proxychains.conf: add hint that proxy must be in ipv4 notation

it is generally invalid to use a DNS name since DNS subsystem
is only available once connected to the proxy; because
DNS is done server-side.

closes #19

Makefile

@@ -33,8 +33,6 @@ LDSO_SUFFIX = so
 LD_SET_SONAME = -Wl,-soname=
 INSTALL_FLAGS = -D -m
 
--include config.mak
-
 LDSO_PATHNAME = libproxychains4.$(LDSO_SUFFIX)
 
 SHARED_LIBS = $(LDSO_PATHNAME)
@@ -42,6 +40,7 @@ ALL_LIBS = $(SHARED_LIBS)
 PXCHAINS = proxychains4
 ALL_TOOLS = $(PXCHAINS)
 
+-include config.mak
 
 CFLAGS+=$(USER_CFLAGS) $(MAC_CFLAGS)
 CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"$(LDSO_PATHNAME)\"
@@ -50,13 +49,13 @@ CFLAGS_MAIN=-DLIB_DIR=\"$(libdir)\" -DSYSCONFDIR=\"$(sysconfdir)\" -DDLL_NAME=\"
 all: $(ALL_LIBS) $(ALL_TOOLS)
 
 install-config:
-	install -d $(DESTDIR)/$(sysconfdir)
-	install $(INSTALL_FLAGS) 644 src/proxychains.conf $(DESTDIR)/$(sysconfdir)/
+	install -d $(DESTDIR)$(sysconfdir)
+	install $(INSTALL_FLAGS) 644 src/proxychains.conf $(DESTDIR)$(sysconfdir)/
 
 install: 
-	install -d $(DESTDIR)/$(bindir)/ $(DESTDIR)/$(libdir)/
-	install $(INSTALL_FLAGS) 755 $(ALL_TOOLS) $(DESTDIR)/$(bindir)/
-	install $(INSTALL_FLAGS) 644 $(ALL_LIBS) $(DESTDIR)/$(libdir)/
+	install -d $(DESTDIR)$(bindir)/ $(DESTDIR)$(libdir)/
+	install $(INSTALL_FLAGS) 755 $(ALL_TOOLS) $(DESTDIR)$(bindir)/
+	install $(INSTALL_FLAGS) 644 $(ALL_LIBS) $(DESTDIR)$(libdir)/
 
 clean:
 	rm -f $(ALL_LIBS)
@@ -73,4 +72,4 @@ $(ALL_TOOLS): $(OBJS)
 	$(CC) src/main.o src/common.o -o $(PXCHAINS)
 
 
-.PHONY: all clean install
+.PHONY: all clean install install-config

README

@@ -1,27 +1,51 @@
-ProxyChains ver 4.3 README
-==========================
+ProxyChains-NG ver 4.5 README
+=============================
 
   ProxyChains is a UNIX program, that hooks network-related libc functions
-  in dynamically linked programs via a preloaded DLL and redirects the
-  connections through SOCKS4a/5 or HTTP proxies.
+  in DYNAMICALLY LINKED programs via a preloaded DLL (dlsym(), LD_PRELOAD)
+  and redirects the connections through SOCKS4a/5 or HTTP proxies.
+  It supports TCP only (no UDP/ICMP etc).
+
+  The way it works is basically a HACK; so it is possible that it doesn't
+  work with your program, especially when it's a script, or starts 
+  numerous processes like background daemons or uses dlopen() to load
+  "modules" (bug in glibc dynlinker).
+  It should work with simple compiled (C/C++) dynamically linked programs
+  though.
+
+  If your program doesn't work with proxychains, consider using an 
+  iptables based solution instead; this is much more robust.
+
+  Supported Platforms: Linux, BSD, Mac.
+
 
 *********** ATTENTION ***********
 
-  this program works only on dynamically linked programs.
-  also both proxychains and the program to call must use
-  the same dynamic linker (i.e. same libc).
-  why ? because in order to hook to libc functions like
-  connect(), dynamic loader facilities are used, namely
-  dl_sym() and LD_PRELOAD.
+  this program can be used to circumvent censorship.
+  doing so can be VERY DANGEROUS in certain countries.
 
-*********************************
+  ALWAYS MAKE SURE THAT PROXYCHAINS WORKS AS EXPECTED
+  BEFORE USING IT FOR ANYTHING SERIOUS.
+
+  this involves both the program and the proxy that you're going to
+  use.
+
+  for example, you can connect to some "what is my ip" service
+  like ifconfig.me to make sure that it's not using your real ip.
+
+  ONLY USE PROXYCHAINS IF YOU KNOW WHAT YOU'RE DOING.
+
+  THE AUTHORS AND MAINTAINERS OF PROXYCHAINS DO NOT TAKE ANY 
+  RESPONSIBILITY FOR ANY ABUSE OR MISUSE OF THIS SOFTWARE AND 
+  THE RESULTING CONSEQUENCES.
 
