This paper is participating in theNetwork protocols must be known and must be known”Essay campaign

Introduction to the

Long long ago, people still wear straw sandals, although wearing comfortable, but not beautiful enough. Then people discovered that they could also make shoes from animal skins, so leather shoes appeared. But shoes wear wear feet, so people invented socks, set on the foot, instead of heel shoes contact, both improve comfort, but also reduce wear, it is a matter of killing two birds with one stone, very perfect.

In the network world, such socks also exist. To distinguish them from real world socks, we use uppercase socks here.

SOCKS is the network proxy protocol we are going to talk about today.

The story of the SOCKS

Before getting into SOCKS, let’s review the OSI network layer 7 protocol.

OSI stands for Open System Interconnect.

SOCKS is also a network protocol. It is used to replace the connection between the client and the server.

SOCKS is in the fifth layer of the OSI seven-layer protocol, the session layer, and is midway between the presentation and transport layers. As you can see from the figure above, the underlying protocols of SOCKS are TCP and UDP.

As a proxy protocol, SOCKS provides TCP – and UDP-based proxies. Compared with HTTP proxies, SOCKS is more low-level and has more application scenarios.

Typically, the standard port for SOCKS is 1080.

The history of the SOCKS

Every protocol has its own history, and SOCKS is no exception. It would be interesting to tell the history of all protocols in the form of a story, and you can expect an article like this to appear someday.

Proxy is a basic function in the network. SOCKS proxy was first designed by David Koblas of MIPS Technology Company in the United States. MIPS is known for developing the MIPS architecture and a range of RISC CPU chips based on it. However, after a series of acquisitions, eventually the MIPS architecture was abandoned in favor of risC-V architecture.

MIPS was acquired by Silicon Graphics in 1992, the year Koblas published his paper on SOCKS, and SOCKS became famous.

The most widely used protocol versions of SOCKS are 4 and 5. SOCKS4 was invented by Ying-da Lee of NEC. Since there is no convention on security in SOCKS 4, but security is increasingly important for today’s networks, SOCKS5 emerged. SOCKS5 was originally a security protocol to make firewalls and other security products easier to manage.

SOCKS details of the SOCKS protocol

SOCKS protocols are SOCKS4, SOCKS4a, and SOCKS5. This section will describe in detail the structure of their agreement.

SOCKS4

SOCKS4 request data package looks like:

meaning VER CMD DSTPORT DSTIP ID
The number of bytes 1 1 2 4 variable

VER occupies one byte and represents the version number of the SOCKS protocol. For SOCKS4, the value is 0x04.

CMD takes 1 byte and represents the code to execute the command. There are two options, 0x01 for establishing a TCP/IP stream connection or 0x02 for establishing a TCP/IP port binding.

DSTPORT occupies two bytes and indicates the destination port number.

DESTIP takes four bytes and represents an IPv4 address.

ID is a user ID that occupies an variable number of bytes.

For the request data, the corresponding return data is as follows:

meaning VN REP DSTPORT DSTIP
The number of bytes 1 1 2 4

VN takes 1 byte and represents the version of the message returned.

REP takes up 1 byte and represents the code returned:

byte meaning
0x5A Request authorization
0x5B The request was rejected or failed
0x5C The request failed because the client ID was not included or the server could not connect to the client
0x5D Failed because the client ID did not match

DSTPORT takes up two bytes, representing the port of the destination, and is empty if not bound.

DSTIP takes four bytes and represents the IP address of the destination bound by the client.

For example, if the client wants to use SOCKS4 to connect from Fred to 66.102.7.99:80, the request is as follows:

0x04 | 0x01 | 0x00 0x50 | 0x42 0x66 0x07 0x63 | 0x46 0x72 0x65 0x64 0x00
Copy the code

The last field is the ASCII encoding for Fred.

If the server returns OK, the response is as follows:

0x00 | 0x5A | 0xXX 0xXX | 0xXX 0xXX 0xXX 0xXX
Copy the code

Where 0xXX can be any value.

After the connection is established, all requests from SOCKS clients to SOCKS servers are forwarded to 66.102.7.99.

SOCKS4a

Because SOCKS4 can only specify the IP address of the destination server, this is severely limited when the server has multiple IP addresses. SOCK4a extends SOCK4 to support the domain name of the target server.

