1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

How to Deploy your own stealth Proxy Server with tinyproxy.

Discussion in 'Proxies' started by alain12, Feb 26, 2019.

  1. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    I am not affiliated with tinyproxy in any way.

    Step 1: Find a good VPS provider that also offers extra IPs (if you intend on using multiple IPs). These are often called 'floating IPs'. At least 512MB of memory is needed. 1GB should be enough but it depends on how many simultaneous connections you'll use.

    Step 2: Deploy your VPS with Debian 9. I recommend Debian 9 because it's often lighter than Ubuntu, and it's very stable, and easy to work with. Everything shown here should also work with Ubuntu, but you may run into minor issues. This guide will NOT work for CentOS, Fedora, etc.

    Step 3: Attach your floating IPs if you bought any. You can always add IPs later.

    Step 4: Login to your VPS with SSH (If you're on windows, you can use puTTY). The VPS provider will give you the username (probably root) and password.

    Step 5: Install and Configure tinyproxy as follows:

    Make sure you're logged in as root. If not, run sudo su

    Update your system: apt update && apt upgrade -y

    If you have less than 1GB of RAM, you can create a swap file which will be used as RAM if your system runs out. It's the Linux equivalent of the Windows pagefile. This is optional but generally good for performance:

    First make sure your VPS does not already have a swap file or partition.

    swapon

    If this command outputs nothing, you do not have swap space. If it does, you already have swap space and should not need to create more.

    Create a 1GB swapfile:

    dd if=/dev/zero of=/swapfile bs=1k count=1M

    Set correct permissions:

    chmod 600 /swapfile

    Activate it:

    mkswap /swapfile
    swapon /swapfile


    Then save a line in your fstab, so when you reboot, your system will automatically use that swap space.

    echo "/swapfile swap swap defaults 0 0" >> /etc/fstab

    Install some packages: apt install -y git make automake nano build-essential

    (git is for grabbing tinyproxy from github, nano is an easy-to-use text editor, the rest are for compiling the proxy software)

    Download tinyproxy (the following command will always grab the most recent version):

    https://github.com/tinyproxy/tinyproxy.git

    Then

    cd tinyproxy/
    ./autogen.sh
    ./configure
    nano Makefile


    Find the section that starts with "SUBDIRS = \" (it should be line 343)
    And remove the line "docs \"
    So the section should now look like this:

    SUBDIRS = \
    src \
    data \
    etc \
    m4macros \
    tests \
    scripts



    Then press Ctrl x then y then Enter.

    (The reason for this edit is that building the documentation for tinyproxy would require downloading and installing 1GB+ of packages, and IMO a lighter system is more important than having these docs.)

    make
    make install


    Configuration:

    nano /usr/local/etc/tinyproxy/tinyproxy.conf

    And make the following changes:

    Group nobody > Group nogroup

    Port 8888 > Port xxxx (Use something other than 8080, 8888, etc. You'll get less brute-force attacks. )

    #BindSame yes > BindSame yes (this is only needed if you have multiple public IPs)

    #LogFile "/usr/local/var/log/tinyproxy/tinyproxy.log" > LogFile "/var/log/tinyproxy.log" (Only if you want to save logs)

    Allow 127.0.0.1 > #Allow 127.0.0.1

    #BasicAuth user password > BasicAuth ChooseAUsername ChooseAPassword (Use a very strong and complex password, bots from all over the world will be constantly trying to guess it)

    ViaProxyName "tinyproxy" > #ViaProxyName "tinyproxy"

    #DisableViaHeader Yes > DisableViaHeader Yes (this is technically a wrong thing to do, but we don't want IG/etc. to know that we're using a proxy.)

    Press Ctrl x then y then Enter to save and exit.

    Your proxy server is now ready! Start it with:

    tinyproxy

    And to make sure it is running:

    ss -lntup | grep tinyproxy

    If you get no output, then it is either not running, or running but not binding to a port.

    Finally, to make it run automatically after a reboot:

    crontab -e

    This will open a file in a text editor of your choice, simply add the following line at the end:

    @reboot /usr/local/bin/tinyproxy

    And done.
     
    • Thanks Thanks x 13
    Last edited by a moderator: Mar 2, 2019
  2. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    CORRECTION:

    git clone https://github.com/tinyproxy/tinyproxy.git
     
  3. zazazG

    zazazG Newbie

    Joined:
    Feb 27, 2019
    Messages:
    3
    Likes Received:
    1
    This is a very nice tutorial, I did a similiar thing with squid, but wouldn't the IP from VPS be detected as suspicious? I tried this before and in fact it didn't go well and I had to come up with something else a little bit more complex.

