Overview
Earthworm is a lightweight network penetration utility designed for creating SOCKS v5 proxies and TCP port forwarding tunnels across complex network topologies. This guide demonstrates how to establish both forward and reverse SOCKS5 proxy tunnels on Windows, enabling clients to route traffic through intermediary hosts using stanadrd proxy tools.
Environment Setup
The test environment consists of three systems within a private network:
- Gateway Node: Windows Server (10.0.1.50) - hosts Earthworm services
- Windows Client: Windows 10 (10.0.1.100) - runs Proxifier
- Linux Client: Kali Linux (10.0.1.150) - runs Proxychains
Forward Proxy Implementation
In forward proxy mode, the Earthworm instance listens on a local port and directly forwards client connections to destination hosts.
Server Configuration
On the Windows gateway (10.0.1.50), execute the following command to launch a SOCKS5 server listening on port 3128:
tunnel.exe --mode socks5d --bind-port 3128
This command initializes the socks5d service, which creates a standard SOCKS5 proxy interface accessible to network clients.
Client Verification with Proxifier
On the Windows 10 workstation (10.0.1.100):
- Launch Proxifier and navigate to
Profile > Proxy Servers - Add a new proxy entry:
- Address:
10.0.1.50 - Port:
3128 - Type:
SOCKS Version 5
- Address:
- Click
Checkto verify connectivity - Configure traffic forwarding rules as needed
Client Verification with Proxychains
On the Kali Linux system (10.0.1.150), first install the proxychains utility:
sudo apt-get update
sudo apt-get install -y proxychains4
Edit the configuration file to specify the SOCKS5 proxy:
sudo nano /etc/proxychains4.conf
Append the following line to the [ProxyList] section:
socks5 10.0.1.50 3128
Test the tunnel by executing:
proxychains4 curl -I http://example.com
Successful output indicates that HTTP requests are properly routed through the Earthworm proxy.
Reverse Proxy Implementation
Reverse proxy mode is useful when the target network is behind NAT or firewall restrictions. The architecture involves two components: a listener on the gateway and a connector on the internal host.
Gateway Listener Setup
On the Windows gateway (10.0.1.50), configure the reverse SOCKS client to listen on port 8080 and forward to port 9090:
tunnel.exe --mode reverse-client --listen 8080 --forward 9090
This establishes a waiting endpoint for incoming reverse tunnel connections.
Internal Host Connector
On the internal Windows host (10.0.1.100), initiate the reverse SOCKS server to connect back to the gateway:
connector.exe --mode reverse-server --gateway 10.0.1.50 --tunnel-port 9090
This creates an outbound tunnel to the gateway, effectively punching through restrictive network policies.
Reverse Tunnel Verification
Configure Proxifier or Proxychains to use 127.0.0.1:8080 as the SOCKS5 proxy. Traffic sent to this local port will traverse the reverse tunnel and exit through the internal host (10.0.1.100).
Command Parameter Reference
Earthworm supports multiple operational modes:
--mode socks5d: Standard SOCKS5 proxy server (forward)--mode reverse-client: Reverse tunnel listener component--mode reverse-server: Reverse tunnel initiator component--mode port-forward: TCP port forwarding
Common options:
--bind-port: Local listening port--listen: Alternative listening port specification--forward: Target port for tunnel termination--gateway: Remote host address for reverse connections--tunnel-port: Remote port for reverse tunnel establishment
For comprehensive syntax details, execute tunnel.exe --help or refer to the official documentation.