返回02表示proxy server 需要做sock5的rfc1929身份验证 最近我也一直在做这个东东,用wingate做实验老是搞不定rfc1929 真的头痛! 奇怪的地方是:帮助上说wingate做sock5的rfc1929严正时用的是wingate用户数据库,可我传入user/pwd后除了adnimistrator以外的所有注册用户名/口令它都不认!!大虾们来帮个忙阿!-------------------------------------------------------------------------- 以下为wingate的help中关于rfc1929的内容 1. Some SOCKS5 clients can use 慠FC1929?(an Internet 憇tandard? authentication. This uses a username and password transmitted as clear text. When a user connects to WinGate, WinGate evaluates the client抯 current level of authentication (Unknown, Assumed or Authenticated), depending on what it already knows about the client. If the user is unknown, and you have the option "Use RFC1929?" enabled, then WinGate will require the user to use this method to raise it抯 security level to Assumed. Otherwise, the client will not be required to use this method. There is a special case here. If a user is assumed to be someone that has no rights to use the SOCKS server, then WinGate will still allow the user to authenticate (using RFC1929). Provided that the user then authenticates as someone with rights to use the SOCKS server, then they will be granted access.RFC1929 is not very secure, and we recommend that you do not use this method if you are authenticating across an untrusted network, such as the Internet. Because this method is not secure, a user that has used this method will raise their security level only to assumed, not authenticated.2. Use RFC1929 AuthenticationThis option is available for those who have secondary SOCKS authentication servers. Name and Password are taken from the user database. If you use this option, a Guest user will have their authentication level increased to 慳ssumed?while a session is authenticated with this method.This option is not recommended, as passwords are sent as 'plaintext'. 3. SOCKS Server The WinGate SOCKS server is SOCKS 4 and SOCKS 5 (RFC 1928) compliant. It supports RFC1929 authentication using the user accounts in the WinGate User Database. The WinGate SOCKS server is HTTP-aware. It can intercept HTTP requests, and handle them with the built-in WinGate WWW proxy. This means that even your SOCKS users will enjoy the benefits of the WWW proxy (e.g. caching), and can be subject to the same security policies.
你用的是什么代理服务器?如何设置的?以下截至rfc1928 (SOCKS Protocol Version 5)o REP Reply field: o X'00' succeeded o X'01' general SOCKS server failure o X'02' connection not allowed by ruleset o X'03' Network unreachable o X'04' Host unreachable o X'05' Connection refused o X'06' TTL expired o X'07' Command not supported o X'08' Address type not supported o X'09' to X'FF' unassigned
sock5是这样的
1.连接服务器:
2.发送验证方法列表给服务器,进行验证,就算不要密码也需要进行此步
3.发送命令第二步的命令是:
cnt,method即发送的byte意义为,验证方法列表,验证方法代码。
一般使用02(2种验证),00(无验证法),01(user:pwd验证法)
发送的命令为
05(sovks5),xx(验证方法个数),...其中02才是user:pwd验证方法
最近我也一直在做这个东东,用wingate做实验老是搞不定rfc1929 真的头痛!
奇怪的地方是:帮助上说wingate做sock5的rfc1929严正时用的是wingate用户数据库,可我传入user/pwd后除了adnimistrator以外的所有注册用户名/口令它都不认!!大虾们来帮个忙阿!--------------------------------------------------------------------------
以下为wingate的help中关于rfc1929的内容
1.
Some SOCKS5 clients can use 慠FC1929?(an Internet 憇tandard? authentication. This uses a username and password transmitted as clear text. When a user connects to WinGate, WinGate evaluates the client抯 current level of authentication (Unknown, Assumed or Authenticated), depending on what it already knows about the client. If the user is unknown, and you have the option "Use RFC1929?" enabled, then WinGate will require the user to use this method to raise it抯 security level to Assumed. Otherwise, the client will not be required to use this method. There is a special case here. If a user is assumed to be someone that has no rights to use the SOCKS server, then WinGate will still allow the user to authenticate (using RFC1929). Provided that the user then authenticates as someone with rights to use the SOCKS server, then they will be granted access.RFC1929 is not very secure, and we recommend that you do not use this method if you are authenticating across an untrusted network, such as the Internet. Because this method is not secure, a user that has used this method will raise their security level only to assumed, not authenticated.2.