    Btw:

    I don't think that's a good choice. Bruteforcers are scanning ports, it doesn't really matter if you use 80, 3129 or any random number, they will eventually scan everything and find whatever service you're hosting on that port. I suggest you (and eventually any reader) to actually do something to avoid that (like Fail2Ban)
     
    • Thanks Thanks x 1
  4. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    Thanks :)

    You mean detected as suspicious by the sites (FB/IG/etc.) that I'm connecting to? They surely can tell that it's a datacenter IP, but I honestly have no idea if they would mark it as suspicious. I'm still new to this, should be able to tell in a few months.

    You're right, port scanning is often involved. But with the number of potential targets, scanning all 65535 ports for each IP would be an immense task. Only the common ports are scanned on a large scale.

    Fail2ban is a great idea, but since it works by scanning log files, I'm not sure if it has a filter that works with tinyproxy logs. I should probably look into that, I may have to write my own filter.
     
  5. dogstyle007

    dogstyle007 Junior Member

    Joined:
    Jul 31, 2013
    Messages:
    195
    Likes Received:
    39
    Occupation:
    Web developer
    Good tutorial i will surely give this a try.
     
    • Thanks Thanks x 1
  6. apfeltheif

    apfeltheif Registered Member

    Joined:
    Jul 29, 2018
    Messages:
    58
    Likes Received:
    11
    Thanks for the tutorial!
     
    • Thanks Thanks x 1
  7. kretchi

    kretchi Junior Member

    Joined:
    May 8, 2018
    Messages:
    148
    Likes Received:
    84
    Gender:
    Male
    Awesome bro
     
    • Thanks Thanks x 1
  8. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    Here's an automated user friendly script for quickly setting up a proxy server on Debian 10 Buster. You need to be logged in as root for it to work. May or may not work on other debian/ubuntu versions.

    Code:
    #!/bin/bash
    
    echo -n "Installing Proxy Server..."
    apt update >/dev/null 2>&1
    apt install -y tinyproxy >/dev/null 2>&1 && echo "done"
    systemctl stop tinyproxy.service >/dev/null 2>&1
    systemctl enable tinyproxy.service >/dev/null 2>&1
    if [ ! -e /etc/tinyproxy/tinyproxy.conf.orig ]
    then
            mv /etc/tinyproxy/tinyproxy.conf /etc/tinyproxy/tinyproxy.conf.orig && echo Backed up original configuration file to /etc/tinyproxy/tinyproxy.conf.orig
            fi
    
    read -p "Choose your proxy username: " puser
            while [ -z "$puser" ]
            do
                    echo "Username cannot be empty"
                    read -p "Choose your proxy username: " puser
    done
    
    read -s -p "Choose your proxy password: " ppass
    while [ -z "$ppass" ]
            do
                    echo "Password cannot be empty"
                    read -p "Choose your proxy password: " ppass
    done
    
    echo
    read -p "Choose the maximum number of simultaneous connections this proxy should accept or press enter for the default of 100: " pmaxconn
    if [ -z "$pmaxconn" ]
    then
            pmaxconn=100
            fi
    
    read -p "Choose the port number for your proxy or press enter for the default of 8888. Should be above 1024. " pport
    if [ -z "$pport" ]
    then
            pport=8888
            fi
    
    
    echo -n "Saving Configuration..."
    cat <<CONF > /etc/tinyproxy/tinyproxy.conf && echo "done"
    User tinyproxy
    Group tinyproxy
    Port $pport
    BindSame yes
    Timeout 600
    DefaultErrorFile "/usr/share/tinyproxy/default.html"
    StatHost "tinyproxy.stats"
    StatFile "/usr/share/tinyproxy/stats.html"
    LogFile "/var/log/tinyproxy/tinyproxy.log"
    LogLevel Warning
    PidFile "/run/tinyproxy/tinyproxy.pid"
    MaxClients $pmaxconn
    MinSpareServers 5
    MaxSpareServers 20
    StartServers 10
    MaxRequestsPerChild 0
    BasicAuth $puser $ppass
    DisableViaHeader Yes
    ConnectPort 443
    ConnectPort 563
    CONF
    
    echo -n "Starting Proxy Server..."
    systemctl start tinyproxy.service && echo "done"
    echo "Proxy port is $pport on all available IP addresses"
    echo "Your username is: $puser"
    read -p "Show password? y/n:" showp
    if [ "$showp"="y" ]
    then
        echo "Your password is: $ppass"
        fi
    Save it as "proxy.sh" on your VPS, then:

    Code:
    chmod u+x proxy.sh
    ./proxy.sh
     
    • Thanks Thanks x 1
  9. tophi

    tophi Jr. VIP Jr. VIP UnGagged Attendee

    Joined:
    Sep 7, 2012
    Messages:
    666
    Likes Received:
    175
    Do you have this for centos, as I already have a lot of stuff and I dont want to move to debian again...
     
