Skip to content
GProxy
Sign up
Guides 7 Connection Type: 2 views

ProxyChains

Discover ProxyChains on Linux, a powerful tool for routing network traffic through multiple proxies, enhancing online security and privacy.

Security

ProxyChains is a command-line tool for Linux that forces any TCP connection made by a program to go through a specified list of proxy servers, forming a 'chain' for enhanced privacy or to bypass network restrictions. It operates by intercepting network-related system calls dynamically, redirecting them through one or more configured proxy servers before reaching the target destination.

Overview of ProxyChains

ProxyChains functions as a wrapper for other programs, allowing their network traffic to be routed through a sequence of proxies. This chaining mechanism can obfuscate the origin of network requests, making it more difficult to trace the actual source IP address. It is frequently employed for anonymity, bypassing geographical restrictions, or accessing networks with specific IP-based access controls.

How ProxyChains Works

ProxyChains utilizes the LD_PRELOAD mechanism in Linux. LD_PRELOAD is an environment variable that specifies a list of shared libraries to be loaded before any other libraries, including the C standard library (libc). ProxyChains provides its own shared library (libproxychains4.so) which contains modified versions of standard network functions (e.g., connect(), send(), recv()).

When a program is executed with ProxyChains (e.g., proxychains4 <command>), libproxychains4.so is preloaded. This library intercepts the program's calls to network functions. Instead of making direct connections, these intercepted calls are redirected through the configured proxy chain. This process is transparent to the wrapped application, which continues to operate as if it were making direct network connections.

Installation

Installation procedures vary slightly depending on the Linux distribution.

Debian/Ubuntu

sudo apt update
sudo apt install proxychains4

Fedora/CentOS/RHEL

sudo dnf install proxychains-ng
# Or for older systems:
sudo yum install proxychains-ng

Arch Linux

sudo pacman -S proxychains-ng

From Source

For other distributions or specific versions, ProxyChains can be compiled from source.

git clone https://github.com/rofl0r/proxychains-ng.git
cd proxychains-ng
./configure --prefix=/usr --sysconfdir=/etc
make
sudo make install
sudo make install-config # Installs the default config file to /etc/proxychains.conf

Configuration

The primary configuration file for ProxyChains is typically located at /etc/proxychains.conf or ~/.proxychains/proxychains.conf. If neither exists, proxychains.conf can be copied from the source directory or /usr/share/proxychains/proxychains.conf to /etc/proxychains.conf.

Key Directives

The configuration file defines how proxies are used and which proxies are available.

  • strict_chain: All proxies in the list are used in the order they appear. If any proxy in the chain fails, the connection fails.
  • dynamic_chain: All proxies in the list are used, but if one fails, it is skipped, and the chain continues with the next proxy. This offers more resilience.
  • random_chain: A specified number of proxies (chain_len) are randomly selected from the list and used in a random order.
  • chain_len: (Used with random_chain) Specifies the number of proxies to select randomly.
  • proxy_dns: Forces DNS requests to be resolved through the proxy chain, mitigating DNS leaks. This is critical for anonymity.
  • remote_dns_subnet: (Used with proxy_dns) Specifies an IP subnet to use for remote DNS queries if proxy_dns is enabled. Default is 10.0.0.0/8.

Proxy List Format

Proxies are defined at the end of the proxychains.conf file under the [ProxyList] section. Each proxy entry follows this format:

type ip_address port [username] [password]

Supported types include socks4, socks5, and http.

Example proxychains.conf Snippet

# ProxyChains configuration file

# Uncomment one of the proxy chain types:
# strict_chain
# dynamic_chain
random_chain

# Randomize the proxy list - no, this doesn't make sense.
# Keep the default order of proxies in the proxy list and use them in that order.
# If you want to randomize, use 'random_chain' above.
# random_chain_len 2

# Make a host where the chain starts from.
# This can be useful for some applications.
# chain_len 2

# Proxy DNS requests through the chain.
# This is highly recommended for anonymity.
proxy_dns

# Remote DNS subnet
# When proxy_dns is enabled, this subnet is used for remote DNS queries.
# Default is 10.0.0.0/8
# remote_dns_subnet 10.0.0.0/8

# Timeout for proxy connections.
# proxy_timeout 10000

# Proxy list - add your proxies here
# Format: type ip_address port [username] [password]
[ProxyList]
# socks4  127.0.0.1 9050  # Example for Tor (default SOCKS port)
# socks5  192.168.1.1 1080
# http    proxy.example.com 8080 user pass

# Example using multiple proxies for a chain
socks5  192.168.1.10 1080
socks5  192.168.1.11 1080
http    192.168.1.12 8080

Supported Proxy Types

ProxyChains supports the following proxy protocols:

  • SOCKS4: Simple proxy protocol for TCP applications. Does not support UDP or authentication.
  • SOCKS5: Advanced proxy protocol supporting TCP, UDP, and authentication. Recommended for most use cases.
  • HTTP: Supports HTTP proxies for tunneling TCP connections. Can be used with or without authentication.

