SOCKS5 Proxies — Full Protocol Support
The most versatile proxy protocol. TCP + UDP support, zero header modification, remote DNS resolution. Tunnel any application through SOCKS5 — included free with every ResProxy plan.
- Full SOCKS5 protocol with TCP + UDP
- Remote DNS resolution for privacy
- Username/password & IP whitelist auth
- Included free with every proxy plan
Included free with all plans • No extra cost • 24/7 support
SOCKS5 Proxy
Protocol Deep-Dive
TCP+UDP
Transport
Layer 5
OSI Level
RFC 1928
Standard
Protocol Advantages
Why Choose SOCKS5
SOCKS5 operates at the session layer — below HTTP but above raw TCP — giving it unique capabilities no other proxy protocol offers.
TCP + UDP Transport
SOCKS5 handles both TCP streams and UDP datagrams natively. Route database connections, game traffic, VoIP calls, and DNS lookups through a single protocol.
No Header Modification
Unlike HTTP proxies, SOCKS5 relays raw bytes without inspecting or rewriting headers. Your application protocol reaches the destination exactly as sent — no surprises.
Lower Protocol Overhead
SOCKS5 operates at the session layer (OSI Layer 5), skipping HTTP parsing entirely. The result is measurably less overhead per connection — critical for high-throughput pipelines.
Protocol-Agnostic Routing
Tunnel SSH, FTP, SMTP, IMAP, MySQL, PostgreSQL, or any custom binary protocol. SOCKS5 does not care what your payload contains — it just relays it.
Native Application Support
Game clients, torrent apps, mail clients, and database tools support SOCKS5 natively. No browser extensions or wrapper scripts needed for most desktop software.
Remote DNS Resolution
When configured correctly, SOCKS5 resolves domain names on the server side. Your local machine never queries the target hostname — preventing DNS leak vectors entirely.
Protocol Comparison
SOCKS5 vs HTTP/S vs SOCKS4
A side-by-side comparison at the protocol level. Understanding these differences helps you pick the right protocol for each workload.
SOCKS5 | HTTP/HTTPS | SOCKS4 | |
|---|---|---|---|
| Transport Layer | TCP + UDP | TCP only | TCP only |
| Authentication | User/Pass + IP whitelist | User/Pass + IP whitelist | None (IP-based only) |
| DNS Resolution | Remote (server-side) | Remote via CONNECT | Local (client-side) |
| Header Handling | None — raw relay | Full header parsing | None — raw relay |
| IPv6 Support | Yes (native) | Yes | No |
| UDP Datagrams | UDP ASSOCIATE command | Not supported | Not supported |
| Connection Overhead | ~10 bytes/packet | HTTP headers per request | ~9 bytes/packet |
| Best For | Gaming, VoIP, P2P, tunneling | Web scraping, APIs, browsing | Legacy applications only |
Both Protocols Included
Every ResProxy plan includes HTTP/HTTPS and SOCKS5 at no extra cost. Switch between protocols by changing the port or connection URL.
Use Cases
When to Use SOCKS5
SOCKS5 shines when your traffic is not standard web browsing. Here are the specific scenarios where SOCKS5 is the right choice over HTTP.
Online Gaming
Games use UDP for real-time position updates, voice chat, and matchmaking. SOCKS5 is the only proxy protocol that supports UDP — route game traffic through regional nodes to reduce ping or access geo-restricted game servers.
VoIP & Video Calls
SIP-based VoIP, WebRTC, and video conferencing rely on UDP for low-latency media streams. SOCKS5 tunnels these datagrams without breaking the real-time flow, unlike HTTP which cannot handle UDP at all.
Database Connections
MySQL, PostgreSQL, MongoDB, and Redis all use custom TCP protocols that HTTP proxies cannot interpret. SOCKS5 tunnels the raw TCP stream, letting you connect to remote databases through a proxy seamlessly.
SSH & Custom TCP Apps
SSH sessions, FTP transfers, and proprietary binary protocols all work through SOCKS5 because it relays raw bytes. Developers use this to access internal staging servers or cloud instances through a proxy layer.
Torrenting & P2P
BitTorrent uses both TCP (for tracker connections) and UDP (for DHT and peer discovery). SOCKS5 handles both, making it the standard proxy protocol for P2P applications that need full network access.
DNS-over-UDP Workflows
Traditional DNS uses UDP port 53. Routing DNS through SOCKS5 ensures all lookups exit through the proxy location — essential for geo-targeted DNS testing and preventing local DNS leaks.
Authentication
SOCKS5 Authentication Methods
Two ways to authenticate your SOCKS5 connections. Choose based on whether your client IP is static or dynamic.
Username/Password Authentication
Credentials are sent during the SOCKS5 handshake (RFC 1929 sub-negotiation). The server validates them before opening any data relay. Best for dynamic environments where your client IP changes frequently.
