Socks Proxy

Navigation menu

Fast Introduction to SOCKS Proxy
Suggestions of other browsers that do accept SOCKS authentication could perhaps be used as an answer. Stack Overflow works best with JavaScript enabled. Sign up or log in Sign up using Google. This corresponds to IP address 0. From Wikipedia, the free encyclopedia.

Your Answer


This tool uses JavaScript and much of it will not work correctly without it enabled. Please turn JavaScript back on and reload this page. Please enter a title. You can not post a blank message. Please type your message and try again.

This discussion is archived. I have working socks proxy with Java Mail 1. I have tried using an authenticator on the Session. My sample code is below: I am using this method for socks proxy support in java mail. Similar properties exist for the "imap" and "pop3" protocols. Message in Proxy logfile is: It would be presumptuous to claim that MitM attacks are reliably thwarted without taking into account what happens on the Wide Internet, which is known to be a harsh place.

But if you do that, then extra protection for the browser-to-proxy link is superfluous. Protecting traffic between browser and proxy makes sense if you consider proxy authentication. Some proxies require explicit authentication before granting access to their services; this is was? If you send a password to the proxy, then you do not want the password to be spied upon, hence SSL. However, an attacker who can eavesdrop on the local network necessarily controls one local machine with administrator privileges possibly, a laptop he brought himself.

His nuisance powers are already quite beyond simple leeching on the Internet bandwidth. Also, limiting Internet access on a per user basis maps rather poorly to modern operating systems, which tend to rely on Internet access for many tasks, including software updates.

Internet access is more efficiently controlled on a per usage basis. Therefore, I think that protecting access to a HTTP proxy has some merits, but only in rather uncommon scenarios. In particular, it has very little to do with defeating most MitM attacks. Chrome on client side, and Squid on proxy side can work via https. See Secure Web Proxy for more details. I hope that Chrome will warn you on invalid proxy certificate, but have no experience with this setup so can't confirm.

As an alternative to using Thomas Pornin's answer where he suggested to use SSH you can use the service bus to maintain a transparent connection from a local port to a remote server. The "authentication" occurs when the proxy client software connects to the service bus Once the client software authenticates you, a mini-vpn is created just like SSH. Net client is installed locally, and the target is a proxy or some other device you need to trust. Mentally replace SQL Client and with a port of your choosing This project allows several NAT'ed servers to access several NAT'ed clients across the internet over a single service bus connection.

Also, there is a related project called "SocketShifter" on codeplex: It may be worth investigating. By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service , privacy policy and cookie policy , and that your continued use of the website is subject to these policies. Questions Tags Users Badges Unanswered. As is customary, let's first answer the exact question which was asked. The squid documentation has some information on the subject; to sum things up: As is customary, let's see what alternate proposals can be made.

To ensure protected communication between the client and the proxy, the two following solutions may be applicable: So the complete solution would be: The browser just wants to use theproxy: As is customary, let's now question the question. Thomas Pornin k 50 A few follow-on point: The first part is not overly surprising, but very disappointing - and, I believe, possibly a bigger issue than you let on.

I didn't think it was pertinent to the question. As for your third - and most important part - as you say, it is usually not relevant, though my question was about preventing unauthorized MitM i. There are a few edge cases where this is important, such as proxy authentication as you mention. Proxy authentication is still relevant in many situations, both in corporate proxy scenarios e. The attacker also does not need to be a network admin, take into account various roaming scenarios. Sure, a VPN could solve that, but it's not always the case.

Further, as I noted in the question, there are also valid scenarios where the even though browsing itself can be over HTTP, I still want to know that I'm talking to my proxy. Bottom line, I agree with your conclusion - protecting access to a HTTP proxy has some merits, but only in rather uncommon scenarios. However, I think these uncommon scenarios are still extant enough that they should be handled by default within the existing protocols; moreover, the fact that they aren't, and very few professionals are aware of this , is potentially a Very Big Deal.

Very comprehensive answer on an insightful question. I would tend to agree that the risk is small it's a lot of work to get your rogue proxy in there , but the harm is significant if someone can pull it off. Thanks for the example, but it doesn't really answer my question How to get started This.

Install Port Bridge Note:

Premium Proxy

Leave a Reply