|
1. Introduction |
|
2. Versions |
|
3. SOCKS Support |
|
4. SOCKS Connections |
|
5. Scanning |
|
6. SocksCap Setup |
|
7. Anonymity Checks |
|
8. SOCKS Chaining |
|
9. Resources |
Introduction:-
SOCKS is the
most powerful, flexible proxy standard protocol available. SOCKS is a
shortened version of "SOCK-et-S" or "sockets," the term used for the data
structures which describe a TCP connection. It was one of those "development
names" that stuck. Very clever folks say its really to distingish these from the human
variety that are worn on the feet ;-)
SOCKS is a networking proxy mechanism that enables hosts on one side of a
SOCKS server to gain full access to hosts on the other side of the SOCKS server
without requiring any host pc to reveal their ip address to the remote host,
diagramatically shown:
- Host PC<------>|
- Host PC<------>|Socks Proxy Server <---> Remote Host Web Site
- Host PC<------>|
It works by redirecting connection requests from hosts on one side to hosts on
the other side via a SOCKS server, which authenticates and authorizes the
requests, establishes a proxy connection and passes data back and forth. Its usually
described as a circuit level proxy for this reason i.e. it does'nt care about the data its
transferring or its protocol.
Its typical use on an individual pc basis is to "sockisfy", which refers to the
process of intercepting the networking calls and redirecting them, this
enables the host pc behind a SOCKS server to gain full access to the Internet
whilst preserving its anonymity, since the remote host will only see the ip
address of the socks server in all connection requests. The SOCKS default port No. is
1080.
Versions:- There are two major
versions of SOCKS, Socks4 and Socks5. The main differences between Socks5
and Socks4 are:
- Socks4 doesn't support authentication while Socks5 has a built-in
mechanism to support a variety of authentication methods.
- Socks4 doesn't support UDP proxy while Socks5 does.
- Socks4 servers will not support the Socks5 protocol. Socks5
implementation from NEC does support the Socks4 protocol. The
server supports both V5 and V4 clients and can communicate with other V5
and V4 servers.
- Socks4 and Socks4.2 and earlier clients are required to be able to resolve IP
address's of remote hosts. Socks5 now includes PROXY NAME support to move
the name resolution process from the Socks clients to the Socks5 Server, or remote
dns-request. Resolving is the process whereby addresses such as
http://www.my_isp.com
become 210.123.456.789.
Support for SOCKS:- SOCKS is almost
as widely supported as HTTP proxies. All major Windows NT–based proxy servers,
including Microsoft Proxy Server, Netscape Proxy Server, and WinGate, support
SOCKS. SOCKS is also supported by proxy servers for alternative operating
systems, including all variations of UNIX.
SOCKS clients must be specially coded to work with the proxy protocol.
Fortunately, it is common for application developers to allow their
application-layer protocols to work with SOCKS. Microsoft Internet Explorer and
Netscape Navigator both support SOCKS proxying for HTTP and all other
protocols they support. Other applications that may need to pass through a
proxy server, such as FTP and RealAudio, support the SOCKS proxy. If you are
unsure whether a certain application supports SOCKS, check the documentation
for that application.
4. SOCKS Connections:
Example Use:
IRCii / BitchX / etc:
- irc: /server (SOCKS) 1080
- irc: /server (irc server) (port [666{6-9} usually])
mIRC:
- Go to the Setup folder
- Click on the "Firewall" tab
- Check the box reading "Use SOCKS Firewall"
- Go down to "Hostname:" and enter the SOCKS IP / hostname
- Click on the "IRC servers" tab, and click on "Connect"
Open Proxy/SOCKS:
Many irc nets and isp's will use a security check whenever you connect to their
network here they will look for Open Proxy/SOCKS. This means that when you
connect it will check port 23 (telnet port, checking for a wingate telnet bounce) and
port 1080 (socks/wingate port) for an unsecured SOCKS4 and SOCKS5 proxy. If a
wingate telnet bounce is found on port 23 or if it finds an unsecured SOCKS4 or
SOCKS5 Proxy (anonymously accessible), you will be k-lined (banned from the
network). When using a wingate socks connection, occasionally if the wingate uses
its own identd daemon then it will return its info to the requesting host, so your
connection request might be accepted.
5. Scanning:-
Indirect method:
A simple but effective method for finding socks proxies is to employ a search engine.
Enter in the search engine something like: "free proxies", "proxy list", "amonymous
http proxy", "public proxy servers list" etc. You should find hundreds of references to
proxy web pages.
Direct method:
If these seem sparse then you should look for your own. Using a scanner of your
choice you should scan a specific IP range looking for the addresses that accept a
connection on port 1080. There are plenty scanners available, choose one you like.
Normally there are a couple of SOCKS servers (port 1080) or Wingate users (port 23)
within 255 dialup addresses of a big ISP.
