How to use Windows 10 SOCKS5 proxy settings
Elena started writing professionally in 2010 and hasn’t stopped exploring the tech world since. With a firm grasp of software reviewing and content editing, she is always trying new things to improve her skill… Read more
SOCKS5 is a proxy server that can hide your IP address and make you anonymous online. You can use it to circumvent Internet blocks and access restricted can use Windows 10 proxy settings by configuring the built-in system options. Alternatively, you can download and install third-party software like Shadowsocks or a VPN with SOCKS5 our Proxy Server section to find out more about this our VPN Troubleshooting Hub to fix more VPN-related issues.
Windows 10 has built-in SOCKS5 proxy settings, but you can also set it up on your PC through other means. Find out how.
What is SOCKS proxy?
SOCKS is an Internet protocol that sends and receives data packets through a proxy server, which assigns a different IP address before the information reaches its destination.
Unlike a VPN, a proxy server doesn’t encrypt the network traffic, so you can take advantage of data protection against man-in-the-middle attacks.
What is SOCKS5 and why should you use it?
SOCKS5 is the latest SOCKS version. Compared to its predecessors like SOCKS4, SOCKS5 brings more security and authentication methods.
Here’s what you can do with a SOCKS5 proxy server:
Circumvent Internet blocks to access sites restricted to your true IP address
Use web-enabled applications that run under various request types: HTTP and HTTPS (web browsing), POP3 and SMTP (email), FTP (torrent and other peer-to-peer clients).
Make your Internet connection faster and more reliable by using not only TCP but also UDP.
Improve your performance by reducing errors caused by rewritten data packet headers.
Speed up downloads in torrenting and other P2P clients by transferring smaller data packets.
How do I use SOCKS5 proxy settings on Windows 10?
Go to Control Panel > Internet Options.
Switch to the Connections tab.
Click LAN settings.
Enable Use a proxy server for your LAN.
Activate Bypass proxy server for local addresses.
Disable Use the same proxy server for all protocols.
At Socks, specify the server address and port of the SOCKS5 proxy.
Delete everything at HTTP, Secure, and FTP.
Click OK > Apply.
You can configure SOCKS5 proxy settings in Windows 10 without having to install any additional software. Plus, the setup applies to all software applications with Internet access, not just your web browser.
Download Firefox and install it on Windows 10.
Click the ≡ button and go to Options.
In the General tab, scroll down to Network Settings.
Select Manual proxy configuration.
Set SOCKS5 Host and Port to the server address and port of the SOCKS5 proxy.
Select SOCKS5 v5.
If you prefer using a web browser with SOCKS5 proxy instead of the entire computer, Firefox is your best bet. While using Firefox for SOCKS5, you can use any other browser for direct Internet connections.
Firefox is one of the few web browsers that have individual proxy settings, unlike Internet Explorer, Microsoft Edge, Google Chrome, or Opera.
If you wish to regularly switch SOCKS5 proxy servers, you can install a Firefox extension like FoxyProxy.
Go to the Shadowsocks page.
Download the latest version for Windows 10.
Unzip the archive and run the executable file.
Set the IP address, port, and password of the SOCKS5 proxy.
Right-click the Shadowsocks systray icon.
Select System Proxy > Global.
Shadowsocks is a SOCKS5 proxy client that can be easily installed on Windows 10 to use SOCKS5 proxy settings. It runs in the systray and can be quickly configured, enabled, and disabled.
Furthermore, Shadowsocks features several encryption methods to make up for the fact that SOCKS5 doesn’t have one, including 256-bit AES military-grade encryption.
In addition to security, a huge benefit of using Shadowsocks is that it applies the SOCKS5 proxy settings globally to Windows 10. As such, all Internet-enabled programs will use it.
Download uTorrent on your Windows PC.
Install the torrent client and launch it.
Open the Options menu and select Preferences.
Go to Connection.
Set Proxy Server Type to Socks5.
Set Proxy and Port to the server address and port of the SOCKS5 proxy.
On Windows 10 and other operating systems, you can configure SOCKS5 proxy settings directly in a torrent client to make your IP address anonymous and protect your true identity in the torrent swarm.
Private Internet Access
Sign up for a PIA subscription plan.
Download and install PIA for Windows 10.
Right-click PIA’s systray icon and go to Settings.
Switch to the Proxy tab.
Select Shadowsocks, click Configure, and choose a location.
Or, choose SOCKS5 Proxy, click Configure, and set the SOCKS5 proxy details.
Left-click PIA’s systray icon.
Press the big power button to connect to a VPN server.
