Jump to content

SOCKS

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 86.84.5.201 (talk) at 13:05, 9 June 2007 (→‎SOCKS 4 protocol). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

This article is about an internet protocol. For other uses, see Sock (disambiguation).

SOCKS is an Internet protocol that allows client-server applications to transparently use the services of a network firewall. SOCKS is an abbreviation for "SOCKetS" [1].

Clients behind a firewall, needing to access exterior servers, may connect to a SOCKS proxy server instead. Such proxy server controls the eligibility of the client to access the external server and passes the request on to the server. SOCKS can also be used in the opposite way, allowing the clients outside the firewall ("exterior clients") to connect to servers inside the firewall (internal servers).

The protocol was originally developed by David Koblas, a system administrator of MIPS Computer Systems. After MIPS was taken over by Silicon Graphics in 1992, Koblas presented a paper on SOCKS at that year's Usenix Security Symposium and SOCKS became publicly available.[1] The protocol was extended to version 4 by Ying-Da Lee of NEC.

Unofficial SOCKS 4a extensions add support for DNS names to resolve names with SOCKS server. The current version 5 of the protocol, RFC 1928 or authenticated firewall traversal, extends the previous version by supporting UDP, authentication, letting the SOCKS server resolve hostnames for the SOCKS client, and IPv6.

The SOCKS reference architecture and client are owned by Permeo Technologies,[2] (note that Permeo Technologies has been bought out by Blue Coat Systems [3]) by a spin-off from NEC.[4]

According to the OSI model it is an intermediate layer between the application layer and the transport layer.

SOCKS 4 protocol

A typical SOCKS 4 connection request looks like this (each number is one byte):

Client to SOCKS Server:

  • field 1: SOCKS version number, 1 byte, must be 0x04 for this version
  • field 2: command code, 1 byte:
    • 0x01 = establish a TCP/IP stream connection
    • 0x02 = establish a TCP/IP port binding
  • field 3: network byte order port number, 2 bytes
  • field 4: network byte order IP address, 4 bytes
  • field 5: the user ID string, variable length, terminated with a null (0x00)

Server to SOCKS client:

  • field 1: null byte
  • field 2: status, 1 byte:
    • 0x5a = request granted
    • 0x5b = request rejected or failed
    • 0x5c = request failed because client is not running identd (or not reachable from the server)
    • 0x5d = request failed because client's identd could not confirm the user ID string in the request
  • field 3: 2 arbitrary bytes, that should be ignored
  • field 4: 4 arbitrary bytes, that should be ignored

Example:

This is a SOCKS 4 request to connect Fred to 66.102.7.99:80, the server replies with an "OK".

  • Client: 0x04 | 0x01 | 0x00 0x50 | 0x42 0x66 0x07 0x63 | 0x46 0x72 0x65 0x64 0x00
    • The last field is 'Fred' in ASCII, followed by a null byte.
  • Server: 0x00 | 0x5a | 0xXX 0xXX | 0xXX 0xXX 0xXX 0xXX
    • 0xXX can be any byte value. The Socks 4 protocol specifies the values of these bytes should be ignored.

From this point on any data sent from the SOCKS client to the SOCKS server will be relayed to 66.102.7.99 and vice versa.

The command field can be 0x01 for "connect" or 0x02 for "bind". "bind" allows incoming connections for protocols like active FTP.

SOCKS 4a protocol

SOCKS 4a is a simple extension to SOCKS 4 protocol that allows a client that cannot resolve the destination host's domain name to specify it.

The client should set the first three bytes of DSTIP to NULL and the last byte to a non-zero value (This corresponds to IP address 0.0.0.x, with x nonzero, an inadmissible destination address and thus should never occur if the client can resolve the domain name). Following the NULL byte terminating USERID, the client must send the destination domain name and terminate it with another NULL byte. This is used for both "connect" and "bind" requests.

Client to Socks Server:

  • field 1: SOCKS version number, 1 byte, must be 0x04 for this version
  • field 2: command code, 1 byte:
    • 0x01 = establish a TCP/IP stream connection
    • 0x02 = establish a TCP/IP port binding
  • field 3: network byte order port number, 2 bytes
  • field 4: deliberate invalid IP address, 4 bytes, first three must be 0x00 and the last one must not be 0x00
  • field 5: the user ID string, variable length, terminated with a null (0x00)
  • field 6: the domain name of the host we want to contact, variable length, terminated with a null (0x00)

Server to SOCKS client:

  • field 1: null byte
  • field 2: status, 1 byte:
    • 0x5a = request granted
    • 0x5b = request rejected or failed
    • 0x5c = request failed because client is not running identd (or not reachable from the server)
    • 0x5d = request failed because client's identd could not confirm the user ID string in the request
  • field 3: network byte order port number, 2 bytes
  • field 4: network byte order IP address, 4 bytes

A server using protocol 4A must check the DSTIP in the request packet. If it represents address 0.0.0.x with nonzero x, the server must read in the domain name that the client sends in the packet. The server should resolve the domain name and make connection to the destination host if it can.

