- Added in v2.7 v2.7.0.1. Improved auto-scrolling for chat views when there are new messages; v2.7.0.0: Added support for custom mIRC-like Aliases. Added ability to hide IRC messages with Rules. Auto Action enhancements. Added ability to set more connection details with the /server command.
- Textual is an GUI IRC client for macOS. The Slant team built an AI & it's awesome Find the best product instantly. Add to Chrome Try it now. 4.7 star rating. Log in. Sign up. Overview Questions Pros Cons. Commonly Compared. 57 Recommendations.
- Those familiar with Internet Relay Chat (IRC) can connect to our support channel named #textual located on freenode. The staff of Codeux Software are typically available in the support channel between 9 AM and 3 PM (GMT-5), but this may not always be the case.
- Textual Standard 7 0 0 – Lightweight Irc Client Server
- Textual Standard 7 0 0 – Lightweight Irc Clients
- Textual Standard 7 0 0 – Lightweight Irc Client Download
Textual IRC Client Knowledge Base Main Website. Questions, comments, concerns, ideas or just need some help? Contact support. Important Documents. Release Notes for Version 7.0.10; Release Notes for Version 7.1.0; Release Notes for Version 7.1.1; Release Notes for Version 7.1.2; Release Notes for Version 7.
| Internet protocol suite |
|---|
| Application layer |
| Transport layer |
| Internet layer |
|
| Link layer |
|
SOCKS is an Internetprotocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
SOCKS performs at Layer 5 of the OSI model (the session layer, an intermediate layer between the presentation layer and the transport layer). A SOCKS server accepts incoming client connection on TCP port 1080.[1][2]
History[edit]
The protocol was originally developed/designed by David Koblas, a system administrator of MIPS Computer Systems. After MIPS was taken over by Silicon Graphics in 1992, Koblas presented a paper on SOCKS at that year's Usenix Security Symposium[3], making SOCKS publicly available.[4] The protocol was extended to version 4 by Ying-Da Lee of NEC.
The SOCKS reference architecture and client are owned by Permeo Technologies,[5] a spin-off from NEC. (Blue Coat Systems bought out Permeo Technologies.)
The SOCKS5 protocol was originally a security protocol that made firewalls and other security products easier to administer.[1] It was approved by the IETF in 1996 [1] as RFC 1928 (authored by: M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, and L. Jones). The protocol was developed in collaboration with Aventail Corporation, which markets the technology outside of Asia.[6]
Usage[edit]
SOCKS is a de facto standard for circuit-level gateways (level 5 gateways).[7]
The circuit/session level nature of SOCKS make it a versatile tool in forwarding any TCP (or UDP since SOCKS5) traffic, creating a good interface for all types of routing tools. It can be used as:
- A circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e.g., by governments, workplaces, schools, and country-specific web services.[8] Since SOCKS is very detectable, a common approach is to present a SOCKS interface for more sophiscated protocols:
- The Tor onion proxy software presents a SOCKS interface to its clients.[9]
- Providing similar functionality to a virtual private network, allowing connections to be forwarded to a server's 'local' network:
- Some SSH suites, such as OpenSSH, support dynamic port forwarding that allows the user to create a local SOCKS proxy.[10] This can free the user from the limitations of connecting only to a predefined remote port and server.
Comparison to HTTP proxying[edit]
SOCKS operates at a lower level than HTTP proxying: SOCKS uses a handshake protocol to inform the proxy software about the connection that the client is trying to make, and then acts as transparently as possible, whereas a regular proxy may interpret and rewrite headers (say, to employ another underlying protocol, such as FTP; however, an HTTP proxy simply forwards an HTTP request to the desired HTTP server). Though HTTP proxying has a different usage model in mind, the CONNECT method allows for forwarding TCP connections; however, SOCKS proxies can also forward UDP traffic and work in reverse, while HTTP proxies cannot. HTTP proxies are traditionally more aware of the HTTP protocol, performing higher-level filtering (though that usually only applies to GET and POST methods, not the CONNECT method).[citation needed]
SOCKS[edit]
If Bill, or any client for that matter, wishes to communicate with Chris over the internet, but a firewall between them exists on his network, where Bill is not authorized to communicate with Chris directly. So, Bill connects to the SOCKS proxy on his network, informing it about the connection he wishes to make to Chris; the SOCKS proxy opens a connection through the firewall and facilitates the communication between Bill and Chris.
For more information on the technical specifics of the SOCKS protocol, see the sections below.