If you want to not only spoof your IP address but also encrypt your traffic, use a VPN like PIA with a SOCKS5 proxy at the same time.
In Shadowsocks mode, you can connect the VPN server to a second location for increased privacy and security. It’s similar to using a double VPN to stay connected to two VPN servers at once.
In SOCKS5 proxy mode, you simply specify the connection details of a SOCKS5 proxy server. It’s the custom alternative to Shadowsocks mode, but it’s a bit more complicated.
Check out how to correctly use PIA SOCKS5 proxy.
Use PIA to stay connected to a VPN and a SOCKS5 proxy server at the same time.
To summarize, you can easily set up SOCKS5 proxy settings on Windows 10 using the built-in system options.
However, it’s also possible to resort to other methods, like configuring Firefox, uTorrent or Shadowsocks settings.
But the best solution is to use VPN and SOCKS5 at the same time with the help of Private Internet Access.
Frequently Asked Questions
How do you use SOCKS5?
You can use SOCKS5 on Windows 10 by configuring system settings or by turning to alternative methods that require additional software.
Is SOCKS5 a VPN?
No, SOCKS5 is a proxy server. Unlike a VPN, a proxy server can’t encrypt your data traffic. However, you can use a VPN and proxy together.
How to Securely Bypass Blocks, Safe Torrenting, Free Proxy …
The internet is in a strange place right now. It’s no longer the open, free place it used to be. Increasingly, users are being subject to website blocks, attacks, and surveillance. For true safety or anonymity, precautions must be taken. Thankfully, there many ways for you to protect yourself, one of them being Socket Secure (SOCKS) proxies.
While many have heard about SOCKS Proxies not many truly understand their purpose, how they work and the security-privacy levels they can offer. SOCKS proxies are often mistakenly considered an alternative or equivalent to VPNs causing major confusion amongst users and providing false sense of security.
In this article we’ll be covering a wealth of topics relating to SOCKS Proxies, SSL, Configuration advise, Torrenting via SOCK, compare them with VPNs and much more so let’s take a quick look at what we have in store before diving deeper:
Introduction to SOCKS Proxies
Understanding how HTTPS Encryption – SSL & HTTPS Proxies work
How SOCKS5 Proxy Works
Why Would I Use a SOCKS5 Proxy?
When to Use SOCKS5 Proxies, VPN or Both
Combine a SOCKS5 Proxy and a VPN
SOCKS5 Proxy vs VPN for Torrenting and P2P
Configuring SOCKS5 Proxy for Torrenting (qBittorrent, uTorrent)
Configuring Firefox and Chrome to Use SOCKS5 Proxy
Free Proxy vs Paid
Using SOCKS5 Proxy for US Netflix
Like HTTP, SOCKS is an internet protocol, but it offers a further degree of anonymity. Connecting to a SOCKS proxy routes your traffic through a third-party server via TCP, assigning you a new IP address in the process. Because the IP address is different, web hosts can’t determine the physical location.
This has the add-on effect of bypassing regional filtering. However, unlike a VPN, SOCKS doesn’t provide encryption. This means users don’t have true privacy and aren’t safe from attacks on Public WiFi and government surveillance. In addition, SOCKS doesn’t run through every application, meaning regular browsing is not always safe.
However, this lack of encryption does provide some benefits. The main one is speed. A SOCKS proxy doesn’t need resources to encrypt traffic and has far less overhead, so it’s usually faster than a VPN. Though proxies don’t provide protection from monitoring, they are a nice middle ground between HTTP and VPNs.
The security of a SOCKS proxy also depends on the version it utilizes. Most modern proxies use either SOCKS4 or SOCKS5 to protect users, and there are some fundamental differences. As you would expect from a lesser version, SOCKS4 has fewer features.
One example is the lack of support for UDP protocol-based applications. This cuts out programs that need faster, more efficient transfers, like games. SOCKS5 also supports IPv6 and Domain Name Resolution. This means the client can specify a URL rather than an IP address. This feature is also supported by SOCKS4a.
As well as SOCKS, users can utilize the HTTP/HTTPS proxy method. HTTP proxies work similarly to SOCKS5, but utilize the HTTP protocol instead. This is the same method that transfers data to your computer when you type. These proxies fetch and receive primarily in HTTP and are generally used for web browsers. Some applications support HTTP proxy, others SOCKS proxy, and many both. HTTP is more intelligent than SOCKS5, but also less secure.
Due to lack of UDP support and limited TCP support, HTTP proxies don’t fully support torrenting. Often, they will filter out this type of data or block it. This blocking is especially prevalent in public HTTP proxies. In addition, HTTP tries to re-write the headers of the data in transit. The result is extremely slow or non-existent torrenting.