SOCKS 5 protocol

An extension of the SOCKS 4 protocol that offers more choices of authentication. The initial handshake now consists of the following:

  • Client connects and sends a greeting which includes a list of authentication methods supported.
  • Server chooses one (or sends a failure response if none of the offered methods are acceptable).
  • Several messages may now pass between the client and the server depending on the authentication method chosen.
  • Client sends a connection request similar to SOCKS 4.
  • Server responds similar to SOCKS 4.

The authentication methods supported are numbered as follows:

  • 0x00 - No authentication
  • 0x01 - GSSAPI
  • 0x02 - Username/Password
  • 0x03-0x7F - methods assigned by IANA
  • 0x80-0xFE - methods reserved for private use

The initial greeting from the client is:

  • field 1: SOCKS version number (must be 0x05 for this version)
  • field 2: number of authentication methods supported, 1 byte
  • field 3: authentication methods, variable length, 1 byte per method supported

The server's choice is communicated:

  • field 1: SOCKS version, 1 byte (0x05 for this version)
  • field 2: chosen authentication method, 1 byte, or 0xFF if no acceptable methods were offered

The subsequent authentication is method-dependent.

The client's connection request is:

  • field 1: SOCKS version number, 1 byte (must be 0x05 for this version)
  • field 2: command code, 1 byte:
    • 0x01 = establish a TCP/IP stream connection
    • 0x02 = establish a TCP/IP port binding
    • 0x03 = associate a UDP port
  • field 3: reserved, must be 0x00
  • field 4: address type, 1 byte:
    • 0x01 = IPv4 address (address field is 4 bytes long)
    • 0x03 = Domain name (address field is variable)
    • 0x04 = IPv6 address (address field is 16 bytes long)
  • field 5: destination address, 4 or 16 bytes or domain name length + 1 bytes.
    • If address type is 0x03 then the address consists of a length byte followed by the domain name.
  • field 6: network byte order port number, 2 bytes

Server response:

  • field 1: SOCKS protocol version, 1 byte (0x05 for this version)
  • field 2: status, 1 byte:
    • 0x00 = request granted
    • 0x01 = general failure
    • 0x02 = connection not allowed by ruleset
    • 0x03 = network unreachable
    • 0x04 = host unreachable
    • 0x05 = connection refused by destination host
    • 0x06 = TTL expired
    • 0x07 = command not supported / protocol error
    • 0x08 = address type not supported
  • field 3: reserved, must be 0x00
  • field 4: address type, 1 byte:
    • 0x01 = IPv4 address (address field is 4 bytes long)
    • 0x03 = Domain name (address field is variable)
    • 0x04 = IPv6 address (address field is 16 bytes long)
  • field 5: destination address, 4 or 16 bytes or domain name length + 1 bytes.
    • If address type is 0x03 then the address consists of a length byte followed by the domain name.
  • field 6: network byte order port number, 2 bytes

SOCKS servers

List of SOCKS servers programs:

SOCKS clients

There are client programs that socksify [5], which allows adaptation of any networked software to connect to external networks via SOCKS.

List of SOCKS clients:

Client License Version Release date Platform Support
ProxyCap Shareware 3.02 03/2007 Windows v4, v5, HTTP
socat GPL 1.6 03/2007 POSIX multi-optional tunnel
Proxifier Shareware 2.6 02/2007 Windows, Mac OS X v4, v5, HTTPS
HTTP-Tunnel Client Freeware 4.4.400 01/2007 Windows v4, v5, HTTP
dsocks GPL 1.6 10/2006 *BSD, Mac OS X v4, v5
connect GPL 1.95 08/2006 Windows,POSIX v4, v5, HTTPS
nylon 3-clause BSD 1.2.1 07/2006 OpenBSD v4, v5
proxychains GPL 3.1 05/2006 POSIX (source) v4, v5, HTTPS
FreeCap GPL 3.18 02/2006 Windows v4, v5, HTTPS
Dante client BSD/Carnegie Mellon University 1.1.19 01/2006 POSIX v4, v5, HTTP
TunnelIt Shareware 1.4 06/2005 Windows SSH tunnel
GNet Library GPL 2.0.7 02/2005 POSIX (source) v4, v5
Hummingbird SOCKS Freeware 8.0 10/2003 Windows v4, v5
tsocks GPL 1.8 10/2002 POSIX (source) v4, v5
Kernel Socks Bouncer GPL 0.0.4 1/2005 POSIX (source) v5

References

  1. ^ Darmohray, Tina. "Firewalls and fairy tales". ;LOGIN:. Vol 30, no. 1.
  • RFC 3089 - A SOCKS-based IPv6/IPv4 Gateway Mechanism
  • RFC 1961 - GSS-API Authentication Method for SOCKS Version 5
  • RFC 1929 - Username/Password Authentication for SOCKS V5
  • RFC 1928 - SOCKS Protocol Version 5
Retrieved from "https://en.wikipedia.org/w/index.php?title=SOCKS&oldid=137031879"