I want to add a socks5 proxy (from a paid proxy provider) after Tor, but I am not sure what the security issues are when doing this. I want to add the proxy after the exit node and then connect to a website that is secured with SSL (Gmail.com).
But is it possible for the owner of the Tor exit node or for the provider of the socks proxy to capture the credentials of my Gmail account?
When the adversary uses sslstrip and you fall for it, yes. When the adversary can break SSL, yes.
(There have been cases were SSL was broken: https://www.whonix.org/wiki/SSL)
Although breaking gmail SSL would be harder, I think. Some websites have the luxury of having some hardcoding of their SSL.
Is this because there is no encryption between the the Tor exit node and the socks proxy?
Yes. And because SSL isn't a substitute for Tor's onion like encryption. And because SSL is non-ideal itself.
And how can I encrypt the complete traffic (Me --> Tor --> Socks proxy --> Gmail.com)?
SSL is best you can get for gmail. Additionally, when caring for privacy, end-to-end encryption is mandatory (OpenPGP).
Looking at the bigger issue… Phone verification can be a problem. See: https://www.whonix.org/wiki/E-Mail#gmail (This means, Google could one day start asking for a phone number and when you don’t provide one, they lock you out of your account.)
There are alternatives to e-mail, see:
And in the case without adding a proxy after the Tor exit node, the connection between the Tor exit node and Gmail.com is encrypted because Gmail.com uses SSL? Is that correct?
SSL encrypts between you and gmail so or so. Just when using a proxy there are a few more servers (and ISP's) (see traceroute) capable of running a man-in-the-middle attack.