Understanding How HTTPS Encryption – SSL & HTTPS Proxies Work
HTTPS proxies utilize something called the Secure Socket Layer. In your browser, you’ll notice this as a green padlock next to the URL bar:
In short, SSL creates a secure connection between the web server and the user’s browser. When you request a URL, the server sends your browser a copy of its SSL certificate. The browser verifies that it’s authentic, and the server then sends back a signed acknowledgment. Upon arrival, both start an SSL encrypted session and can share data safely.
This encryption uses a method called public key cryptography. A server using SSL has both a public key and a private key. When a server first negotiates an SSL session with a client, it sends a copy of its public key. The client’s browser verifies the certificate and then uses the public key to create a symmetric key which is then sent to the server. The private key is never sent and always kept secret.
The symmetric key is unique to the SSL session and used to encrypt/decrypt data exchanged between the client and server.
HTTPS proxy works slightly differently. Using the CONNECT method, requests are converted to a transparent tunnel. However, this feature isn’t available in a lot of proxies and, when it is, users can still be vulnerable.
Some versions of SSL are still open to attack through the Heartbleed bug. This serious vulnerability was discovered in 2014 and allows attackers to steal private keys from servers, eavesdropping on communications and gaining access to passwords, emails and instant messages. Vulnerabilities in SSL and its predecessor TLS have been found several times since then, including man-in-the-middle attacks that downgrade the user to a less secure version.
While an HTTP proxy is designed to work in the web browser, a SOCKS5 proxy is more wide-reaching. SOCKS sits on the higher levels of the OSI model, below SSL, which sits on the seventh application layer, and above TCP and UDP on the transport layer (Layer 4). This offers several advantages. TCP works by forming a physical connection between the client and the server, trying to guarantee that every packet arrives at the destination in the same order it was sent. To do this, it puts all the content into a fixed format.
Another use of UDP is in the Domain Name System (DNS), which allows for translation of URLs into IP addresses. The combination of both TCP and UDP creates a more flexible and reliable experience.
The low level of SOCKS5 also means it can handle several different request types: HTTP, HTTPS, POP3, SMTP and FTP. As a result, SOCKS5 can be used for email, web browsing, peer-to-peer and more. More importantly, users can do this in a somewhat anonymous fashion.
When you connect to a website, the traffic usually runs through a firewall on the router or by the ISP. A SOCKS5 proxy routes your data through its proxy server, creating a path through the network’s firewall. In doing so the user is assigned an IP address, which makes it look like they’re browsing from a different location and protects their identity.
As mentioned before proxies don’t encrypt data like a VPN, which means you can access these services with very little slowdown. This is because there is no need to re-write header data. This, in turn, leads to less chance of errors, and fewer errors means more speed.
Although it doesn’t handle encryption, SOCKS5 does provide methods of authentication, as mentioned earlier. In general, a SOCKS5 handshake looks like this:
The client sends a connection request, stating the list of authentication methods it supports.
The server looks at these methods and chooses one. In the case that none are acceptable, it sends a failure response.
Once accepted, information can pass between the client and server. The client can send a connection request and the server can respond.
This authentication removes many of the security concerns that plagued SOCKS4. The proxy isn’t open to anybody with the details, resulting in less chance of malicious attacks. Usually, authentication comes in the form of a simple username and password combination. However, SOCKS5 also supports GSSAPI (Generic Security Services Application Program Interface) and IANA methods.
Now that you know the features of SOCKS5 proxies, you may be wondering why you even need one. One of the main uses is to circumvent internet censorship. If your ISP blocks access to movie streaming websites, The Pirate Bay or other questionable content, a proxy will circumvent it. This can be useful on restricted networks. Work and school connections are often monitored and block access to social media, games, and anything else that isn’t relevant. Broad sweeping policies can often cause issues if you need to access one of those sites for research or you just want to slack.
You’ll also be able to access services that are limited to certain countries. BBC iPlayer, for example, is only available from a UK IP address. A proxy located in the UK would allow you to watch British TV without a TV license. This also applies to services like Netflix, which has significantly more content in the US region than others. Utilizing a SOCKS5 proxy from several different locations can significantly expand your viewing catalogue.
On home networks, users must be careful about their privacy, especially when torrenting. Using a SOCKS5 proxy can provide fast download speeds while adding a layer of protection against copyright holders. Many BitTorrent clients support a weak form of encryption when using SOCKS5, which prevents further obstacles.
