socks5explainers

What Is a SOCKS5 Proxy? A Plain-English Guide With the Details Kept In

What is a SOCKS5 proxy? How the protocol works, what it does that HTTP proxies can't, remote DNS, UDP support, and when a SOCKS5 proxy is the right choice.

HProxy Team 6 min read

Every proxy list has a SOCKS5 column, every proxy provider sells it, and most explanations of it stop at "it's a more flexible proxy." That is true and useless at the same time. This guide explains what SOCKS5 actually does, where it genuinely beats an HTTP proxy, and where the marketing around it oversells.

The comparisons below come from watching both protocols behave in the wild, across the free proxy list we keep verified around the clock, not from a spec summary. We read the spec too, and we will quote the interesting parts.

What is a SOCKS5 proxy?

A SOCKS5 proxy is a relay that forwards raw network connections without reading or changing what travels through them. Unlike an HTTP proxy, it carries any TCP traffic, not just web requests, can resolve DNS on your behalf, supports authentication, and can even relay UDP. It adds no encryption of its own, so it hides your IP but does not protect your data.

That property, not understanding your traffic, is the source of everything SOCKS5 is good and bad at. An HTTP proxy speaks HTTP: it parses your request, can read and rewrite headers, cache responses, and refuse URLs. A SOCKS5 proxy speaks only "please connect me to this host and port." What flows afterwards is none of its business: web pages, game packets, database wire protocols, anything TCP (and, on paper, UDP).

What actually happens during a SOCKS5 connection

The protocol is defined in RFC 1928 and is refreshingly small. When your client connects through a SOCKS5 proxy, four things happen:

  1. Greeting. Your client connects to the proxy (commonly port 1080) and lists the authentication methods it supports.
  2. Method selection. The proxy picks one: usually "no authentication" on open proxies, or username/password (defined in RFC 1929) on commercial ones.
  3. The request. Your client asks for one of three commands: CONNECT to a host and port (nearly everything uses this), BIND (accept an inbound connection, rare today), or UDP ASSOCIATE (relay UDP datagrams).
  4. The relay. The proxy answers with a success code and from that moment simply shovels bytes in both directions. It never looks inside.

Two details in step 3 matter more than the rest of the spec combined.

Detail one: the proxy can resolve DNS for you

A SOCKS5 request can carry the destination as an IPv4 address, an IPv6 address, or a domain name. If your client sends the domain name, the proxy does the DNS lookup on its side. This is called remote DNS resolution, and it is the difference between the socks5:// and socks5h:// schemes you see in tools like curl: with plain socks5:// your machine resolves the name first (and leaks your DNS queries to your local resolver), with socks5h:// the proxy resolves it.

If you use a proxy for privacy and your DNS queries still go out locally, the proxy is hiding much less than you think. This is one of the most common misconfigurations we see, and it is invisible unless you look for it.

Detail two: UDP support exists, with an asterisk

SOCKS5 can relay UDP through the UDP ASSOCIATE command, which is why "supports games and streaming" appears in every sales page. The asterisk: a large share of real-world SOCKS5 servers, especially free ones, either disable UDP or sit behind NATs and firewalls that break it. TCP CONNECT works nearly everywhere; UDP is something you verify before you rely on it, not something you assume.

SOCKS5 vs HTTP proxies, the real trade-offs

SOCKS5HTTP proxy
Understands your trafficNo, relays bytesYes, parses HTTP
Protocols it can carryAny TCP (UDP sometimes)HTTP; HTTPS via CONNECT tunneling
Can modify or cache trafficNoYes (headers, caching, filtering)
Can add identifying headersNoYes, and transparent ones do
DNS at the proxyYes, if the client sends hostnamesYes for absolute URLs, yes via CONNECT
AuthenticationNone or username/passwordBasic auth, sometimes IP allowlists
EncryptionNone (bring your own TLS)None (bring your own TLS)
Typical port10803128, 8080, 80

Three takeaways from that table.

Anonymity is about headers, and SOCKS5 has none. The transparent/anonymous/elite grades you see on proxy lists describe what an HTTP proxy inserts into forwarded requests: a transparent one passes your real IP in X-Forwarded-For, an elite one adds nothing. A SOCKS5 proxy never touches the protocol layer where those headers live, so it cannot leak your IP that way even if it wanted to. That is a structural advantage, not a configured one.

Neither encrypts anything. "SOCKS5 is more secure" usually means "it does not modify traffic," which is not security. If your connection is HTTPS, it is TLS doing the protecting through either proxy type. If it is plain HTTP, both proxy types (and their operators) can read every byte.

HTTP proxies earn their place when you want the meddling. Caching, corporate filtering, rewriting requests in a scraping pipeline, injecting auth headers for a crawler fleet: those need a proxy that understands HTTP. "Dumber" SOCKS5 cannot do any of it.

