VPN & Proxy

SOCKS Proxy

About 4 min read

Last updated: 2026-02-20

What Is a SOCKS Proxy

A SOCKS (Socket Secure) proxy is a general-purpose proxy server that relays traffic at the TCP/UDP level. While an HTTP proxy only relays browser web traffic, a SOCKS proxy can relay traffic from any application regardless of protocol.

A SOCKS proxy does not interpret application-layer data; it simply forwards packets. This gives it the flexibility to handle protocols beyond HTTP, including email (SMTP/IMAP), file transfer (FTP), SSH, and P2P communications.

Differences Between SOCKS4 / SOCKS4a / SOCKS5

SOCKS4 (1996)
TCP only. No authentication. IPv4 only. The client must resolve DNS beforehand and specify the destination by IP address, so DNS requests go directly to the ISP's DNS server without passing through the proxy. This exposes which domains you are trying to access to your ISP (DNS leak).
SOCKS4a
An extension of SOCKS4. Allows specifying the destination by domain name, with DNS resolution performed on the proxy server side. This reduces the risk of DNS leaks. However, the TCP-only and no-authentication limitations remain the same as SOCKS4. Used in early Tor implementations.
SOCKS5 (RFC 1928, 1996)
Supports both TCP and UDP. Supports username/password authentication (RFC 1929) and GSSAPI authentication. IPv6 compatible. Can perform DNS resolution on the proxy side. Accepts IPv4 addresses, IPv6 addresses, and domain names as destination types. The de facto standard today.

In practice, SOCKS5 is the standard choice. UDP support enables relaying of DNS queries, VoIP, streaming, and other real-time communications.

SSH Dynamic Port Forwarding

The easiest way to set up a SOCKS proxy is SSH dynamic port forwarding. If you have SSH access to a remote server, you can create an encrypted SOCKS5 proxy without any additional software.

ssh -D 1080 -N -f user@remote-server

This command starts a SOCKS5 proxy on local port 1080. -N means no remote command execution, and -f runs it in the background. Then simply configure your browser or application to use localhost:1080 as a SOCKS5 proxy.

The advantage of this approach is that traffic between the client and remote server is encrypted by SSH. While a standard SOCKS proxy does not encrypt traffic, running it over an SSH tunnel allows safe communication even on untrusted networks like public Wi-Fi at a cafe.

Practical Use Cases

  • Tor network: Tor starts a local SOCKS5 proxy (typically port 9050) and routes application traffic through the Tor circuit. Applications other than Tor Browser (curl, wget, etc.) can also use Tor via --socks5-hostname localhost:9050.
  • Bypassing enterprise firewalls: When proprietary protocol traffic cannot pass through an HTTP proxy, a SOCKS proxy can route it externally.
  • Per-application proxying: While a VPN forwards all OS traffic, a SOCKS proxy can route only specific applications through the proxy. You can proxy only the browser while other apps connect directly.
  • Development and testing: Simulating access from specific countries or regions by routing through a SOCKS proxy in that location.

Risks of Public SOCKS Proxies

SOCKS proxies do not encrypt traffic by themselves. Traffic between you and the proxy server flows in plaintext, so using an untrusted proxy risks having your communications intercepted.

Numerous free SOCKS proxy lists are available on the internet, but using them is extremely dangerous. Specific risks include:

  • Traffic interception: The content of non-HTTPS communications (login credentials, email content, etc.) is fully visible to the proxy operator
  • Man-in-the-middle attacks: Even for HTTPS traffic, the proxy may be able to inject fake certificates to decrypt communications in some cases
  • Malware injection: Malicious JavaScript or redirects may be injected into HTTP responses
  • Honeypots: Law enforcement or attackers may intentionally operate public proxies to monitor users' traffic

For professional use, build your own (SSH tunneling is the easiest) or use a trusted provider's service.

To learn more about this topic, see What Is a Proxy Server? Types, How It Works, and How It Differs from a VPN.

Common Misconceptions

Using a SOCKS proxy encrypts your traffic
A SOCKS proxy only relays packets and has no encryption capability. If encryption is needed, it must be combined with an SSH tunnel or VPN.
A SOCKS proxy can replace a VPN
A SOCKS proxy only relays traffic for specific applications. Unlike a VPN, it does not protect all traffic at the OS level; traffic from unconfigured apps goes directly to the internet.

SOCKS Proxy vs. HTTP Proxy

SOCKS Proxy

Protocol-agnostic, relays TCP/UDP. Supports non-HTTP traffic (SSH, FTP, P2P, etc.). Does not interpret data content.

HTTP Proxy

Relays HTTP/HTTPS traffic only. Can rewrite request headers and cache content. Specialized for web browsing.

Share

Related Terms

Proxy Server A server positioned between the client and the internet that relays communicatio… Tor (The Onion Router) A network that achieves high anonymity by routing communications through multipl… VPN (Virtual Private Network) A technology that encrypts internet traffic and routes it through a server in an… Firewall A security mechanism placed at network boundaries that inspects and controls inc… Split Tunneling A VPN technique that routes only specific application or destination traffic thr… Single Sign-On (SSO) A mechanism that allows users to access multiple related services and applicatio…

Related Articles

What Is a Proxy Server? Types, How It Works, and How It Differs from a VPN Learn about proxy server types (HTTP, SOCKS, transparent), how they work, the differences from VPNs,… What Is Tor Browser? How Anonymous Communication Works Learn how the Tor network enables anonymous communication, how to use Tor Browser, and its advantage… How to Hide Your IP Address - VPN, Tor, and Proxy Compared Compare four methods to hide your IP address (VPN, Tor, proxy, network switching) by anonymity, spee…
← Glossary