SOCKS is a general-purpose proxy protocol for relaying messages between application client and application server via SOCKS proxy server. The SOCKS protocol is used between SOCKS client and SOCKS proxy server. SOCKS V4 supports only TCP CONNECT and TCP BIND commands, while in SOCKS V5 also UDP relaying is supported. Additionally, SOCKS V5 supports IPv6 addressing scheme and different authentication methods. This test suite can be used for testing security flaws and robustness of SOCKS proxy server implementations. The suite acts as a SOCKS client, and if wanted, it can act also as an application server, in which case an external application server is not needed. The test suite supports username-password authentication defined in RFC1929 and GSS-API authentication method defined in RFC1961. GSS-API authentication uses Kerberos v5 method.
Used specifications
Specification
Title
SOCKS 4
SOCKS: A protocol for TCP proxy across firewalls
SOCKS 4a
SOCKS 4A: A Simple Extension to SOCKS 4 Protocol
RFC1928
SOCKS Protocol Version 5
RFC1929
Username/Password Authentication for SOCKS V5
RFC1961
GSS-API Authentication Method for SOCKS Version 5
Tool-specific information
Tested messages
Specifications
Notes
SOCKS 4 Command Request
SOCKS 4
CONNECT and BIND
SOCKS 4A Command Request
SOCKS 4A
CONNECT and BIND
SOCKS 5 Authentication Method Request
RFC1928
SOCKS 5 Command Request
RFC1928
CONNECT, BIND and UDP ASSOCIATE
SOCKS 5 UDP Request
RFC1928
Username-Password Request
RFC1929
Security Context Request
RFC1961
Message Protection Subneg Request
RFC1961
Wrapped Command Request
RFC1961
Supported protocol features
Specifications
Notes
SOCKS 4 Connect
SOCKS 4
SOCKS 4 Bind
SOCKS 4
SOCKS 4A Domain name addressing scheme
SOCKS 4A
SOCKS 5 IPv4 addressing scheme
RFC1928
SOCKS 5 Domain name addressing scheme
RFC1928
SOCKS 5 IPv6 addressing scheme
RFC1928
SOCKS 5 Username-Password authentication
RFC1929
SOCKS 5 GSS-API Authentication
RFC1961
Also NEC reference implementation supported. Kerberos 5 Utilized. Tested with AES128-CTS encryption.