|
The SOCKS5 procedure for TCP-based clients start with a TCP connection to
the SOCKS server. By convention, the SOCKS service is located on TCP port
1080. If the connection succeeds,
the client sends a GREETING
packet to negotiate an authentication method.
![[Note]](../../images/note.png) |
Note |
|---|---|
While the |
Once connected to the SOCKS server, the client can send a GREETING to establish a connection to an application server:
+----+----------+----------+ |VER | NMETHODS | METHODS | +----+----------+----------+ 1 1 1-255
where:
VER: SOCKS protocol version number (1 byte: always 0x05)
NMETHODS: Number of method identifiers in METHODS
(1 byte)
METHODS: List of authentication methods supported by the
client
The authentication methods are the following:
0x00: No authentication
0x01: GSSAPI (RFC
1961)
0x02: Username/password (RFC
1929)
0x03–0x7F: methods assigned by IANA[11]
0x03: Challenge-Handshake Authentication Protocol
0x04: Unassigned
0x05: Challenge-Response Authentication Method
0x06: Secure Sockets Layer
0x07: NDS Authentication
0x08: Multi-Authentication Framework
0x09: JSON Parameter Block
0x0A–0x7F: Unassigned
0x80–0xFE: methods reserved for private use
0xFF: No acceptable method (reserved for served reply)
All SOCKS implementations should support the GSSAPI and Username/Password methods.
The SOCKS server evaluates the GREETING request, and either
establishes the appropriate connection or denies it through a METHOD
selection message.
+----+--------+ |VER | METHOD | +----+--------+ 1 1
where:
VER: SOCKS protocol version number (1 byte: always 0x05)
METHOD: The response code
If the METHOD field is 0xFF (No acceptable method),
the client must clone the connection. For any other method, the client and
server should enter a method-specific sub-negotiation.