What is the difference between HTTP proxies and SOCKS proxies?

[michael_kent123]

Hello,

I have wondered for some time about the difference between proxy types.

For example, Tor uses SOCKS 5. On the other hand, I can find lists of proxies and enter the IP:port into the HTTP proxy section of Firefox.

What is the difference in practical usage between a HTTP proxy and a SOCKS 5 proxy?

How are these proxies used? Are they used for different purposes? What are their advantages and disadvantages?

Thank you.

[Jason Cooper]

Simple Answer

HTTP proxies proxy HTTP requests, while SOCKS proxies proxy socket connections.

In a bit more detail

A HTTP Proxy will only proxy connections that use the http protocol. A SOCKS proxy is operating at a lower level and so an application, which supports SOCKS proxying, can use it to proxy a connection. Tor uses SOCKS because it is opens up the range of applications that can use it (IRC, SSH, etc).

[cooper]

An HTTP proxy limits its use to the HTTP protocol. Basically, it's the implementation of a web server that, itself, goes out onto the internet via HTTP to fetch whatever you wanted from it, barring any admin-imposed restrictions.

A SOCKS proxy on the other hand is in essence a tunnel between you and an external machine, with 0 restrictions (aside from those imposed by the admin) on what travels across the tunnel.

An HTTP proxy often has an HTTP CONNECT feature that basically says "Gimme a socket plugged into the target machine at so-and-so port and stay out of my way" which is normally used to support HTTPS and, as such, typically restricted to port 443. Since in this case the proxy is just a tunnel, the admin can only restrict the machine and port you're connecting to and maybe the duration of a connection. It's a nice feature I use on a daily basis to connect to my home SSH server which is port-forwarded by my router from 443 externally to port 22 on my gateway machine. In essence it does the same thing as a SOCKS proxy would, but unlike the SOCKS proxy the HTTP proxy wasn't designed to do this from the outset.

[i8igmac]

Also a good tool for the use of both socks5 or http...

proxychains

If I write a application that connects to a onlinegame for goofing around, there is a chance my activities may trigger ip ban...

proxychains ruby myscript.rb 6988 say="hi chatroom I'm behind a proxy"

Proxychains ftp domain.com

Proxychains ssh user@domain.com

Proxychains wget domain.com/file

[michael_kent123]

Thanks.

So, in other words, HTTP can only do HTTP/S but SOCKS can do SSH (for example) and also HTTP/S.

Yes?

[cooper]

By design, yes.

In real life, not quite. As I explained, the HTTPS proxy at my place of work allows me to SSH home.

HTTP proxy: Designed for HTTP with a trick up its sleeve for HTTPS (which you can exploit to do other useful stuff).

SOCKS proxy: Designed for sheer communication - no protocol knowledge of any kind, just packets being transferred.

If you talk to a remote HTTP server via an HTTP proxy, and you send an illegal request, the proxy returns an error.

If you talk to a remote HTTP server via a SOCKS proxy, and you send that same illegal request, the remote server returns an error.

[digip]

One thing to understand is, with an HTTP proxy, you configure your client to use a web server as the "proxy" service in a sense doing the request for you, where it could be either an anonymous proxy, or not, which will just forward the traffic on and still show your real IP, so be careful in this instance what kind of proxy you use since some, just do the request and use your IP as the sender to get the data, which isn't always desirable and won't always work around web filters.

Like Jason Cooper mentioned though, and one of the cool things about a socks proxy, is you can create your own tunnels and also as i8igmac mentioned, a proxy chain. For example, you can use PuTTy to SSH into your web shell on an internet server of yours and configure PuTTy to act as the proxy for traffic. In doing so, you can then point your browser to something like 127.0.0.1 and the port PuTTy listens on dynamically for that socket, and it will forward all traffic over the SSH session to your web server to handle the web traffic, making your IP, that of your Web server, and encrypting all traffic between you and your web server, which will help if say surfing at a coffee shop on free wifi, you can tunnel your traffic over a socks proxy in this manner, and even chain from the web server to multiple other servers, helping to mask your origins. Darren demonstrated a means of doing this and why you might want to, if say you want an IRC bouncer so you can connect to IRC from a remote location while 1, not giving up your real IP, and 2, log on to IRC say at work, where they might filter out the IRC ports ingress/egress wise. Socks enabled clients such as Torrent programs, can also take advantage of this in the same way in helping to get around country IP filters, kind of the way a VPN would help you watch certain videos not allowed outside your country on YouTUBE and such.

HTTP proxies can often get you into trouble though, since many of them are free, but also setup by people on purpose to sniff your traffic, so I would advise to stay away from published proxy lists you see online, vs setting up your own on a server or domain you own yourself. Less chance of interception vs free proxies that often don't fully mask your IP while also logging all your traffic since it's going to be over HTTP and sent in the clear as well. They can use TLS, but usually you see them all on port 8080 and no HTTPS/TLS in use if you sniff your own traffic using free HTTP proxies you find on google and such.