v1.8.91-d84675c
← Back to Hex Proxies

SOCKS5 Proxy Protocol

SOCKS5 is the most versatile proxy protocol, supporting TCP and UDP traffic, IPv6, multiple authentication methods, and proxy-side DNS resolution. It operates at the session layer, enabling protocol-agnostic proxying for any application.

Try It Now

Technical Details

SOCKS5 (defined in RFC 1928) is the current version of the SOCKS protocol. It operates at Layer 5 and adds significant capabilities over SOCKS4. SOCKS5 connection sequence: 1. Client connects to proxy (default port 1080) 2. Authentication negotiation: a. Client sends: version (0x05), number of auth methods, method list b. Proxy responds: version (0x05), chosen method c. Authentication sub-negotiation (RFC 1929 for username/password): - Client sends: version (0x01), username length, username, password length, password - Proxy responds: version (0x01), status (0x00 = success) 3. Connection request: a. Client sends: version (0x05), command, reserved (0x00), address type, destination address, destination port b. Address types: 0x01 (IPv4), 0x03 (domain name), 0x04 (IPv6) c. Commands: 0x01 (CONNECT), 0x02 (BIND), 0x03 (UDP ASSOCIATE) 4. Proxy responds with connection status and bound address 5. Data relay begins UDP support: SOCKS5 is the only SOCKS version that supports UDP. The UDP ASSOCIATE command establishes a UDP relay: - Client requests UDP ASSOCIATE, specifying the address/port it will send from - Proxy allocates a UDP port and returns its address - Client sends UDP datagrams to the proxy's UDP port, wrapped in a SOCKS5 UDP header - Proxy unwraps and forwards to the destination, and relays responses back Authentication methods (defined by IANA): - 0x00: No authentication - 0x01: GSSAPI - 0x02: Username/Password (most common) - 0x03-0x7F: IANA assigned - 0x80-0xFE: Private methods - 0xFF: No acceptable methods

Advantages

  • Supports both TCP and UDP — the only SOCKS version with UDP capability
  • IPv4 and IPv6 support for modern network compatibility
  • Proper authentication with username/password (RFC 1929)
  • Proxy-side DNS resolution prevents DNS leaks
  • Protocol-agnostic — works with HTTP, SMTP, FTP, SSH, and any TCP/UDP protocol
  • Detailed error codes for better debugging
  • Domain name addressing eliminates client-side DNS resolution
  • Industry standard — supported by virtually all proxy-aware applications

Disadvantages

  • Slightly more complex handshake than SOCKS4 or HTTP proxies
  • No built-in encryption — traffic is cleartext unless combined with TLS
  • UDP association requires the proxy to allocate additional ports
  • Cannot inspect or modify application-layer data
  • Higher memory usage on proxy servers due to UDP state tracking

Use Cases

  • 1General-purpose TCP and UDP proxying
  • 2Applications requiring proxy-side DNS resolution to prevent leaks
  • 3Gaming and real-time applications that use UDP
  • 4VoIP and streaming media proxying
  • 5SSH tunneling through restrictive firewalls
  • 6Database connections through proxy infrastructure
  • 7Torrent clients and P2P applications
  • 8Any protocol that requires IPv6 support

Code Example

# Python — SOCKS5 proxy with requests
import requests

proxies = {
    "http": "socks5h://USER:PASS@gate.hexproxies.com:1080",
    "https": "socks5h://USER:PASS@gate.hexproxies.com:1080",
}

# socks5h:// means proxy-side DNS resolution (prevents DNS leaks)
response = requests.get("https://httpbin.org/ip", proxies=proxies)
print(response.json())

# Node.js — SOCKS5 with socks-proxy-agent
const { SocksProxyAgent } = require('socks-proxy-agent');

const agent = new SocksProxyAgent('socks5h://USER:PASS@gate.hexproxies.com:1080');

const response = await fetch('https://httpbin.org/ip', { agent });
console.log(await response.json());

# cURL — SOCKS5 with proxy-side DNS
curl --socks5-hostname USER:PASS@gate.hexproxies.com:1080 https://httpbin.org/ip

# Go — SOCKS5 with golang.org/x/net/proxy
package main
import (
    "golang.org/x/net/proxy"
    "net/http"
)
dialer, _ := proxy.SOCKS5("tcp", "gate.hexproxies.com:1080",
    &proxy.Auth{User: "USER", Password: "PASS"}, proxy.Direct)
transport := &http.Transport{Dial: dialer.Dial}
client := &http.Client{Transport: transport}
resp, _ := client.Get("https://httpbin.org/ip")

The SOCKS5 Protocol in Depth

SOCKS5, defined in RFC 1928, is the most capable proxy protocol available. It extends SOCKS4 with UDP support, IPv6 compatibility, proper authentication, and detailed error reporting. SOCKS5 is the recommended protocol for any use case that goes beyond simple HTTP/HTTPS web traffic.