# Python — PySocks library
import socks
import socket
socks.set_default_proxy(
socks.SOCKS5,
"proxy.resproxy.io",
1080,
username="your_user",
password="your_pass"
)
socket.socket = socks.socksocket
# All socket connections now route through SOCKS5
import urllib.request
response = urllib.request.urlopen("https://httpbin.org/ip")
print(response.read().decode())IP Whitelist Authentication
Add your server IP to the whitelist in your dashboard. The SOCKS5 server recognizes your origin IP and skips the credential handshake entirely — saving a round-trip on every new connection. Best for dedicated servers with static IPs.
# cURL — SOCKS5 with IP whitelist (no credentials needed)
curl --socks5-hostname proxy.resproxy.io:1080 \
https://httpbin.org/ip
# Node.js — socks-proxy-agent with IP whitelist
import { SocksProxyAgent } from "socks-proxy-agent";
const agent = new SocksProxyAgent(
"socks5://proxy.resproxy.io:1080"
);
const res = await fetch("https://httpbin.org/ip", { agent });
console.log(await res.json());Integration
SOCKS5 Code Examples
Copy-paste integrations for the most popular languages and tools. All examples use remote DNS resolution (socks5h://) by default.
Python (PySocks + requests)
import requests
proxies = {
"http": "socks5h://user:pass@proxy.resproxy.io:1080",
"https": "socks5h://user:pass@proxy.resproxy.io:1080",
}
# The 'h' in socks5h means remote DNS resolution
response = requests.get("https://api.example.com/data", proxies=proxies)
print(response.json())cURL
# TCP connection through SOCKS5 with remote DNS
curl --socks5-hostname user:pass@proxy.resproxy.io:1080 \
https://api.example.com/data
# Verify your exit IP
curl --socks5-hostname user:pass@proxy.resproxy.io:1080 \
https://httpbin.org/ipNode.js (socks-proxy-agent)
import { SocksProxyAgent } from "socks-proxy-agent";
const agent = new SocksProxyAgent(
"socks5h://user:pass@proxy.resproxy.io:1080"
);
// Works with fetch, axios, got, undici
const response = await fetch("https://api.example.com/data", {
agent,
});
const data = await response.json();Under the Hood
SOCKS5 Connection Lifecycle
What happens at the byte level when your application connects through SOCKS5. Understanding this helps you debug connection issues faster.
Client Greeting & Method Negotiation
Your application opens a TCP connection to the SOCKS5 server and sends a greeting packet listing supported authentication methods. The packet structure is simple: version byte (0x05), number of methods, and the method bytes themselves — typically 0x00 (no auth) and 0x02 (username/password).
The server picks one method it accepts and replies with a two-byte response. If it selects 0xFF, no acceptable method was found and the connection closes. This entire exchange is a single round-trip, typically completing in under 5ms on nearby nodes.
Authentication Sub-Negotiation (RFC 1929)
If the server selected method 0x02, your client sends credentials in a sub-negotiation packet: version (0x01), username length, username bytes, password length, password bytes. The server validates against your account and replies with a single status byte — 0x00 for success.
Credentials travel in cleartext within this packet. For sensitive environments, wrap the SOCKS5 connection inside an SSH tunnel or VPN. With IP whitelisting, this entire step is skipped — the server recognizes your origin IP and proceeds directly to the connection request.
Connection Request — CONNECT, BIND, or UDP ASSOCIATE
Your client sends a request with the command type and destination. CONNECT (0x01) opens a TCP stream to the target. BIND (0x02) opens a port for inbound connections. UDP ASSOCIATE (0x03) sets up a UDP relay. The destination can be an IPv4 address, IPv6 address, or domain name — when you pass a domain, the server resolves it remotely.
The server attempts the connection and replies with a status code. 0x00 means success. Common errors: 0x03 (network unreachable — try a different geo), 0x04 (host unreachable), 0x05 (connection refused by target). These codes are your best debugging tool.
Data Relay — Transparent Byte Forwarding
Once connected, the server becomes a transparent relay. Every byte sent goes to the target unchanged; every byte returned comes back untouched. No header rewriting, no content inspection, no caching. This is the core advantage — you can tunnel any TCP protocol (SSH, FTP, databases, custom binaries) without the proxy breaking anything.
For UDP, each datagram is wrapped with a small SOCKS5 header (~10 bytes) containing the target address, forwarded to the destination, and the response is wrapped and returned. The overhead is negligible for real-time applications like gaming and VoIP.
FAQ
SOCKS5 Protocol FAQ
Does SOCKS5 support UDP traffic?
SOCKS5 vs SOCKS4 — what changed?
Can I use SOCKS5 for online gaming?
How to configure SOCKS5 in Firefox?
How to configure SOCKS5 in Chrome?
Does SOCKS5 encrypt my traffic?
What is the difference between socks5:// and socks5h://?
Can I use SOCKS5 with Puppeteer or Playwright?
Is SOCKS5 faster than HTTP proxies?
Explore Related Proxy Services
Ready to Use SOCKS5?
SOCKS5 is included free with every plan. Buy any proxy type and switch to SOCKS5 with a single URL change.