 *** Installation ***
 
   # needs a working C compiler, preferably gcc
-  ./configure
+  ./configure --prefix=/usr --sysconfdir=/etc
   make
   [optional] sudo make install
+  [optional] sudo make install-config (installs proxychains.conf)
 
   if you dont install, you can use proxychains from the build directory
   like this: ./proxychains4 -f src/proxychains.conf telnet google.com 80
@@ -29,6 +53,14 @@ ProxyChains ver 4.3 README
 Changelog:
 ----------
 
+Version 4.5:
+- hook close() to prevent OpenSSH from messing with internal infrastructure.
+  this caused ssh client to segfault when proxified.
+
+Version 4.4:
+- FreeBSD port
+- fixes some installation issues on Debian and Mac.
+
 Version 4.3:
 - fixes programs that do dns-lookups in child processes (fork()ed),
   like irssi. to achieve this, support for compilation without pthreads
@@ -78,10 +110,9 @@ Some cool features:
 	random order from the list ( user defined length of chain ).
 	exact order  (as they appear in the list )
 	dynamic order (smart exclude dead proxies from chain)
-* You can use it with any TCP client application, even network scanners
-	yes, yes - you can make portscan via proxy (or chained proxies)
-	for example with Nmap scanner by fyodor (www.insecire.org/nmap).
-	proxychains nmap -sT -PO -p 80 -iR  (find some webservers through proxy)
+* You can use it with most TCP client applications, possibly even network 
+	scanners, as long as they use standard libc functionality.
+	pcap based scanning does not work.
 * You can use it with servers, like squid, sendmail, or whatever.
 * DNS resolving through proxy.
 
@@ -90,13 +121,13 @@ Configuration:
 --------------
 
 proxychains looks for config file in following order:
-1)	file listed in environment variable ${PROXYCHAINS_CONF_FILE} or
+1)	file listed in environment variable PROXYCHAINS_CONF_FILE or
 	provided as a -f argument to proxychains script or binary.
 2)	./proxychains.conf
 3)	$(HOME)/.proxychains/proxychains.conf
-4)	/etc/proxychains.conf  **
+4)	$(sysconfdir)/proxychains.conf  **
 
-**see more in /etc/proxychains.conf
+** usually /etc/proxychains.conf
 
 Usage Example:
 
@@ -119,3 +150,7 @@ Usage Example:
 in this example it will resolve targethost.com through proxy(or chained proxies)
 specified by proxychains.conf
 
+Community:
+----------
+#proxychains on irc.freenode.net
+

configure

@@ -90,6 +90,7 @@ if ismac ; then
 elif isbsd ; then
 	echo LIBDL=>>config.mak
 	echo "CFLAGS+=-DIS_BSD">>config.mak
+	echo INSTALL_FLAGS=-m>>config.mak
 fi
 
 echo done, now run make \&\& make install

src/allocator_thread.c

@@ -8,6 +8,7 @@
 #include <string.h>
 #include <stdint.h>
 #include <stddef.h>
+#include <errno.h>
 #include "allocator_thread.h"
 #include "shm.h"
 #include "debug.h"
@@ -147,8 +148,8 @@ struct at_msghdr {
 
 static pthread_t allocator_thread;
 static pthread_attr_t allocator_thread_attr;
-static int req_pipefd[2];
-static int resp_pipefd[2];
+int req_pipefd[2];
+int resp_pipefd[2];
 
 static int wait_data(int readfd) {
 	PFUNC();
@@ -158,7 +159,13 @@ static int wait_data(int readfd) {
 	int ret;
 	while((ret = select(readfd+1, &fds, NULL, NULL, NULL)) <= 0) {
 		if(ret < 0) {
-			perror("select2");
+			int e = errno;
+			if(e == EINTR) continue;
+#ifdef __GLIBC__
+			char emsg[1024];
+			char* x = strerror_r(errno, emsg, sizeof emsg);
+			dprintf(2, "select2: %s\n", x);
+#endif
 			return 0;
 		}
 	}

src/allocator_thread.h

@@ -6,6 +6,9 @@
 
 #define MSG_LEN_MAX 256
 
+extern int req_pipefd[2];
+extern int resp_pipefd[2];
+
 void at_init(void);
 void at_close(void);
 size_t at_get_host_for_ip(ip_type ip, char* readbuf);

src/core.h

@@ -82,6 +82,7 @@ int connect_proxy_chain (int sock, ip_type target_ip, unsigned short target_port
 
 void proxychains_write_log(char *str, ...);
 
