SOCKS

usingwebproxies pivoting_tunneling_port_forwarding adventofcyber4 networksecurityprotocols

Secure Socket (SOCKS) is a protocol to exchange data through a proxy server called SOCKS proxy. It operates at the session layer (layer 5).

🐊️ Port: 1080 (TCP) or 9050/9150 (TCP) with Tor.

It has multiple limitations. SOCKS4 doesn't understand partial packets which we often generate using nmap. SOCKS4 doesn't support UDP.

Once a SOCKS proxy is started, you can use it with either

  • The --proxy flag, if it's supported:
$ curl --proxy socks4a://localhost:9050 [...]
  • The proxychains wrapper:
$ cat /etc/proxychains.conf # /etc/proxychains4.conf
$ proxychains [Some command]
$ proxychains -q [Some command]

Start a SOCKS Proxy

SOCKS Proxy With Metasploit

pivoting_tunneling_port_forwarding networksecurityprotocols

You can run a SOCKS proxy using metasploit:

msf6> use auxiliary/server/socks_proxy # configure it

If you have a meterpreter, you can use:

meterpreter> run auxiliary/server/socks_proxy VERSION=4a SRVPORT=9050
meterpreter> run autoroute -p
meterpreter> run autoroute -s 172.16.5.0/23 # can now be used with proxychains
msf6> route print # list current routes
msf6> route add IP/32 -1 # add one IP, can be a range, routed through the last (-1) session 

3proxy on Windows

3proxy (3.5k ⭐) is similar to Proxifier, but it's free and it works on Linux too. It doesn't redirect PowerShell traffic.

PS> cd "3proxy-0.9.4-x64\bin64"
PS> set /p "=socks -p9050" > .\3proxy.cfg
PS> .\3proxy.exe

Proxifier on Windows

There is no such thing as proxychains on Windows, but Proxifier (paid πŸ’΅) may be used. Once started, it can redirect all requests such as RDP requests to a host (172.16.5.5) to our proxy at localhost:9050.

⚠️ It doesn't seem to redirect traffic from PowerShell.

Additional Socks Servers


πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

$ cat config
[ProxyList]
socks5 127.0.0.1 1080
$ proxychains -f config [...]