Final Module

This is a report for the Configuration Management Systems course taught by Tero Karvinen

Disposable Proxies

The goal of this module is to setup multiple proxies in diffrent countries quickly and easily to be used with proxychains4. Everything is tested on a Ubuntu-20.04 master and minions.

First step to get this setup is to install salt-master and salt-cloud with the following commands.

wget -O - https://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest/SALTSTACK-GPG-KEY.pub | sudo apt-key add -
echo 'deb http://repo.saltstack.com/py3/ubuntu/20.04/amd64/latest focal main' | sudo tee /etc/apt/sources.list.d/saltstack.list
sudo apt update -y
sudo apt install salt-master -y && sudo apt install salt-cloud -y

It is important that the master will be accessible from the minions so ports 4505 and 4506 must be accessible from the internet. This can be done in a variety of ways that im not going to cover here too much but im currently connected to a router and my master is a virtual machine so i have ports 4505 and 4506 whitelisted in the router firewall and forwarded to my machine. From there i have these ports forwarded from my host to my virtualbox VM that im using as the master. Im not going to go too deep into port forwarding here but to do it in virtual box you want to create a NAT network if you dont already have one by going to File -> Prefrences -> Network and configure the portforwarding configuration there. Lastly make sure the master is using this network.

With the tedious part out of the way all the necessary files can be downloaded with the following command.

git clone https://github.com/heiskane/disposable-proxies.git

This will also require a linode account and an api key. Linode account can be created at https://www.linode.com/ and the api key can be generated by going to My Profile -> API Tokens -> Add a Personal Access Token. The minimun permissions for the api key i managed to get away with were read/write for Account, Images and Linodes.

With the API token created its time to move the linode.conf file to /etc/salt/cloud.providers.d/ and configure it as follows.

linode-provider:
  provider: linode
  password: ADD_PASSWORD_FOR_ROOT_USER
  apikey: YOUR_API_KEY_HERE 
  api_version: v4
  driver: linode

Next the proxy.conf file must be moved to /etc/salt/cloud.profiles.d/ and configured with your salt masters ip address as follows.

proxy-server:
  provider: linode-provider
  size: g6-nanode-1
  image: linode/ubuntu20.04
  location: eu-central
  minion:
    master: YOUR_MASTER_IP_HERE

Note that the smallest (and cheapest) server is chosen here. Diffrent options for sizes can be listed by running sudo salt-cloud --list-sizes linode and the id for any given size can be used in the proxy.conf file. The default option will charge 0.0075$ per hour and is billed by the hour which adds up to 5$ per month. 2 servers will be created later but can be easily destroyed at any time.

Salt master user /srv/salt as the directory for the states so it must be created if it doesnt already exist.

sudo mkdir /srv/salt

The dante directory can now be moved to /srv/salt/

sudo mv dante /srv/salt/

The pillar directory can be moved to /srv/. This directory will contain users.sls file that defines the users so thats were the default username and password can be changed. More users for the proxies can also be added into the users.sls file as follows.

users:
  heiskane:
    password: YouMightWantToChangeThisDefaultPassword
  newUser:
    password: YourNewPassword

The proxies file will be used by the salt cloud command and can be put anywhere but ill choose to put it in /srv/cloud/ directory which must be created as well.

sudo mkdir /srv/cloud
sudo mv proxies /srv/cloud

The proxies file will determine how many proxies are setup and where. More proxy servers can be added here. Note that location is indented with 4 spaces instead of 2 for some reason. The default locations here will create a server in the UK and germany but can be changed to any of the available regions which can be listed by running sudo salt-cloud --list-locations linode. Ill leave a list of available locations here as well.

Available locations

• ap-west
• ca-central
• ap-southeast
• us-central
• us-west
• us-east
• eu-west
• ap-south
• eu-central
• ap-northeast

.

proxy-server:
  - proxy-1:
      location: eu-central
  - proxy-2:
      location: eu-west

Now the proxies can be created by running the following command. Note that this can take a few minutes.

sudo salt-cloud -P -m /srv/cloud/proxies

The -P will create the servers in parallel to save time and -m specifies the map file. After the servers are created the can be configured as socks5 proxies with the following command.

sudo salt 'proxy*' state.apply dante

To actually go through these proxies i use proxycahis4 which can be installed with the following command.

sudo apt install proxychains4 -y

Next the proxy servers must be added to the proxychains configuration file. The ip addresses for each of the proxies can be gathered with the following command.

sudo salt --out=json 'proxy*' grains.item ipv4|jq '.[] .ipv4[1]'|tr -d '"'

Note that for the proxychains4 configuration the default file at /etc/proxychains4.conf can be used instead the provided file. If you want proxychains to run quietly add quiet_mode to this file. These ip addresses can then be added to the provided proxychains4.conf file as follows.

dynamic_chain
proxy_dns 
remote_dns_subnet 224
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks5  178.79.158.252 1080 heiskane YouMightWantToChangeThisDefaultPassword
socks5  172.105.65.221 1080 heiskane YouMightWantToChangeThisDefaultPassword

Note that if you changed the password in /srv/pillar/users.sls the new password must be added here as well. The proxychains4.conf can now be moved to /etc/

sudo mv proxychains4.conf /etc/

Proxychains forces any tcp connection to go through the proxies so it can be used for a variety of things like firefox, namp and gobuster. As an example firefox can be set to go through the proxies with the following command.

proxychains4 firefox

Finally proxy servers can be destroyed as follows.

sudo salt-cloud -d proxy-1 proxy-2

At this point with all the configuration out of the way the next time the proxies can be set back up with only these two commands.

sudo salt-cloud -P -m /srv/cloud/proxies
sudo salt proxy* state.apply dante