proxies", "proxy list", "amonymous http proxy", "public proxy servers list" etc. You should find hundreds of references to proxy web pages.

Direct method:
If these seem sparse then you should look for your own. Using a scanner of your choice you should scan a specific IP range looking for the addresses that accept a connection on port 1080. There are plenty scanners available, choose one you like. Normally there are a couple of SOCKS servers (port 1080) or Wingate users (port 23) within 255 dialup addresses of a big ISP.

Many providers can have a large number of active and reserved addresses, these will exceed 255. Therefore you can try to scan neighboring ranges changing the 2nd last digit from the right hand side in the ip-address. More detailed information on addresses belonging to the net or isp you scan can be can be found with the help of a Whois-server or a program like SmartWhois


6. SocksCap32 Setup:-

Can I use SocksCap with Internet Explorer 4.0 in desktop mode or on a system running Windows 98? What about Internet Explorer 5.0?

Although SocksCap will not socksify your entire desktop, it is possible to browse with Internet Explorer 4.0 in desktop mode or on a system running Windows 98 with SocksCap.

Select Internet Options in Internet Explorer's View menu. Under the Advanced tab, check Browse in a new process. Then start Internet Explorer from SocksCap.

For Internet Explorer 5.0, select Internet Options in Internet Explorer's Tools menu. Under the Advanced tab, check Launch browser windows in a separate process. In the Connections tab, click LAN Settings. Clear the Automatically detect settings box.


7. Anonymity Checks:-

Method 1.
Disable the proxy option in your browser and then run your browser through sockscap32. To do this highlight your browser in the "Application Profile" listbox and "Click" the "Run Sockisfied!" button, in SocksCap32 this will launch your browser and is a valid alternative to simple 8080 proxies for browsing the net. Now visit a proxy checking site and if you are anonymous, you should see either the domain name/url or the ip address of the socks server here. If so then the socks has nym status, else try again.
Method 2.
When connected to News server open a MS-DOS window and type: netstat -a . If you can see the name of your News reader followed of the IP/Name or your Socks proxy:1080 instead of the IP/Name of your News server:119 (or nntp) the connection is properly being made through Sockscap.
Method 3.
Use a test post. Find an open/free news server that allows posting and do a post in some neutral group for testing, like alt.test , alt.binaries.test or similar. download your message and display it, then check the Headers/Properties and look if it shows your real IP or that of socks proxy. Its usually the last in the list.


8. SOCKS Chaining:-
This idea here is an attempt to help you re-route all Internet Winsock applications in Windows through a socks chain, so making your connections much more anonymous. The following text and methods can be read and implemented in a linear fashion and instead of wingates you can use Proxy Hunter to search for socks proxies (1080) only. The idea is The more paths you make your posts take across the net, the more difficult it will be to trace it back.

Take this route for example: client ---> socks1 ---> sock2 ---> sock3 ---> socks-n ---> target url.

This should work for ftp, nntp, http, telnet, smnp, and icq style clients. Just about any app can be anonymized via socks, except irc due to ident logging by the irc servers where they ban or k-line (kill online) recognized 1080 proxies. So other methods are needed here. Now it helps to find some computers running wingate. We look for wingates since the default installation of wingate includes a non-logging socks server on port 1080.

Find some wingates
Read the scanning section on this page. To do this, I would suggest you use 'Proxy Hunter'. Be sure to look for wingates (port 23) and not for socks, as we only want wingate socks. You could also use Wingate Scan and run it through SocksCap32. Also using Proxy hunter without a proxy may bring you to the attention of isp's who might think you are a häçker scanning for shares etc!

Check the proxy speed
Speed is important since we will be using multiple socks, and we don't want our programs to time out. With the Klever Dipstick tool, you can find out which are the fastest ones. Just run Dipstick. Rightclick in the small green rectangular and choose Show main window. To import a list of wingates, just click on Advanced, choose Import List and select your file. You can also manually ping a simple host by clicking on Manual Ping. Use those wingates who have the smallest average time.

Check if the wingates are running
A good program to use is Server 2000, choose a timeout (7) and port i.e. (23) import your wingate list and read of the results.

SocksCap32 Setup for Chaining:

Server Details:
SOCKS Server: enter ip address
Port: 1080
SOCKS user ID: Just leave this as it is.
Protocol Details:
Socks4: "Resolve all names locally"
Socks5: "Resolve all names remotely" option
Username/Password: Uncheck this box

In the main window, choose New and then browse to create a shortcut for the Internet client you want to give socks support. Repeat this for each internet client app you want anonymized on the net.

Install SocksChain:
In the service menu, click on New.

Add Listener:
Name: enter "Chain"
Accept connection on port: 1080 is standard, but any number (0-65535) will do, The idea is to register the same port as in your SocksCap configuration.
Chain... Auto-creating chain Uncheck this.
Click on New to add your own socks servers or wingates.
Edit Socks:
Name: Uncheck
IP Check and enter the socks server ip address
Protocol Check Socks4 or Socks5
After pressing the "Ok" button - data about the server is added to the end of the list. Using the '<' and '>', you can add and remove socks. Make sure you test all the socks one by one, before adding them all to the list, because if one of them is bad, your chain will not work and you will not be able to locate the bad socks in the chain! If all of them seem to work, you use the '<' key to add them. 3 seems to be an average chain size. I think 10 or 13 is the limit put by TCP/IP).

If you dont want to constantly start SocksChain and to see it when operating, it is possible make the service invisible. For this purpose in the Tools menu->Options turn on the option "Run as service". After that it is not necessary to start the program even after reboot.

Testing Your Anonymity
To check what socks your computer is connecting to, you can use TotoStat. Look for connections to port 1080, the remote IP found there should be the first IP found in your chain in SocksChain. Use the shortcut in SocksCap that points to your browser, and connect to any Proxy Header Checking Site run your eye over your headers you should have the socks ip here.


Socks2HTTP Setup
Socks2HTTP is a program designed to replace SocksCap proxies with SSL-CONNECT proxies, which might be easier to find.

Socks2HTTP does two things:
it makes a socks server on your computer
it makes a connection via HTTP to a remote server which is able to convert socks2http protocol to Socks protocol.
You use it by configuring socks-capable programs to use the local socks server. If you need to run something which is not socks-capable, you can often 'socksify' them with sockscap from NEC. The price for anonymity tends to be a slower connection.

Open Socks2HTTP Configuration and set your SSL proxyort into the "Use a Proxy Server" fields. Remember that you have to use CONNECT method and that, if the proxy fails, your connections will be redirected using the POST method through a gateway owned by the program's authors (at You do not have permission to view the full content of this post. Log in or register now.), if you don't want this then erase the URL on the Gateway field to avoid it.

On the SocksCap settings, set localhost:1080 as proxy and Socks5 as desired protocol, that's it.

This program is released "adware" i.e. it installs spyware and it will put a banner window over your desktop until you buy it!
Not open for further replies.

Online statistics

Members online
Guests online
Total visitors

Forum statistics

Profile posts