hacktricks/network-services-pentesting/1080-pentesting-socks.md

# 1080 - Socks渗透测试

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 推特 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- 你在一家**网络安全公司**工作吗？你想在HackTricks中看到你的**公司广告**吗？或者你想获得**PEASS的最新版本或下载PDF格式的HackTricks**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！

- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品[**The PEASS Family**](https://opensea.io/collection/the-peass-family)

- 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)

- **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram群组**](https://t.me/peass) 或 **关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**

- **通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来分享你的黑客技巧**。

</details>

## 基本信息

SOCKS是一种通过代理服务器在客户端和服务器之间交换网络数据包的Internet协议。SOCKS5可选择提供身份验证，因此只有授权用户可以访问服务器。

实际上，SOCKS服务器将TCP连接代理到任意IP地址，并提供了一种转发UDP数据包的方法。SOCKS在OSI模型的第5层执行。

**默认端口：** 1080

## 枚举

### 身份验证检查
```bash
nmap -p 1080 <ip> --script socks-auth-info
```
### 暴力破解

#### 基本用法
```bash
nmap --script socks-brute -p 1080 <ip>
```
#### 高级用法

In addition to basic usage, SOCKS proxies can also be used for more advanced purposes in network pentesting. Here are some examples:

除了基本用法外，SOCKS代理还可以用于网络渗透测试中的更高级目的。以下是一些示例：

##### Port Forwarding

##### 端口转发

SOCKS proxies can be used to forward traffic from one port to another. This can be useful in scenarios where direct access to a specific port is blocked, but access to the SOCKS proxy is allowed. By configuring the SOCKS proxy to forward traffic from a blocked port to an open port, it is possible to bypass the restriction and access the desired service.

SOCKS代理可以用于将流量从一个端口转发到另一个端口。这在直接访问特定端口被阻止，但允许访问SOCKS代理的情况下非常有用。通过配置SOCKS代理将被阻止的端口的流量转发到一个开放的端口，可以绕过限制并访问所需的服务。

##### Traffic Manipulation

##### 流量操纵

SOCKS proxies can also be used to manipulate network traffic. By intercepting and modifying the traffic passing through the SOCKS proxy, it is possible to perform various attacks such as packet injection, traffic redirection, and protocol manipulation. This can be particularly useful in scenarios where the target network is protected by firewalls or other security measures.

SOCKS代理还可以用于操纵网络流量。通过拦截和修改通过SOCKS代理传递的流量，可以执行各种攻击，如数据包注入、流量重定向和协议操纵。这在目标网络受到防火墙或其他安全措施保护的情况下尤为有用。

##### Proxy Chaining

##### 代理链

Multiple SOCKS proxies can be chained together to create a chain of proxies. This can be useful in scenarios where access to a specific network or service is restricted through multiple layers of proxies. By chaining SOCKS proxies, it is possible to bypass each layer of restriction and gain access to the desired network or service.

多个SOCKS代理可以链接在一起，形成代理链。这在通过多层代理限制对特定网络或服务的访问时非常有用。通过链接SOCKS代理，可以绕过每一层限制并获得对所需网络或服务的访问权限。

##### Socksification

##### Socksification

Socksification is the process of redirecting network traffic from an application through a SOCKS proxy. This can be useful in scenarios where an application does not support SOCKS proxies natively but can be configured to use a proxy at the operating system level. By socksifying an application, it is possible to route its traffic through a SOCKS proxy and take advantage of the proxy's features.

Socksification是将应用程序的网络流量通过SOCKS代理进行重定向的过程。这在应用程序不原生支持SOCKS代理，但可以在操作系统级别配置使用代理的情况下非常有用。通过对应用程序进行Socksification，可以将其流量路由通过SOCKS代理，并利用代理的功能。
```bash
nmap  --script socks-brute --script-args userdb=users.txt,passdb=rockyou.txt,unpwdb.timelimit=30m -p 1080 <ip>
```
#### 输出
```
PORT     STATE SERVICE
1080/tcp open  socks
| socks-brute:
|   Accounts
|     patrik:12345 - Valid credentials
|   Statistics
|_    Performed 1921 guesses in 6 seconds, average tps: 320
```
## 隧道和端口转发

### 基本的proxychains使用

设置proxychains以使用socks代理
```
nano /etc/proxychains4.conf
```
编辑底部并添加您的代理

```markdown
## Proxy

A proxy is an intermediary server that acts as a gateway between a client and the internet. It allows clients to make indirect network connections to other network services. Proxies can be used for various purposes, including anonymity, caching, content filtering, and load balancing.

### Types of Proxies

There are different types of proxies, each with its own characteristics and use cases:

- **HTTP Proxy**: This type of proxy is used for HTTP traffic. It can be used to intercept and modify HTTP requests and responses.

- **SOCKS Proxy**: SOCKS (Socket Secure) is a protocol that allows for a flexible and secure way to handle network traffic. SOCKS proxies can handle various types of traffic, including TCP, UDP, and ICMP.

- **Transparent Proxy**: A transparent proxy intercepts network traffic without modifying it. It is often used for caching or content filtering purposes.

- **Reverse Proxy**: A reverse proxy is a server that sits between clients and web servers. It can be used to distribute incoming requests to multiple servers, improve performance, and provide additional security features.

### Pentesting SOCKS Proxies

When pentesting SOCKS proxies, there are several techniques and tools that can be used:

- **Proxychains**: Proxychains is a tool that allows you to run any program through a proxy server. It can be used to chain multiple proxies together for increased anonymity.

- **Proxychains-ng**: Proxychains-ng is an updated version of Proxychains that supports multiple proxy types, including SOCKS4, SOCKS5, and HTTP.

- **Burp Suite**: Burp Suite is a popular web application testing tool that can be configured to use a SOCKS proxy. This allows you to intercept and modify web traffic during pentesting.

- **Metasploit**: Metasploit is a powerful framework for penetration testing. It includes modules that can be used to exploit vulnerabilities in SOCKS proxies.

- **Nmap**: Nmap is a versatile network scanning tool that can be used to discover and fingerprint SOCKS proxies.

Remember to always obtain proper authorization before conducting any penetration testing activities.
```
socks5 10.10.10.10 1080
```
使用身份验证
```
socks5 10.10.10.10 1080 username password
```
#### 更多信息：[隧道和端口转发](../generic-methodologies-and-resources/tunneling-and-port-forwarding.md)

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks 云 ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

- 你在一家**网络安全公司**工作吗？想要在 HackTricks 中**宣传你的公司**吗？或者你想要**获取最新版本的 PEASS 或下载 HackTricks 的 PDF**吗？请查看[**订阅计划**](https://github.com/sponsors/carlospolop)！

- 发现我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)收藏品——[**The PEASS Family**](https://opensea.io/collection/the-peass-family)

- 获取[**官方 PEASS & HackTricks 商品**](https://peass.creator-spring.com)

- **加入**[**💬**](https://emojipedia.org/speech-balloon/) [**Discord 群组**](https://discord.gg/hRep4RUj7f) 或 [**Telegram 群组**](https://t.me/peass)，或者**关注**我在**Twitter**上的[**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**

- **通过向[hacktricks 仓库](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud 仓库](https://github.com/carlospolop/hacktricks-cloud)提交 PR 来分享你的黑客技巧**。

</details>