SOCKS5 torrenting doesn’t offer the same protection as a VPN, but it’s better than nothing at all. In addition, it can give an obscured connection from only one application on your PC. As a result, you can perform fast P2P downloads while still using location services such as Google Maps. You’ll retain your normal download rate for any other browsing or streaming.
When to use SOCKS5 Proxies, VPNs or Both
For the privacy and security conscious, VPNs are a great option. They are superior to a SOCKS5 proxy in almost every way. The Best VPN Service Providers give unparalleled protection from government agencies, copyright holders and hackers. Many of them even provide proxy services as a free add-on. Other than speed, VPNs do everything SOCKS5 does and more. However, VPN subscriptions can be more expensive and require extra setup to run. In some situations, a proxy is the most economical option.
When it comes to accessing content with region restrictions, for example, a SOCKS5 proxy is great. You can easily spoof a different location, and don’t have to worry too much about security – repercussions are rare. You can find a proxy from almost every country on the planet, often free of charge. A VPN will provide the same benefit, but comes from a trusted provider who has put considerable thought into the safety and privacy of its users.
However, if you’re accessing blocked content, things are a little different. While a proxy is good for low stakes, it doesn’t remove identifying information other than the IP address. It’s open to snooping from anyone with access to your data stream, such as your ISP and government. Accessing censored file-sharing websites and other questionable content is best done through a VPN.
This lack of protection from those with network access can pose considerable risk in public. No encryption means little protection from prying eyes. On a WiFi hotspot, attackers can still see and interpret your data. Browsing websites without SSL encryption could result in password and information compromises. Furthermore, the previously mentioned security issues in SSL mean that hackers could get hold of it even then. For public WiFi safety, a VPN is the only true option.
It’s clear that there are some merits to using a proxy over a VPN. The extra speed makes them suitable for a wide range of low-risk tasks. It’s advantageous to be able to utilize both a VPN and a SOCKS5 proxy. Thankfully, any of the Best VPN service providers supply this at no extra cost. IPVANISH and Private Internet Access are great examples of this. Switching the two methods in and out is a no-brainer, but what about using both at once?
Using both in tandem usually results in increased privacy, if it’s supported by your VPN provider. Be that as it may, the benefits are limited. If a VPN is connected already, you probably won’t see speed increases. Instead, the advantage comes as a safety net. If your VPN cuts out and the Kill-Switch fails, you still have some protection from SOCKS5 VPN proxy, and vice versa. This is relevant if a provider hands over your details – the copyright holder will only see the IP address of the other service. Using both creates an extra barrier to entry.
For most users, this extra barrier is far from essential. A properly configured VPN should pose little problem. However, if you’re doing something particularly sensitive the combination is a good option. For the best security, you should email your provider and make sure your SOCKS5 VPN proxy has no logs.
Speaking of torrenting, it’s important to be aware of the benefits and limitations of using a VPN SOCKS5 proxy for it. SOCKS5 torrenting will show only the IP address of the proxy server if a media company is looking through a certain swarm and provides a small amount of encryption. This gives the small degree of protection mentioned earlier.
However, there are still many avenues of attacks for copyright holders. The encryption method torrent clients use is shaky and not reliable. It can be cracked quickly, revealing the information beneath. Although this wouldn’t reveal the user’s IP address, it could give information such as the version of the client, the operating system, settings and download speed. Copyright holders could use this to narrow down to an individual user and their ISP. They can then send a legal request to that ISP for information. The lack of proper encryption means the ISP can clearly see what a user is doing on its network.
SOCKS5 torrenting does provide an increase in speed, but it comes at a price. A determined copyright troll or government entity may still get leverage over the user. In the end, it’s up to the individual to decide if the speed increase is worth the risk. This will probably depend on how significant the difference is.
SOCKS5 VPN proxies come with an additional caveat. A fully-fledged VPN won’t just protect you from copyright holders, it will also bypass ISP throttling. It’s becoming increasingly common for service providers to set speed limits on peer-to-peer downloads, resulting in speeds that are as much as one fifth of normal speed. Service providers can only do this if they can interpret and categorize the data, so VPN encryption provides a natural wall.
Proxies do not generally provide encryption, and you may experience significant throttling. This can easily offset the speed gains of SOCKS5, so proxies are only the best option if your ISP does not throttle. You can test for throttling though web services like Glasnost. Even with the encryption built into torrent clients, most service providers can tell if you’re using P2P. If you’re unsure, you can always test with a free proxy.
