Closed KujouRinka closed 7 months ago
Maybe it would be better to combine the two as a single socks analyzer, but have it internally check for the version number and handle accordingly?
You means like this?
{
"socks":{
"version": 5, // 4 or 5
"req": {
// ... req 5 fields
},
"resp": {
// ... resp 5 fields
}
}
}
socks.version
field decide what in socks.req
and socks.resp
, and if possible, merge socks4.go
and socks5.go
into one.
Yes, because if I understand correctly, the fields of both protocols are largely the same
After mergering these two, PropMap
of socks4
now:
SOCKS4:
{
"socks": {
"version": 4,
"req": {
"cmd": 1,
"addr_type": 1, // same with socks5
"addr": "1.1.1.1",
// for socks4a
// "addr_type": 3,
// "addr": "google.com",
"port": 443,
"auth": {
"user_id": "user"
}
},
"resp": {
"rep": 90, // 0x5A(90) granted
"addr_type": 1,
"addr": "1.1.1.1",
"port": 443
}
}
}
For socks5
, add a "version": 5
field with others unchanged.
Thanks again for your contribution!
I add an analyzer for socks4 and socks4a.
PropMap
of:socks4:
socks4a: