EOF ISSUE #0x01

                                   Using proxy
                               berniee/fakedminded
                                      2006


1.Introduction

  In this article I will try to give you a hint on how you can use proxies in your 
codes. I will not get deep in this subject meaning that I will not discuss Authentication
too.
PS:all the following is tested on CCProxy(c).

2.Proxy types:

Proxy types that I am going to discuss here are socks (v.4) and http proxy.

3.Socks proxy:

I will explain this briefly -socks proxy according to my own researches(rfc!).
Inorder to get connected to socks proxy first you need to send a packet(duh!),
and according to rfc 
--the packet should be like this:

                +----+----+----+----+----+----+----+----+----+----+....+----+
		| VN | CD | DSTPORT |      DSTIP        | USERID       |NULL|
		+----+----+----+----+----+----+----+----+----+----+....+----+
 # of bytes:	   1    1      2              4           variable       1


vn=is the version of rfc which   we are going to use 4(one byte)
cd=is the order to the proxy '1'-->connect,while '2'--->bind(not going to talk about it here)(1byte)
dstport=destination port so obvious(2 bytes==word)
dstip=destination IP address (4 bytes==dword!)
userid=variable size it said to be something to do with identd(I think Authentication--
not my bussiness here--)
Null=must be ended with null byte.

now  lets put it in a structure:

socks_s struct

vn db ?
cd db ?
dstport dw ?
dstip dd ?
userID db 256 dup(?)
nell db ?

socks_s ends

and we just fill the previous structure and send it.(check the code at the end)

--and the response should be somehting like this(rfc):
           	+----+----+----+----+----+----+----+----+
		| VN | CD | DSTPORT |      DSTIP        |
		+----+----+----+----+----+----+----+----+
 # of bytes:	   1    1      2              4


vn=the version of the reply code and should be 0.
cd=state that our request is accomplished or not.Again from rfc:

	90: request granted
	91: request rejected or failed
	92: request rejected becasue SOCKS server cannot connect to
	    identd on the client
	93: request rejected because the client program and identd
	    report different user-ids

dtport=port that we wanted to connect to of the requested IP address.
dstip=Ip address we requested to connect to.
...well for me I saw that other thing is resent back to me is the userid!

so we are going to check the cd of the recieved packet .

See the following code that will try to connect to mx1.mail.yahoo.com,through socks 
proxy.(change the proxy IP to get it work)

;-----------------------cut from here

 .586
.model flat,stdcall
option casemap:none

socks_s struct

vn db ?
cd db ?
dstport dw ?
dstip dd ?
userID db 256 dup(?)
db ?

socks_s ends

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\wsock32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\wsock32.lib


.data
db "sock4",0
ip_sock db "xxx.xxx.xxx.xxx",0    ;change that according to socks proxy address
_server db "mx1.mail.yahoo.com",0 ;our requested address!
USERid db "Guest",0               ; :)   

.data?

socks_send socks_s<?>

ws WSADATA <?>
sock_addr sockaddr_in<?>
buffer db 256 dup(?)           ;where to put the recieved packet
socket_ dd ?

.code
start:

call Intialize_wsocket
cmp eax,-1
je exit

invoke socket,AF_INET,SOCK_STREAM,IPPROTO_TCP
mov socket_,eax

mov sock_addr.sin_family,AF_INET
xor eax,eax
invoke htons,1080               ;most socks proxies have this port change it if not.
mov sock_addr.sin_port,ax
invoke inet_addr,offset ip_sock
cmp eax,INADDR_NONE
je exit
mov sock_addr.sin_addr.S_un.S_addr,eax
invoke connect,socket_,addr sock_addr,sizeof sock_addr
cmp eax,SOCKET_ERROR
je exit
;nvoke inet_addr,offset dstIP  ;if you are using IP address not domain 
invoke gethostbyname,offset _server

or eax,eax
jz exit
mov eax,[eax+12]
mov eax,[eax]
mov eax,[eax]

mov socks_send.vn,4   ;socks v.4
mov socks_send.cd,1   ;order===>connect

mov socks_send.dstport,1900h           ;port 25==>19h==>1900h(in dword)
mov socks_send.dstip,eax               ;the ip we supposed to get from gethostbyname()
invoke lstrcpy,offset socks_send.userID,offset USERid
mov socks_send.nell,0


invoke send,socket_,offset socks_send,sizeof socks_send,0
invoke recv,socket_,offset buffer,512,0


mov eax,offset buffer
cmp byte ptr [eax+1],90                 ;checking if the request is granted
jne exit
invoke recv,socket_,offset buffer,256,0


invoke MessageBox,0,offset ip_sock,offset buffer,0


exit:
invoke ExitProcess,0

Intialize_wsocket:
invoke WSAStartup,001h,addr ws
or eax,eax
jz failed_to_intialize

ret

failed_to_intialize:
mov eax,-1
ret

end start
;----------------------stop cutting 




4.HTTP proxy:
HTTP proxy is dependant on http protocol,well here I am going to discuss how it works
by the 'CONNECT'method ,and Again I will not explain how to use authentication.

to use http proxy,you just send the following packet:
CONNECT servername:port HTTP/1.1   

where :
CONNECT is the order we send to the proxy
servername whether it is an IP address or domain name(depend on proxy to resolve it)
port it is the port to connect to!
HTTP/1.1 Hypertext Transfer Protocol

try it on telnet it is fun.

I am to0 tired to write anything else,so I will depend on you to develop the code.

5.Final Words:
Hoping you understand the point I wanted to reach from all this,you have to go on 
googling to see how the Authentication is done,and then code nice things.

xxxxxxxxxxxxfakedminded(2006) from the lands of the Ultimate Free-Damn! :\xxxxxxxxxxx