Configuring SOCKS5 Proxy for Torrenting
Thankfully, setting up a SOCKS5 proxy for torrenting is very simple. It requires fewer steps than a VPN, and all you’ll need is a torrent client. In our examples, we’ll be showing uTorrent and qBittorrent, using a VPN SOCKS5 proxy from IPVANISH and Private Internet Access. Both providers give the functionality free of charge and provide a premium service and no logs policy.
Set up a SOCKS5 Proxy with IPVANISH and qBittorrent
To emphasise the divide between the two services, IP Vanish’s SOCKS5 details can’t be found in the regular VPN client. Instead, you’ll have to go to the My Account section of its website and click on the SOCKS5 Proxy tab.
You’ll want to note down these credentials for use later. The username and password are specific to you, and provide the SOCKS5 authentication mentioned earlier. The hostname,, is thanks to SOCKS5 and its Domain Name Resolution feature. If you’re using a different proxy, just take note of those details instead.
For an extensive review on PIA, including security tests, DNS Leak tests, Torrent Protection, Kill-Switch test, Netflix support and much more, read our Best VPN Review: Private Internet Access (PIA)
Now, in qBittorrent, head to Tools > Options. On the left-hand side, you’ll see the Connection tab. Click it. You should be presented with the following menu:
Under the Listening Port heading, disable Use UPnP/NAT-PMP port forwarding from my router. Then input the following details under Proxy Server:
Use proxy for peer connections: Yes
Disable connections not supported by proxies: Yes
Use proxy only for torrents: Yes
Username: IP Vanish SOCKS5 generated username
Password: IP Vanish SOCKS5 generated password
For extra privacy, head to BitTorrent and change Encryption mode to Require encryption. This will force the in-application encryption discussed earlier. Also tick Enable anonymous mode. This will remove the peer ID from the client’s fingerprint and force all incoming connections through SOCKS5.
Finally, hit Apply and Okay. Restart qBittorrent just to be safe.
Set up a SOCKS5 Proxy with Private Internet Access and uTorrent
Finding your SOCKS5 VPN proxy settings for Private Internet Access is equally simple. Go to the client sign in page and login with your username and password. Scroll down until you see a heading with the label PPTP/L2TP/SOCKS Username and Password. Click Generate Username and Password and note down the details:
The hostname isn’t listed here, but a support article reveals that it’s that down too, or the details of your free proxy. Launch uTorrent and go to Options > Preferences (Ctrl + P).
Under the Connection subheading, disable Enable UPnP port mapping and Enable NAT-PMP port mapping. Then enter the following settings under Proxy Server:
Username: PIA SOCKS5 user
Password: PIA SOCKS5 password
Use proxy for hostname lookups: Yes
Use proxy for peer-to-peer connections: Yes
Disable all local DNS lookups: Yes
Disable all features that leak identifying information: Yes
Disable connects unsupported by the proxy: Yes
To enable encryption, go to the BitTorrent subheading and look under the Protocol Encryption menu. Change Outgoing to Forced. Be aware that this could impair your ability to connect to peers. Click Apply and OK. SOCKS5 torrenting is now enabled.
Configuring your browser to use SOCKS can be a little more difficult. At this moment in time, neither Chrome nor Firefox support SOCKS5 with authentication by default. Instead, you can use the Maxthon browser. After install go to Settings > Advanced > Proxy Settings.
Now tick Use custom proxy setting and hit Manage Proxy. Click Add. Fill in the fields as follows:
Name: IPVanish SOCKS5
Hit OK. Below the config, you’ll see a Bypass proxy server for heading. Here you can set exceptions for websites for which you need to keep your local IP, such as Google Maps. You can also switch this to Use proxy server for and only use the VPN SOCKS5 proxy on certain websites.
Though premium paid SOCKS5 proxies like the one above are often best, it’s possible to get one free of charge. Many websites even compile free proxy lists that are open for anyone to use. Here are just a few examples:
If you already have a VPN, you may have access to a free SOCKS5 proxy without even knowing it. It’s becoming increasingly common for the Best VPN service providers to offer this service. Some of the major ones include:
IPVANISH – Netherlands
Private Internet Access – Netherlands
NordVPN – 25 Severs across multiple countries
It may be tempting to just grab the first free SOCKS proxy you see, but there are a few things to consider. A free anonymous proxy isn’t going to be fast. It’s more common for download speeds to sit in the kilobytes rather than megabytes. You’ll also notice far less reliability, so you’ll probably have to switch between different servers for long downloads. This unreliability extends to response time.
In addition, a free anonymous proxy often lacks security. In many cases, they have no security at all, leaving users open to hackers. In many cases free providers keep logs, which may cause issues for P2P downloads and other illegal activities.
