Generally, when the proxy client cannot access the remote server due to firewall and other reasons, and another server can access the remote server and be accessed by the client, you can deploy the socks5 server on this server and the socks5 client locally, so that this intermediate server can access the remote server as a proxy.
The following describes the protocol flow, which is simply divided into handshake stage, preparation stage and agent stage.
The client establishes tcp connection a with the proxy server and sends the first frame of data:
VER: protocol version number, 0x05 for socks5.
After the proxy server receives it, it will authenticate ver and respond.
Methods: Authentication method, 0x00 when authentication is not needed, and then directly enter the "preparation stage" (if it is not 0x00, authentication process is needed, see socks5 authentication).
The client sends the second frame of data:
CMD: command, tcp proxy 0x0 1, udp proxy 0x03.
RSV: reserved fields
ATYP: address type 0x00 1: IPv4, 0x03: domain name, 0x04:ipv6.
Daylight saving time ADDR: destination address
Daylight saving time Port: the port of destination
For example, data: 0x05 | 0x005438+0 | 0x00 | 0x03 | 0x0D7777772E62616964752E636F6d | 0x01bb.
It means that tcp connection is needed for proxy, and the target address type is domain name. The real destination address is "www.baidu.com:443", that is, tell the agent to act for me and "www.baidu.com:443".
After the proxy service receives it, it directly establishes tcp connection B with DST. ADDR replied.
REP: status bit, 0x00 indicates the connection of DST. ADDR is successful.
RSV: reserved fields
ATYP: address type 0x00 1: IPv4, 0x03: domain name, 0x04:ipv6.
BND。 ADDR: binding address, local address of connection B.
BND。 Port: binding port, connecting to the local port of B.
For example, returning 0x00 | 0x00 | 0x01| 0xc08ac76a | 0xCDF0 indicates that the agent is ready successfully. Let's move on to the next step.
The client sends the data sent to the target service to the proxy service through connection A, and the proxy service sends these data to the target service through connection B, and the target service data received by the proxy service is returned to the client through connection A..
The above is the simple process of the tcp proxy process of the whole socks5 proxy, and the udp proxy will be more complicated, and an article will be written separately later.
For details, please refer to my golang implementation /0990/socks5.
RFC 1928-SOCKS protocol version 5