Describe SOCKS 4/4a/5 proxy [L1 ].
When used in conjunction with Tor [L2 ] this can be used to anonymize all network traffic from Tcl. One of the major drawbacks of using SOCKS4 when trying to anonymize you browsing behaviour is that you need to provide an IP address. This means the hostname has to be resolved to an IP somehow (usually by DNS) this does mean that the administrator of the DNS server can get an idea of you online behaviour by the lookups that are done. This issue is resolved by SOCKS4a [L3 ] SOCKS4a allows hostnames in the connect request leading to:
MJ - When connecting through a SOCKS4(a) proxy one request-response pair has to be handled before using the socket as a normal socket. The following proc should come close in handling this request response pair. This was tested by opening an SSH connection through TOR.
# connect to host port through the SOCKS4 proxy. authenticate with username (default empty)
# returns a socket that can be used to send and receive traffic from the remote host
proc socks4connect {proxy_host proxy_port host port {username {}}} {
set connect_request \x04\x01
append connect_request [binary format S $port]
if {[regexp {[0-9]+.[0-9]+.[0-9]+.[0-9]+} $host]} {
set use_host false
append connect_request [binary format c4 [split $host .]]
} else {
# ip address 0.0.0.x is always invalid and signals that a hostname is specified
set use_host true
append connect_request [binary format c4 [split 0.0.0.1 .]]
}
append connect_request $username
append connect_request \x00
if {$use_host} {
append connect_request $host
append connect_request \x00
}
set s [socket $proxy_host $proxy_port]
fconfigure $s -translation binary -buffering none
puts -nonewline $s $connect_request
set response [read $s 8]
if {[string index $response 1] ne "\x5a"} {
error "connection request rejected by proxy"
} else {
return $s
}
}
set s [socks4connect phost pport ip/host port]
# s can now be used as a normal socket