Socks5 protocol support isnt implemented right... FlashFXP isseues CONNECT instead of BIND for every data connection... Hope you can fix this asap (flash isnt the only client having this problem though)

From RFC1928:

The BIND request is used in protocols which require the client to
accept connections from the server. FTP is a well-known example,
which uses the primary client-to-server connection for commands and
status reports, but may use a server-to-client connection for
transferring data on demand (e.g. LS, GET, PUT).

It is expected that the client side of an application protocol will
use the BIND request only to establish secondary connections after a
primary connection is established using CONNECT. In is expected that
a SOCKS server will use DST.ADDR and DST.PORT in evaluating the BIND
request.

And another CUT, just to remind you where the problem is (CMD should be 2 instead of 1):

4. Requests

Once the method-dependent subnegotiation has completed, the client
sends the request details. If the negotiated method includes
encapsulation for purposes of integrity checking and/or
confidentiality, these requests MUST be encapsulated in the method-
dependent encapsulation.

The SOCKS request is formed as follows:

+----+-----+-------+------+----------+----------+
|VER | CMD | RSV | ATYP | DST.ADDR | DST.PORT |
+----+-----+-------+------+----------+----------+
| 1 | 1 | X'00' | 1 | Variable | 2 |
+----+-----+-------+------+----------+----------+

Where:

o VER protocol version: X'05'
o CMD
o CONNECT X'01'
o BIND X'02'
o UDP ASSOCIATE X'03'
o RSV RESERVED
o ATYP address type of following address
o IP V4 address: X'01'
o DOMAINNAME: X'03'
o IP V6 address: X'04'
o DST.ADDR desired destination address
o DST.PORT desired destination port in network octet
order

This is not a bug, but rather a limitation in the socks 5 support.

Heh, it would be kinda useful to have there.. :i It's nearly impossible to write TLS socks5 server without it (for flashfxp use that is.. since it's not possible to determinate which connection belongs to controldata.. if possible change it as documented - if not then set RSV byte to 1 (0 is standard, but since it's reserved for later use - noone cares atm what it is - no compatability probs) on control channels...)

Aaah.. another small thing, you could add option for control data only proxy.. (I see no reason why it wouldnt be possible - this would only work with passive mode though).. So I could make TLS proxy that would only proxy the control data :-) (now bnc needs to do the traffic too, which slows down local xfers)..

Just for the heck of it I tried passing x02 as the command and the proxy server returned an error. I'm using an old freeware socks5 proxy which probably doesn't support bind.

would you happen to know of a small freeware socks5 proxy that does support bind so I can mess around with it.

If passive mode is disabled and socks5 is selected, I believe the proxy is bypassed for the data connection.

http://www.socks.nec.com/cgi-bin/download.pl

For the reference socks5..

Perhaps I am blind but I don't see a windows compiled binary for a socks5 server. Which is what I need. not source code.

I wonder, if there is a free socks5 server for windows... everything windows related is commerical :p