HTTP[edit]
Bill wishes to download a web page from Jane, who runs a web server. Bill cannot directly connect to Jane's server, as a firewall has been put in place on his network. In order to communicate with the server, Bill connects to his network's HTTP proxy. His web browser communicates with the proxy in exactly the same way that it would directly with Jane's server if that were possible; that is, it sends a standard HTTP request header. The HTTP proxy connects to Jane's server, and then transmits back to Bill any data that Jane's server returns.[11]
Protocol[edit]
SOCKS4[edit]
A typical SOCKS4 connection request looks like this:
| VER | CMD | DSTPORT | DSTIP | ID | |
|---|---|---|---|---|---|
| Byte Count | 1 | 1 | 2 | 4 | Variable |
- 0x01 = establish a TCP/IP stream connection
- 0x02 = establish a TCP/IP port binding
- DSTPORT
- 2-byte port number (in network byte order)
- DESTIP
- IPv4 Address, 4 bytes (in network byte order)
- ID
- the user ID string, variable length, null-terminated.
| VN | REP | DSTPORT | DSTIP | |
|---|---|---|---|---|
| Byte Count | 1 | 1 | 2 | 4 |
- VN
- reply version, null byte
- REP
- reply code
| Byte | Meaning |
|---|---|
| 0x5A | Request granted |
| 0x5B | Request rejected or failed |
| 0x5C | Request failed because client is not running identd (or not reachable from server) |
| 0x5D | Request failed because client's identd could not confirm the user ID in the request |
- DSTPORT
- destination port, meaningful if granted in BIND, otherwise ignore
- DSTIP
- destination IP, as above – the ip:port the client should bind to
For example, this a SOCKS4 request to connect Fred to 66.102.7.99:80, the server replies with an 'OK':
- Client:
0x04 | 0x01 | 0x00 0x50 | 0x42 0x66 0x07 0x63 | 0x46 0x72 0x65 0x64 0x00- The last field is 'Fred' in ASCII, followed by a null byte.
- Server:
0x00 | 0x5A | 0xXX 0xXX | 0xXX 0xXX 0xXX 0xXX- 0xXX can be any byte value. The SOCKS4 protocol specifies that the values of these bytes should be ignored.
From this point onwards, any data sent from the SOCKS client to the SOCKS server is relayed to 66.102.7.99, and vice versa.
The command field may be 0x01 for 'connect' or 0x02 for 'bind'; the 'bind' command allows incoming connections for protocols such as active FTP.
SOCKS4a[edit]
SOCKS4a extends the SOCKS4 protocol to allow a client to specify a destination domain name rather than an IP address; this is useful when the client itself cannot resolve the destination host's domain name to an IP address. It was proposed by Ying-Da Lee, the author of SOCKS4.[12]
The client should set the first three bytes of DSTIP to NULL and the last byte to a non-zero value. (This corresponds to IP address 0.0.0.x, with x nonzero, an inadmissible destination address and thus should never occur if the client can resolve the domain name.) Following the NULL byte terminating USERID, the client must send the destination domain name and terminate it with another NULL byte. This is used for both 'connect' and 'bind' requests.
Client to SOCKS server:
| SOCKS4_C | DOMAIN | |
|---|---|---|
| Byte Count | 8+variable | variable |
- SOCKS4_C
- SOCKS4 client handshake packet (above)
- DOMAIN
- the domain name of the host to contact, variable length, null (0x00) terminated
Server to SOCKS client: (Same as SOCKS4)
A server using protocol SOCKS4a must check the DSTIP in the request packet. If it represents address 0.0.0.x with nonzero x, the server must read in the domain name that the client sends in the packet. The server should resolve the domain name and make connection to the destination host if it can.
SOCKS5[edit]
The SOCKS5 protocol is defined in RFC 1928. It is an incompatible extension of the SOCKS4 protocol; it offers more choices for authentication and adds support for IPv6 and UDP, the latter of which can be used for DNS lookups. The initial handshake consists of the following:
- Client connects and sends a greeting, which includes a list of authentication methods supported.
- Server chooses one of the methods (or sends a failure response if none of them are acceptable).
- Several messages may now pass between the client and the server, depending on the authentication method chosen.
- Client sends a connection request similar to SOCKS4.
- Server responds similar to SOCKS4.
