socks5: use correct version for auth negotiation

2021-08-27 10:25:31 +02:00 · 2021-08-27 10:25:31 +02:00 · f9ffe8279d
parent f8826b29a2
commit f9ffe8279d
2 changed files with 12 additions and 10 deletions
--- a/mitmproxy/proxy/layers/modes.py
+++ b/mitmproxy/proxy/layers/modes.py
@ -192,10 +192,12 @@ class Socks5Proxy(DestinationKnown):
        data = Socks5AuthData(self.context.client, user, password)
        yield Socks5AuthHook(data)
        if not data.valid:
-            yield from self.socks_err("authentication failed", 0x01)
+            # The VER field contains the current **version of the subnegotiation**, which is X'01'.
+            yield commands.SendData(self.context.client, b"\x01\x01")
+            yield from self.socks_err("authentication failed")
            return

-        yield commands.SendData(self.context.client, b"\x05\x00")
+        yield commands.SendData(self.context.client, b"\x01\x00")
        self.buf = self.buf[3 + user_len + pass_len:]
        self.state = self.state_connect
        yield from self.state()
--- a/test/mitmproxy/proxy/layers/test_modes.py
+++ b/test/mitmproxy/proxy/layers/test_modes.py
@ -329,11 +329,11 @@ def test_socks5_trickle(tctx: Context):
    for x in b"\x05\x01\x02":
        playbook >> DataReceived(tctx.client, bytes([x]))
    playbook << SendData(tctx.client, b"\x05\x02")
-    for x in b"\x05\x04user\x08password":
+    for x in b"\x01\x04user\x08password":
        playbook >> DataReceived(tctx.client, bytes([x]))
    playbook << modes.Socks5AuthHook(Placeholder())
    playbook >> reply(side_effect=_valid_socks_auth)
-    playbook << SendData(tctx.client, b"\x05\x00")
+    playbook << SendData(tctx.client, b"\x01\x00")
    for x in b"\x05\x01\x00\x01\x7f\x00\x00\x01\x12\x34":
        playbook >> DataReceived(tctx.client, bytes([x]))
    assert playbook << SendData(tctx.client, b"\x05\x00\x00\x01\x00\x00\x00\x00\x00\x00")
@ -368,14 +368,14 @@ def test_socks5_err(data: bytes, err: bytes, msg: str, tctx: Context):
@pytest.mark.parametrize("client_greeting,server_choice,client_auth,server_resp,address,packed", [
    (b"\x05\x01\x02",
     b"\x05\x02",
-     b"\x05\x04user\x08password",
-     b"\x05\x00",
+     b"\x01\x04user\x08password",
+     b"\x01\x00",
     "127.0.0.1",
     b"\x01\x7f\x00\x00\x01"),
    (b"\x05\x02\x01\x02",
     b"\x05\x02",
-     b"\x05\x04user\x08password",
-     b"\x05\x00",
+     b"\x01\x04user\x08password",
+     b"\x01\x00",
     "127.0.0.1",
     b"\x01\x7f\x00\x00\x01"),
 ])
@ -412,8 +412,8 @@ def test_socks5_auth_success(client_greeting: bytes, server_choice: bytes, clien
     "Client does not support SOCKS5 with user/password authentication."),
    (b"\x05\x02\x00\x02",
     b"\x05\x02",
-     b"\x05\x04" + b"user" + b"\x07" + b"errcode",
-     b"\x05\x01\x00\x01\x00\x00\x00\x00\x00\x00",
+     b"\x01\x04" + b"user" + b"\x07" + b"errcode",
+     b"\x01\x01",
     "authentication failed"),
 ])
 def test_socks5_auth_fail(client_greeting: bytes, server_choice: bytes, client_auth: bytes, err: bytes, msg: str,