Ubuntu Socks5 Proxy Client
connect over SOCKS4/5 proxy – Ubuntu Manpage Repository
Provided by: connect-proxy_1. 105-1_amd64 NAME connect-proxy — connect over SOCKS4/5 proxy
SYNOPSIS connect-proxy [-dnhst45] [-R resolve] [-p local-port] [-w secs] [-H [user@]proxy-
server[:port]]] [-S [user@]socks-server[:port]]] [-T proxy-server[:port]] [-c
telnet-proxy-command] [host] [port]
DESCRIPTION connect-proxy open connection over SOCKS4/5 proxies
Please, note that any HTTP-Proxy tunnel won’t work with content-inspection firewall
(unless using SSL).
OPTIONS -H specifies a hostname and port number of the proxy server to relay. If port
is omitted, 80 is used. You can specify this value in the environment variable
HTTP_PROXY and pass the -h option to use it.
-S specifies the hostname and port number of the SOCKS server to relay. Like -H,
port number can be omitted and the default is 1080. You can also specify this
value pair in the environment variable SOCKS5_SERVER and give the -s option to
use it.
-4 specifies SOCKS relaying and indicates protocol version to use. It is valid
only when used with ‘-s’ or ‘-S’. Default is ‘-5’ (protocol version 5)
-R method to resolve the hostname. Three keywords (“local”, “remote”, “both”) or
dot-notation IP address are acceptable. The keyword “both” means, “Try local
first, then remote”. If a dot-notation IP address is specified, use this host as
nameserver. The default is “remote” for SOCKS5 or “local” for others. On SOCKS4
protocol, remote resolving method (“remote” and “both”) requires protocol 4a
supported server.
-p will forward a local TCP port instead of using the standard input and output.
-P same to ‘-p’ except keep remote session. The program repeats waiting the port
with holding remote session without disconnecting. To connect the remote
session, send EOF to stdin or kill the program.
-w timeout in seconds for making connection with TARGET host.
-d used for debug. If you fail to connect, use this and check request to and
response from server.
USAGE To use proxy, this example is for SOCKS5 connection to connect to “host” at port 25 via
SOCKS5 server on “firewall” host.
connect-proxy -S firewall host 25
SOCKS5_SERVER=firewall; export SOCKS5_SERVER; connect-proxy -s host 25
For a HTTP-PROXY connection:
connect-proxy -H proxy-server:8080 host 25
HTTP_PROXY=proxy-server:8080; export HTTP_PROXY; connect-proxy -h host 25
To forward a local port, for example to use ssh:
connect-proxy -p 5550 -H proxy-server:8080 host 22 ssh -l user
To use it along ssh transparently:
# file~/
# not using proxy on lan
Host 192. *
ProxyCommand connect-proxy%h%p
# mandatory to access the internet
Host *
ProxyCommand connect-proxy -H proxyserver:8080%h%p
Or for all users ( /etc/ssh/ssh_config)
ENVIRONMENT SOCKS5_USER, SOCKS5_PASSWORD, HTTP_PROXY_USER, HTTP_PROXY_PASSWORD, CONNECT_PASSWORD,
LOGNAME, USER
SEE ALSO ssh (1).
WWW
AUTHOR This manual page was written by Philippe Coval for the Debian system (but may
be used by others). Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU General Public License, Version 2 any later version published
by the Free Software Foundation.
On Debian systems, the complete text of the GNU General Public License can be found in
/usr/share/common-licenses/GPL.
CONNECT-PROXY(1)
How to setup a Socks5 Proxy server on Ubuntu with Dante
Dante Socks5 Server
Dante is a socks5 server that you can use to setup a socks5 proxy on your ubuntu or debian machine. In this quick tutorial we shall learn how to setup dante and use authentication.
With authentication enabled, the dante proxy server would require all clients to provide login details in order to use the proxy server. This is a good idea.
1. Install Dante on Ubuntu
The default Ubuntu repositories have the dante-server package but it is outdated. The version present is 1. 1. 19 which is quite old and also has some bugs. The authentication feature does not work properly.
