SS5 has been stopped updating for several years, as the service side of SOCKS5 agent is still relatively stable. But if you want to use an encrypted account and password protocol, some pits need to be filled in.
1, the service side of the account password Authentication mode is configured to "s", when the client for protocol authentication, the need to use "0x21", at this time the server will be reminded that there is no such protocol or wrong request. is because of a problem with the code on the server side.
In the unsigned char getmethod (struct _ss5clientinfo *ci) function of the server-side ss5mod_socks5.c file, there is a code for a judgment protocol like this
Do { if (node->srcaddr = = N_sa) && (Node->mask = = nm) && (sp >= node->srcrangemin) && Amp (SP <= Node->srcrangemax)) { if ((Node->method = = Noauth) && Ci->noauth) | | ((Node->method = = usrpwd) | | (node->method2 = = fakepwd)) && ci->basicauth) | | ((Node->method = = GSSAPI) && ci->gssapiauth)) return node->method; if (((node->method2 = = Noauth) && Ci->noauth) | | ((node->method2 = = usrpwd) | | (node->method2 = = fakepwd)) && Ci->basicauth) | | ((node->method2 = = GSSAPI) && ci->gssapiauth)) Return node->method2; }
If judgment, the account password encryption mode to lose, in fact, in addition ((Node->method = = s_user_pwd) && ci->securebasicauth).
2, the developer wrote in "Draft-supa.txt" in "Socks 5 Secure User-name and Password authentication protocol", in fact, there is a problem.
For example, when sending a password Exchange protocol, the author writes:
Now can start the Key Exchange process based of Diffie-hellman procedure:
Client send a packet with "P", "G" and "a" to the server:
+-----+-----+----+-----+
| Stat| P | G | A |
+-----+----+-----+-----+ STAT:
| 1 | 4 | 4 | 4 | 0x1:request Key
+-----+-----+----+-----+
Server-side verification, this is actually the case:
+-----+-----+----+-----+-----+----+-----+
| Stat| plen| P | Glen | G | alen| A |
+-----+----+-----+-----+----+-----+-----+ STAT:
| 1 | 4 | 4 | 4 | 4 | 4 | 4 | 0x1:request Key
+-----+-----+----+-----+-----+----+-----+
This is not a general pit, the pit is big. In short, the author did not pass the test, put the program out.
Clients based on the SS5 server