This is a report for the Configuration Management Systems course taught by Tero Karvinen
The goal of this module is to setup multiple proxies in diffrent countries quickly and easily to be used with
proxychains4. Everything is tested on a Ubuntu-20.04 master and minions.
First step to get this setup is to install
salt-cloud with the following commands.
wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add - echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' | sudo tee /etc/apt/sources.list.d/saltstack.list sudo apt update -y sudo apt install salt-master -y && sudo apt install salt-cloud -y
It is important that the master will be accessible from the minions so ports 4505 and 4506 must be accessible from the internet. This can be done in a variety of ways that im not going to cover here too much but im currently connected to a router and my master is a virtual machine so i have ports 4505 and 4506 whitelisted in the router firewall and forwarded to my machine. From there i have these ports forwarded from my host to my virtualbox VM that im using as the master. Im not going to go too deep into port forwarding here but to do it in virtual box you want to create a NAT network if you dont already have one by going to
File -> Prefrences -> Network and configure the portforwarding configuration there. Lastly make sure the master is using this network.
With the tedious part out of the way all the necessary files can be downloaded with the following command.
git clone https://github.com/heiskane/disposable-proxies.git
This will also require a linode account and an api key. Linode account can be created at https://www.linode.com/ and the api key can be generated by going to
My Profile -> API Tokens -> Add a Personal Access Token. The minimun permissions for the api key i managed to get away with were read/write for Account, Images and Linodes.
With the API token created its time to move the
linode.conf file to
/etc/salt/cloud.providers.d/ and configure it as follows.
linode-provider: provider: linode password: ADD_PASSWORD_FOR_ROOT_USER apikey: YOUR_API_KEY_HERE api_version: v4 driver: linode
proxy.conf file must be moved to
/etc/salt/cloud.profiles.d/ and configured with your salt masters ip address as follows.
proxy-server: provider: linode-provider size: g6-nanode-1 image: linode/ubuntu20.04 location: eu-central minion: master: YOUR_MASTER_IP_HERE
Note that the smallest (and cheapest) server is chosen here. Diffrent options for sizes can be listed by running
sudo salt-cloud --list-sizes linode and the id for any given size can be used in the
proxy.conf file. The default option will charge 0.0075$ per hour and is billed by the hour which adds up to 5$ per month. 2 servers will be created later but can be easily destroyed at any time.
Salt master user
/srv/salt as the directory for the states so it must be created if it doesnt already exist.
sudo mkdir /srv/salt
The dante directory can now be moved to
sudo mv dante /srv/salt/
pillar directory can be moved to
/srv/. This directory will contain
users.sls file that defines the users so thats were the default username and password can be changed. More users for the proxies can also be added into the
users.sls file as follows.
users: heiskane: password: YouMightWantToChangeThisDefaultPassword newUser: password: YourNewPassword
proxies file will be used by the salt cloud command and can be put anywhere but ill choose to put it in
/srv/cloud/ directory which must be created as well.
sudo mkdir /srv/cloud sudo mv proxies /srv/cloud
The proxies file will determine how many proxies are setup and where. More proxy servers can be added here. Note that
location is indented with 4 spaces instead of 2 for some reason. The default locations here will create a server in the UK and germany but can be changed to any of the available regions which can be listed by running
sudo salt-cloud --list-locations linode. Ill leave a list of available locations here as well.
proxy-server: - proxy-1: location: eu-central - proxy-2: location: eu-west
Now the proxies can be created by running the following command. Note that this can take a few minutes.
sudo salt-cloud -P -m /srv/cloud/proxies
-P will create the servers in parallel to save time and
-m specifies the map file. After the servers are created the can be configured as socks5 proxies with the following command.
sudo salt 'proxy*' state.apply dante
To actually go through these proxies i use
proxycahis4 which can be installed with the following command.
sudo apt install proxychains4 -y
Next the proxy servers must be added to the proxychains configuration file. The ip addresses for each of the proxies can be gathered with the following command.
sudo salt --out=json 'proxy*' grains.item ipv4|jq '. .ipv4'|tr -d '"'
Note that for the proxychains4 configuration the default file at
/etc/proxychains4.conf can be used instead the provided file. If you want proxychains to run quietly add
quiet_mode to this file. These ip addresses can then be added to the provided
proxychains4.conf file as follows.
dynamic_chain proxy_dns remote_dns_subnet 224 tcp_read_time_out 15000 tcp_connect_time_out 8000 [ProxyList] socks5 18.104.22.168 1080 heiskane YouMightWantToChangeThisDefaultPassword socks5 22.214.171.124 1080 heiskane YouMightWantToChangeThisDefaultPassword
Note that if you changed the password in
/srv/pillar/users.sls the new password must be added here as well. The
proxychains4.conf can now be moved to
sudo mv proxychains4.conf /etc/
Proxychains forces any tcp connection to go through the proxies so it can be used for a variety of things like firefox, namp and gobuster. As an example firefox can be set to go through the proxies with the following command.
Finally proxy servers can be destroyed as follows.
sudo salt-cloud -d proxy-1 proxy-2
At this point with all the configuration out of the way the next time the proxies can be set back up with only these two commands.
sudo salt-cloud -P -m /srv/cloud/proxies sudo salt proxy* state.apply dante