16,472
社区成员
发帖
与我相关
我的任务
分享大散分!kevin_qing或大虾们有谁有过用wingate调试socks5 rfc1929的成功经验??最近太苦闷了:~(
最近我也一直在做这个东东,用wingate做实验老是搞不定rfc1929 真的头痛!
奇怪的地方是:wingate的帮助上说wingate做sock5代理rfc1929验证时用的是wingate用户数据库,可我传入user/pwd后除了adnimistrator以外的所有注册用户名/口令它都不认!!
大虾们来帮个忙阿!
奇怪的地方是:wingate的帮助上说wingate做sock5代理rfc1929验证时用的是wingate用户数据库,可我传入user/pwd后除了adnimistrator以外的所有注册用户名/口令它都不认!!
大虾们来帮个忙阿!
...全文
请发表友善的回复…
发表回复
moony_blue 2001-11-25
- 打赏
- 举报
OKEY!!感谢大家!
moony_blue 2001-11-25
- 打赏
- 举报
kk
xtky_limi 2001-11-24
- 打赏
- 举报
upy kr
moony_blue 2001-11-24
- 打赏
- 举报
确定一定是wingate的设置问题。
moony_blue 2001-11-23
- 打赏
- 举报
倒数第2个 "}" 去掉
moony_blue 2001-11-23
- 打赏
- 举报
authreq这个结构是定长的(513字节)无论是否填满 都是发送513字节(sizeof(struct authreq))吧?
上边的代码只是样本代码,我真正的代码是这样的:
以下是关于身份验证的相关代码,,,
if(m_proxyans1->Method == 2)
{
memset(buff,0,1000); //reset buff (先清0)
//需要验证用户名/口令
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_NEEDUSERNAMEPASSWORD);
int nUserLen = strlen(_proxyInfo->GetUserName());
int nPassLen = strlen(_proxyInfo->GetPassword());
struct authreq *m_authreq;
m_authreq = (struct authreq *)buff;
m_authreq->Ver = 1;
m_authreq->Ulen = nUserLen;
strcpy(m_authreq->Name,_proxyInfo->GetUserName());
m_authreq->PLen = nPassLen;
strcpy(m_authreq->Pass,_proxyInfo->GetPassword());
//发送用户名/口令 1+1+255+1+255=513
_socket->Send(buff,sizeof(struct authreq)); //sizeof(struct authreq)=513
//已发送用户名/口令 等待验证结果
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_SENTUSERNAMEPASSWORD);
//step.5 获取校检反馈
struct authans *m_authans;
m_authans = (struct authans *)buff;
memset(buff,0,1000);
int len = _socket->Receive(buff,1000); //Receive
if(m_authans->Ver != 1 || m_authans->Status != 0) //用户名/口令错误
{
//如果验证失败一般是 m_authans->Ver = 5 m_authans->Status = 2
return GoError(PROXYERROR_USERNAMEORPASSWORD); //代理服务器用户验证不成功
}
//用户名密码OK
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_USERNAMEPASSWORDOK);
}
}
上边的代码只是样本代码,我真正的代码是这样的:
以下是关于身份验证的相关代码,,,
if(m_proxyans1->Method == 2)
{
memset(buff,0,1000); //reset buff (先清0)
//需要验证用户名/口令
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_NEEDUSERNAMEPASSWORD);
int nUserLen = strlen(_proxyInfo->GetUserName());
int nPassLen = strlen(_proxyInfo->GetPassword());
struct authreq *m_authreq;
m_authreq = (struct authreq *)buff;
m_authreq->Ver = 1;
m_authreq->Ulen = nUserLen;
strcpy(m_authreq->Name,_proxyInfo->GetUserName());
m_authreq->PLen = nPassLen;
strcpy(m_authreq->Pass,_proxyInfo->GetPassword());
//发送用户名/口令 1+1+255+1+255=513
_socket->Send(buff,sizeof(struct authreq)); //sizeof(struct authreq)=513
//已发送用户名/口令 等待验证结果
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_SENTUSERNAMEPASSWORD);
//step.5 获取校检反馈
struct authans *m_authans;
m_authans = (struct authans *)buff;
memset(buff,0,1000);
int len = _socket->Receive(buff,1000); //Receive
if(m_authans->Ver != 1 || m_authans->Status != 0) //用户名/口令错误
{
//如果验证失败一般是 m_authans->Ver = 5 m_authans->Status = 2
return GoError(PROXYERROR_USERNAMEORPASSWORD); //代理服务器用户验证不成功
}
//用户名密码OK
_proxyClient->HandleProxyValidateEvent(PROXYEVENT_USERNAMEPASSWORDOK);
}
}
Kevin_qing 2001-11-23
- 打赏
- 举报
ClientSock.Send(buff,sizeof(struct authreq));
有问题~
你只应该发送填写了的数据给server,超出部分不应该发,否则server可能会乱解释你的数据
后面可能也有这种东西,你最好重新写一下这部分的代码,实在是太乱了
有问题~
你只应该发送填写了的数据给server,超出部分不应该发,否则server可能会乱解释你的数据
后面可能也有这种东西,你最好重新写一下这部分的代码,实在是太乱了
feeyoo 2001-11-23
- 打赏
- 举报
帮着推一下!
