Brief to Network Proxies: Comparison of HTTP, HTTPS, and SOCKS5
Compare the Differences between HTTP, HTTPS, and SOCKS5
| HTTP Proxy | HTTPS Proxy | SOCKS5 Proxy | |
|---|---|---|---|
| OSI Layer | L7 Application | L7 Application | L5 Session |
| Support Protocl | HTTP / HTTPS | HTTPS | TCP / UDP |
| Common Ports | 8080 | 8443 | 1080 |
| Security Level | No | Motest secure | If use SSH Tunnel, yes |
| Encrypted | No | SSL / TLS | No, but can use SSH Tunnel |
| Need alternative root CA? | No | Yes | No |
| Can modified HTTP header? | Yes | Yes, but need to use MITM | No |
| Speed | Faster | Slower | Fastest |
| Purpose | Web browsing content caching IP hiding |
Secure transmission of sensitive data (online payment, banking) | P2P streaming gaming bypassing firewalls proxying non-HTTP traffic |
| Tools | avwo/whistle mitmproxy/mitmproxy |
avwo/whistle mitmproxy/mitmproxy |
ssh -D avwo/whistle mitmproxy/mitmproxy |
About Browser Client side
Due to ProxySwitchOmega not being updated since Aug. 27, 2018, you can consider using the forked version, ZeroOmega. It has the same functionality and can be used with both Firefox and Edge.
About Proxy Server
Recently discovered that avwo/whistle is quite useful; it supports HTTP/HTTPS/SOCKS5 and also has a web UI that allow you to observe transmission behavior. The commands are relatively simple as well.
About SSH SOCKS5 Tunnel
This probably isn't news anymore. SSH actually has built-in support for SOCKS5 connections. You just need to provide it with a -D option and the correct parameters.
ssh -D 1080 [email protected] -p 5566
# or
# ssh -D localhost:1080 [email protected] -p 5566
# or
# ssh -D 0.0.0.0:1080 [email protected] -p 5566
# or
# cat .ssh/config
# Host hole.blackair.io
# HostName hole.blackair.io
# Port 5566
# User pichuang
# IdentityFile ~/.ssh/id_rsa
# DynamicForward 1080ssh-command-for-socks5
Personal Experience Sharing
Based on my personal experience, I mostly use SOCKS5 in most situations because it's built into SSH command. As for using an HTTP Proxy, it's mainly when I want to modify HTTP headers, such as X-Forwarded-For (XFF), while passing through a proxy. In this way, I don't need to change the client program and can transparently make modifications using the capabilities of the HTTP Proxy.