[Bro-Dev] [JIRA] (BIT-1011) username/password authentication for SOCKS5
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Thu Feb 12 12:22:01 PST 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19601#comment-19601 ]
Jon Siwek commented on BIT-1011:
--------------------------------
I don't think sticking the version = 1 case in to the top-level SOCKS_Version message is quite right: that version number is actually a part of the specific SOCKS5 authentication method's sub-negotiation, right?
So I think at least the top-level message can differentiate between a "some main SOCKS protocol" and "SOCKS5 authentication sub-negotiation" message and then for parsing the user/pass request, we only understand it if the VER field is 1.
> username/password authentication for SOCKS5
> -------------------------------------------
>
> Key: BIT-1011
> URL: https://bro-tracker.atlassian.net/browse/BIT-1011
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: Bro
> Affects Versions: git/master
> Reporter: nicolas
> Assignee: Jon Siwek
> Priority: Low
> Fix For: 2.4
>
> Attachments: 0001-SOCKS-authentication-patch.patch, output.pcap
>
>
> Patch the bug explained below :
> It appears using the username authentication with SOCKS 5.
> After the client and the server have chosen the username authentication,
> the client has to send the following packet :
> Client request (RFC 1929) :
> +----+------+----------+------+----------+
> |VER | ULEN | UNAME | PLEN | PASSWD |
> +----+------+----------+------+----------+
> | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
> +----+------+----------+------+----------+
> Here the first byte must be 0x1, it specifies the version of the
> authentication mechanisme, not the SOCKS version (0x5) like in all
> others packets.
> However in the socks-protocol.pac the type SOCKS_Version never parses
> data if the first byte is 0x1, and it goes to an error.
--
This message was sent by Atlassian JIRA
(v6.4-OD-14-082#64012)
More information about the bro-dev
mailing list