Use RFC1929 AuthenticationThis option is available for those who have secondary SOCKS authentication servers. Name and Password are taken from the user database. If you use this option, a Guest user will have their authentication level increased to 慳ssumed?while a session is authenticated with this method.This option is not recommended, as passwords are sent as 'plaintext'. 3.
SOCKS Server
The WinGate SOCKS server is SOCKS 4 and SOCKS 5 (RFC 1928) compliant. It supports RFC1929 authentication using the user accounts in the WinGate User Database. The WinGate SOCKS server is HTTP-aware. It can intercept HTTP requests, and handle them with the built-in WinGate WWW proxy. This means that even your SOCKS users will enjoy the benefits of the WWW proxy (e.g. caching), and can be subject to the same security policies.
http://www.csdn.net/expert/topic/376/376611.shtm
你所说的是验证的时候,返回2,则需要用户口令验证。
我说的是这之后,
发送命令,返回2
发送5,1,0,1,-54,106,-72,-56,0,80中间是转换过后的IP地址
o X'00' succeeded
o X'01' general SOCKS server failure
o X'02' connection not allowed by ruleset
o X'03' Network unreachable
o X'04' Host unreachable
o X'05' Connection refused
o X'06' TTL expired
o X'07' Command not supported
o X'08' Address type not supported
o X'09' to X'FF' unassigned
1、我先与代理服务器建立连接,
2、验证
3、发送连接命令cmd为1,目的地址为新浪IP:202.106.184.200,端口80
代理服务器此时始终返回rep=2
!!!
不知道为什么阿!!
bool TmSocketS::Connect(const char *psHostAddress,unsigned short nHostPort)
{
char ip[4];
assert(psHostAddress!=NULL);
hostent * hp;
hp=gethostbyname(psHostAddress);
if(!hp)
{
error = SOCKERR_RESOLVESVR;
PublishEvent(this);
return false;
}
memcpy(ip,hp->h_addr_list[0],4);
if(TmSocket::Connect(sProxy.c_str(),port))
{
char SockSCmd[128];
SockSCmd[0] = SockSVersion;
SockSCmd[1] = 0x1;
switch(SockSVersion)
{
case 4:
*((unsigned short*)(SockSCmd+2))=htons(nHostPort);
memcpy((SockSCmd+4),ip,4);
TmSocket::Send(SockSCmd,8);
if(sUser.empty())
{
TmSocket::Send("",1);
}
else
{
TmSocket::Send(sUser.c_str(),sUser.length()+1);
}
if(TmSocket::Recv(SockSCmd,8)!=8)
{
error=SOCKSERR_BADPROXY;
PublishEvent(this);
return false;
}
break;
case 5:
SockSCmd[2] = 0x00; //rsv
SockSCmd[3] = 0x01; //ip family
memcpy((SockSCmd+4),ip,4);
*((unsigned short*)(SockSCmd+8))=htons(nHostPort);
if(!AuthenticationV5())
{
PublishEvent(this);
return false;
}
TmSocket::Send(SockSCmd,10);
if(TmSocket::Recv(SockSCmd,10)!=10)
{
error=SOCKSERR_BADPROXY;
PublishEvent(this);
return false;
}
break;
default:
error=SOCKERR_FATAL;
PublishEvent(this);
return false;
} if(CheckResult(SockSCmd))
{
status=1;
return true;
}
PublishEvent(this);
return false;
}
TmSocket::Close();
return false;
}
有可能是proxy设置不许你访问该ip
我的代码用wingate/deligate/cproxy3.0测试都通过的,没有遇见这些问题嘛
inet_addr("202.106.184.200");
有没有问题
不会吧,这个就是新浪新闻的地址啊?!!