moony_blue 2001-11-23
- 打赏
- 举报
以下这段截至rfc1929,那个似乎是一个大小固定的结构阿。能说说您的看法吗?
2. Initial negotiation
Once the SOCKS V5 server has started, and the client has selected the
Username/Password Authentication protocol, the Username/Password
subnegotiation begins. This begins with the client producing a
Username/Password request:
+----+------+----------+------+----------+
|VER | ULEN | UNAME | PLEN | PASSWD |
+----+------+----------+------+----------+
| 1 | 1 | 1 to 255 | 1 | 1 to 255 |
+----+------+----------+------+----------+
The VER field contains the current version of the subnegotiation,
which is X'01'. The ULEN field contains the length of the UNAME field
that follows. The UNAME field contains the username as known to the
source operating system. The PLEN field contains the length of the
PASSWD field that follows. The PASSWD field contains the password
association with the given UNAME.
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
+----+--------+
|VER | STATUS |
+----+--------+
| 1 | 1 |
+----+--------+
A STATUS field of X'00' indicates success. If the server returns a
`failure' (STATUS value other than X'00') status, it MUST close the
connection.
2. Initial negotiation
Once the SOCKS V5 server has started, and the client has selected the
Username/Password Authentication protocol, the Username/Password
subnegotiation begins. This begins with the client producing a
Username/Password request:
+----+------+----------+------+----------+
|VER | ULEN | UNAME | PLEN | PASSWD |
+----+------+----------+------+----------+
| 1 | 1 | 1 to 255 | 1 | 1 to 255 |
+----+------+----------+------+----------+
The VER field contains the current version of the subnegotiation,
which is X'01'. The ULEN field contains the length of the UNAME field
that follows. The UNAME field contains the username as known to the
source operating system. The PLEN field contains the length of the
PASSWD field that follows. The PASSWD field contains the password
association with the given UNAME.
The server verifies the supplied UNAME and PASSWD, and sends the
following response:
+----+--------+
|VER | STATUS |
+----+--------+
| 1 | 1 |
+----+--------+
A STATUS field of X'00' indicates success. If the server returns a
`failure' (STATUS value other than X'00') status, it MUST close the
connection.
moony_blue 2001-11-23
- 打赏
- 举报
ynyn(风林火山),我的QQ是14554393,如果方便的话我想和进一步交流一下! :)
------------------------------------------------------------------------
wingate中我是这样设置的(注意,我是单机调试):
1.在socks代理服务器子目中勾上"Use RFC1929(clear text) authentication for .."
2.Asuumed Users中任何地址/主机名都不绑定任何用户。(也就是说里边是空)
3.System Policies中所有用户(Everyone)均为"User must be authentic"(必须验证)
4.在socks代理服务器中的Policies中Add入两个用户--"Administrator"以及"enter"(自定义的一个用户名),均为"user mey be unknown"。
5.调试时,我传入"Administrator"/任何口令(注意),反馈的都是通过验证(01 00)
如果我传入"enter"/设置过的口令(符合wingate用户数据库),反馈的却是验证失败(05 02)
附:如果在System Policies中所有用户(Everyone)均为"user mey be unknown"的话,那socks代理服务器就不会验证用户身份了。可这与wingate help所说的不符阿,
1.
