Development notes for socks5 protocol

The RFC for socks5 protocol:

Here’s the procedure of CONNECT command for TCP based connection:

   Client   |   Server
1. Client init connection
2. Client send initial auth method selection message
             3. Server reply the selected auth method

4. [ Authenticate based on selected auth method ] optional, 
   not required when auth method is 0x00: No Auth

5. Client send request for destination address
             6. Server connect to the destination address
             7. Server reply with the bound address and port 
                of the connected target address

8. Begin transfer data between client and destination  
9. Close connection after transfer finished


  • The procedure applies to a connection, e.g. each http request opens a new connection, so each request will go through the procedure described above
  • The destination address maybe an IP v4/v6 address or a domain name, when it’s a domain name, it still could be an ip address in dotted format. Here’s a real example: is using the CDN service provided by, so different visitor will visit different server based on the location. I found that the browser (at least chrome) will put ip address like in the domain name field, and mark the address as a domain name
  • When server send response to client, it should send the port number that the server assigned to connect the target address. So we can only send the response after connected to the upstream

Leave a Reply

Your email address will not be published. Required fields are marked *