[Bro-Dev] [JIRA] (BIT-1011) username/password authentication for SOCKS5

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Thu Feb 5 09:45:00 PST 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Seth Hall updated BIT-1011:
---------------------------
    Status: Merge Request  (was: Open)

> username/password authentication for SOCKS5
> -------------------------------------------
>
>                 Key: BIT-1011
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1011
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: nicolas
>            Assignee: Seth Hall
>            Priority: Low
>             Fix For: 2.4
>
>         Attachments: 0001-SOCKS-authentication-patch.patch, output.pcap
>
>
> Patch the bug explained below :
> It appears using the username authentication with SOCKS 5.
> After the client and the server have chosen the username authentication, 
> the client has to send the following packet :
> Client request (RFC 1929) :
>             +----+------+----------+------+----------+
>             |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
>             +----+------+----------+------+----------+
>             | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
>             +----+------+----------+------+----------+
> Here the first byte must be 0x1, it specifies the version of the 
> authentication mechanisme, not the SOCKS version (0x5) like in all 
> others packets.
> However in the socks-protocol.pac the type SOCKS_Version never parses 
> data if the first byte is 0x1, and it goes to an error.



--
This message was sent by Atlassian JIRA
(v6.4-OD-13-026#64011)


More information about the bro-dev mailing list