powered by Jive Software

Problems setting up SOCKS proxy connection

I’‘m building a custom XMPP client to do some fun XMPP-as-middleware work. I’‘m currently trying to get a target client to set up a SOCKS bytestream using the Openfire proxy (doing the connection directly from the target to the initiator works fine). However, I’'m running into the following behavior with Openfire 3.3.2:

  1. If I’'m running Openfire on the same machine as the client, I get a 0x02 (connection not allowed by ruleset) reply when issuing the connect command and the following error in Openfire:

Error processing file transfer proxy connection

java.io.IOException: Illegal proxy transfer

at org.jivesoftware.openfire.filetransfer.proxy.ProxyConnectionManager.processConn ection(ProxyConnectionManager.java:187)

at org.jivesoftware.openfire.filetransfer.proxy.ProxyConnectionManager.access$100( ProxyConnectionManager.java:39)

at org.jivesoftware.openfire.filetransfer.proxy.ProxyConnectionManager$1$1.run(Pro xyConnectionManager.java:107)

at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)

at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)

at java.util.concurrent.FutureTask.run(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

  1. If I’'m running Openfire on a different machine than the client, I get all -1s back in response to my command and Openfire reports an IOException: “Error reading Socks5 version and command”.

Anybody have any suggestions as to what’'s going wrong? Suggested solutions as well as diagnostic steps would be greatly appreciated.

Ok, I figured out part of the problem: if the Openfire server can’‘t immediately pull 5 bytes off the wire when trying to retrieve the SOCKS command it throws an error without bothering to check if there’'s more data coming later.

Still no idea why I’'m getting a reply of 0x02 instead of 0x00 in response to my command, however. Any suggestions?

Never mind, I figured that one out too. I was using XEP-0065 alone without going through the overhead of setting up a XEP-0096 file transfer first. For those that are curious, it turns out that the server tries to match up a proxy transfer with a file transfer unless xmpp.proxy.transfer.required is set to false.

Y’'all might want to document that someplace.

1 Like

Hello Jeff,

I think i am having the same problem.

I also am trying to connect to the proxy server and I am receiving the same error.

how do you set xmpp.proxy.transfer.required to false ?


OK, so I set xmpp.proxy.transfer.required to false becase otherwise I can never connect to the SOCKS proxy server.

I do this from the OpenFire admin console -> SystemProperties.

Now the server responds with STATUS 00 success for the both the clients, when they connect, by when I try to activate the bytestream I get an error.

Here is my protocol, how I implement it, as I understand it from xep0065 to intiating a bytestream connexion:


“<iq id=“Nez2I-39” to=“user@host/receive” from=“user@host/send” type=“set”>” +
"<query xmlns=“http://jabber.org/protocol/bytestreams” sid=“vxf9n471bn56” mode=“tcp”>" +
"<streamhost jid=“proxy.host” host=“” port=“7777”/>" +

work I do in receiver RECEIVER:

I create a new SOCKET.

I connect to port 7777

I follow protocol SOCKS5 - no authentification required.

I create HASH of SID + INITIATOR.JID + RECEIVER.JID like this under .NET like this:

SHA1 sha1 = SHA1.Create();

byte[] sha;

sha = sha1.ComputeHash(Encoding.ASCII.GetBytes(“vxf9n471bn56” + “user@host/send” + “user@host/receive”));

I send the DEST.ADDR as Encoding.ASCII.GetString(sha) and port 0 to the proxy server via the created socket following the SOCKS 5 protocol and I get STATUS SUCCESS


“<iq type=‘result’” +
“from=‘user@host/receive’ " +
“to=‘user@host/send’ " +
“id=‘initiate’>” +
”<query xmlns=‘http://jabber.org/protocol/bytestreams’” +
“sid=‘vxf9n471bn56’>” +
"" +

now from the INITIATOR or SENDER:

I create a new socket and try to connect also to the proxy server.

I do the same as I do in RECEIVER and I get status success from the proxy server.

Now all I have left to do is activate the stream:

from the initiator I send to the proxy server:

“<iq type=‘set’ " +
“from=‘user@host/send’ " +
“to=‘proxy.host’ " +
“id=‘activate’>” +
”” +
“sid=‘vxf9n471bn56’>” +
“user@host/receive” +

The proxy server returns error now:

error if only one party (either Initiator or Recipient, but not both) is connected to the Proxy

I don’t think this is the problem, I think one problem might be a wrong hash, or I did not understant the protocol well.

Forgot to mention:

both client are on the same machine. Server is on the same machine. All connect to

Please answer this post and help with this issue, I cannot seem to end it.

Thank you.