Some SOCKS5 clients can use 慠FC1929?(an Internet 憇tandard? authentication. This uses a username and password transmitted as clear text. When a user connects to WinGate, WinGate evaluates the client抯 current level of authentication (Unknown, Assumed or Authenticated), depending on what it already knows about the client. If the user is unknown, and you have the option "Use RFC1929?" enabled, then WinGate will require the user to use this method to raise it抯 security level to Assumed. Otherwise, the client will not be required to use this method. There is a special case here. If a user is assumed to be someone that has no rights to use the SOCKS server, then WinGate will still allow the user to authenticate (using RFC1929). Provided that the user then authenticates as someone with rights to use the SOCKS server, then they will be granted access.
RFC1929 is not very secure, and we recommend that you do not use this method if you are authenticating across an untrusted network, such as the Internet. Because this method is not secure, a user that has used this method will raise their security level only to assumed, not authenticated.
2.
Use RFC1929 Authentication
This option is available for those who have secondary SOCKS authentication servers. Name and Password are taken from the user database. If you use this option, a Guest user will have their authentication level increased to 慳ssumed?while a session is authenticated with this method.
This option is not recommended, as passwords are sent as 'plaintext'.
3.
SOCKS Server
The WinGate SOCKS server is SOCKS 4 and SOCKS 5 (RFC 1928) compliant. It supports RFC1929 authentication using the user accounts in the WinGate User Database. The WinGate SOCKS server is HTTP-aware. It can intercept HTTP requests, and handle them with the built-in WinGate WWW proxy. This means that even your SOCKS users will enjoy the benefits of the WWW proxy (e.g. caching), and can be subject to the same security policies.
大虾!看看吧!
------------------------------------------------------------------------
wingate中我是这样设置的(注意,我是单机调试):
1.在socks代理服务器子目中勾上"Use RFC1929(clear text) authentication for .."
2.Asuumed Users中任何地址/主机名都不绑定任何用户。(也就是说里边是空)
3.System Policies中所有用户(Everyone)均为"User must be authentic"(必须验证)
4.在socks代理服务器中的Policies中Add入两个用户--"Administrator"以及"enter"(自定义的一个用户名),均为"user mey be unknown"。
5.调试时,我传入"Administrator"/任何口令(注意),反馈的都是通过验证(01 00)
如果我传入"enter"/设置过的口令(符合wingate用户数据库),反馈的却是验证失败(05 02)
附:如果在System Policies中所有用户(Everyone)均为"user mey be unknown"的话,那socks代理服务器就不会验证用户身份了。可这与wingate help所说的不符阿,
1.
Some SOCKS5 clients can use 慠FC1929?(an Internet 憇tandard? authentication. This uses a username and password transmitted as clear text. When a user connects to WinGate, WinGate evaluates the client抯 current level of authentication (Unknown, Assumed or Authenticated), depending on what it already knows about the client. If the user is unknown, and you have the option "Use RFC1929?" enabled, then WinGate will require the user to use this method to raise it抯 security level to Assumed. Otherwise, the client will not be required to use this method. There is a special case here. If a user is assumed to be someone that has no rights to use the SOCKS server, then WinGate will still allow the user to authenticate (using RFC1929). Provided that the user then authenticates as someone with rights to use the SOCKS server, then they will be granted access.
RFC1929 is not very secure, and we recommend that you do not use this method if you are authenticating across an untrusted network, such as the Internet. Because this method is not secure, a user that has used this method will raise their security level only to assumed, not authenticated.
2.
Use RFC1929 Authentication
This option is available for those who have secondary SOCKS authentication servers. Name and Password are taken from the user database. If you use this option, a Guest user will have their authentication level increased to 慳ssumed?while a session is authenticated with this method.
This option is not recommended, as passwords are sent as 'plaintext'.
3.