Many providers can have a large number of active and reserved addresses, these will
exceed 255. Therefore you can try to scan neighboring ranges changing the 2nd last
digit from the right hand side in the ip-address. More detailed information on
addresses belonging to the net or isp you scan can be can be found with the help of
a Whois-server or a program like SmartWhois
6. SocksCap32 Setup:- You can
download Sockscap here
After installing SockScap the main screen might look like this:
You will find the setup option under the File Menu.
Entering the Setup Details:
Server Details:
- SOCKS Server: the ip address of the socks-server.
- Port: normally 1080.
- SOCKS user ID: Just leave this as it is.
So it might look like this:
Protocol Details, Socks4:
- Protocol: Check the Socks4 option
- Name Resolution: Check "Resolve all names locally" option
- Username/Password: Check the box and enter these if required
It might look like this for Socks4:
Protocol Details, Socks5:
- Protocol: Check the Socks5 option
- Name Resolution: Check "Attempt local then remote" option
- Username/Password: Check the box and enter these if required
It might look like this for Socks5:
Connection Details:
Direct Connections:
Add WSASRV to the listbox
Which will look like this:
Connection Applications:
Add WSASRV to the listbox
Which will look like this:
Sockisfying Applications:
Use the "New..." Button to show the "New Application Profile" dialog i.e.
Then you can use the Browse... button to search and find your Internet
browser program. i.e Not your desktop icon, but its physical location, so you
are looking for an exe file. Once finished it should appear in
the "Application Profile" Listbox. Repeat this procedure for any other application you
wish to sockisfy i.e. your favorite news reader, normally after using your
browser to do a socks anonymity check! If you have fast socks proxies then you can
increase your anonymity by chaining your socks proxies.
Postscript Can I use SocksCap with Internet Explorer 4.0 in desktop
mode or on a system running Windows 98? What about Internet Explorer 5.0?
Although SocksCap will not socksify your entire desktop, it is possible to browse with
Internet Explorer 4.0 in desktop mode or on a system running Windows 98 with
SocksCap.
Select Internet Options in Internet Explorer's View menu. Under the Advanced tab,
check Browse in a new process. Then start Internet Explorer from SocksCap.
For Internet Explorer 5.0, select Internet Options in Internet Explorer's Tools menu.
Under the Advanced tab, check Launch browser windows in a separate process. In
the Connections tab, click LAN Settings. Clear the Automatically detect settings box.
7. Anonymity Checks:-
- Method 1.
- Disable the proxy option in your browser and then run your browser
through
sockscap32. To do this highlight your browser in the "Application Profile" listbox
and "Click" the "Run Sockisfied!" button, in SocksCap32 this will launch your
browser and is a valid alternative to simple 8080 proxies for browsing the net. Now
visit a proxy checking site and if you are anonymous, you should see either the
domain name/url or the ip address of the socks server here. If so then the socks has
nym status, else try again.
- Method 2.
- When connected to News server open a MS-DOS window and type: netstat
-a . If you can see the name of your News reader followed of the IP/Name or your
Socks proxy:1080 instead of the IP/Name of your News server:119 (or nntp) the
connection is properly being made through Sockscap.
- Method 3.
- Use a test post. Find an open/free news server that allows posting and do a
post in some neutral group for testing, like alt.test , alt.binaries.test or similar.
download your message and display it, then check the Headers/Properties and look
if it shows your real IP or that of socks proxy. Its usually the last in the list.
8. SOCKS Chaining:-
This idea here is an attempt to help you re-route all Internet Winsock applications in
Windows through a socks chain, so making your connections much more anonymous.
The following text and methods can be read and implemented in a linear fashion and
instead of wingates you can use Proxy Hunter to search for socks proxies (1080)
only. The idea is The more paths you make your posts take across the net, the more
difficult it will be to trace it back.
Take this route for example:
client ---> socks1 ---> sock2 ---> sock3 ---> socks-n ---> target url.
|
This should work for ftp, nntp, http, telnet, smnp, and icq style
clients. Just about any app can be anonymized via socks, except irc due to ident
logging by the irc servers where they ban or k-line (kill online) recognized 1080
proxies. So other methods are needed here. Now it helps to find some computers
running wingate. We look for wingates since the default installation of wingate
includes a non-logging socks server on port 1080.
Find some wingates
Read the scanning section on this page. To do this, I would suggest you use
'Proxy Hunter'. Be sure to look for wingates (port 23) and not for socks, as we only
want wingate socks. You could also use Wingate Scan and run it through
SocksCap32. Also using Proxy hunter without a proxy may bring you to the attention
of isp's who might think you are a hacker scanning for shares etc!
