How to Set Up Socat as a TCP-to-SOCKS5 Proxy for .NET Applications on Windows/Linux


6 views

When working with .NET applications, you might encounter limitations in proxy support—specifically, the lack of native SOCKS4a/SOCKS5 support. While .NET provides built-in proxy configuration for HTTP/HTTPS, tunneling raw TCP connections through SOCKS requires a workaround. This is where socat comes into play as a powerful relay tool.

Socat (Socket Cat) is a versatile networking utility that establishes bidirectional byte streams between endpoints. It can forward TCP connections to a SOCKS5 server, acting as an intermediary for applications like your .NET project. Unlike Privoxy (which handles HTTP only), Socat operates at the transport layer.

For Windows, download the binary from socat's official site or use a package manager like Chocolatey:

choco install socat

On Linux, use your distro's package manager:

sudo apt-get install socat  # Debian/Ubuntu
sudo yum install socat      # RHEL/CentOS

To forward TCP connections from port 1234 to a SOCKS5 server at 127.0.0.1:5678, run:

socat TCP-LISTEN:1234,fork SOCKS5:127.0.0.1:5678,socksport=5678

Breakdown:

  • TCP-LISTEN:1234: Listens on port 1234 for incoming TCP connections.
  • fork: Allows multiple concurrent connections.
  • SOCKS5:127.0.0.1:5678: Routes traffic to the SOCKS5 proxy.

For better stability (e.g., handling connection drops), add keepalive and reuse options:

socat TCP-LISTEN:1234,fork,reuseaddr,keepalive SOCKS5:127.0.0.1:5678,socksport=5678

Use curl to verify the proxy:

curl --socks5 127.0.0.1:1234 http://example.com

Or configure your .NET app to use the proxy:

// C# example using HttpClient
var handler = new HttpClientHandler {
    Proxy = new WebProxy("127.0.0.1", 1234)
};
var client = new HttpClient(handler);
var response = await client.GetAsync("http://example.com");
  • Permission denied? Run as admin/root or check firewall rules.
  • Connection reset? Ensure the SOCKS5 server is running and accessible.
  • Windows-specific issues? Use netsh to check port conflicts.

If Socat isn’t available, consider:

  • proxychains (Linux/macOS)
  • SSH dynamic port forwarding (ssh -D)

When working with .NET applications that need proxy support, we hit a fundamental limitation: the framework lacks native SOCKS4a/SOCKS5 protocol support. While .NET's WebProxy class handles HTTP proxies well, many modern applications require full TCP-level proxying through SOCKS.

Socat is the Swiss Army knife of network tunneling. Unlike Privoxy (which only handles HTTP), socat operates at the TCP level, making it perfect for:

  • Creating protocol-agnostic proxy bridges
  • Converting between different proxy types
  • Maintaining raw socket connectivity

For Windows users (using Chocolatey):

choco install socat

Linux users (Debian/Ubuntu):

sudo apt-get install socat

Here's the socat incantation that solves our specific problem:

socat TCP4-LISTEN:1234,fork SOCKS5:127.0.0.1:5678,socks5port=5678

Breakdown of parameters:

  • TCP4-LISTEN:1234: Binds to port 1234 for incoming TCP connections
  • fork: Allows multiple simultaneous connections
  • SOCKS5:127.0.0.1:5678: Routes traffic to your SOCKS5 server

Now configure your .NET application to use the proxy:

// For HttpClient
var handler = new HttpClientHandler 
{
    Proxy = new WebProxy("127.0.0.1", 1234),
    UseProxy = true
};

// For WebRequest
WebRequest.DefaultWebProxy = new WebProxy("127.0.0.1:1234");

For persistent setups, create a Windows service or Linux systemd unit. Here's a Windows batch script example:

@echo off
:start
socat TCP4-LISTEN:1234,fork SOCKS5:127.0.0.1:5678,socks5port=5678
if %errorlevel% neq 0 (
    timeout 5
    goto start
)
  • Verify socat is running: netstat -ano | findstr 1234
  • Test connectivity: curl --proxy 127.0.0.1:1234 https://example.com
  • Check firewall rules for port 1234

Remember that while this setup handles TCP, you'll need additional configuration for UDP traffic or IPv6 connectivity.