This is a report for the Configuration Management Systems course taught by Tero Karvinen
The goal of this module is to setup multiple proxies in diffrent countries quickly and easily to be used with proxychains4
. Everything is tested on a Ubuntu-20.04 master and minions.
First step to get this setup is to install salt-master
and salt-cloud
with the following commands.
wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' | sudo tee /etc/apt/sources.list.d/saltstack.list
sudo apt update -y
sudo apt install salt-master -y && sudo apt install salt-cloud -y
It is important that the master will be accessible from the minions so ports 4505 and 4506 must be accessible from the internet. This can be done in a variety of ways that im not going to cover here too much but im currently connected to a router and my master is a virtual machine so i have ports 4505 and 4506 whitelisted in the router firewall and forwarded to my machine. From there i have these ports forwarded from my host to my virtualbox VM that im using as the master. Im not going to go too deep into port forwarding here but to do it in virtual box you want to create a NAT network if you dont already have one by going to File -> Prefrences -> Network
and configure the portforwarding configuration there. Lastly make sure the master is using this network.
With the tedious part out of the way all the necessary files can be downloaded with the following command.
git clone https://github.com/heiskane/disposable-proxies.git
This will also require a linode account and an api key. Linode account can be created at https://www.linode.com/ and the api key can be generated by going to My Profile -> API Tokens -> Add a Personal Access Token
. The minimun permissions for the api key i managed to get away with were read/write for Account, Images and Linodes.
With the API token created its time to move the linode.conf
file to /etc/salt/cloud.providers.d/
and configure it as follows.
linode-provider:
provider: linode
password: ADD_PASSWORD_FOR_ROOT_USER
apikey: YOUR_API_KEY_HERE
api_version: v4
driver: linode
Next the proxy.conf
file must be moved to /etc/salt/cloud.profiles.d/
and configured with your salt masters ip address as follows.
proxy-server:
provider: linode-provider
size: g6-nanode-1
image: linode/ubuntu20.04
location: eu-central
minion:
master: YOUR_MASTER_IP_HERE
Note that the smallest (and cheapest) server is chosen here. Diffrent options for sizes can be listed by running sudo salt-cloud --list-sizes linode
and the id for any given size can be used in the proxy.conf
file. The default option will charge 0.0075$ per hour and is billed by the hour which adds up to 5$ per month. 2 servers will be created later but can be easily destroyed at any time.
Salt master user /srv/salt
as the directory for the states so it must be created if it doesnt already exist.
sudo mkdir /srv/salt
The dante directory can now be moved to /srv/salt/
sudo mv dante /srv/salt/
The pillar
directory can be moved to /srv/
. This directory will contain users.sls
file that defines the users so thats were the default username and password can be changed. More users for the proxies can also be added into the users.sls
file as follows.
users:
heiskane:
password: YouMightWantToChangeThisDefaultPassword
newUser:
password: YourNewPassword
The proxies
file will be used by the salt cloud command and can be put anywhere but ill choose to put it in /srv/cloud/
directory which must be created as well.
sudo mkdir /srv/cloud
sudo mv proxies /srv/cloud
The proxies file will determine how many proxies are setup and where. More proxy servers can be added here. Note that location
is indented with 4 spaces instead of 2 for some reason. The default locations here will create a server in the UK and germany but can be changed to any of the available regions which can be listed by running sudo salt-cloud --list-locations linode
. Ill leave a list of available locations here as well.
.
proxy-server:
- proxy-1:
location: eu-central
- proxy-2:
location: eu-west
Now the proxies can be created by running the following command. Note that this can take a few minutes.
sudo salt-cloud -P -m /srv/cloud/proxies
The -P
will create the servers in parallel to save time and -m
specifies the map file. After the servers are created the can be configured as socks5 proxies with the following command.
sudo salt 'proxy*' state.apply dante
To actually go through these proxies i use proxycahis4
which can be installed with the following command.
sudo apt install proxychains4 -y
Next the proxy servers must be added to the proxychains configuration file. The ip addresses for each of the proxies can be gathered with the following command.
sudo salt --out=json 'proxy*' grains.item ipv4|jq '.[] .ipv4[1]'|tr -d '"'
Note that for the proxychains4 configuration the default file at /etc/proxychains4.conf
can be used instead the provided file. If you want proxychains to run quietly add quiet_mode
to this file. These ip addresses can then be added to the provided proxychains4.conf
file as follows.
dynamic_chain
proxy_dns
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks5 178.79.158.252 1080 heiskane YouMightWantToChangeThisDefaultPassword
socks5 172.105.65.221 1080 heiskane YouMightWantToChangeThisDefaultPassword
Note that if you changed the password in /srv/pillar/users.sls
the new password must be added here as well. The proxychains4.conf
can now be moved to /etc/
sudo mv proxychains4.conf /etc/
Proxychains forces any tcp connection to go through the proxies so it can be used for a variety of things like firefox, namp and gobuster. As an example firefox can be set to go through the proxies with the following command.
proxychains4 firefox
Finally proxy servers can be destroyed as follows.
sudo salt-cloud -d proxy-1 proxy-2
At this point with all the configuration out of the way the next time the proxies can be set back up with only these two commands.
sudo salt-cloud -P -m /srv/cloud/proxies
sudo salt proxy* state.apply dante