Why SOCKS5 Matters

Most proxy protocols are limited to specific application-layer protocols. HTTP proxies only handle HTTP traffic. HTTPS proxies tunnel TCP but cannot handle UDP. SOCKS5 is unique in its ability to proxy virtually any network traffic — TCP connections, UDP datagrams, and even protocol negotiation for future extensions.

The Three-Phase Handshake

SOCKS5 uses a three-phase connection process, which is more structured than SOCKS4's single-packet handshake:

**Phase 1 — Method Negotiation**

The client announces which authentication methods it supports:

Client → Proxy: [0x05] [num_methods] [method_1] [method_2] ...
Proxy → Client: [0x05] [chosen_method]

Common methods: 0x00 (no auth), 0x02 (username/password). If the proxy responds with 0xFF, no acceptable method was offered and the connection is terminated.

**Phase 2 — Authentication**

For username/password authentication (method 0x02), defined in RFC 1929:

Client → Proxy: [0x01] [uname_len] [uname] [passwd_len] [passwd]
Proxy → Client: [0x01] [status]  (0x00 = success)

**Phase 3 — Connection Request**

After authentication, the client requests the actual connection:

Client → Proxy: [0x05] [cmd] [0x00] [addr_type] [dst_addr] [dst_port]
Proxy → Client: [0x05] [status] [0x00] [addr_type] [bnd_addr] [bnd_port]

Address types enable flexible destination specification: - `0x01`: IPv4 (4 bytes) - `0x03`: Domain name (1 byte length + name) — proxy resolves DNS - `0x04`: IPv6 (16 bytes)

UDP Association

SOCKS5's UDP support is its most distinctive feature. The UDP ASSOCIATE command (0x03) works differently from CONNECT:

  1. Client sends a CONNECT request with command 0x03, specifying which address/port it will send UDP from.
  2. Proxy allocates a UDP relay endpoint and returns its address and port.
  3. Client sends UDP datagrams to the proxy's relay port, each prefixed with a SOCKS5 UDP header containing the destination address and port.
  4. Proxy strips the header, forwards the datagram to the destination, and relays responses back with the same header format.

This enables proxying of DNS queries, VoIP traffic, gaming packets, and any other UDP-based communication.

Error Handling

SOCKS5 provides detailed error codes, unlike SOCKS4's binary grant/reject:

  • 0x00: Succeeded
  • 0x01: General SOCKS server failure
  • 0x02: Connection not allowed by ruleset
  • 0x03: Network unreachable
  • 0x04: Host unreachable
  • 0x05: Connection refused
  • 0x06: TTL expired
  • 0x07: Command not supported
  • 0x08: Address type not supported

DNS Leak Prevention

When the client specifies a domain name (address type 0x03) instead of an IP address, the proxy performs DNS resolution. This prevents DNS leak attacks where a local DNS query reveals the target hostname even though traffic is proxied. Hex Proxies performs DNS resolution on our proxy infrastructure, ensuring that your target domains are never exposed through local DNS queries.

SOCKS5 with Hex Proxies

Hex Proxies fully supports SOCKS5 on all proxy types through `gate.hexproxies.com`. Our SOCKS5 implementation includes:

  • Username/password authentication with the same credentials used for HTTP proxies
  • Full domain name addressing for DNS leak prevention
  • TCP CONNECT for all TCP-based protocols
  • Automatic IP rotation (per-request or sticky sessions)
  • IPv4 and IPv6 destination support

For most use cases, SOCKS5 with domain addressing and username/password authentication is the recommended configuration. It provides the best combination of compatibility, security, and flexibility.

Choosing SOCKS5 for Your Project

If your application uses any non-HTTP protocol, needs UDP support, or requires DNS leak prevention, SOCKS5 is the clear choice. It integrates seamlessly with Hex Proxies' rotation and geo-targeting features while supporting the widest range of application protocols.

Ready to Get Started?

Use SOCKS5 Proxy Protocol with Hex Proxies for reliable, fast connections.

Create AccountView Pricing

Related Resources

Rust Reqwest Proxy Setup

Integrate Hex Proxies into Rust applications using the reqwest crate. Covers HTTP and SOCKS5 proxy configuration, authentication, and async request patterns.

Residential Proxies

High-quality residential proxies with rotating IPs from 100+ countries. Perfect for web scraping, data collection, and market research.

ISP Proxies

Ultra-fast ISP proxies with static IPs and unlimited bandwidth. Optimized for sneaker sites, social media, and high-speed tasks.

Rotating Proxies

Automatic IP rotation with every request or on a timed interval. Built for large-scale scraping and data collection.

Cookie Preferences

We use cookies to ensure the best experience. You can customize your preferences below. Learn more