Where SOCKS5 is the right tool

  • Non-web TCP traffic. Mail clients, IRC, SSH hops, database connections, custom binary protocols. An HTTP proxy simply cannot carry these (its CONNECT method can tunnel some of them, but support is often restricted to port 443).
  • Applications with native SOCKS support. Torrent clients, messaging apps, game launchers and most scraping frameworks speak SOCKS5 natively, and it behaves predictably across all of them.
  • Privacy-sensitive routing with remote DNS. socks5h-style resolution keeps both your traffic destination and your DNS lookups off your local network.
  • Tooling that needs one proxy for everything. Point an entire application at one SOCKS5 endpoint and every protocol it uses follows, no per-protocol configuration.

And where it is not: if your tool only accepts HTTP proxies, or your workflow benefits from caching and header control, protocol purity is worth nothing. Use what fits the pipeline.

Using a SOCKS5 proxy in practice

The fastest way to try one is curl. Pull a live SOCKS5 endpoint from our free API and route a request through it:

# One live SOCKS5 proxy, fresh from the pool
curl "https://hproxy.com/api/proxy-list?format=txt&protocol=socks5&recent=true&limit=1"

# Route through it, resolving DNS at the proxy (socks5h)
curl -x socks5h://198.51.100.14:1080 -s https://httpbin.org/ip

If the second command returns the proxy's IP instead of yours, the relay works. We keep a dedicated SOCKS5 section of the free list with live-checked entries, uptime history and network data for exactly this kind of experimentation, and our proxy checker will grade any proxy you paste into it, including whether it really is SOCKS5.

For anything beyond experiments, the free-pool rules apply (we wrote a whole guide to when free proxies are fine): shared IPs die fast and are already flagged by major sites. Paid residential and datacenter proxies from any reputable provider, ours included, support SOCKS5 alongside HTTP, so the protocol choice stays yours while the IP quality problem goes away.

The details people get wrong, collected

Because these come up in support conversations weekly:

  • "SOCKS5 hides me from websites." It hides your IP. It does not touch browser fingerprints, cookies, WebRTC leaks or your logged-in accounts.
  • "SOCKS5 is encrypted." No part of the protocol encrypts anything. TLS does, when present.
  • "SOCKS5 is always faster." The protocol adds marginally less overhead than HTTP parsing; the server's load and location decide the real number. Measure, don't assume.
  • "The username/password makes it secure." RFC 1929 sends credentials in plaintext during the handshake. It gates access to the proxy; it does not protect your data.
  • "UDP support means it's great for gaming." Only if the specific server actually relays UDP and sits close enough to keep latency sane. Verify both.

SOCKS5 earned its reputation by being simple, predictable and universal. Keep in mind what it deliberately does not do (inspect, cache, encrypt), and it will never surprise you.

Frequently asked questions

Is SOCKS5 faster than an HTTP proxy?

Not inherently. SOCKS5 does less work per request (no header parsing or rewriting), but in practice speed is decided by the proxy server's hardware, load and distance from you, not by the protocol. A nearby, lightly loaded HTTP proxy beats an overloaded SOCKS5 proxy every time.

Does SOCKS5 encrypt my traffic?

No. SOCKS5 provides no encryption at all. If you send HTTPS traffic through it, that traffic stays encrypted end to end because of TLS, not because of the proxy. If you send plain HTTP or any other unencrypted protocol, the proxy operator and anyone on the path can read it. For encryption you need TLS on the connection itself or a VPN.

What is the difference between SOCKS4, SOCKS4a and SOCKS5?

SOCKS4 supports TCP connections to IPv4 addresses and sends the destination as an IP, so your client must resolve DNS itself. SOCKS4a added the ability to pass a hostname to the proxy. SOCKS5 added authentication, IPv6, hostname resolution at the proxy, and UDP support. Today SOCKS5 is the one to use; the older versions survive mainly in legacy tooling.

When should I pick SOCKS5 over an HTTP proxy?

Pick SOCKS5 when the traffic is not plain web browsing: custom TCP protocols, game clients, torrents, mail clients, database connections, or when you want the proxy to stay completely out of your data stream. Pick HTTP when your tool only speaks HTTP proxies or you specifically want header-level features like caching or request rewriting.

Do free SOCKS5 proxies exist?

Yes, and they behave like all free proxies: shared by many strangers, short-lived, and unsuitable for anything involving accounts or payments. They are fine for testing and low-stakes lookups. Expect to re-check them right before use, because a large share of any public SOCKS5 list is dead at any given moment.

HProxy Team
We run a proxy network

Keep reading

Proxies that don't die in minutes

Residential, ISP, datacenter and mobile. From $0.99/GB, pay as you go, balance never expires.

See plans
What Is a SOCKS5 Proxy? A Plain-English Guide With the Details Kept In | HProxy