[Bro-Dev] [JIRA] (BIT-1011) username/password authentication for SOCKS5

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Thu Feb 12 12:22:01 PST 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19601#comment-19601 ] 

Jon Siwek commented on BIT-1011:
--------------------------------

I don't think sticking the version = 1 case in to the top-level SOCKS_Version message is quite right: that version number is actually a part of the specific SOCKS5 authentication method's sub-negotiation, right?

So I think at least the top-level message can differentiate between a "some main SOCKS protocol" and "SOCKS5 authentication sub-negotiation" message and then for parsing the user/pass request, we only understand it if the VER field is 1.

> username/password authentication for SOCKS5
> -------------------------------------------
>
>                 Key: BIT-1011
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1011
>             Project: Bro Issue Tracker
>          Issue Type: Patch
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: nicolas
>            Assignee: Jon Siwek
>            Priority: Low
>             Fix For: 2.4
>
>         Attachments: 0001-SOCKS-authentication-patch.patch, output.pcap
>
>
> Patch the bug explained below :
> It appears using the username authentication with SOCKS 5.
> After the client and the server have chosen the username authentication, 
> the client has to send the following packet :
> Client request (RFC 1929) :
>             +----+------+----------+------+----------+
>             |VER | ULEN |  UNAME   | PLEN |  PASSWD  |
>             +----+------+----------+------+----------+
>             | 1  |  1   | 1 to 255 |  1   | 1 to 255 |
>             +----+------+----------+------+----------+
> Here the first byte must be 0x1, it specifies the version of the 
> authentication mechanisme, not the SOCKS version (0x5) like in all 
> others packets.
> However in the socks-protocol.pac the type SOCKS_Version never parses 
> data if the first byte is 0x1, and it goes to an error.



--
This message was sent by Atlassian JIRA
(v6.4-OD-14-082#64012)

More information about the bro-dev mailing list