SOCKS stands for Socket Secure. It exchanges data packets between client and server via proxy. It operates on the Session Layer of the OSI model. It allows users to surf on the Internet anonymously. More than that It gives you accessibility of applications only one secure port connection. In this post, I will implement fundamental usage of SOCKS. On the client side we just need open-ssh client and tsocks. open-ssh client exists all Linux distributions. So We only need tsocks. tsocks is a library to implement SOCKS.
gns3@gns3:~/Programs$ sudo apt-get install tsocks
Configure tsocks(client) Open /etc/tsocks.conf and add lines below at the end of the line.
server = 127.0.0.1 server_port = 1080
Initiate Connection(client) Initiate connection between client and SOCKS proxy. -D option is the most important argument for this purpose. It tells that whenever connection is made port 1080, connection is forwarded to the host istanbul over ssh. For more information. $ man ssh
gns3@gns3:~$ ssh -ND 1080 username@istanbul
-N Do not execute a remote command. This is useful for just forwarding ports. -D [bind_address:]port Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
SOCKS server side Only thing we need is on SOCKS server side is permission for the ssh connection and ssh server up and running. Diagram: It is depicted below diagram to leverage to SOCKS service.
Most excited part of this post. First scenario I will request connection to the https://whatismyip.com via firefox without leveraging tsocks. And Second Scenario I will request the same url with tsocks. Scenario 1: Without tsocks.
Scenario 2: With tsocks
gns3@gns3:~$ tsocks firefox
Happy anonymity. :)