Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8394c70204
Branches Tags
tor
/
doc
/
spec
/
socks-extensions.txt

socks-extensions.txt 3.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. Tor's extensions to the SOCKS protocol
    2. 

  2. 

  3. 1. Overview
    4. 

  4. 

  5.   The SOCKS protocol provides a generic interface for TCP proxies.  Client
    6. 

  6.   software connects to a SOCKS server via TCP, and requests a TCP connection
    7. 

  7.   to another address and port.  The SOCKS server establishes the connection,
    8. 

  8.   and reports success or failure to the client.  After the connection has
    9. 

  9.   been established, the client application uses the TCP stream as usual.
    10. 

  10. 

  11.   Tor supports SOCKS4 as defined in [1], SOCKS4A as defined in [2], and
    12. 

  12.   SOCKS5 as defined in [3].
    13. 

  13. 

  14.   The stickiest issue for Tor in supporting clients, in practice, is forcing
    15. 

  15.   DNS lookups to occur at the OR side: if clients do their own DNS lookup,
    16. 

  16.   the DNS server can learn which addresses the client wants to reach.
    17. 

  17.   SOCKS4 supports addressing by IPv4 address; SOCKS4A is a kludge on top of
    18. 

  18.   SOCKS4 to allow addressing by hostname; SOCKS5 supports IPv4, IPv6, and
    19. 

  19.   hostnames.
    20. 

  20. 

  21. 1.1. Extent of support
    22. 

  22. 

  23.   Tor supports the SOCKS4, SOCKS4A, and SOCKS5 standards, except as follows:
    24. 

  24. 

  25.   BOTH:
    26. 

  26.   - The BIND command is not supported.
    27. 

  27. 

  28.   SOCKS4,4A:
    29. 

  29.   - SOCKS4 usernames are ignored.
    30. 

  30. 

  31.   SOCKS5:
    32. 

  32.   - The (SOCKS5) "UDP ASSOCIATE" command is not supported.
    33. 

  33.   - IPv6 is not supported in CONNECT commands.
    34. 

  34.   - Only the "NO AUTHENTICATION" (SOCKS5) authentication method [00] is
    35. 

  35.     supported.
    36. 

  36. 

  37. 2. Name lookup
    38. 

  38. 

  39.   As an extension to SOCKS4A and SOCKS5, Tor implements a new command value,
    40. 

  40.   "RESOLVE" [F0].  When Tor receives a "RESOLVE" SOCKS command, it initiates
    41. 

  41.   a remote lookup of the hostname provided as the target address in the SOCKS
    42. 

  42.   request.  The reply is either an error (if the address couldn't be
    43. 

  43.   resolved) or a success response.  In the case of success, the address is
    44. 

  44.   stored in the portion of the SOCKS response reserved for remote IP address.
    45. 

  45. 

  46.   (We support RESOLVE in SOCKS4 too, even though it is unnecessary.)
    47. 

  47. 

  48.   For SOCKS5 only, we support reverse resolution with a new command value,
    49. 

  49.   "RESOLVE_PTR" [F1]. In response to a "RESOLVE_PTR" SOCKS5 command with
    50. 

  50.   an IPv4 address as its target, Tor attempts to find the canonical
    51. 

  51.   hostname for that IPv4 record, and returns it in the "server bound
    52. 

  52.   address" portion of the reply.
    53. 

  53.   (This command was not supported before Tor 0.1.2.2-alpha.)
    54. 

  54. 

  55. 3. Other command extensions.
    56. 

  56. 

  57.   Tor 0.1.2.4-alpha added a new command value: "CONNECT_DIR" [F2].
    58. 

  58.   In this case, Tor will open an encrypted direct TCP connection to the
    59. 

  59.   directory port of the Tor server specified by address:port (the port
    60. 

  60.   specified should be the ORPort of the server). It uses a one-hop tunnel
    61. 

  61.   and a "BEGIN_DIR" relay cell to accomplish this secure connection.
    62. 

  62. 

  63.   The F2 command value was removed in Tor 0.2.0.10-alpha in favor of a
    64. 

  64.   new use_begindir flag in edge_connection_t.
    65. 

  65. 

  66. 4. HTTP-resistance
    67. 

  67. 

  68.   Tor checks the first byte of each SOCKS request to see whether it looks
    69. 

  69.   more like an HTTP request (that is, it starts with a "G", "H", or "P").  If
    70. 

  70.   so, Tor returns a small webpage, telling the user that his/her browser is
    71. 

  71.   misconfigured.  This is helpful for the many users who mistakenly try to
    72. 

  72.   use Tor as an HTTP proxy instead of a SOCKS proxy.
    73. 

  73. 

  74. References:
    75. 

  75.  [1] http://archive.socks.permeo.com/protocol/socks4.protocol
    76. 

  76.  [2] http://archive.socks.permeo.com/protocol/socks4a.protocol
    77. 

  77.  [3] SOCKS5: RFC1928
    78. 

  78.