+typedef int (*close_t)(int);
 typedef int (*connect_t)(int, const struct sockaddr *, socklen_t);
 typedef struct hostent* (*gethostbyname_t)(const char *);
 typedef int (*freeaddrinfo_t)(struct addrinfo *);

src/libproxychains.c

@@ -45,6 +45,7 @@
 #define     SOCKFAMILY(x)     (satosin(x)->sin_family)
 #define     MAX_CHAIN 512
 
+close_t true_close;
 connect_t true_connect;
 gethostbyname_t true_gethostbyname;
 getaddrinfo_t true_getaddrinfo;
@@ -113,6 +114,7 @@ static void do_init(void) {
 	SETUP_SYM(freeaddrinfo);
 	SETUP_SYM(gethostbyaddr);
 	SETUP_SYM(getnameinfo);
+	SETUP_SYM(close);
 	
 	init_l = 1;
 }
@@ -166,7 +168,11 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 	*ct = DYNAMIC_TYPE;
 	
 	env = get_config_path(getenv(PROXYCHAINS_CONF_FILE_ENV_VAR), buff, sizeof(buff));
-	file = fopen(env, "r");
+	if( ( file = fopen(env, "r") ) == NULL )
+	{
+	        perror("couldnt read configuration file");
+        	exit(1);
+	}
 
 	env = getenv(PROXYCHAINS_QUIET_MODE_ENV_VAR);
 	if(env && *env == '1')
@@ -186,7 +192,12 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 
 				sscanf(buff, "%s %s %d %s %s", type, host, &port_n, pd[count].user, pd[count].pass);
 
-				pd[count].ip.as_int = (uint32_t) inet_addr(host);
+				in_addr_t host_ip = inet_addr(host);
+				if(host_ip == INADDR_NONE) {
+					fprintf(stderr, "proxy %s has invalid value or is not numeric\n", host);
+					exit(1);
+				}
+				pd[count].ip.as_int = (uint32_t) host_ip;
 				pd[count].port = htons((unsigned short) port_n);
 
 				if(!strcmp(type, "http")) {
@@ -282,6 +293,16 @@ static void get_chain_data(proxy_data * pd, unsigned int *proxy_count, chain_typ
 
 /*******  HOOK FUNCTIONS  *******/
 
+int close(int fd) {
+	/* prevent rude programs (like ssh) from closing our pipes */
+	if(fd != req_pipefd[0]  && fd != req_pipefd[1] &&
+	   fd != resp_pipefd[0] && fd != resp_pipefd[1]) {
+		return true_close(fd);
+	}
+	errno = EINTR;
+	return -1;
+}
+
 int connect(int sock, const struct sockaddr *addr, unsigned int len) {
 	PFUNC();
 	int socktype = 0, flags = 0, ret = 0;

src/proxychains

@@ -1,26 +0,0 @@
-#!/bin/sh
-echo "ProxyChains-3.1 (http://proxychains.sf.net)"
-
-usage() {
-
-	echo "	usage:"
-	echo "		$0 [h] [f config-file] <prog> [args]"
-	exit
-}
-
-if [ $# = 0 ] ; then
-	usage
-fi
-
-if [ $1 = "-h" ]; then
-	usage
-fi
-
-if [ "$1" = "-f" ]; then
-	export PROXYCHAINS_CONF_FILE=$2;
-	shift;
-	shift;
-fi
-
-export LD_PRELOAD=libproxychains.so.3
-exec "$@"

src/proxychains.conf

@@ -77,9 +77,11 @@ tcp_connect_time_out 8000
 # localnet 192.168.0.0/255.255.0.0
 
 # ProxyList format
-#       type  host  port [user pass]
+#       type  ip  port [user pass]
 #       (values separated by 'tab' or 'blank')
 #
+#       only numeric ipv4 addresses are valid
+#
 #
 #        Examples:
 #

src/proxyresolv

@@ -1,8 +1,10 @@
 #!/bin/sh
-# This script is called by proxychains to resolve DNS names
+# This is a legacy script that uses "dig" to do DNS lookups via TCP.
+# it is not actively maintained since proxychains no longer depends
+# on it. i leave it here as a bonus.
 
 # DNS server used to resolve names
-DNS_SERVER=4.2.2.2
+DNS_SERVER=8.8.8.8
 
 
 if [ $# = 0 ] ; then
@@ -12,5 +14,5 @@ if [ $# = 0 ] ; then
 fi
 
 
-export LD_PRELOAD=libproxychains.so
-dig $1 @$DNS_SERVER +tcp | awk '/A.+[0-9]+\.[0-9]+\.[0-9]/{print $5;}'
+export LD_PRELOAD=libproxychains4.so
+dig $1 @$DNS_SERVER +tcp | awk '/A.?[0-9]+\.[0-9]+\.[0-9]/{print $5;}'