Re: ncat: patch that adds socks5 support - allows to proxy IPv6 connections

[David Fifield <david () bamsoftware com>]

On Sun, May 15, 2011 at 01:02:26PM +0200, Marek Lukaszuk wrote:
> Hi,
>
> Hope this will be useful. Currently because of the way ncat is
> handling address families you can't proxy IPv6 addresses via IPv4
> proxy.  If I will have time I will try to correct this also.
> This is my first patch, so any suggestion for improvement are very
> much welcomed.

Marek, I'm looking at integrating this patch in the near future. (And
looking at your more recent, bigger patch later.) But what it is really
missing are some tests. If you look at ncat-test.pl, you will see a
bunch of tests for client-mode HTTP proxy code:

HTTP proxy client prefers Digest auth
HTTP CONNECT client hides proxy server response
HTTP CONNECT client, different Status-Line
HTTP CONNECT client, server sends header
HTTP proxy auth base64 encoding:

I would like to have a few similar tests for SOCKS5. They can include:

SOCKS5 client, server allows connection
SOCKS5 client, server sends short response
SOCKS5 client, server sends no auth types
SOCKS5 client, server sends unknown code
SOCKS5 client, server sends error after accepting auth

You need to define what happens in each of these cases (as to what
should be relayed and what the ncat exit code should be). Please try to
match the style of the surrounding tests as much as possible. You don't
actually need a SOCKS5 server for the tests; take a look at the HTTP
tests where we just simulate what a server would send.

I'm attaching a modified version of your patch against the current
version of ncat.

David Fifield

Attachment: ncat-socks5-client.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/