SOCKS
Secure Socket (SOCKS) is a protocol to exchange data through a proxy server called SOCKS proxy. It operates at the session layer (layer 5).
ποΈ Port: 1080 (TCP) or 9050/9150 (TCP) with Tor.
It has multiple limitations. SOCKS4 doesn't understand partial packets which we often generate using nmap
. SOCKS4 doesn't support UDP.
Once a SOCKS proxy is started, you can use it with either
- The
--proxy
flag, if it's supported:
$ curl --proxy socks4a://localhost:9050 [...]
- The
proxychains
wrapper:
$ cat /etc/proxychains.conf # /etc/proxychains4.conf
$ proxychains [Some command]
$ proxychains -q [Some command]
Start a SOCKS Proxy
SOCKS Proxy With Metasploit
You can run a SOCKS proxy using metasploit:
msf6> use auxiliary/server/socks_proxy # configure it
If you have a meterpreter, you can use:
meterpreter> run auxiliary/server/socks_proxy VERSION=4a SRVPORT=9050
meterpreter> run autoroute -p
meterpreter> run autoroute -s 172.16.5.0/23 # can now be used with proxychains
msf6> route print # list current routes
msf6> route add IP/32 -1 # add one IP, can be a range, routed through the last (-1) session
3proxy on Windows
3proxy (3.5k β) is similar to Proxifier, but it's free and it works on Linux too. It doesn't redirect PowerShell traffic.
PS> cd "3proxy-0.9.4-x64\bin64"
PS> set /p "=socks -p9050" > .\3proxy.cfg
PS> .\3proxy.exe
Proxifier on Windows
There is no such thing as proxychains
on Windows, but Proxifier (paid π΅) may be used. Once started, it can redirect all requests such as RDP requests to a host (172.16.5.5
) to our proxy at localhost:9050
.
β οΈ It doesn't seem to redirect traffic from PowerShell.
Additional Socks Servers
- proxychains-ng (9.4k β)
- shinysocks (0.1k β)
- revsocks (0.3k β)
- wiresocks (0.3k β)
- tun2socks (2.7k β)
- redsocks (3.2k β, 2019 πͺ¦)
- pivotnacci (0.6k β, 2021 πͺ¦)
- graftcp (1.8k β)
- gost (15.1k β)
- sshimpanzee (0.0.2k β)
π» To-do π»
Stuff that I found, but never read/used yet.
-
socks4://IP:port
- Config:
http 127.0.0.1 8080
,socks4 127.0.0.1 9050
- check.torproject.org
$ cat config
[ProxyList]
socks5 127.0.0.1 1080
$ proxychains -f config [...]