SOCKS Proxies in Internet Explorer

We recently had a report over on the IEBlog that SOCKS proxies are not supported by IE9 Beta. That observation is correct, and a regression from prior versions of Internet Explorer; IE9 Beta simply ignores the SOCKS proxy if one is specified in the Internet Control panel.

Update: This regression, introduced in IE9 Beta, was fixed in the IE9 Release Candidate.

Outside of this regression, WinINET (and thus IE) only supports sending traffic to a SOCKS proxy via the v4 protocol. One major shortcoming of v4 of the protocol (remediated in version 4a, not supported in any version of IE) is that the v4 protocol requires that the client send the target IP address of the remote site in its request to the proxy. That limitation means that the client computer must have a working DNS resolver. It also means that even if SOCKS is being used to route traffic to the proxy over a secured connection (e.g. SSH), the client will perform DNS requests from its local, unsecured network connection. This may also pose a privacy threat if the client is using SOCKS to connect to the TOR network (since DNS queries will be performed outside of the TOR protocol).

To date, we’ve heard very little feedback about the limited support for SOCKS in IE. Most users are satisfied with the existing CERN-proxy support for HTTP/HTTPS/FTP traffic, and for cases where full socket proxying is required, VPN or RAS software is used instead. Note that it's also possible to use a proxy like Fiddler as a gateway/bridge to an upstream SOCKSv4a server. See this StackOverflow entry for details.

-Eric