SOCKS Server
The WinGate SOCKS server is SOCKS 4 and SOCKS 5 (RFC 1928) compliant. It supports RFC1929 authentication using the user accounts in the WinGate User Database. The WinGate SOCKS server is HTTP-aware. It can intercept HTTP requests, and handle them with the built-in WinGate WWW proxy. This means that even your SOCKS users will enjoy the benefits of the WWW proxy (e.g. caching), and can be subject to the same security policies.
大虾!看看吧!
ynyn 2001-11-23
- 打赏
- 举报
hoho,是wingate的设置问题,我也正在为这个问题烦恼呢,我现在是不管用哪个用户,在wingate上总是看到报guest用户身份验证失败
zhuang094 2001-11-23
- 打赏
- 举报
近几天很郁闷,帮你up一下。
Kevin_qing 2001-11-23
- 打赏
- 举报
错了~
那个不是个结构,大小也不是固定的
这个应该就是你验证不过去的原因了
那个不是个结构,大小也不是固定的
这个应该就是你验证不过去的原因了
feeyoo 2001-11-23
- 打赏
- 举报
upupup
moony_blue 2001-11-22
- 打赏
- 举报
当username/password在wingate下验证不成功时返回两个字节(05 02)
如果成功则返回(01 00)
示例代码如下:
struct sock5req1
{
char Ver;
char nMethods;
char Methods[255];
};
struct sock5ans1
{
char Ver;
char Method;
};
struct sock5req2
{
char Ver;
char Cmd;
char Rsv;
char Atyp;
char other[1];
};
struct sock5ans2
{
char Ver;
char Rep;
char Rsv;
char Atyp;
char other[1];
};
struct authreq
{
char Ver;
char Ulen;
char Name[255];
char PLen;
char Pass[255];
};
struct authans
{
char Ver;
char Status;
};
//通过Socks5方式代理
if( !ClientSock.Connect( g_ProxyInfo.m_strProxyIP,g_ProxyInfo.m_nProxyPort) )
{
m_sError = _T("不能连接到代理服务器!");
ClientSock.Close();
return FALSE;
}
char buff[600];
struct sock5req1 *m_proxyreq1;
m_proxyreq1 = (struct sock5req1 *)buff;
m_proxyreq1->Ver = 5;
m_proxyreq1->nMethods = 2;
m_proxyreq1->Methods[0] = 0;
m_proxyreq1->Methods[1] = 2;
ClientSock.Send(buff,4);
struct sock5ans1 *m_proxyans1;
m_proxyans1 = (struct sock5ans1 *)buff;
memset(buff,0,600);
ClientSock.Receive(buff,600);
if(m_proxyans1->Ver != 5 ¦¦ (m_proxyans1->Method!=0 && m_proxyans1->Method!=2))
{
m_sError = _T("通过代理连接主站不成功!");
ClientSock.Close();
return FALSE;
}
if(m_proxyans1->Method == 2)
{
int nUserLen = strlen(g_ProxyInfo.m_strProxyUser);
int nPassLen = strlen(g_ProxyInfo.m_strProxyPass);
struct authreq *m_authreq;
m_authreq = (struct authreq *)buff;
m_authreq->Ver = 1;
m_authreq->Ulen = nUserLen;
strcpy(m_authreq->Name,g_ProxyInfo.m_strProxyUser);
m_authreq->PLen = nPassLen;
strcpy(m_authreq->Pass,g_ProxyInfo.m_strProxyPass);
ClientSock.Send(buff,sizeof(struct authreq));
struct authans *m_authans;
m_authans = (struct authans *)buff;
memset(buff,0,600);
ClientSock.Receive(buff,600);
if(m_authans->Ver != 1 ¦¦ m_authans->Status != 0)
{
m_sError = _T("代理服务器用户验证不成功!");
ClientSock.Close();
return FALSE;
}
}
struct sock5req2 *m_proxyreq2;
m_proxyreq2 = (struct sock5req2 *)buff;
m_proxyreq2->Ver = 5;
m_proxyreq2->Cmd = 1;
m_proxyreq2->Rsv = 0;
m_proxyreq2->Atyp = 1;
unsigned long tmpLong = inet_addr(GetServerHostName());
