The Problem: "I'm using a proxy, so I'm safe" — Right?
Not quite. Most proxy clients only handle TCP connections. That covers basic web browsing, but modern browsers and applications leak your real IP through a dozen other channels:
- WebRTC — Browsers establish peer-to-peer connections that bypass your proxy entirely, exposing your real IP to any website that asks.
- QUIC / HTTP3 — Google Chrome, Edge, and other Chromium browsers use UDP-based QUIC for most connections. If your proxy only handles TCP, QUIC traffic goes direct.
- DNS queries — Your OS resolves domain names through your ISP's DNS before the proxy even sees the request. Your ISP knows every site you visit.
- mDNS / LLMNR — Local multicast DNS leaks can reveal your hostname and network topology.
- IPv6 fallback — Even with an IPv4 proxy, your OS may try IPv6 connections that bypass the proxy tunnel.
The result? You think you're protected, but you're leaking.
The Solution: ProxyTool + Evomi SOCKS5
ProxyTool operates at the kernel driver level — it intercepts traffic before it leaves your network stack, not after. Combined with a SOCKS5 proxy from Evomi, you get full protocol coverage:
| Protocol | Threat | ProxyTool + Evomi |
|---|---|---|
| TCP | Standard web traffic | ✓ Routed through proxy |
| UDP | Games, VoIP, streaming | ✓ SOCKS5 UDP relay |
| WebRTC | Browser IP leak via P2P | ✓ Blocked by IP Protection |
| QUIC / HTTP3 | UDP-based web, bypasses TCP proxy | ✓ Blocked → falls back to TCP |
| DNS | ISP sees all domain lookups | ✓ Resolved through proxy |
| IPv6 | Bypasses IPv4 proxy tunnel | ✓ IPv6 UDP paths blocked |
| mDNS | Local network discovery leak | ✓ Blocked by IP Protection |
Step-by-Step Setup
1. Add an Evomi SOCKS5 Proxy
SOCKS5 is the only proxy protocol that supports UDP relay. HTTP and SOCKS4 proxies can only handle TCP — meaning any UDP traffic (games, QUIC, WebRTC ICE candidates) either goes direct or gets dropped.
In ProxyTool, go to Proxies → Add Proxy, select SOCKS5, and enter your Evomi credentials:
Why Evomi? Their residential SOCKS5 proxies support full UDP relay at just $0.49/GB — one of the best price/performance ratios on the market. And since ProxyTool's integrated marketplace will soon let you buy directly, setup becomes a one-click operation.
2. Create a Routing Rule with UDP
Go to Rules → Add Rule. Set the protocol to BOTH (TCP + UDP) and select your Evomi SOCKS5 proxy as the action. This ensures both TCP browsing and UDP game/VoIP traffic flow through the proxy.
For gaming specifically, you can create a dedicated rule: set the Application to your game's process name (e.g. cs2.exe), protocol to UDP, and action to your Evomi proxy.
3. Enable DNS via Proxy
Go to Settings → DNS and enable "Resolve hostnames through proxy". This sends all DNS queries through your SOCKS5 proxy instead of your ISP's resolver. Your ISP can no longer see which domains you visit.
4. Activate IP Protection
This is the master switch. Go to Settings → DNS → IP Protection and enable all three toggles:
- Block unsafe UDP fallback — Blocks direct UDP connections (including WebRTC, QUIC/HTTP3, and mDNS) when a rule requires proxying but the route cannot carry UDP. This forces browsers to fall back to TCP, which your proxy handles perfectly.
- Protect IPv6 UDP paths — Blocks IPv6 UDP traffic that isn't on a safe proxy relay path. Prevents the OS from bypassing your IPv4 proxy via IPv6.
- Strict DNS over Proxy — Forces all DNS resolution through the proxy, even for edge cases that might otherwise leak.
5. Verify with Traffic Dump
Want proof it's working? Enable Settings → General → Diagnostics → Traffic Dump. This captures all proxied connections as .dmp files. Open them to verify that UDP game packets, DNS queries, and all other traffic actually flows through your Evomi proxy — not directly.
Understanding QUIC/HTTP3 Blocking
QUIC is Google's UDP-based protocol that replaces TCP+TLS for web connections. It's used by Chrome, Edge, YouTube, Google Maps, and many other services. The problem: if your proxy only supports TCP, QUIC connections bypass the proxy entirely.
ProxyTool's "Block unsafe UDP fallback" setting intercepts QUIC at the kernel level and forces the browser to fall back to standard HTTPS over TCP — which your proxy handles normally. You get the same content, same speed, zero leaks.
WebRTC: The Silent IP Killer
WebRTC is a browser API for real-time communication (video calls, screen sharing). The problem: it establishes direct peer-to-peer UDP connections that bypass all proxy settings. Any website can use a few lines of JavaScript to discover your real public and local IP addresses — even with a proxy active.
ProxyTool blocks WebRTC's UDP paths at the driver level. The browser can still use WebRTC for video calls, but the ICE candidate gathering process is forced through your proxy — so your real IP is never exposed.
Why SOCKS5 (and Why Evomi)?
Only SOCKS5 supports UDP relay — the ability to forward UDP packets through the proxy tunnel. HTTP proxies and SOCKS4 are TCP-only. If you want to proxy game traffic, VoIP, or let QUIC through the proxy instead of blocking it, you need SOCKS5.
Evomi's residential SOCKS5 proxies offer:
- Full UDP relay — Game packets, VoIP, and streaming work through the proxy
- 195+ countries — Geo-targeting for content access and localized testing
- $0.49/GB residential — Competitive pricing with no hidden fees
- 99.9% uptime — Enterprise-grade infrastructure
- Username/password auth — Works seamlessly with ProxyTool's SOCKS5 setup
TL;DR — The Checklist
With this configuration, ProxyTool + Evomi gives you the most complete proxy protection available — covering every protocol, every browser API, and every OS-level leak vector. No VPN needed.
Ready to seal every leak?
Download ProxyTool and configure complete protection in under 5 minutes.