In all, you’ll be hard pressed to find a good, reliable free proxy. If you want to protect your identity, paying is almost essential. In some cases, you can pick up a full VPN service for the same price or less than premium SOCKS5 services, making it a no-brainer. You’ll have access to strong encryption when you need it, and a proxy when you’re just looking for speed.
One of the best uses of a SOCKS5 proxy is for Netflix. The catalogue of the service has been limited of late, and people outside the US seem to be particularly affected. Thankfully, you can trick Netflix into giving you shows from regions across the world. Here’s my Netflix UK homepage before using a proxy:
In this example, we’ll be using Firefox. Go to the flyout menu on the top right, then select Options. Go to Advanced and click the Network tab. Under Connection > Configure how Firefox connects to the Internet, click Settings…
First, change Configure Proxies to Access the Internet to Manual proxy configuration. Under SOCKS Host enter the URL or IP address of your proxy server. Under Port, enter the number your Netflix SOCKS5 proxy has provided. Tick SOCKS v5 and Proxy DNS when using SOCKS v5.
You can now click OK and head to. You should immediately notice a change in your browsing catalogue.
Unfortunately, those with a free SOCKS proxy may get stuck here. Netflix monitors proxy lists and blocks them to stop users accessing content they aren’t supposed to. You’ll know if you receive the following error when trying to play a show:
Trying to access Netflix US via Free SOCKS Proxy fails
You may be able to find a free proxy that Netflix hasn’t gotten around to yet, but it’s quite unlikely. A paid, private SOCKS5 proxy is less likely to be blocked, as the provider changes things often. You should notice much faster buffering times, so it’s worth paying the small monthly fee.
Most VPN SOCKS5 proxies use authentication, which isn’t supported by Firefox or Google Chrome. Instead, you’ll want to use the previously mentioned Maxthon browser method. This should give you fast, unblocked access to different films.
While SOCKS5 proxies offer better protection than HTML or nothing at all, they don’t shield the user from spying by ISPs or government. Free anonymous proxies offer even less protection, and can be open to hackers, cut out, or have slow download speeds. However, subscription-based proxies remain a great way to bypass regional blocks and carry out other, low-risk tasks.
Unfortunately, the price of a standalone SOCKS5 proxy is high compared to other services. In many cases, users can get a VPN subscription from IPVANISH or Private Internet Access and a VPN SOCKS5 proxy for the same monthly fee. This gives users access to the full, hardened security of a VPN, while also providing a fast, less secure proxy if they need it. At this moment in time, VPN providers like PIA, IPVANISH and NordVPN offer superior value for money.
Back to VPN Guides and Articles Section
How to set up a SOCKS5 proxy on a virtual private server (VPS)
@lahmstache January 12, 2017
Proxies and Virtual Private Networks (VPNs)
Proxies and VPNs differ in nature, although they can provide some of the same services. A VPN routes all of the network traffic on a client computer through a tunnel to some other server computer. No individual application configuration is required. In contrast, using a proxy requires each application to be individually configured to ensure its traffic goes through the proxy.
The intent of a VPN is to allow a remote client computer to access network resources in some other location as if it were physically located in the same office. One of those network resources can be access to the internet, which masks the IP address of the remote computer. For this reason, VPNs have recently seen a surge in popularity as both a geo-obfuscation tool to access content not available in the client computer’s country (such as US Netflix from outside the US), and as a privacy tool to prevent the client’s IP address from being discovered. A proxy is more limited in that it cannot provide access to remote resources, but it can mask your IP address and provide geo-obfuscation services.
Types of proxies
The two most common types of proxies are HTTP (Hyper Text Transfer Protocol) and SOCKS5 (Secure Sockets 5). The SOCKS4 and SOCKS4a protocols do not support UDP or authentication. The current SOCKS5 and HTTP proxies differ in the following ways:
In general terms, the HTTP proxy can only proxy HTTP (TCP) traffic whereas a SOCKS5 proxy can handle any type of traffic using either TCP or UDP.
A SOCKS5 proxy does not interpret the traffic sent through it in any way whereas an HTTP proxy typically does. This means that a SOCKS5 proxy is more universal and can be used with more applications.
An HTTP proxy can only be used with HTTP clients such as a web browser, but since it is aware of the HTTP content, it can do clever things such as caching or rewriting headers in addition to the proxying service. For the purpose of anonymity and privacy, a SOCKS5 proxy is a better choice since it can be put to more general use.
In this post we’ll look at setting up the most simple kind of SOCKS5 proxy using SSH (Secure Shell). We’ll set up an inexpensive VPS at Digital Ocean, configure the SSH server and set up a few client applications to use the proxy.