The initial greeting from the client is:
| VER | NAUTH | AUTH | |
|---|---|---|---|
| Byte count | 1 | 1 | variable |
- 0x00: No authentication
- 0x01: GSSAPI[13]
- 0x02: Username/password[14]
- 0x03–0x7F: methods assigned by IANA[15]
- 0x03: Challenge-Handshake Authentication Protocol
- 0x04: Unassigned
- 0x05: Challenge-Response Authentication Method
- 0x06: Secure Sockets Layer
- 0x07: NDS Authentication
- 0x08: Multi-Authentication Framework
- 0x09: JSON Parameter Block
- 0x0A–0x7F: Unassigned
- 0x80–0xFE: methods reserved for private use
| VER | CAUTH | |
|---|---|---|
| Byte count | 1 | 1 |
- VER
- SOCKS version (0x05)
- CAUTH
- chosen authentication method, or 0xFF if no acceptable methods were offered
The subsequent authentication is method-dependent. Username and password authentication (method 0x02) is described in RFC 1929:
| VER | IDLEN | ID | PWLEN | PW | |
|---|---|---|---|---|---|
| Byte count | 1 | 1 | (1-255) | 1 | (1-255) |
- VER
- 0x01 for current version of username/password authentication
- IDLEN, ID
- Username length, uint8; username as bytestring
- PWLEN, PW
- Password length, uint8; password as bytestring
| VER | STATUS | |
|---|---|---|
| Byte count | 1 | 1 |
- VER
- 0x01 for current version of username/password authentication
- STATUS
- 0x00 success, otherwise failure, connection must be closed
After authentication the connection can proceed. We first define an address datatype as:
| TYPE | ADDR | |
|---|---|---|
| Byte Count | 1 | variable |
- 0x01: IPv4 address
- 0x03: Domain name
- 0x04: IPv6 address
- 4 bytes for IPv4 address
- 1 byte of name length followed by 1–255 bytes for the domain name
- 16 bytes for IPv6 address
| VER | CMD | RSV | DSTADDR | DSTPORT | |
|---|---|---|---|---|---|
| Byte Count | 1 | 1 | 1 | Variable | 2 |
- 0x01: establish a TCP/IP stream connection
- 0x02: establish a TCP/IP port binding
- 0x03: associate a UDP port
- RSV
- reserved, must be 0x00
- DSTADDR
- destination address, see the address structure above.
- DSTPORT
- port number in a network byte order
| VER | STATUS | RSV | BNDADDR | BNDPORT | |
|---|---|---|---|---|---|
| Byte Count | 1 | 1 | 1 | variable | 2 |
- 0x00: request granted
- 0x01: general failure
- 0x02: connection not allowed by ruleset
- 0x03: network unreachable
- 0x04: host unreachable
- 0x05: connection refused by destination host
- 0x06: TTL expired
- 0x07: command not supported / protocol error
- 0x08: address type not supported
- RSV
- reserved, must be 0x00
- BNDADDR
- server bound address[16], in the 'SOCKS5 address' format specified above
- BNDPORT
- server bound port number in a network byte order
Since clients are allowed to use either resolved addresses or domain names, a convention from cURL exists to label the domain name variant of SOCKS5 'socks5h', and the other simply 'socks5'. A similar convention exists between SOCKS4a and SOCKS4.[17]
Software[edit]
Servers[edit]
SOCKS proxy server implementations[edit]
- Sun Java System Web Proxy Server is a caching proxy server running on Solaris, Linux and Windows servers that support HTTPS, NSAPI I/O filters, dynamic reconfiguration, SOCKSv5 and reverse proxy.
- WinGate is a multi-protocol proxy server and SOCKS server for Microsoft Windows which supports SOCKS4, SOCKS4a and SOCKS5 (including UDP-ASSOCIATE and GSSAPI auth). It also supports handing over SOCKS connections to the HTTP proxy, so can cache and scan HTTP over SOCKS.
- Socksgate5 SocksGate5 is an application-SOCKS firewall with inspection feature on Layer 7 of the OSI model, the Application Layer. Because packets are inspected at 7 OSI Level the application-SOCKS firewall may search for protocol non-compliance and blocking specified content.
- Dante is a circuit-level SOCKS server that can be used to provide convenient and secure network connectivity, requiring only the host Dante runs on to have external network connectivity.[citation needed]
Other programs providing SOCKS server interface[edit]
- OpenSSH allows dynamic creation of tunnels, specified via a subset of the SOCKS protocol, supporting the CONNECT command.
- PuTTY is a Win32 SSH client that supports local creation of SOCKS (dynamic) tunnels through remote SSH servers.
