# What can SOCKS Proxy Do and How to Create ?



## fahad (Nov 5, 2013)

I thought Socks Proxy Server can encrypt connections. Can it ? I tried

Guess xxx.xxx.xxx.xxx is my vps IP.


ssh -f -N -D xxx.xxx.xxx.xxx:1080 xxx.xxx.xxx.xxx
And I can connect to the proxy from my pc ! 

But when i tried Wireshark to read datas , I got all datas !!!

I tried to login in a site which has no ssl and after login i check the Wireshark file and got the ID and password ! 

Am i doing wrong ?


----------



## scv (Nov 5, 2013)

SOCKS is NOT encrypted. Use OpenVPN or IPSEC for reliable encrypted tunneling.

Do note in your example you're using the SSH SOCKS server. The data is encrypted via SSH once it leaves your machine, but it will remain unencrypted once it leaves the remote server.


----------



## fahad (Nov 5, 2013)

scv said:


> SOCKS is NOT encrypted. Use OpenVPN or IPSEC for reliable encrypted tunneling.
> 
> Do note in your example you're using the SSH SOCKS server. The data is encrypted via SSH once it leaves your machine, but it will remain unencrypted once it leaves the remote server.



IPSEC is cool i think . Any tuto you have for Ubuntu12.04 ? And About pptp vpn , it can encrypt contents , right ???


----------



## scv (Nov 5, 2013)

PPTP is not secure, the crypto is very weak. Only advantage is it's widely supported. IPSEC is only useful for a point to point tunnel on its own - for a generic VPN setup you'd need something like L2TP or GRE underneath it. There are many different ways of setting it up.


----------



## drmike (Nov 5, 2013)

fahad said:


> I thought Socks Proxy Server can encrypt connections. Can it ? I tried
> 
> Guess xxx.xxx.xxx.xxx is my vps IP.
> 
> ...


A SSH socks based connection IS ENCRYPTED.  Unsure what you are isolating with Wireshark, but it isn't the 1080 SSH tunnel.  It's pre-tunnel or post tunnel.


----------



## wlanboy (Nov 5, 2013)

drmike said:


> A SSH socks based connection IS ENCRYPTED.  Unsure what you are isolating with Wireshark, but it isn't the 1080 SSH tunnel.  It's pre-tunnel or post tunnel.


Browser *<->* localhost <-> ssh tunnel <-> server *<->* internet connection *<->* external website

Just the ssh tunnel is encrypted. The traffic between browser and the ssh tunnel tcp port is not encrypted.

The red connections can be sniffed.


----------



## drmike (Nov 5, 2013)

Yeppers @wlanboy, good visual.

Just so everyone doesn't get antsy -- SSH TUNNELS are encrypted.  Yes you have plaintext info on your local computer or network prior to that tunnel and where the packets land remotely, unencrypted.

Same vulnerability points exist for VPN.


----------



## fahad (Nov 5, 2013)

wlanboy said:


> Browser *<->* localhost <-> ssh tunnel <-> server *<->* internet connection *<->* external website
> 
> Just the ssh tunnel is encrypted. The traffic between browser and the ssh tunnel tcp port is not encrypted.
> 
> The red connections can be sniffed.


If i do this :

From putty , Tunnel by *1080* port. After login to the server by that ssh and open a tunnel there too by


ssh -L 1080:IP:1080 [email protected]
1.Then if i connect firefox by 127.0.0.1:1080

2.Then If i connect firefox by IP:1080

What will hapen then ??


----------



## wlanboy (Nov 5, 2013)

Won't work because ip:1080 is not a public service (and should never be).

But you should trust your local network.


----------



## fahad (Nov 5, 2013)

wlanboy said:


> Won't work because ip:1080 is not a public service (and should never be).
> 
> But you should trust your local network.


..

I should but i am just want to know. 1080 or any other port if i use ?


----------



## scv (Nov 6, 2013)

You can do that, but it's much easier to use proxychains.


----------



## fahad (Nov 6, 2013)

scv said:


> You can do that, but it's much easier to use proxychains.


What do u mean by proxy chain ?


----------



## scv (Nov 6, 2013)

http://proxychains.sourceforge.net/


----------