Usage Examples

To use ProxyChains, prepend proxychains4 (or proxychains on some systems) to the command you wish to execute through the proxies.

Basic Usage

Check your external IP address through the proxy chain:

proxychains4 curl ifconfig.me

This command will route the curl request through the configured proxy chain, and ifconfig.me will report the IP address of the last proxy in the chain, or the first working proxy if dynamic_chain is enabled.

Testing DNS Leaks

With proxy_dns enabled in proxychains.conf:

proxychains4 curl https://ipleak.net/

Review the DNS section on ipleak.net to confirm that DNS requests are resolved through the proxy chain and not your local DNS server.

Using with Network Scanners

Scanning a target through a proxy chain can obscure the source of the scan.

proxychains4 nmap -sT -Pn target.example.com

Note: nmap's -sS (SYN scan) and other raw packet modes do not work with ProxyChains because LD_PRELOAD only intercepts higher-level socket calls, not raw packet generation. Use -sT (TCP connect scan).

Using with Secure Shell (SSH)

To establish an SSH connection through a proxy chain:

proxychains4 ssh user@remote_host.com

Using with Wget

Downloading files via a proxy chain:

proxychains4 wget https://example.com/file.zip

Using with a Web Browser (e.g., Firefox)

ProxyChains is designed for command-line applications. For graphical applications like web browsers, it is generally more effective to configure the browser's proxy settings directly or use a dedicated proxy manager extension. However, it can be forced:

proxychains4 firefox

This method is often less stable and reliable for complex GUI applications compared to native proxy settings.

Chain Types Comparison

Feature strict_chain dynamic_chain random_chain
Proxy Usage All proxies in the list, in order. All proxies in the list, in order, skipping failed. chain_len proxies randomly selected and ordered.
Failure Tolerance Low (connection fails if any proxy fails). High (skips failed proxies). Moderate (fails if selected random proxies fail).
Anonymity High (fixed path, all proxies used). High (fixed path, all working proxies used). Variable (random path, different each time).
Performance Potentially slower due to fixed, full path. Faster if some proxies are slow/down. Variable, depends on selected proxies.
Use Case When all proxies are reliable and order matters. When resilience is important. When varying the path is desired for anonymity.

Security Considerations and Limitations

ProxyChains is a tool for routing traffic, not a complete anonymity solution. Users must understand its limitations.

DNS Leaks

Without proxy_dns enabled, DNS requests may be resolved directly by the local system, exposing the user's real IP address to the DNS server. Enabling proxy_dns is crucial for anonymity.

Traffic Leaks

ProxyChains primarily intercepts TCP connections. Applications that use UDP or other protocols directly (e.g., some VPN clients, VoIP applications, certain games, or nmap's raw packet modes) may bypass the proxy chain, leading to traffic leaks. It is not suitable for applications requiring full network stack anonymization.

Performance Overhead

Chaining multiple proxies introduces latency and reduces throughput. Each hop in the chain adds processing time and network delay. The more proxies in the chain, the slower the connection will be.

Not a Silver Bullet for Anonymity

ProxyChains provides an additional layer of obfuscation but does not guarantee absolute anonymity. Sophisticated adversaries may still be able to correlate traffic patterns or exploit other vulnerabilities (e.g., browser fingerprinting, WebRTC leaks) to de-anonymize a user. It should be used in conjunction with other security practices, such as a secure operating system, robust firewall rules, and careful application selection.

Application Compatibility

ProxyChains relies on LD_PRELOAD to intercept library calls. Not all applications behave predictably when their network functions are intercepted. Applications that use custom network libraries, static linking, or specific kernel interfaces may not work correctly or at all with ProxyChains.

Auto-update: 03.03.2026
All Categories

Advantages of our proxies

25,000+ proxies from 120+ countries

Unlimited Proxies Residential Proxies