Hello. I tried scanning through Tor using Whonix, but it didn’t work. How can I redirect all OpenVAS/GVM traffic through a proxy? What other methods are there to hide IP when scanning?
So far I have solved the problem using redsocks. To make it easier for those who will need to solve the same problem in the future, I will describe the configs.
My iptables configuration :
iptables -t nat -N REDSOCKS
iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 100.64.0.0/10 -j RETURN
iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
iptables -t nat -A REDSOCKS -d 198.18.0.0/15 -j RETURN
iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN
iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner $USER -j REDSOCKS
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner root -j REDSOCKS
Of course, you also need to configure UDP traffic redirection to the proxy.
Also do not forget to configure the proxy server in /etc/redsocks.conf.
This is far from the best solution, maybe I’ll rewrite it later.