[Off-topic] SOCKS proxy speed

Can you provide reasoning or evidence that a local SOCKS proxy will slow down traffic and to what extent? Of course I mean in a significant or impactful way. But I run a SOCKS5 proxy locally and do not see much impact on my internet throughput (1gbps symmetrical). If it is, it is less than 10% penalty. In any case, it would make your statement true - but it should likely have some context to what “slow down” means.

SOCKS proxy encapsulates layer 4 protocols (in both directions when it leaves and returns) in order to be routed. This process is CPU intensive. I have tested nmap (long time ago since it does not support SOCKS) using proxychains and the performance was significantly impacted.

Slower connection speed: SOCKS proxies can significantly slow down your internet speed. This is due to the extra route your data must travel through, which …

"On the other hand, some drawbacks of using a SOCKS proxy are that it can be slow and unreliable at times. "

Well, you managed to get that speed because you are a packet moneky :wink:

1 Like

I think the nuance here is the links you provided may be looking at external / remote socks5 proxies and not internal / local sock5 proxies. I would agree that a remote socks proxy will incur a latency hit because you are now making 2 connections for every one you would otherwise have made (you to proxy, proxy to website). But in a local proxy, a lot of the issues are no longer issues. A local proxy should be very low latency. If your proxy is undersized (this is hard to do these days, really about an sbc can do this near wirespeed nowadays), it could be an issue. My local socks5 proxy has 1 vcpu and 512MB of RAM and runs at wirespeed. Nothing special really.

Yes, this is what I was referring to. But, even if you use a local proxy with an intensive tool like Nmap, there is a reduced performance. As I said I tested the proxychains tool, which might be slow due to a lot of computations.

Correct. But then what are the usage scenarios for using a local socks proxy on your modem?

proxychains will be inherently slower than a modern socks5 proxy (3proxy, dante, the like). I would not really consider nmap as a good candidate for a proxy usage to be honest. Using something like burp or owasp-zap during a web pen test as an attack proxy sure, but not network scans. Too many protocols will not work properly through a proxy and anything in between you and the target could potentially skew your results during an assessment. There are lots of reasons I could come up with that a proxy would not be ideal, but performance on a local proxy is just not one of them.

In my case, I have a socks5 proxy set up on a linux vm that connects to my vpn service provider (via openvpn). It serves an on-demand vpn connection for any of my hosts to access the internet via that vpn provider. I can then use a proxy switcher (Proxy SwitchyOmega in my case) as a plugin in my browsers to route certain domains to the VPN and certain other domains out my regular gateway. It is really handy way of have access to a VPN on your local network without forcing traffic down it unnecessarily (streaming for instance) but having coverage across multiple clients and browsers without touching anything after configured.


Let’s say you’re connected to a TOR, how would you proxy nmap packets?

So, you’re using a SOCKS just to route web traffic for certain domains?! Generally, Socks5 is used for applications/protocols that don’t support a proxy - not for web traffic.

UPDATE: your SOCKS is running inside a VM where the OP has it running in the modem itself.

I am happy to continue the discussion, but we have probably monopolized / threadjacked this one enough at this point. Feel free to open a new topic and tag me in it and we can pick this up. Apologies @mohsent as I started something I shouldn’t have in your thread.

I’ve taken the freedom to move you to your own thread :wink:

1 Like

Thank you! Appreciate it.

I would not be performing nmap scans via TOR, so I would not need to proxy there. When I am doing assessments I limit the exposure to non-parties of the contract as much as possible. In the case of TOR, you have little to no control over traffic paths and entry / exit nodes. That can cause very unpredictable results (is the port closed or what it dropped due to reputational shunning for instance). There are other ways to get the information you want. NMAP is very noisy and sets off many alarms if you just unleash it at a target lol.

I supposed I am getting old, but why is SOCKS not a valid proxy for web traffic? What does an HTTP proxy do that a SOCKS proxy doesn’t with regard to browsing sites? I am open to changing, but I have not seen a need. SOCKS was used for web proxying long before HTTP proxies were a thing, btw.

And to answer the point about where the proxy lives, I could easily move it to my router if I wanted to, if I were running an open router on my perimeter. It really wouldn’t matter. A proxy requires an interface to listen to clients on and an interface to proxy traffic to and from. They don’t even have to be real interfaces of course. I would not choose to have the proxy live on the router because I do not want to terminate that connection inside my network. My proxy lives in my DMZ. I control all traffic into and out of the proxy box and monitor it accordingly. I am mostly concerned about anything into and out of the box that is not on the SOCKS5 port from the client side, and anything that is not 443 or 80 on the proxy side. Given there are some services out there that run on different ports, but I don’t see that often. I am not hacking through my proxy, just browsing websites that I prefer not to track me directly or that I prefer my ISP not track (not everything is https yet).

By using the proxy instead of just a gateway, I have better control over the domains that traverse the vpn. I prefer not to do sensitive transactions over the VPN. I have little more control over VPN endpoints than I do TOR. And while I have to trust someone (carriers), I do not trust VPN operators much more than TOR nodes in reality. If I were trying to do this in a VPN / route mode, I would need to set up split tunneling on the VPN and likely expose myself even more than simply using a proxy. For me, it is about managing my attack surface.