- ShimmerCat[18] is a web server that uses SOCKS5 to simulate an internal network, allowing web developers to test their local sites without modifying their /etc/hosts file.
- Tor is a system intended to enable online anonymity. Tor offers a TCP-only SOCKS server interface to its clients.
- Shadowsocks is a circumvent censorship tool. It provides a SOCKS5 interface.
Clients[edit]
Client software must have native SOCKS support in order to connect through SOCKS. There are programs that allow users to circumvent such limitations:
Socksifiers[edit]
Socksifiers allow applications to access the networks to use a proxy without needing to support any proxy protocols. The most common way is to set up a virtual network adapter and appropriate routing tables to send traffic through the adapter.
- Win2Socks, which enables applications to access the network through SOCKS5, HTTPS or Shadowsocks.
- tun2socks, an open source tool that creates virtual TCP TUN adapters from a SOCKS proxy. Works on Linux and Windows,[19] has a macOS port and a UDP-capable reimplementation in Golang.
- proxychains, a Unix program that forces TCP traffic through SOCKS or HTTP proxies on (dynamically-linked) programs it launches. Works on various Unix-like systems.[20]
Translating proxies[edit]
- Polipo, a forwarding and caching HTTP/1.1 proxy server with IPv4 support. Open Source running on GNU/Linux, OpenWrt, Windows, Mac OS X, and FreeBSD. Almost any Web browser can use it.
- Privoxy, a non-caching SOCKS-to-HTTP proxy.
Docker based[edit]
- multsocks[21], an approach based on Docker which would run on any platform that runs Docker, using client, server, or both to translate proxies.
References[edit]
- ^ abcRFC 1928
- ^'Service Name and Transport Protocol Port Number Registry'. Internet Assigned Numbers Authority. 19 May 2017. Retrieved 23 May 2017.
- ^Koblas, David; Koblas, Michelle R. SOCKS(PDF). USENIX UNIX Security Symposium III. Retrieved 16 November 2019.
- ^Darmohray, Tina. 'Firewalls and fairy tales'. ;LOGIN:. Vol 30, no. 1.
- ^Archive index at the Wayback Machine
- ^CNET: Cyberspace from outer space
- ^Oppliger, Rolf (2003). 'Circuit-level gateways'. Security technologies for the World Wide Web (2nd ed.). Artech House. ISBN1580533485. Retrieved 21 January 2020.
- ^'2010 Circumvention Tool Usage Report'(PDF). The Berkman Center for Internet & Society at Harvard University. October 2010.
- ^'Tor FAQ'.
- ^'OpenSSH FAQ'. Archived from the original on 2002-02-01.
- ^'Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing'. Retrieved 2014-08-01.
- ^Ying-Da Lee. 'SOCKS 4A: A Simple Extension to SOCKS 4 Protocol'. OpenSSH. Retrieved 2013-04-03.
- ^'RFC 1961'. Tools.ietf.org. Retrieved 2009-06-19.
- ^'RFC 1929'. Tools.ietf.org. Retrieved 2009-06-19.
- ^IANA.org
- ^'RFC 1928 - SOCKS Protocol Version 5'. Tools.ietf.org. Retrieved 2020-05-10.
- ^'CURLOPT_PROXY'. curl.haxx.se. Retrieved 20 January 2020.
- ^'Easy Net with SOCKS5'. shimmercat.com. ShimmerCat. Archived from the original on 2018-09-13. Retrieved 20 April 2016.
- ^Bizjak, Ambroz (20 January 2020). 'ambrop72/badvpn: NCD scripting language, tun2socks proxifier, P2P VPN'. GitHub. Retrieved 20 January 2020.
- ^Hamsik, Adam (20 January 2020). 'proxychains: a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy'. GitHub. Retrieved 20 January 2020.
- ^Momm, Gregorio (2020-08-24), gregoriomomm/docker-multsocks, retrieved 2020-08-29
External links[edit]
- RFC 1928: SOCKS Protocol Version 5
- RFC 1929: Username/Password Authentication for SOCKS V5
- RFC 1961: GSS-API Authentication Method for SOCKS Version 5
- RFC 3089: A SOCKS-based IPv6/IPv4 Gateway Mechanism
- Draft-ietf-aft-socks-chap, Challenge-Handshake Authentication Protocol for SOCKS V5
- SOCKS: A protocol for TCP proxy across firewalls, SOCKS Protocol Version 4 (NEC)
The following list is a summary of all major additions, changes, and fixes part of version6.0.0 of the Textual IRC Client.
