• INTRODUCTION
• INTRODUCTION
• ABOUT THIS MANUAL
• BACKGROUND
• WHAT IS CIRCUMVENTION
• AM I BEING CENSORED?
• DETECTION AND ANONYMITY
• HOW THE NET WORKS
• WHO CONTROLS THE NET
• FILTERING TECHNIQUES
• FIRST TECHNIQUES
• SIMPLE TRICKS
• USING A WEB PROXY
• USING PHProxy
• USING PSIPHON
• USING PSIPHON2
• USING PSIPHON2 OPEN NODES
• RISKS
• ADVANCED TECHNIQUES
• ADVANCED BACKGROUND
• HTTP PROXIES
• INSTALLING SWITCH PROXY
• USING SWITCH PROXY
• TOR: THE ONION ROUTER
• USING TOR BROWSER BUNDLE
• USING TOR IM BROWSER BUNDLE
• USING TOR WITH BRIDGES
• USING JON DO
• TUNNELLING
• WHAT IS VPN?
• OPENVPN
• SSH TUNNELLING
• SOCKS PROXIES
• HELPING OTHERS
• INSTALLING WEB PROXIES
• INSTALLING PHProxy
• INSTALLING PSIPHON
• SETTING UP A TOR RELAY
• RISKS OF OPERATING A PROXY
• APPENDICES
• FURTHER RESOURCES
• GLOSSARY
• CREDITS

Using Socks Proxies

A variety of software can take advantage of a SOCKS proxy to bypass filters or other restrictions — not only Web browsers, but also other Internet software like instant messaging and e-mail applications.

You can think of SOCKS proxies as a more advanced version of HTTP proxies, that allow many different kinds of Internet traffic from many different protocols to be sent through a tunnel, thereby bypassing blocks.

Although public SOCKS proxies do exist, in many cases SOCKS proxies will run locally on your computer, and will be provided by a software application. Because SOCKS tunnels are so flexible, some censorship circumvention software creates a local proxy running on your own computer (which is usually referred to by the name localhost or the IP address 127.0.0.1). This local proxy is a way to let applications like a Web browser take advantage of the circumvention software. Tools that can work in this way include Tor, Your-Freedom and ssh tunnels set up with PuTTY.

 Local proxy enthusiast T-shirt(get it?)

In order to use an application proxy for circumventing censorship, you must tell software on your computer that you want to use that proxy when communicating with other systems on the Internet.

Some Internet applications don't ordinarily work with a proxy because their developers didn't create them with proxy support. However, many of these applications can be made to work with a SOCKS proxy using "socksifier" software. Some examples of such software include:

• tsocks (http://tsocks.sourceforge.net/) on Unix/Linux
• WideCap (http://www.widecap.com/) on Windows
• ProxyCap (http://www.proxycap.com/) on Windows

Configuring Your Applications

In most cases configuring applications to use a SOCKS proxy is done in much the same way as configuring them to use HTTP proxies. Applications that support SOCKS proxies will have a separate entry in the menu or configuration dialogue where HTTP proxies are configured which let you configure a SOCKS proxy. Some applications will ask you to choose between SOCKS 4 and SOCKS 5 proxy settings, and in most cases SOCKS 5 is the better option, although some SOCKS proxies may only work with SOCKS 4. 

Some applications, such as Mozilla Firefox will allow you to configure both an HTTP proxy and a SOCKS proxy at the same time. In this case, normal web-browsing will happen through the HTTP proxy, and Firefox may use the SOCKS proxy for other traffic such as streaming video. 

Mozilla Firefox

Enter settings as shown in the following image, and then click "OK".

1. On the "Tools" menu, click "Options":
   
   
2. The "Options" window appears:
   
3. In the toolbar at the top of the window, click "Advanced":
   
4. Click the "Network" tab:
   
5. Click "Settings".  Firefox displays the "Connection Settings" window:
   
6. Select "Manual proxy configuration". The fields below that option become available.
   
7. Enter the "SOCKS proxy" address and "Port" number, choose "SOCKS v5" and then click "OK".
   

Now Firefox is configured to use a SOCKS proxy.

Microsoft Internet Explorer

To set Internet Explorer to use a SOCKS proxy:

1. On the "Tools" menu, click "Internet Options":
   
   
2. Internet Explorer displays the "Internet Options" window:
   
   
3. Click the "Connections" tab:
   
   
   
4. Click "LAN Settings". Internet Explorer displays the "Local Area Network (LAN) Settings" window:
   
5. Select "Use a proxy server for your LAN" and click "Advanced".
   Internet Explorer displays the "Proxy Settings" window:
6. Clear "Use the same proxy server for all protocols" if it is selected:
7. Enter the "Proxy address to use" and "Port" number in the "Socks" row and click "OK":
   

Now Internet Explorer is configured to use a SOCKS proxy.

Configuring a SOCKS proxy for other applications

Many Internet applications other than Web browsers can use a SOCKS proxy to connect to the Internet, potentially bypassing blocking. Here is an example with the instant messaging software Pidgin. This is a typical example, but the exact sequence of steps to configure some other application to use a SOCKS proxy would be slightly different.

1. On the "Tools" menu, click "Preferences".
   
   
2. Pidgin displays the Preferences window.
   
3. Click the "Network" tab to display it.
   
4. For "Proxy type", select "SOCKS 5". Additional fields appear under that option.
   
5. Enter the "Host" address and "Port" number of your SOCKS proxy.
   
6. Click "Close".
   

Pidgin is now configured to use a SOCKS proxy.

When you're done with the proxy

When you are done using a proxy, particularly on a shared computer, return the settings you've changed to their previous values. Otherwise, those applications will continue to try to use the proxy.  This could be a problem if you don't want people to know that you were using the proxy or if you were using a local proxy provided by a particular circumvention application that isn't running all the time.

DNS leaks

One important problem with SOCKS proxies is that some applications that support the use of SOCKS proxies may not use the proxy for all their network communications. The most common problem is that Domain Name System (DNS) requests may be made without going through the proxy. This DNS leak can be a privacy problem and can also leave you vulnerable to DNS blocking, which a proxy could otherwise have circumvented. Whether an application is vulnerable to DNS leaks may vary from version to version. Mozilla Firefox is currently vulnerable to DNS leaks in its default configuration, but you can avoid these by making a permanent configuration change to prevent DNS leaks:

1. In the Firefox address bar, enter about:config as if it were a URL (you may see a warning about changing advanced settings):
   
   
   
2. If necessary, click "I'll be careful, I promise!" to confirm that you want to modify your browser settings. The browser displays a list of configuration settings information.
   
3. In the "Filter" field, enter network.proxy.socks_remote_dns. Only that setting is displayed.
   
4. If this setting has the value false, double-click it to change its value to true. 

Firefox is now configured to avoid DNS leaks. Once the value is displayed as true, this setting is automatically saved permanently.

There is no documented way to prevent DNS leaks within Microsoft Internet Explorer, without using an external program.

At the time of this writing there are no known DNS leaks in Pidgin when configured to use a SOCKS 5 proxy.

---

EDIT