unsigned short port = ntohs(GetPort());
memcpy(m_proxyreq2->other,&tmpLong,4);
memcpy(m_proxyreq2->other+4,&port,2);
ClientSock.Send(buff,sizeof(struct sock5req2)+5);
struct sock5ans2 *m_proxyans2;
memset(buff,0,600);
m_proxyans2 = (struct sock5ans2 *)buff;
ClientSock.Receive(buff,600);
if(m_proxyans2->Ver != 5 ¦¦ m_proxyans2->Rep != 0)
{
m_sError = _T("通过代理连接主站不成功!");
ClientSock.Close();
return FALSE;
}
如果成功则返回(01 00)
示例代码如下:
struct sock5req1
{
char Ver;
char nMethods;
char Methods[255];
};
struct sock5ans1
{
char Ver;
char Method;
};
struct sock5req2
{
char Ver;
char Cmd;
char Rsv;
char Atyp;
char other[1];
};
struct sock5ans2
{
char Ver;
char Rep;
char Rsv;
char Atyp;
char other[1];
};
struct authreq
{
char Ver;
char Ulen;
char Name[255];
char PLen;
char Pass[255];
};
struct authans
{
char Ver;
char Status;
};
//通过Socks5方式代理
if( !ClientSock.Connect( g_ProxyInfo.m_strProxyIP,g_ProxyInfo.m_nProxyPort) )
{
m_sError = _T("不能连接到代理服务器!");
ClientSock.Close();
return FALSE;
}
char buff[600];
struct sock5req1 *m_proxyreq1;
m_proxyreq1 = (struct sock5req1 *)buff;
m_proxyreq1->Ver = 5;
m_proxyreq1->nMethods = 2;
m_proxyreq1->Methods[0] = 0;
m_proxyreq1->Methods[1] = 2;
ClientSock.Send(buff,4);
struct sock5ans1 *m_proxyans1;
m_proxyans1 = (struct sock5ans1 *)buff;
memset(buff,0,600);
ClientSock.Receive(buff,600);
if(m_proxyans1->Ver != 5 ¦¦ (m_proxyans1->Method!=0 && m_proxyans1->Method!=2))
{
m_sError = _T("通过代理连接主站不成功!");
ClientSock.Close();
return FALSE;
}
if(m_proxyans1->Method == 2)
{
int nUserLen = strlen(g_ProxyInfo.m_strProxyUser);
int nPassLen = strlen(g_ProxyInfo.m_strProxyPass);
struct authreq *m_authreq;
m_authreq = (struct authreq *)buff;
m_authreq->Ver = 1;
m_authreq->Ulen = nUserLen;
strcpy(m_authreq->Name,g_ProxyInfo.m_strProxyUser);
m_authreq->PLen = nPassLen;
strcpy(m_authreq->Pass,g_ProxyInfo.m_strProxyPass);
ClientSock.Send(buff,sizeof(struct authreq));
struct authans *m_authans;
m_authans = (struct authans *)buff;
memset(buff,0,600);
ClientSock.Receive(buff,600);
if(m_authans->Ver != 1 ¦¦ m_authans->Status != 0)
{
m_sError = _T("代理服务器用户验证不成功!");
ClientSock.Close();
return FALSE;
}
}
struct sock5req2 *m_proxyreq2;
m_proxyreq2 = (struct sock5req2 *)buff;
m_proxyreq2->Ver = 5;
m_proxyreq2->Cmd = 1;
m_proxyreq2->Rsv = 0;
m_proxyreq2->Atyp = 1;
unsigned long tmpLong = inet_addr(GetServerHostName());
unsigned short port = ntohs(GetPort());
memcpy(m_proxyreq2->other,&tmpLong,4);
memcpy(m_proxyreq2->other+4,&port,2);
ClientSock.Send(buff,sizeof(struct sock5req2)+5);
struct sock5ans2 *m_proxyans2;
memset(buff,0,600);
m_proxyans2 = (struct sock5ans2 *)buff;
ClientSock.Receive(buff,600);
if(m_proxyans2->Ver != 5 ¦¦ m_proxyans2->Rep != 0)
{
m_sError = _T("通过代理连接主站不成功!");
ClientSock.Close();
return FALSE;
}
