# VPNs & Proxies
In cybersecurity and networking, **VPNs (Virtual Private Networks) and Proxies** are crucial tools for privacy, security, and bypassing restrictions. They both help mask your identity and route your traffic through another server, but they work in fundamentally different ways.
### **What is a VPN?**
A **VPN (Virtual Private Network)** is a technology that creates a **secure, encrypted tunnel** between your device and a remote server. This tunnel protects your data from prying eyes, such as ISPs, hackers, or government surveillance, and allows you to access resources as if you were in another location.
### **How a VPN Works**
Without VPN
With VPN
1. **You connect to a VPN server** using a VPN client.
2. **Your data is encrypted** before leaving your device.
3. **The encrypted traffic is sent to the VPN server**, where it is decrypted.
4. **The VPN server forwards your request** to the destination website or service.
5. **The response follows the same path back**, encrypted all the way to your device.
Since your **real IP address is hidden**, websites and services only see the **VPN server’s IP address**. This provides anonymity and security.
## **How VPNs Are Useful in Real-World Scenarios**
* **Privacy & Anonymity** → Prevents ISPs, advertisers, and hackers from tracking your online activity.
* **Bypassing Geo-Restrictions** → Access content blocked in your region (Netflix, BBC iPlayer, etc.).
* **Securing Public Wi-Fi** → Protects data from man-in-the-middle (MITM) attacks on open Wi-Fi networks.
* **Accessing Private Networks** → VPNs allow remote workers or pentesters to access internal company networks.
* **Hiding Network Activity from ISPs** → ISPs can no longer monitor or throttle your internet speed based on usage.
## **Using OpenVPN to Connect to an Isolated Network (TryHackMe)**
Pentesters often use **VPNs to connect to isolated CTF (Capture The Flag) networks on platforms**, such as TryHackMe (THM) . These platforms provide hacking challenges that require access to machines inside a controlled, virtual lab.
**How It Works:**
1. **Download the OpenVPN configuration file** (e.g., `username.ovpn` for TryHackMe).
2. **Use OpenVPN to connect:**
```bash
┌──(kali㉿kali)-[~]
└─$ sudo openvpn username.ovpn
```
3. Once connected, you receive an **internal VPN IP address** (e.g., `10.10.14.3`).
4. Now, you can **scan and interact with target machines** inside the isolated network using tools like `nmap`, `netcat`, or `Metasploit`.
Without a VPN, these private lab machines would be inaccessible from the public internet.
## **How Proxies Work**
A **proxy server** acts as an **intermediary** between your device and the internet. Instead of connecting directly to a website, your traffic goes through the proxy server first.
#### **How a Proxy Works (Step-by-Step)**
1. **You send a request** to access a website (e.g., `ncateam.xyz`).
2. The **proxy server receives the request** and forwards it to the destination.
3. The **website responds to the proxy server** instead of you.
4. The **proxy server sends the response back** to your device.
Since the website only sees the **proxy server’s IP address**, your real IP is hidden.
### **Types of Proxies & Their Uses**
**1. Forward Proxy (Regular Proxy)**
* Used by **individual users** to hide their IP or bypass restrictions.
* Example: Using a **public proxy** to access blocked websites.
**2. Reverse Proxy**
* Sits **in front of a web server** to filter incoming requests.
* Used by companies to **protect servers from direct attacks** and **load balance traffic**.
**3. SOCKS Proxy (SOCKS5)**
* Works at **Layer 5 (Session Layer)**, meaning it can handle more than just web traffic.
* Used for **gaming, P2P, and secure traffic routing**.
**4. Transparent Proxy**
* Users are unaware of its presence (often used in schools, companies).
* Used for **content filtering and monitoring**.
#### **VPN vs. Proxy: What’s the Difference?**
| Feature | VPN | Proxy |
| ----------------- | ----------------------------------------- | ---------------------------------------------- |
| **Encryption** | ✅ Encrypts all traffic | ❌ No encryption, only changes IP |
| **Anonymity** | ✅ Hides real IP completely | ✅ Hides IP, but may still leak DNS |
| **Speed** | ❌ Slower (due to encryption) | ✅ Faster (no encryption overhead) |
| **Traffic Scope** | ✅ Routes all internet traffic | ❌ Routes only specific app traffic |
| **Security** | ✅ Protects against ISP tracking & hackers | ❌ Can be intercepted (especially HTTP proxies) |
| **Usage** | Secure browsing, remote access | Web filtering, bypassing geo-blocks |
## Summary
Both **VPNs and proxies** help you stay anonymous online, but they serve different purposes.
* **VPNs** encrypt **all your traffic** and provide privacy, security, and access to restricted networks.
* **Proxies** only change your **IP address** for specific applications but don’t encrypt traffic.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://handbook.ncateam.xyz/fundamentals/networking/vpns-and-proxies.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.