If you don’t need authentication then you can install it.
sudo apt-get install dante-server
The version in repository was
# danted -v
danted: dante v1. 19
Known authentication issues
Like mentioned earlier, the authentication feature does not properly work with it. The log file shows the following error messages –
Mar 11 14:05:05 (1489241105) danted[5020]: pass(1): tcp/accept]: username%[email protected] -> 104. 131. 115. 128. 1080: system username/password failed
Trying to test with curl shows the following error message –
$ curl -v -x socks5username:[email protected]:1080 * Trying 104. 128…
* User was rejected by the SOCKS5 server (1 1).
* Closing connection 0
curl: (7) User was rejected by the SOCKS5 server (1 1).
Some users have reported similar issues at this reddit post -Install newer version directly from file
So we need to install a newer version. There is a ppa for dante-server at –
but it is no longer being maintained. But we can use the deb file from the ppa to install dante on Ubuntu 16. 10
The download url is this:
using the wget command:
# wget Install using gdebi command:
$ sudo apt-get install gdebi-core
$ sudo gdebi
2. Configure
The next task is to configure the dante server before starting it. The configuration file can be found here –
nano /etc/
The contents should look similar to this –
# /etc/
logoutput: syslog
ivileged: root
user. unprivileged: nobody
# The listening network interface or address.
internal: 0. 0. 0 port=1080
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# The default of “none” permits anonymous access.
socksmethod: username
# client-rules determine who can connect to the internal interface.
clientmethod: none
client pass {
from: 0. 0/0 to: 0. 0/0
log: connect disconnect error}
socks pass {
Now start the danted proxy server
# service danted start
Use the netstat command to check the port number
# netstat -nlpt | grep dant
tcp 0 0 0. 0:1080 0. 0:* LISTEN 6342/danted
3. Create a User
Dante can use the system unix user accounts to authenticate the connecting clients. For this you should create a separate user. Any client that will be connecting to this proxy server will be sending the password in plain text over the network, so beware of that.
$ adduser mike
4. Test with curl
Once you have setup everything, its time to test that the proxy server is working as expected. Use the curl command to do this. Specify the username, password, server ip and port number and try fetching some url.
curl -v -x socks5mike:[email protected]
Conclusion
Dante is a socks5 server that can be used as a proxy server. For instance you can setup an online linux server and use it as a proxy server to access other websites. Such proxy servers are useful when you need to change your ip address on the internet or access a website from a different geo location.
If you need an proxy server or caching solution try Squid Proxy which supports, etc.
Resources
Config documentation can be found here –
If you want to compile the latest version of dante from source then check out these links –
Turn any Linux computer into a SOCKS5 proxy with one …
Last updated
2 weeks ago
I thought I’d write a shorter article this time. It goes hand in hand with my upcoming article series on 100% technical guide to anonymity and it’s much easier to write larger articles by splitting them into smaller pieces. I can then just edit them together and produce the final article.
This article will be interesting to everyone who didn’t know this awesome fact already – you can turn any Linux computer into a SOCKS5 (and SOCKS4) proxy with just one ssh command command and no extra tools.
ssh -N -D 0. 0. 0:1080 localhost
Even better – it doesn’t require root privileges. The ssh command starts up dynamic -D port forwarding on port 1080 and talks to the clients via SOCSK5 or SOCKS4 protocols, just like a regular SOCKS5 proxy would. The -N option makes sure ssh stays idle and doesn’t execute any commands on localhost.
If you also want the command to go into background as a daemon, then add the -f option:
ssh -f -N -D 0. 0:1080 localhost
To use it, just make your software use SOCKS5 proxy on your Linux computer’s IP, port 1080, and you’re done – all your requests will now get proxied.
Access control can be implemented via iptables. For example, to allow only people from the ip 1. 2. 3. 4 to use SOCKS5 proxy, add the following iptables rules:
iptables -A INPUT –src 1. 4 -p tcp –dport 1080 -j ACCEPT
iptables -A INPUT -p tcp –dport 1080 -j REJECT
The first rule says, allow anyone from 1. 4 to connect to port 1080, and the other rule says, deny everyone else from connecting to port 1080.
However, executing iptables requires root privileges. If you don’t have root privileges, and you don’t want to leave your proxy open (and you really don’t want to do that), you’ll have to use some kind of a simple TCP proxy wrapper to do access control.
Here, I just wrote one in Perl. It’s called and it uses IO::Socket::INET to abstract sockets, and IO::Select to do connection multiplexing.