Set up the proxy server
Almost any type of VPS will work for this. Some web hosting accounts might also work since all you need is non-root SSH access, but using a web hosting account as a proxy server may violate some hosts’ terms of service. Digital Ocean is a well-known and affordable cloud provider and one of their $5/month servers will work well for a SSH proxy.
Digital Ocean is a Virtual Private Cloud (VPC) provider meaning that you don’t purchase a particular server. Rather, you create an account and link a payment method to it. Once you’ve done that, you can create as many virtual servers as you want. VPCs tend to offer more control over system specifications and can cost much less than a traditional VPS. There’s a good explanation of the differences between a VPS and VPC here.
To create a Droplet, click the Droplets menu item and make a few selections to customize it. I’ve selected Ubuntu 16. 04 LTS (Long Term Support) as the operating system and the smallest (least expensive) size. Droplets are charged by the hour. The least expensive option will work well and only cost about $5 for the entire month.
You’ll now want to select a location for your Droplet. Keep in mind that when you are using your proxy, your traffic will be seen as coming from the IP address of your Droplet. If you’re setting up a proxy specifically for geo-obfuscation purposes you should pick a location in or near the country that you wish to appear to be from.
Once your Droplet has been created you will receive a confirmation email from Digital Ocean with its IP address and login information.
Configure OpenSSH on the VPS
Digital Ocean Droplets come with SSH installed and ready to go. The root user’s password is supplied in the welcome email so there’s no additional setup required on the server. But the best practice is to change the default password and create a user specifically for proxying.
Connect to the Droplet using SSH on MacOS (OSX) or Linux
Open a terminal and type the following command to connect using the IP address from your welcome email:
You will be prompted to accept the key. Enter the password from your welcome email, and then change the password.
Connect to the Droplet using PuTTY on Windows
If you’re using Windows, you’ll need an SSH client to connect to your Droplet. The most widely used SSH client is PuTTY.
Enter the IP address of your Droplet into the Host Name field and click the Open button.
Ensure the system is up to date
It’s a good idea to make sure the system software is up to date. Outdated software is a leading cause of system hacks. The two commands to do this in Ubuntu are:
There was very little to upgrade on my Droplet which means Digital Ocean keeps their images updated.
Add a user
The Droplet comes with one user – the all-powerful root user. It is a good security practice to add a less privileged user to the system and connect to your proxy with that account.
Issue the following command to add a normal user named myuser:
Set a password and at least a proper username. You don’t need to complete any other information.
We now have everything we need to use the proxy.
Connect to the proxy
In order to use the proxy to tunnel traffic it has to be connected. Unix-like operating systems have a built-in SSH client whereas Windows will need a third party application such as PuTTY
Using SSH on MacOS (OSX) or Linux
The method for connecting to the proxy is the same for Linux and MacOS (OSX). Open a terminal and use SSH to connect like this:
ssh 66. 77. 88. 99 -l myuser -D 12345
Replace 66. 99 with the IP address from your Digital Ocean welcome letter.
The -D switch tells the SSH client to forward traffic sent to port 12345 on your local machine to your proxy. You can use any port number you’d like as long as it is above 1024. From the help file, the -D switch:
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.
Do not disconnect this SSH session. You can minimize it to get it out of your way because you won’t need to do anything further with it, but leave it running until you are done using the proxy.
Using PuTTY on Linux or Windows
When you open PuTTY you will be in the Session tab. Enter the IP address of your Droplet and leave the port as 22.
Navigate to the SSH -> Tunnels tab. Enter 12345 (or any port you’d like) into the Source port field. Select the Dynamic radio button and click the Add button.
If you don’t want to have to do this every time you open PuTTY, navigate back to the Sessions tab, highlight the Default Settings line in the Saved Sessions list, and click the Save button.
Configure your browser and other applications to use the proxy
Now that you’re connected to the proxy there are three basic ways to use it:
Set each application’s networking settings to use the proxy. Not all applications support proxies, but web browsers do.
Use a Plugin such as the FoxyProxy plugin for Firefox and Chrome to do the application configuration for you.
Configure the operating system itself to use the proxy for all applications.
The second option is the easiest because you can quickly enable or disable the proxy, and you can configure the browser to only use the proxy for certain sites. The other two options require a lot of flipping back and forth when you want to enable or disable the proxy.
Using the application’s built-in network settings
Any application that supports SOCKS5 proxies should be able to use the SSH tunnel. Simply use the proxy host IP of 127. 0. 1 (the localhost IP) and the port of 12345 (or whatever port number you’ve selected).
In Firefox the proxy settings are found in the Preferences -> Advanced -> Network -> Settings.
In Chrome, you will need to click the Advanced Settings link at the bottom of the Settings page and then navigate to Network -> Change proxy Settings. Chrome does not have its own proxy settings so this will just open your operating system’s proxy settings panel.
If you’re using Internet Explorer you will find your proxy settings at Internet Options -> Connections tab -> LAN Settings button. This opens up the Windows proxy settings control panel applet. Much like Chrome, there are no dedicated Internet Explorer settings for proxies.
Using a plugin for Firefox or Chrome.
There are a number of proxy plugins for Firefox and Chrome. A popular one is FoxyProxy. It sits in your browser bar and you can enable or disable the proxy by clicking on it, which is much easier than digging through your operating system or browser settings.
FoxyProxy can also be configured to exclude certain sites from using the proxy. This is useful if you want to keep the proxy running all the time, but don’t want to trip over your bank’s defenses by suddenly appearing to be in another country.
Download FoxyProxy for your browser.
When you first launch FoxyProxy, the main window contains a proxy that’s already set up but not active. There are many options and configuration settings within FoxyProxy but we’re just going to focus on the few we need to get the proxy up and running.
Highlight the existing proxy and click the Edit Selection button.
Go to the Proxy Details tab and enter 127. 1 as the Host IP Address and 12345 into the Port field.
Click the SOCKS Proxy? checkbox and select the SOCKS5 radio button.
Next, click on the General tab and ensure the Perform remote DNS lookups on hostnames loading through this proxy is checked. This will help to prevent DNS leaks. It won’t completely hide you because WebRTC lookups will still work to discover your real IP address. You can use this tool to check DNS leaks. There are plugins for Firefox and Google Chrome that will disable WebRTC functions.
Close the FoxyProxy settings window and then activate the proxy by selecting Use proxy default for all URLs. You can verify that your proxy is working by visiting a site like What is my IP, where you should now see your proxy IP address instead of your ISP’s.
If you want to identify specific URLs to use or exclude from the proxy, you will need to create a custom proxy. Click the Add New Proxy button and you will see an additional button at the top of the settings screen named URL Patterns. Click that button to set up custom filters.
You can enter sites and patterns to match or exclude in this screen.
Using the operating system network settings
Instead of entering the proxy settings into each application, it’s possible to set the details once at the operating system level. When that is done, you’ll just need to tell each application to use the system level proxy.
You can access the Internet Options applet in Windows in two ways. Access the Control Panel -> Internet Options, or access the Internet Options from the settings menu in Internet Explorer.
From there, you can follow the instructions for Internet Explorer in the section above.
Click the Apple icon at the top left of the menu bar on your screen and select System Preferences. Select Network and then Proxies.
Click the Advanced button to access the Network settings and navigate to the Proxies tab.
Click the SOCKS Proxy checkbox and enter the host and port information.
Each Linux desktop environment has a different control panel item to configure the network settings. The two most common desktops are Gnome and KDE.
In the Gnome desktop (used by Ubuntu), the Settings -> Network panel is the place to set up the proxy.
Select the Manual option.
Then set the SOCKS proxy and click the Apply system wide button.
The KDE Desktop (used by Kubuntu) has the network settings in the Settings – System Settings -> Network Settings -> Proxy.
Once the proxy is set up in the operating system, each application will have to be configured to use it. That option will be in the network settings for each application. As an example, in Firefox this setting is at the top of the proxy settings.
Frequently Asked Questions about how to use socks 5 proxy
How do you use a sock proxy?
Using SOCKS5 Proxy for US Netflix Go to Advanced and click the Network tab. Under Connection > Configure how Firefox connects to the Internet, click Settings… First, change Configure Proxies to Access the Internet to Manual proxy configuration. Under SOCKS Host enter the URL or IP address of your proxy server.
How do I setup a SOCKS5 Proxy?
Click the Apple icon at the top left of the menu bar on your screen and select System Preferences. Select Network and then Proxies. Click the Advanced button to access the Network settings and navigate to the Proxies tab. Click the SOCKS Proxy checkbox and enter the host and port information.Jan 12, 2017
How does SOCKS5 Proxy work?
A SOCKS proxy server creates a Transmission Control Protocol (TCP) connection to another server behind the firewall on the client’s behalf, then exchanges network packets between the client and the actual server. … As a result, SOCKS can be used for email, web browsing, peer-to-peer sharing, file transfers and more.Sep 27, 2019