redsocks

Overview

redsocks is a transparent redirector of TCP traffic through SOCKS and HTTPS proxies. It allows transparent routing of network traffic through proxy servers without client-side proxy configuration. Essential for network security testing, traffic analysis, malware sandbox environments, and implementing organization-wide proxy enforcement. Works on Linux via iptables/netfilter for transparent TCP interception and redirection.

Installation

Debian/Ubuntu

sudo apt-get update
sudo apt-get install redsocks

Kali Linux (Pre-installed)

which redsocks
redsocks --version

From Source

git clone https://github.com/darkk/redsocks.git
cd redsocks
make
sudo make install

Verify Installation

redsocks --version
which redsocks
redsocks -c /dev/null  # Test config parsing

Basic Architecture

Client Application
    |
    v
[iptables REDIRECT]
    |
    v
redsocks daemon (127.0.0.1:12345)
    |
    v
[Proxy Server] (SOCKS4/5 or HTTPS)
    |
    v
Internet / Target Service

Configuration File

Basic Config Structure

base {
  logfile = "/var/log/redsocks.log";
  log_debug = on;
  log_info = on;
  daemon = on;
  redirector = iptables;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;      // Proxy server IP
  port = 1080;              // Proxy server port
  type = socks5;            // socks4, socks5, https
  login = "username";
  password = "password";
}

Default Config Locations

/etc/redsocks.conf
/usr/local/etc/redsocks.conf
~/.redsocks.conf

SOCKS Proxy Configuration

SOCKS5 Server

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks5;
  autoproxy = 0;
}

SOCKS5 with Authentication

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks5;
  login = "alice";
  password = "secret_password";
}

SOCKS4 Legacy Proxy

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.1.100;
  port = 1080;
  type = socks4;
}

HTTPS Proxy Configuration

HTTPS Proxy Server

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 443;
  type = https;
  autoproxy = 0;
}

HTTPS with Client Certificate

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 443;
  type = https;
  cert = "/path/to/client-cert.pem";
  key = "/path/to/client-key.pem";
}

iptables Rules Setup

Basic TCP Redirect

# Enable IP forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Redirect HTTP traffic
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect HTTPS traffic
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

Exclude Local Traffic

# Don't redirect localhost
sudo iptables -t nat -A OUTPUT -d 127.0.0.1 -j RETURN
sudo iptables -t nat -A OUTPUT -d 192.168.1.0/24 -j RETURN

# Then redirect everything else
sudo iptables -t nat -A OUTPUT -p tcp \
  -j REDIRECT --to-port 12345

Specific Port Redirection

# Redirect only HTTP
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect only HTTPS
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

# Redirect custom port
sudo iptables -t nat -A OUTPUT -p tcp --dport 8080 \
  -j REDIRECT --to-port 12345

Persist Rules

# Save iptables rules
sudo iptables-save > /etc/iptables/rules.v4

# Restore on boot
sudo apt-get install iptables-persistent
sudo iptables-restore < /etc/iptables/rules.v4

Starting redsocks

Basic Startup

# Start daemon
sudo redsocks -c /etc/redsocks.conf

# Start in foreground (debugging)
sudo redsocks -c /etc/redsocks.conf -f

Systemd Service

# Start service
sudo systemctl start redsocks

# Enable on boot
sudo systemctl enable redsocks

# Check status
sudo systemctl status redsocks

# View logs
sudo journalctl -u redsocks -f

Manual Service Creation

# Create systemd unit
sudo cat > /etc/systemd/system/redsocks.service << EOF
[Unit]
Description=Transparent TCP-to-proxy redirector
After=network.target

[Service]
Type=simple
User=root
ExecStart=/usr/bin/redsocks -c /etc/redsocks.conf
Restart=always
RestartSec=5

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl daemon-reload
sudo systemctl enable redsocks
sudo systemctl start redsocks

Testing redsocks

Verify Connection

# Test HTTP access through redsocks
curl -v http://example.com

# Check if traffic is being redirected
curl -v http://192.0.2.1  # Any external IP

Monitor Traffic

# Monitor local listening port
sudo netstat -tulpn | grep redsocks
sudo ss -tulpn | grep 12345

# Check iptables rules
sudo iptables -t nat -L -n -v

# Monitor in real-time
sudo watch 'iptables -t nat -L -n -v'

DNS Testing

# Note: redsocks doesn't handle DNS by default
# Configure separate DNS redirect or use Tor

# Test DNS resolution
nslookup example.com
dig example.com

Advanced Configuration

Multiple Proxy Servers

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy1.example.com;
  port = 1080;
  type = socks5;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12346;
  ip = proxy2.example.com;
  port = 1080;
  type = socks5;
}

// Route different ports to different proxies

Load Balancing

# Use multiple redsocks instances
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -m random --random-percent 50 \
  -j REDIRECT --to-port 12345

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12346

Conditional Redirection

# Redirect only specific source IPs
sudo iptables -t nat -A OUTPUT -s 192.168.1.100 \
  -p tcp --dport 80 \
  -j REDIRECT --to-port 12345

# Redirect only specific destinations
sudo iptables -t nat -A OUTPUT -d 8.8.8.8 \
  -p tcp --dport 53 \
  -j REDIRECT --to-port 12345