Performance Improvements
Textual 6 delivers performance unmatched by any of its predecessors when running on OS X ElCapitan or later.
This is accomplished by laying out and rendering channel content on separate processes usingWebKit2.
View Multiple Channels
Command click up to six (6) channels to view them simultaneously.
Quick Select
The keyboard shortcut Command-D can be used to quickly navigate between channels.*
* This feature requires a Mac running OS X Yosemite or later.
Chat Filter Addon
The Chat Filter Addon received a significant overhaul.
Changes
- Filters can now be dragged and dropped to change the order they're matched in.
- Filters can now be exported and imported to allow them to be shared with others.
- Filters can now respond to more events: user joined channel, user left channel, user kicked from channel, user disconnected, channel topic changed, channel mode changed, and much, much more!
- An empty Filter Match value will match any possible value.
Networking
Textual 6 supports Happy Eyeballs, aprotocol for intelligently using IPv6 whenavailable.
A preference to prefer IPv4 has been added to the Network Socket section ofServer Properties.
Other Additions
- Added the command back which can be used to easily toggle off away status.
- Added the commands quiet and unquiet which can be used to modify the quiet list of the selected channel.
- Added 'List of Quiets' window to view and/or remove entries in the quiet list of the selected channel.
- Added support for the monitor IRCv3 capability to the Address Book.
- Added inline image support for .webm files hosted by 4chan and 8chan.
- Added inline image support for lfil.es short URLs.
- Added preference 'Only speak channel messages for the selected channel', which is enabled by default.
Other Changes
- A two second delay now occurs between each join when automatically joining channels. This delay can be modified by navigating to Preferences ➜ Advanced ➜ Flood Control.
- Textual no longer waits for the Internet to be available before reconnecting when waking from sleep. There is no reliable way to determine when we can truly send data, so it's best to keep trying.
- It is no longer possible to select more than eight (8) channels at one time in the 'Channel List' window.
- Incomplete file transfers are now resumed when the person sending the file supports this.
- Improved technique for collecting channel information to reduce number of 'Max SendQ' disconnects.
- Improved support for connecting to irssi-proxy.
- Improved reliability and speed of playing back messages from previous session.
- The Client Certificate section of Server Properties now includes the SHA-256 fingerprint of the certificate.
- The commands amsg and ame no longer send messages to queries (private messages).
- The commands ctcp and ctcpreply now expect the first parameter to always be the destination.
- The commands gline, gzline, zline, shun, and tempshun no longer modify their input to include the default reason.
- The commands ignore and unignore are no longer silent. They now provide feedback when performed.
- Removed the preference to hide messages that mention an ignored user. This preference never worked correctly and had a noticeable impact on performance.
- When duplicating a connection, its passwords are now duplicated as well.
- Modified list of whitelisted URL schemes to include 'gopher'
- Modified list of networks to include GeekShed, MindForge, IdleChat, and LizardIRC.
- Modified list of networks to remove the now defunct networks flux.cd, IRCNode, irc.btri.x10.bz, and ValleyNode.
- Removed inline image support for the now defunct services img.ly, twitgoo.com, tweetphoto.com, and yfrog.com.
Fixes
- Fixed inability to add a channel named '#'
- Fixed almost every misspelling of 'Parameter' as 'Paramater'
- Fixed inability to navigate Server Properties using the tab key.
- Fixed channel passwords not being censored when they are supposed to be.
- Fixed file transfers failing when sending a file with a name that contains a space.
- Fixed a bug in the Caffeine addon that caused crashes when deleting connections.
Addon Backwards Compatibility
Textual Standard 7 0 0 – Lightweight Irc Client Server
Styles
Some custom styles built for Textual 5 will not work correctly with Textual 6without modification.
To view modifications that need to be made, see this knowledge basearticle for more information.
Scripts
All scripts built for Textual 5 will work with Textual 6 without modification.
Plugins
Textual Standard 7 0 0 – Lightweight Irc Clients
All plugins built for Textual 5 will not work with Textual 6 withoutmodification.
Plugins that are bundled with Textual, such as Blowfish Encryption, Caffeine, and Wiki-styleLink Parser; have already been modified to support Textual 6.
Enter /getscripts into the main input textfield to install the latest version of those plugins.
Other plugins require modification. To view modifications that need to be made, see this knowledge basearticle.
Textual Standard 7 0 0 – Lightweight Irc Client Download
Filters
All filters added to Textual 5 will work with Textual 6 without modification.
