okhttp: Socks 4 Proxy broken

OkHttp relies on the JVM implementation of SOCKS, which seems to be broken for SOCKS4. When the JVM establishes the connection in java.net.SocksSocketImpl#connect, it first sends a SOCKS5 setup message:

        // This is SOCKS V5
        out.write(PROTO_VERS);
        out.write(2);
        out.write(NO_AUTH);
        out.write(USER_PASSW);
        out.flush();

and then reads a 2 byte response. Then it checks if the first byte of the response is not 5, and if so it tries a socks 4 message using the same socket.

The problem is since this above message is not a wellformed SOCKS4 message, the SOCKS4 server doesn’t know how much data to read. Also a SOCKS4 response is 8 bytes, and the code only drains 2 bytes. This means that when it gets to the SOCKS4 connect, the socket is in an unknown state and always fails.

I’m not sure anything can be done other than hacking the JVM with reflection, or to write a new implementation of SOCKS 4 and 5.

Regardless of the solution the broken SOCKS 4 support should be documented, so no one else has to dig into the terrible SOCKS code in the JVM.

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Comments: 33 (23 by maintainers)

Commits related to this issue

Most upvoted comments

Closing because we have baulked at high quality PRs in the past, so let’s be honest that this isn’t happening in OkHttp. We would probably only consider minimal API changes that allow custom socket factory if that isn’t already working (it may be).

+2
yschimke on Mar 29, 2020

This will work for both of you: https://gist.github.com/swankjesse/132ecc49bee853c3c335d33b9a95bef7

+1
swankjesse on Sep 22, 2018
Read more comments on GitHub
← okhttp: SocketTimeoutException on Retrofit 1.9.0 + OkHttp 2.3.0 + Android 4.4.4
okhttp: SSLHandshakeException on Android 5 (API 21) →