base/protocols/socks/main.zeek¶
-
SOCKS¶
- Namespace
SOCKS
- Imports
base/frameworks/tunnels, base/protocols/conn/removal-hooks.zeek, base/protocols/socks/consts.zeek
Summary¶
Runtime Options¶
Whether passwords are captured or not. |
Types¶
The record type which contains the fields of the SOCKS log. |
Redefinitions¶
|
|
Events¶
Event that can be handled to access the SOCKS record as it is sent on to the logging framework. |
Hooks¶
SOCKS finalization hook. |
|
Detailed Interface¶
Runtime Options¶
- SOCKS::default_capture_password¶
-
Whether passwords are captured or not.
Types¶
- SOCKS::Info¶
- Type
-
- ts:
time&log Time when the proxy connection was first detected.
- uid:
string&log Unique ID for the tunnel - may correspond to connection uid or be non-existent.
- id:
conn_id&log The connection’s 4-tuple of endpoint addresses/ports.
- version:
count&log Protocol version of SOCKS.
- user:
string&log&optional Username used to request a login to the proxy.
- password:
string&log&optional Password used to request a login to the proxy.
- status:
string&log&optional Server status for the attempt at using the proxy.
- request:
SOCKS::Address&log&optional Client requested SOCKS address. Could be an address, a name or both.
- request_p:
port&log&optional Client requested port.
- bound:
SOCKS::Address&log&optional Server bound address. Could be an address, a name or both.
- bound_p:
port&log&optional Server bound port.
- capture_password:
bool&default=SOCKS::default_capture_password&optional Determines if the password will be captured for this request.
- ts:
The record type which contains the fields of the SOCKS log.
Events¶
- SOCKS::log_socks¶
- Type
event(rec:SOCKS::Info)
Event that can be handled to access the SOCKS record as it is sent on to the logging framework.
Hooks¶
- SOCKS::finalize_socks¶
- Type
SOCKS finalization hook. Remaining SOCKS info may get logged when it’s called.