  10. karupoiss

    karupoiss Elite Member

    Joined:
    May 16, 2012
    Messages:
    2,244
    Likes Received:
    732
    Gender:
    Male
    Location:
    Europe
    Could be useful but unfortunately the fact that it is still a datacenter IP makes it not that valuable for sites like FB, Google etc.
     
  11. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    Which centos version are you using?
     
  12. tophi

    tophi Jr. VIP Jr. VIP UnGagged Attendee

    Joined:
    Sep 7, 2012
    Messages:
    666
    Likes Received:
    175
    Based on my "/etc/redhat-release" its a CentOS release 6.10 (Final)
     
  13. alain12

    alain12 Registered Member

    Joined:
    Feb 15, 2019
    Messages:
    98
    Likes Received:
    51
    Script for CentOS 6:

    Code:
    #!/bin/bash
    
    echo "Disabling SELinux"
    yum install -y libselinux-utils
    setenforce 0
    sed -i "s/enforcing/permissive/g" /etc/sysconfig/selinux
    echo -n "Installing Proxy Server..."
    yum install -y git automake gcc asciidoc make
    git clone https://github.com/tinyproxy/tinyproxy.git
    cd tinyproxy
    ./autogen.sh
    ./configure
    make
    make install
    mkdir -p /usr/local/var/log/tinyproxy
    mkdir -p /usr/local/var/run/tinyproxy
    useradd -M tinyproxy
    chown -R tinyproxy /usr/local/var/{log,run}/tinyproxy
    echo "done"
    
    if [ ! -e /usr/local/etc/tinyproxy/tinyproxy.conf.orig ]
    then
            mv /usr/local/etc/tinyproxy/tinyproxy.conf /usr/local/etc/tinyproxy/tinyproxy.conf.orig && echo Backed up original configuration file to /usr/local/etc/tinyproxy/tinyproxy.conf.orig
            fi
    
    read -p "Choose your proxy username: " puser
            while [ -z "$puser" ]
            do
                    echo "Username cannot be empty"
                    read -p "Choose your proxy username: " puser
    done
    
    read -s -p "Choose your proxy password: " ppass
    while [ -z "$ppass" ]
            do
                    echo "Password cannot be empty"
                    read -p "Choose your proxy password: " ppass
    done
    
    echo
    read -p "Choose the maximum number of simultaneous connections this proxy should accept or press enter for the default of 100: " pmaxconn
    if [ -z "$pmaxconn" ]
    then
            pmaxconn=100
            fi
    
    read -p "Choose the port number for your proxy or press enter for the default of 8888. Should be above 1024. " pport
    if [ -z "$pport" ]
    then
            pport=8888
            fi
    
    
    echo -n "Saving Configuration..."
    cat <<CONF > /usr/local/etc/tinyproxy/tinyproxy.conf && echo "done"
    User tinyproxy
    Group tinyproxy
    Port $pport
    BindSame yes
    Timeout 600
    DefaultErrorFile "/usr/local/share/tinyproxy/default.html"
    StatHost "tinyproxy.stats"
    StatFile "/usr/local/share/tinyproxy/stats.html"
    LogFile "/usr/local/var/log/tinyproxy/tinyproxy.log"
    LogLevel Warning
    PidFile "/usr/local/var/run/tinyproxy/tinyproxy.pid"
    MaxClients $pmaxconn
    MinSpareServers 5
    MaxSpareServers 20
    StartServers 10
    MaxRequestsPerChild 0
    BasicAuth $puser $ppass
    DisableViaHeader Yes
    ConnectPort 443
    ConnectPort 563
    CONF
    
    echo -n "Starting Proxy Server..."
    /usr/local/bin/tinyproxy -c /usr/local/etc/tinyproxy/tinyproxy.conf && echo "done"
    echo -n "Adding line to crontab to start Proxy at boot..."
    (crontab -l 2>/dev/null; echo "@reboot /usr/local/bin/tinyproxy -c /usr/local/etc/tinyproxy/tinyproxy.conf >/dev/null 2>&1") | crontab -
    echo "done"
    echo "Proxy port is $pport on all available IP addresses"
    echo "Your username is: $puser"
    read -p "Show password? y/n:" showp
    if [ "$showp"="y" ]
    then
        echo "Your password is: $ppass"
        fi