username/password authentication for SOCKS5 ------------------------------------------- Key: BIT-1011 URL: https://bro-tracker.atlassian.net/browse/BIT-1011 Project: Bro Issue Tracker Issue Type: Patch Components: Bro Affects Versions: git/master Reporter: nicolas Assignee: Seth Hall Priority: Low Fix For: 2.4 Attachments: 0001-SOCKS-authentication-patch.patch, output.pcap Patch the bug explained below : It appears using the username authentication with SOCKS 5. After the client and the server have chosen the username authentication, the client has to send the following packet : Client request (RFC 1929) : +----+------+----------+------+----------+ |VER | ULEN | UNAME | PLEN | PASSWD | +----+------+----------+------+----------+ | 1 | 1 | 1 to 255 | 1 | 1 to 255 | +----+------+----------+------+----------+ Here the first byte must be 0x1, it specifies the version of the authentication mechanisme, not the SOCKS version (0x5) like in all others packets. However in the socks-protocol.pac the type SOCKS_Version never parses data if the first byte is 0x1, and it goes to an error.