While there are hundreds of resources helping you answer the SOCKS vs HTTP proxy dilemma, very few take a deep dive into SOCKS proxies. Did you know that not all SOCKS proxies are the same? For instance, SOCKS and SOCKS5 proxies feature unique capabilities.
To wrap your head around SOCKS proxies and understand where the differences come from, you need to know what SOCKS is. Let’s start with the SOCKS protocol definition and then see what makes different SOCKS protocols unique.
What is the SOCKS protocol?
SOCKS is a short name for a SOCKet Secure protocol. It has found the use case in proxy servers. Namely, you can set up a proxy server to use the SOCKS protocol to accept requests from client users and forward them to target websites and receive data.
It was developed by David Koblas, a skilled system administrator, and was soon extended to SOCKS4 and then SOCKS5. The SOCKS5 upgrades made it incompatible with SOCKS4 and SOCKS. SOCKS protocols are in use today, and each one of them offers some unique perks.
How it works
SOCKS protocol establishes a TCP connection to seamlessly exchange network packets between a client and server. It is also able to forward UDP packets to clients. Meanwhile, the SOCKS protocol works at Layer 5 of the OSI model. Layer 5 is the session layer right between transport and presentation layers.
The SOCKS protocol is only capable of getting the data from point A to point B. It doesn’t manipulate the data in any way, nor can you use it to edit the data in the packets. The ability to only forward data packets enables SOCKS to work with any type of protocol, including HTTP, POP3, UDP, and more. Let’s see how it works when used by a proxy server.
Core principles of SOCKS proxy servers
Proxy servers act as gateways between you and the rest of the world wide web. They get the name after the protocol they use, so following this logic, SOCKS proxy servers use the SOCKS protocol. When you connect to a SOCKS proxy, you will get assigned an IP from the proxy’s IP pool.
When you try to contact any server through a SOCKS proxy, the proxy will take your request and forward it to the target server without reading it or editing it. Upon receiving a response from the server, a SOCK proxy will then forward it to you also without manipulating the data in any way.
Since SOCKS proxy uses SOCKS protocol, they operate at layer 5. Layer 4 is TCP/UDP, and Layer 7 is SSL. Operating on level 5 enables SOCKS proxies to forward several request types, including HTTP, HTTPS, POP3, SMTP, and FTP. That’s what makes SOCKS proxies versatile. You can use them for anything running from web scraping and web crawling to P2P sharing and streaming.
Working at layer 5 is a core principle of SOCKS proxy servers, and it makes them attractive to companies for one more reason. You can use SOCKS proxies for tunneling protocols operating below layer 5. It’s an excellent security feature given that SOCKS proxies make it impossible to run scans used in cyber attacks, such as half-open connection scans.
Different SOCKS protocols
As we mentioned, earlier SOCKS was quickly extended to SOCKS 4. Generally speaking, today, we have SOCKS4 and SOCKS5 protocols. But you should know that the SOCKS 4 as we know it went through a couple of upgrades, including SOCKS4a and SOCKS5.
SOCKS4 didn’t enable clients to resolve domain names to an IP address for the target host’s domain name. Thanks to the SOCKS4e extension, SOCKS4 enabled clients to use either IP address or domain name. SOCKS4a is compatible with SOCKS4.
SOCKS5 is a brand new protocol not because of the many upgrades it features but because it is incompatible with SOCKS4. In addition to SOCKS4, SOCKS5 introduced support for authentication, UDP, and IPv6.
From the security perspective, SOCKS5 was far superior to SOCKS4. First of all, it establishes a full TCP connection. Then you can choose to use null authentication, username/password authentication, or GSS-API authentication. Lastly, you can encrypt all the traffic relayed via SOCKS5 protocol thanks to the Secure Shell (SSH) encrypted tunneling.
In terms of SOCKS vs HTTP proxy differences, all of them come from protocols the proxies use. For instance, with an HTTP proxy, you can only establish HTTP and HTTPS connections, whereas, with a SOCKS proxy, you don’t have any restrictions. Plus, HTTP proxy manipulates the data packages, slowing down the connection and producing errors while SOCKS proxy only relays data packets.
Conclusion
There you have it – SOCKS and SOCKS5 have similarities in terms of compatibility and not manipulating data packets. As you can see, proxies using the SOCKS5 protocol are more flexible, secure, and versatile than those using SOCKS or SOCKS4, which is exactly why it has found use cases across industries.
