Premise

In this post tutorial, we showed how to use do Nmap scanning with Proxychains and Tor in order to achieve complete privacy and anonymity. We also analyzed the traffic with Wireshark on Security onion and we demonstrated how to evade firewall and Intrusion detection systems with the right Nmap switches.

Skills Learned

  • Nmap
  • Anonymity
  • Proxy Chains
  • IDS
  • Firewalls
  • Wireshark

First things first, I’ll show you how to install and configure the necessary tools. We’ll start by installing Tor, the well-known anonymity network. Once Tor is up and running, we’ll install Privoxy, which is a proxy that will help us integrate Tor with our web browser and other applications. I’ll guide you through the configuration of Privoxy to ensure it’s properly forwarding traffic through the Tor network.

Next, we’ll install Proxychains, a tool that allows us to force any application to use a proxy, even if it doesn’t natively support it. I’ll explain the difference between dynamic_chain and strict_chain in the Proxychains configuration and recommend using dynamic_chain for more flexibility.

With all the tools in place, I’ll show you how to verify that your setup is working correctly. We’ll launch Firefox through Proxychains and check our IP address on Google. You’ll see that your public IP address has been replaced with the IP address of a Tor exit node, confirming that your online activities are now anonymized.

Now for the exciting part! I’ll demonstrate how to perform anonymous Nmap scans using our new setup. I’ll cover several evasion techniques to make your scans even harder to detect:

  • Stealth Scan (-sS): I’ll explain how this scan type works and why it’s less likely to be logged by firewalls.
  • Fragmentation (-f): We’ll explore how fragmenting packets can help us bypass intrusion detection systems.
  • Decoy Scan (-D): I’ll show you a cool trick to launch scans from multiple spoofed IP addresses, making it extremely difficult to pinpoint the real source of the scan.
  • No Ping (-Pn): We’ll see why disabling ping probes is a good practice for stealthy scanning.
  • MAC Address Spoofing (--spoof-mac): I’ll demonstrate how to change your MAC address to further enhance your anonymity.
  • Packet Length (--data-length): We’ll learn how to manipulate the size of our packets to evade detection.

Throughout the video, I’ll be using Wireshark on a Security Onion machine to analyze the network traffic and show you the effects of our anonymity and evasion techniques in real-time. You’ll be able to see for yourself how your actual IP address is hidden and how the stealthy scans appear on the network.

Technical Commands

Here are all the technical commands that I used in the video:

  • sudo apt-get install tor
  • sudo service tor status
  • sudo apt-get install privoxy
  • sudo nano /etc/privoxy/config
  • sudo apt-get install proxychains
  • sudo nano /etc/proxychains.conf
  • sudo service tor start
  • proxychains firefox
  • sudo proxychains nmap
  • sudo netdiscover -r 192.168.1.0/24
  • sudo wireshark
  • nmap -sn
  • ifconfig
  • sudo service network-manager stop
  • sudo service network-manager start
  • sudo nmap -sV 192.168.94.136

Video Walk-through

, , , ,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles