search
πŸ“œ MediumπŸ›’ My ShopπŸ‘Ύ GithubπŸ“© Telegram πŸ“Ί YouTubeβœ– Twitter

Socks - Port 1080

hashtag
Basic info

Penetration testing SOCKS proxies is a vital aspect of assessing the security of networked environments where anonymity and traffic relaying are employed. SOCKS proxies (SOCKSv4, SOCKSv5) are often used in environments that aim to obscure source IPs or facilitate internal network access through tunneling. In this guide, we explore every practical angle of pentesting SOCKS proxies, from enumeration and fingerprinting to authentication bypasses and pivoting techniques.

hashtag
SOCKS Proxy Fundamentals and Protocol Behavior

SOCKS is a transport layer proxy protocol that relays traffic between a client and server through a proxy server. Two main versions are commonly in use:

  • SOCKS4: Supports TCP only and lacks authentication.

  • SOCKS5: Supports TCP/UDP, domain name resolution, and various authentication methods (e.g., username/password, GSSAPI).

The typical ports used include 1080, but custom configurations may use non-standard ports.

hashtag
Enumeration of SOCKS Proxies

hashtag
Identifying Open SOCKS Proxies

Initial discovery can be performed using mass scanning techniques or through Shodan and Censys. To verify a suspected SOCKS proxy:

For more aggressive testing:

hashtag
Detecting SOCKS Protocol Versions

Use tools such as nmap, proxycheck, or custom Python scripts to identify whether the proxy supports SOCKSv4 or SOCKSv5.

hashtag
Authentication Testing and Bypass

SOCKSv5 may implement various authentication schemes. Testing includes:

hashtag
No Authentication

If the server accepts no-auth (00):

hashtag
Username/Password Brute-Forcing

Use hydra or medusa for brute-force attacks:

hashtag
Exploiting Weak Authentication Configurations

In some configurations, proxies accept arbitrary credentials. This can be detected by repeatedly submitting invalid data and analyzing responses.

hashtag
Tools for SOCKS Proxy Pentesting

Tool
Purpose

proxychains

Route traffic through SOCKS proxies

nmap

Enumeration, script-based testing

msfconsole

Proxy-aware exploits and modules

socat

Port forwarding, chaining proxies

hydra

Credential brute-forcing on SOCKSv5

proxycheck

Identify open SOCKS proxies

hashtag
Using SOCKS Proxies for Network Pivoting

When internal access is possible via SOCKS:

hashtag
Proxy-Aware Pivoting

Use Metasploit with route add and SOCKS proxy modules.

Then chain internal scans via:

hashtag
SSH + Dynamic Port Forwarding

Then test access via proxychains:

hashtag
Testing Real-World Exploitation Scenarios

hashtag
Internal Web Service Access via SOCKS

Test internal HTTP apps, DNS services, and SMB shares:

hashtag
Exploiting Services Behind SOCKS with Metasploit

Configure proxy in Metasploit:

Then launch modules like exploit/windows/smb/ms17_010_eternalblue.

hashtag
Proxy Chaining for Deep Pivoting

In complex environments, multiple proxies may be chained:

Or using socat:

circle-check

Learn & practice For the Bug Bountyarrow-up-right

chevron-rightSupport VeryLazyTech πŸŽ‰hashtag
PreviousRusersd Service - Port 1026NextJava RMI - RMI-IIOP - Port 1098/1099/1050

Last updated