SOCKS Proxy

SOCKS Proxy

SOCKS Proxy: Definition

A Socket Secure Proxy (SOCKS Proxy) is a Layer 5 tunnel usually implemented via SSH which allows a user to forward TCP traffic through an encrypted tunnel to a destination server. This causes the packet’s source IP Address to appear as if it was originating from the proxy server or Jump Box rather than the user’s machine.

In above example, the proxy server is acting as the Man In The Middle. A SOCKS Proxy can be especially useful during a penetration test when you need to obey the Rules Of Engagement and ensure that all testing traffic originates from a designated source IP or range of IPs.

Additionally, a SOCKS Proxy can be leveraged to establish Persistent Access into an otherwise unreachable subnet if implemented on a compromised host during a penetration test.

Lastly, a SOCKS Proxy is commonly used to provide an additional layer of anonymity while browsing the Internet. A user configures their web browser to connect to the SOCKS Proxy and route all HTTP requests through the Jump Box. Visit the following link for additional information. https://en.wikipedia.org/wiki/SOCKS

SOCKS Proxy: Setup

To setup a SOCKS Proxy simply create an SSH connection to your proxy server by issuing the following command.

$ ssh username@proxyserver -D 54321

This will open up port 54321 on your local machine and create a SOCKS Proxy which can be used by many different applications to tunnel traffic. In Mac OSX you can create a system wide SOCKS Proxy. Use the settings from the graphic above.

You can configure your web browser to use the SOCKS Proxy as well simply by modifying the proxy configuration settings. Here is an example of what that looks like in Mozilla Firefox.
SOCKS Proxy Mozilla Firefox

SOCKS Proxy: Related Content

The related content below contains a detailed demonstration of this technique being used during a Web Penetration Test.

Subscribe to Pentest Geek

Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Recent Posts

Penetration Testing

Categories

Metasploit

Web Application Hacking

css.php