#! /usr/bin/perl
#
use warnings;
use strict;
use IO::Socket::INET;
use IO::Select;
my @allowed_ips = (‘1. 4’, ‘5. 6. 7. 8’, ‘127. 1’, ‘192. 168. 1. 2’);
my $ioset = IO::Select->new;
my%socket_map;
my $debug = 1;
sub new_conn {
my ($host, $port) = @_;
return IO::Socket::INET->new(
PeerAddr => $host,
PeerPort => $port) || die “Unable to connect to $host:$port: $! “;}
sub new_server {
my $server = IO::Socket::INET->new(
LocalAddr => $host,
LocalPort => $port,
ReuseAddr => 1,
Listen => 100) || die “Unable to listen on $host:$port: $! “;}
sub new_connection {
my $server = shift;
my $client = $server->accept;
my $client_ip = client_ip($client);
unless (client_allowed($client)) {
print “Connection from $client_ip denied. n” if $debug;
$client->close;
return;}
print “Connection from $client_ip accepted. n” if $debug;
my $remote = new_conn(‘localhost’, 55555);
$ioset->add($client);
$ioset->add($remote);
$socket_map{$client} = $remote;
$socket_map{$remote} = $client;}
sub close_connection {
my $client = shift;
my $remote = $socket_map{$client};
$ioset->remove($client);
$ioset->remove($remote);
delete $socket_map{$client};
delete $socket_map{$remote};
$remote->close;
print “Connection from $client_ip closed. n” if $debug;}
sub client_ip {
return inet_ntoa($client->sockaddr);}
sub client_allowed {
return grep { $_ eq $client_ip} @allowed_ips;}
print “Starting a server on 0. 0:1080n”;
my $server = new_server(‘0. 0’, 1080);
$ioset->add($server);
while (1) {
for my $socket ($ioset->can_read) {
if ($socket == $server) {
new_connection($server);}
else {
next unless exists $socket_map{$socket};
my $remote = $socket_map{$socket};
my $buffer;
my $read = $socket->sysread($buffer, 4096);
if ($read) {
$remote->syswrite($buffer);}
close_connection($socket);}}}}
To use it, you’ll have to make a change to the previous configuration. Instead of running ssh SOCKS5 proxy on 0. 0:1080, you’ll need to run it on localhost:55555.
ssh -f -N -D 55555 localhost
After that, run the
perl
TCP proxy will start listening on 0. 0:1080 and will redirect only the allowed IPs in @allowed_ips list to localhost:55555.
Another possibility is to use another computer instead of your own as an exit node. What I mean is you can do the following.
ssh -f -N -D 1080
This will set up a SOCKS5 proxy on localhost:1080 but when you use it, ssh will automatically tunnel your requests (encrypted) via This way you can hide what you’re doing on the Internet from anyone who might be sniffing your link. They will see that you’re communicating with but the traffic will be encrypted so they won’t be able to tell what you’re doing.
That’s it. You’re now the proxy king!
Download
Download link:
I also pushed to GitHub. You can fork it and contribute. For example, you could make it redirect between any number of hosts:ports, not just two, implement onion routing, and better access control.
I’ll also soon write the definitive guide to ssh port forwarding because it’s an interesting but little understood topic.
See you next time!
Thanks for reading my post. If you enjoyed it and would like to receive my posts automatically, you can subscribe to new posts via rss feed or email.
Frequently Asked Questions about ubuntu socks5 proxy client
How use SOCKS5 proxy Ubuntu?
How to setup a Socks5 Proxy server on Ubuntu with DanteInstall Dante on Ubuntu. The default Ubuntu repositories have the dante-server package but it is outdated. … Configure. The next task is to configure the dante server before starting it. … Create a User. … Test with curl.Jul 26, 2020
How use SOCKS5 proxy in Linux?
To use it, just make your software use SOCKS5 proxy on your Linux computer’s IP, port 1080, and you’re done – all your requests will now get proxied. The first rule says, allow anyone from 1.2. 3.4 to connect to port 1080 , and the other rule says, deny everyone else from connecting to port 1080 .
How use SOCKS5 proxy in terminal?
2 Answers. You can use http_proxy environmentvariable like this: export http_proxy=”socks5://localhost:9050″ Now the terminal will use that as proxy.Apr 17, 2015