Check the proxy speed
Speed is important since we will be using multiple socks, and we don't want our
programs to time out. With the Klever Dipstick tool, you can find out which are the
fastest ones. Just run Dipstick. Rightclick in the small green rectangular and choose
Show main window. To import a list of wingates, just click on Advanced, choose
Import List and select your file. You can also manually ping a simple host by clicking
on Manual Ping. Use those wingates who have the smallest average time.
Check if the wingates are running
A good program to use is Server 2000, choose a timeout (7) and port i.e. (23) import
your wingate list and read of the results.
SocksCap32 Setup for Chaining:
Server Details:
- SOCKS Server: enter ip address 127.0.0.1
- Port: 1080
- SOCKS user ID: Just leave this as it is.
Protocol Details:
- Socks4: "Resolve all names locally"
- Socks5: "Resolve all names remotely" option
- Username/Password: Uncheck this box
In
the main window, choose New and then browse to create a shortcut for the Internet
client you want to give socks support. Repeat this for each internet client app you
want anonymized on the net.
Install SocksChain:
In the service menu, click on New.
Add Listener:
- Name: enter "Chain"
- Accept connection on port: 1080 is standard, but any number
(0-65535) will do, The idea is to register the same port as in your SocksCap
configuration.
- Chain... Auto-creating chain Uncheck this.
Click on New to add your own socks servers or wingates.
Edit Socks:
- Name: Uncheck
- IP Check and enter the socks server ip address
- Protocol Check Socks4 or Socks5
After pressing the "Ok" button - data about the server is added to the end of the list.
Using the '<' and '>', you can add and remove socks. Make sure you test all the socks
one by one, before adding them all to the list, because if one of them is bad, your
chain will not work and you will not be able to locate the bad socks in the chain! If all
of them seem to work, you use the '<' key to add them. 3 seems to be an average
chain size. I think 10 or 13 is the limit put by TCP/IP).
If you dont want to constantly start SocksChain and to see it when operating, it is
possible make the service invisible. For this purpose in the Tools menu->Options turn
on the option "Run as service". After that it is not necessary to start the program
even after reboot.
Testing Your Anonymity
To check what socks your computer is connecting to, you can use TotoStat. Look for
connections to port 1080, the remote IP found there should be the first IP found in
your chain in SocksChain. Use the shortcut in SocksCap that points to your browser,
and connect to any Proxy Header Checking Site run your eye over your headers you
should have the socks ip here.
Socks2HTTP Setup
Socks2HTTP is a program designed to replace SocksCap proxies with SSL-CONNECT
proxies, which might be easier to find.
Socks2HTTP does two things:
- it makes a socks server on your computer
- it makes a connection via HTTP to a remote server which is able
to convert socks2http protocol to Socks protocol.
You use it by configuring socks-capable programs to use the local
socks server. If you need to run something which is not socks-capable,
you can often 'socksify' them with sockscap from NEC. The price for anonymity tends
to be a slower connection.
Open Socks2HTTP Configuration and set your SSL proxy:port into the "Use a Proxy
Server" fields. Remember that you have to use CONNECT method and that, if the
proxy fails, your connections will be redirected using the POST method through a
gateway owned by the program's authors (at www.totalrc.net), if you don't want this
then erase the URL on the Gateway field to avoid it.
On the SocksCap settings, set localhost:1080 as proxy and Socks5 as desired
protocol, that's it.
This program is released "adware" i.e. it installs spyware and it will put a
banner window over your desktop until you buy it! There is a crack available for v0.7
.
9. Resources :-
To use SOCKS with windows, there are a number of Winsock DLL extensions that
enable WinSock based applications to use SOCKS. For the standalone windows pc
Sockscap is the SOCKS application reccomended and it can be downloaded here
Sockscap from NEC automatically
enables Windows-based TCP and UDP networking client applications to traverse a
SOCKS firewall. SocksCap intercepts the networking calls from WinSock applications
and redirects them through the SOCKS server without any modification to the original
applications or to the operating system software or drivers.
Hummingbird This SOCKS client seamlessly "socksifies" any TCP/IP application
eliminating the need to re-code "SOCKS-aware" applications.
AutoSOCKS
AutoSOCKS, by Aventail Corporation, transparently makes Windows-based TCP/IP
WinSock applications connect via a SOCKS server. This means simplified installation,
ease of use for mobile users, and a single point of configuration for all Winsock client
applications.
Stairways Is a Macintosh SOCKS server.
SOHOconnections Is a Java-based
application for SOCKS proxying.
Socks2HTTP Socks2HTTP is an
agent converting SOCKS v.5 requests into HTTP requests and tunneling them
through HTTP proxy.
SmartWhois SmartWhois is a
useful network information utility that allows you to find out all available information
about an IP address, host name, or domain, including country, state or province, city,
name of the network provider, administrator and technical support contact
information etc.
|