[Bro-Dev] [JIRA] (BIT-1011) username/password authentication for SOCKS5
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Thu Feb 12 12:56:01 PST 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19602#comment-19602 ]
Jon Siwek commented on BIT-1011:
--------------------------------
That would also mean the new events may need to be specific to to the authN method. e.g. "socks_login_userpass" -> "socks_login_userpass_request" and "socks_login_reply" -> "socks_login_userpass_reply"
> username/password authentication for SOCKS5
> -------------------------------------------
>
> Key: BIT-1011
> URL: https://bro-tracker.atlassian.net/browse/BIT-1011
> Project: Bro Issue Tracker
> Issue Type: Patch
> Components: Bro
> Affects Versions: git/master
> Reporter: nicolas
> Assignee: Jon Siwek
> Priority: Low
> Fix For: 2.4
>
> Attachments: 0001-SOCKS-authentication-patch.patch, output.pcap
>
>
> Patch the bug explained below :
> It appears using the username authentication with SOCKS 5.
> After the client and the server have chosen the username authentication,
> the client has to send the following packet :
> Client request (RFC 1929) :
> +----+------+----------+------+----------+
> |VER | ULEN | UNAME | PLEN | PASSWD |
> +----+------+----------+------+----------+
> | 1 | 1 | 1 to 255 | 1 | 1 to 255 |
> +----+------+----------+------+----------+
> Here the first byte must be 0x1, it specifies the version of the
> authentication mechanisme, not the SOCKS version (0x5) like in all
> others packets.
> However in the socks-protocol.pac the type SOCKS_Version never parses
> data if the first byte is 0x1, and it goes to an error.
--
This message was sent by Atlassian JIRA
(v6.4-OD-14-082#64012)
More information about the bro-dev
mailing list