Integration with Tor

Tor + redsocks

# Install Tor
sudo apt-get install tor

# Start Tor (provides SOCKS5 on 127.0.0.1:9050)
sudo systemctl start tor

# Configure redsocks to use Tor
redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 9050;
  type = socks5;
}

# Setup iptables as normal
sudo iptables -t nat -A OUTPUT -p tcp \
  -j REDIRECT --to-port 12345

Verify Tor Usage

# Check IP (should be Tor exit node)
curl https://api.ip.sb/ip
curl https://ifconfig.me

# Verify through TOR browser
wget -q -O - https://check.torproject.org | grep -oE "IP: [0-9.]+" || echo "Not using Tor"

Proxy Chaining

Chain Multiple Proxies

# Client → redsocks1 → SOCKS proxy → redsocks2 → HTTPS proxy → Internet

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 12346;  // Chain to second redsocks
  type = socks5;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12346;
  ip = proxy.example.com;
  port = 443;
  type = https;
}

Troubleshooting

redsocks Not Starting

# Check config syntax
redsocks -c /etc/redsocks.conf
redsocks -f -c /etc/redsocks.conf  # Foreground for errors

# Check permissions
sudo ls -la /etc/redsocks.conf
sudo chown root:root /etc/redsocks.conf

# Check port availability
sudo netstat -tulpn | grep 12345

iptables Rules Not Working

# Verify rules are loaded
sudo iptables -t nat -L -n -v

# Check IP forwarding
cat /proc/sys/net/ipv4/ip_forward

# Enable forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

# Flush old rules
sudo iptables -t nat -F OUTPUT

No Proxy Connection

# Verify proxy is reachable
ping 192.168.1.100
nc -zv 192.168.1.100 1080

# Check firewall
sudo ufw status
sudo ufw allow 1080/tcp

# Monitor redsocks
tail -f /var/log/redsocks.log

DNS Resolution Issues

# redsocks doesn't handle DNS - use separate solution
# Option 1: Use dnsmasq
sudo apt-get install dnsmasq
# Configure in /etc/dnsmasq.conf

# Option 2: Manual DNS redirect
sudo iptables -t nat -A OUTPUT -p udp --dport 53 \
  -j DNAT --to-destination 8.8.8.8:53

# Option 3: Use /etc/resolv.conf
sudo echo "nameserver 8.8.8.8" > /etc/resolv.conf

Performance Optimization

Connection Buffering

base {
  bufsize = 262144;  // 256KB buffer
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 1080;
  type = socks5;
  on_proxy_fail = "reconnect";
}

Timeout Configuration

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = proxy.example.com;
  port = 1080;
  type = socks5;
  timeout = 30;
}

Security Considerations

Firewall Rules

# Only allow redsocks on loopback
sudo iptables -A INPUT -p tcp --dport 12345 \
  -i lo -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 12345 \
  -j DROP

Credential Protection

# Restrict config file permissions
sudo chmod 600 /etc/redsocks.conf
sudo chown root:root /etc/redsocks.conf

# Don't log passwords
base {
  log_debug = off;  // Disable debug logging
  logfile = "/var/log/redsocks.log";
}

Real-World Scenarios

Corporate Proxy Enforcement

# Configure redsocks for corporate proxy
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = corporate-proxy.example.com;
  port = 3128;
  type = http;
  login = "domain\\username";
  password = "password";
}
EOF

# Setup iptables
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 \
  -j REDIRECT --to-port 12345
sudo iptables -t nat -A OUTPUT -p tcp --dport 443 \
  -j REDIRECT --to-port 12345

Malware Sandbox Environment

# Redirect all outbound traffic to analysis proxy
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 192.168.100.50;
  port = 8080;
  type = http;
}
EOF

# Redirect all TCP traffic
sudo iptables -t nat -A OUTPUT -p tcp \
  -d ! 192.168.100.0/24 \
  -j REDIRECT --to-port 12345

Transparent Tor

# Route all traffic through Tor
sudo cat > /etc/redsocks.conf << EOF
base {
  logfile = "/var/log/redsocks.log";
  daemon = on;
}

redsocks {
  local_ip = 127.0.0.1;
  local_port = 12345;
  ip = 127.0.0.1;
  port = 9050;
  type = socks5;
}
EOF

# Setup iptables for transparent routing
sudo iptables -t nat -A OUTPUT -p tcp \
  -d ! 127.0.0.1 \
  -j REDIRECT --to-port 12345

Cleanup

Remove Configuration

# Stop service
sudo systemctl stop redsocks
sudo systemctl disable redsocks

# Clear iptables rules
sudo iptables -t nat -F OUTPUT
sudo iptables -t nat -F PREROUTING

# Save changes
sudo iptables-save > /etc/iptables/rules.v4

# Remove installation
sudo apt-get remove redsocks

Monitoring

Traffic Analysis

# Monitor through tcpdump
sudo tcpdump -i eth0 'tcp port 12345' -A

# Count connections
sudo iptables -t nat -L OUTPUT -n -v

# Monitor logs
tail -f /var/log/redsocks.log | grep -i error

Additional Resources

• redsocks GitHub: https://github.com/darkk/redsocks
• iptables/netfilter: https://netfilter.org/
• SOCKS Protocol: https://tools.ietf.org/html/rfc1928
• Tor Project: https://www.torproject.org/
• MITM Proxy: https://mitmproxy.org/