SOCKS4a was also proposed by Ying-da Lee, the author of SOCKS4. Let’s look at the request format of SOCKS4a:

meaning VER CMD DSTPORT DSTIP ID DOMAIN
The number of bytes 1 1 2 4 variable variable

SOCKS4a joins domain at the end of SOCKS4.

DOMAIN indicates the DOMAIN name of the target server to be connected to. Use NULL (0x00) for the ending. The first three bytes of the corresponding DSTIP are set to NULL, and the last byte is set to a non-zero value.

The server response is the same as SOCKS4.

SOCKS5

Although SOCKS5 is the latest version of SOCKS, SOCKS5 and SOCKS4 are incompatible. SOCKS5 supports authentication and IPv6 and UDP. Where UDP can be used for DNS lookups. Its interaction flow is as follows:

  1. The client and server connect and send a greeting message containing a list of supported authentication methods.

  2. The server selects a supported authentication method. If neither method is supported, the server sends a failure response.

  3. Based on the selected authentication method, the client and server interact with each other. The interaction flow is related to the selected authentication method.

  4. The client sends the connection request in a similar manner to SOCKS4.

  5. The server sends a response similar to that of SOCKS4.

Let’s look at the format of the greeting message:

meaning VER NAUTH AUTH
The number of bytes 1 1 Variable byte

VER occupies 1 byte to represent the version number of SOCKS, in this case 0x05.

NAUTH takes 1 byte, indicating the number of supported authentication methods.

AUTH is a mutable byte that represents the supported authentication methods. A byte represents a method. The following methods are supported:

0x00: No authentication 0x01: GSSAPI 0x02: User name/Password (RFC 1929) 0x03 -- 0x7F: Methods Assigned by IANA 0x03: Challenge-handshake Authentication Protocol 0x04: Unassigned 0x05: Challenge-Response Authentication Method 0x06: Secure Sockets Layer 0x07: NDS Authentication 0x08: Multi-Authentication Framework 0x09: JSON Parameter Block 0x0A - 0x7F: unallocated 0x80-0xFE: reserved method used internallyCopy the code

The corresponding server response is as follows:

meaning VER CAUTH
The number of bytes 1 1

VER takes 1 byte and represents the version number. For SOCKS5, the value is 0x05.

CAUTH takes 1 byte, indicating the selected authentication method. If not selected, set to 0xFF.

After selecting the authentication method, the client-server authentication interaction is the next step. Here, we choose the basic user name and password 0x02 authentication as an example.

The client sends an authentication request:

meaning VER IDLEN ID PWLEN PW
The number of bytes 1 1 (1-255) 1 (1-255)

VER One byte indicates the version of the current user name and password.

IDLEN takes 1 byte, indicating the length of the user name.

The ID contains 1 to 255 bytes and indicates the user name.

PWLEN takes 1 byte, indicating the length of the password.

PW is the password.

The corresponding server response is as follows:

meaning VER STATUS
The number of bytes 1 1

VER occupies one byte, indicating the version number.

STATUS Takes one byte to indicate the response STATUS of the server.

The client can then send a connection establishment message to the server:

meaning VER CMD RSV DSTADDR DSTPORT
The number of bytes 1 1 1 Variable byte 2

CMD is an optional command for connection, 0x01 for establishing a TCP/IP stream connection, 0x03 for establishing a TCP/IP port binding, and 0x03 for connecting a UDP port.

RSV is a reserved byte and must be 0x00.

DSTADDR is the address of SOCKS5. An address is defined like this:

meaning TYPE ADDR
The number of bytes 1 Variable byte

TYPE Indicates the address TYPE. 0x01 is an IPv4 address, 0x03 is a domain name, and 0x04 is an IPv6 address.

ADDR indicates the address, or 4 bytes if IPv4, or the length if domain, followed by the domain name. If it is an IPv6 address, 16 bytes are used.

The corresponding server response is as follows:

meaning VER STATUS RSV BNDADDR BNDPORT
The number of bytes 1 1 1 Variable byte 2

conclusion

SOCKS4 and SOCKS5 protocols. SOCKS must be capitalized!

This article is available at www.flydean.com/09-socks/

The most popular interpretation, the most profound dry goods, the most concise tutorial, many tips you didn’t know waiting for you to discover!

Welcome to pay attention to my public number: “procedures those things”, understand technology, more understand you!