3

I am having a hard time understanding what a SOCKS proxy really is. I have been searching on Google, but so far, most websites compare SOCKS with an HTTP proxy, but they do not explain in detail what a SOCKS proxy is, and why it can be used to bypass firewalls.

From what I have read, I know that SOCKS proxies forward packets as they are (raw) and they don't actually interpret the data that they send, they simply forward. I understand, for example, that an HTTP proxy understands the HTTP protocol, and with that, they can record these packets if they want, but in SOCKS?

I only know that it is a protocol and it is used to proxy connections but nothing else.

Can you please explain what a SOCKS proxy is, and how it allows connections to bypass a firewall?

Johnny
  • 1,051
  • 5
  • 19
victor26567
  • 503
  • 4
  • 6
  • 2
    I'm not sure where your problem is. You seem to understand that a SOCKS proxy speaks the SOCKS protocol (see https://en.wikipedia.org/wiki/SOCKS) similar to a HTTP proxy speaking HTTP. And you seem to understand that it forwards data, also similar to what a HTTP proxy does. You seem to think though that SOCKS can be used to simply bypass firewalls - this is not the case. But you might use some application like SSH which might be allowed to pass firewalls and use this as a SOCKS proxy for local application - thus making these applications be able to pass the firewall via the SSH tunnel. – Steffen Ullrich Apr 13 '19 at 15:31
  • Yes, but what I do not understand is why I would use a SOCKS proxy. I mean, for example, Why I would use a SOCKS proxy and not an HTTPS proxy, what SOCKS offers me as a proxy – victor26567 Apr 13 '19 at 15:43
  • 3
    A HTTP proxy is as it name suggests for proxying HTTP and HTTPS only. A SOCKS5 proxy can proxy all TCP and UDP based protocols as long as the client supports this. But none of this is actually related to information security. – Steffen Ullrich Apr 13 '19 at 16:46

1 Answers1

2

what I do not understand is why I would use a SOCKS proxy. I mean, for example, Why I would use a SOCKS proxy and not an HTTPS proxy, what SOCKS offers me as a proxy

If you are a user, and your administrator offers you a SOCKS proxy but not an HTTPS proxy, then you would use a SOCKS proxy (or vice versa). It is rare for an environment to give you the choice of both.

If you are an administrator, and wanted to decide which proxy to install, then a SOCKS proxy handles non-HTTP connections better and may be the only proxy supported by non-web-browser clients. Depending on whether you're enabling or restricting your users with the proxy helps dictate which choice is right for you.

how it allows connections to bypass a firewall?

Generally speaking, all proxies work the same way. The firewall permits the proxy to go outbound, but not the clients. The clients are allowed to talk to the proxy, and the proxy decides whether to resend their traffic onward or not, acting in some ways like a firewall but with different access control criteria. The firewall is, in essence, trusting that the proxy will control access differently and better than the firewall could (for example, blocking access based on site name rather than IP).

Community
  • 1
gowenfawr
  • 71,975
  • 17
  • 161
  • 198