1# SOCKS Version 5 - Firewall traversal protocol - RFC 1928 2# Pattern attributes: good notsofast notsofast 3# Protocol groups: networking ietf_proposed_standard 4# Wiki: http://www.protocolinfo.org/wiki/SOCKS 5# 6# Usually runs on port 1080 7# Also useful: http://www.iana.org/assignments/socks-methods 8# 9# We have had two reports that this pattern works. 10 11# method request, no private methods \x05[\x01-\x08]* 12# method reply, assumes sucess \x05[\x01-\x08]? 13# method dependent sub-negotiation .* 14# request, ipv4 only \x05[\x01-\x03][\x01\x03].* 15# reply \x05[\x01-\x08]?[\x01\x03].* 16 17# username/password method 18# u/p request, assuming reasonable usernames and passwords 19# \x05[\x02-\x10][a-z][a-z0-9\-]*[\x05-\x20][!-~]* 20# server reply 21# \x05 22 23# GSSAPI method 24# client initial token \x01\x01\x02.* 25# server reply \x01\x01\x02.* 26 27# any other method .* (all methods boil down to this until we have information 28# about all the commonly used ones) 29 30socks 31\x05[\x01-\x08]*\x05[\x01-\x08]?.*\x05[\x01-\x03][\x01\x03].*\x05[\x01-\x08]?[\x01\x03] 32