7

I've read several tutorials, but not totally sure.

If I'll set up my own SOCKS5 proxy server on VPS, configure it to use username and password. Will this credentials be safe while authentication on proxy via public wi-fi for example?

If no, how it works for paid proxy providers?

I know about VPN and SSH-tunneling. But I think they are too complicated for using on mobile devices and also leads to additional power consumption for keeping connections alive.

baptx
  • 103
  • 5
Storm
  • 173
  • 1
  • 6

2 Answers2

9

Neither traffic nor credentials are encrypted in the SOCKS5 protocol. From RFC 1929:

This document describes a subnegotiation that provides authentication services to the SOCKS protocol. Since the request carries the password in cleartext, this subnegotiation is not recommended for environments where "sniffing" is possible and practical.

Community
  • 1
forest
  • 64,616
  • 20
  • 206
  • 257
  • Is it not possible to use SSL/TLS with SOCKS, like it is possible to do with FTP? Otherwise if you own the SOCKS proxy, an alternative is to allow only authentication from your own IP address and run the SOCKS proxy server only when needed (to limit risks of unauthorized access in case someone on the same local or mobile network uses the same IP address as you). Another solution which could be combined would be to create a temporary random password that is invalidated after login (in case it is intercepted on a local network) but I had to do a request every 30 seconds to keep connection alive. – baptx Feb 05 '20 at 11:36
  • @baptx You could certainly encase it in TLS, but then it'd no longer be SOCKS. – forest Aug 05 '22 at 00:57
1

SOCKS5 is a transport protocol and by itself it is not encrypted. Requests transmit the credentials in plain text which is considered a security bad practice.

VPN software on a mobile phone would be the easiest thing to consider as an alternative in my opinion. Just enable the VPN when ever you need it.

Jeroen
  • 5,783
  • 2
  • 18
  • 26