In pentesting, sqlmap is a wonderful tool to probe sql injections on target system. Sometimes you may need to support your sqlmap with tor proxy to hide your IP during pentest on your Kali Linux environment. Here I want to share concisely how to do it:
First, prepare an torinstaller.sh script:
#!/bin/sh echo "deb http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list clear scr echo "[*] Installing the keys...." gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - echo "Ready!!" clear scr echo "[*] Updating Repositories...." apt-get update clear scr echo "[*] Installing TOR" apt-get install deb.torproject.org-keyring apt-get install tor echo "Ready!!" echo "[*] Installing Vidalia" apt-get install vidalia echo "Ready!!" clear scr echo "[*] Installing Privoxy" apt-get install privoxy echo "[*] Configuring privoxy" echo "forward-socks5 / 127.0.0.1:9050 ." >> /etc/privoxy/config echo "Ready!!" sudo systemctl start tor.service service privoxy restart echo "Tor has been installed successfully."
Then assign the necessary credentials to the file and run it to install tor.
chmod a+x torinstaller.sh ./torinstaller.sh
Okay, we installed tor, Vidalia (graphical UI for tor) and privoxy (proxy tool) so far.
Now uncomment the following line by doing “vim /etc/privoxy/config”:
forward-socks5 / 127.0.0.1:9050
Honestly on my system starting tor service (systemctl start tor.service) gave the following error or warning: Job for tor.service failed. See ‘systemctl status tor.service’ and ‘journalctl -xn’ for details.
Besides that Vidalia was regularly dropping off the network. It may be because I was studying on Virtualbox VM environment.
But the tor service was still running: root@kali:~# netstat -antlp | grep LISTEN tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 1724/tor tcp6 0 0 ::1:8118 :::* LISTEN 1727/privoxy
This means our SOCKS5 listener is active. So, let’s try it on Iceweasel. First download AutoProxy Add-On and activate it:
Then on Preferences -> Advanced -> Network -> Settings select Proxy Server on menu and select Choose Proxy Server as follows:
Switch Iceweasel AutoProxy button (un upper right) to green (global proxy) mode. Now you should be able to connect to Tor network via your Iceweasel:
We successfully can get connected over Socks5 proxy. I guess we can wholeheartedly start using sqlmap with tor parameters:
sqlmap –tor –tor-type=SOCKS5 –tor-port=9050 -u http://www.targetdummywebsite/category.php?id=1 —risk=3 –level=5 -p id –random-agent –dbs
To be able to use tools such as nmap over tor, you can download and use proxychains tool:
apt-get install proxychains
echo socks5 127.0.0.1 9050 >> /etc/proxychains.conf
It is even possible using Metasploit over tor proxy. You only need to set up your proxy during running your exploit:
Remember, infiltrating into a system without the owner’s consent is illegal and a cyber crime even if you do nothing. Please first make your agreement and then test the system. Happy pentesting days.