能给个你测试通过的IP地址么?
昏死~~~~~这样啊~你可以用内部网来测试嘛~
找个内部的http server,实在不行自己装个apache,然后过proxy访问自己落
bool TmSocketS::AuthenticationV5()
{
char SockSCmd[512+10];
SockSCmd[0]=5;
SockSCmd[1]=2; // supports two authentication currently
SockSCmd[2]=0; // NO authentication
SockSCmd[3]=2; // USERNAME/PASSWORD authentication
// The values currently defined for METHOD are:
// o X'00' NO AUTHENTICATION REQUIRED
// x X'01' GSSAPI
// o X'02' USERNAME/PASSWORD
// x X'03' to X'7F' IANA ASSIGNED
// x X'80' to X'FE' RESERVED FOR PRIVATE METHODS
// o X'FF' NO ACCEPTABLE METHODS
TmSocket::Send(SockSCmd,4);
if(TmSocket::Recv(SockSCmd,2)==2)
{
if(SockSCmd[0]==5)
{
switch(SockSCmd[1])
{
case 0:
#ifdef __DEBUG_CSOCKET
printf("SOCKSV5 NO authentication\n");
#endif
return true;
case 2:
{
int szUser=sUser.length();
int szPwd=sPassword.length();
if( (szUser>255)|| (szPwd>255) ||
(szUser<=0) || (szPwd<=0 ) )
{
error = SOCKS5ERR_AUTHFAILED;
return false;
} SockSCmd[0]=1;
SockSCmd[1]=szUser;
memcpy(SockSCmd+2,sUser.c_str(),szUser);
SockSCmd[2+szUser]=szPwd;
memcpy(SockSCmd+3+szUser,sPassword.c_str(),szPwd); TmSocket::Send(SockSCmd,3+szUser+szPwd);
#ifdef __DEBUG_CSOCKET
printf("Start sockS5 username/password authentication\n");
#endif if(TmSocket::Recv(SockSCmd,2)==2)
{
if( (SockSCmd[0]==5)&&
(SockSCmd[1]==0) )
{
#ifdef __DEBUG_CSOCKET
printf("Authentication succefully!\n");
#endif
return true;
}
}
#ifdef __DEBUG_CSOCKET
printf("Authentication failed!\n");
#endif
error=SOCKS5ERR_AUTHFAILED;
return false;
} default:
;
}
}
}
error=SOCKS5ERR_NOAUTHMETH;
return false;
}
你是不是用http代理上网的?then that 's the reason
BOOL Connect(SOCKET* client,struct sockaddr_in * sockaddr)//,char * username,char * password)
{
unsigned long tmpLong;
unsigned short port;
unsigned char command[10];
int num;
if (connect(*client,(struct sockaddr_in *)sockaddr,sizeof(*sockaddr))==SOCKET_ERROR)
{
printf("不能连接到代理服务器!");
return FALSE;
}
memset(command,0,10);
command[0]=5;
command[1]=1;
command[2]=0;
num = send(*client,command,3,0);
memset(command,0xff,10);
num=recv(*client,command,10,0); if (command[1]!=0)
return FALSE; tmpLong = inet_addr("202.106.184.200");
port = htons(80);// tmpLong = inet_addr("61.157.90.16");
// port = ntohs(8001);
memset(command,0,10);
command[0]=5;
command[1]=1;
command[2]=0;
command[3]=1;
memcpy(&command[4],&tmpLong,4);
memcpy(&command[8],&port,2); num = send(*client,command,10,0); num=recv(*client,command,10,0);
if (num!=10)
{
return FALSE;
} if (command[1]!=0x00)
{
printf("通过代理连接主站不成功!\n");
return FALSE;
}
printf("通过代理成功连接主站!\n");
return TRUE;
}
利用SOCKS是不是只能访问支持SOCKS的地址!