[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] wget - secure?
From: Ondrej Mikle <ondrej.mikle@xxxxxxxxx>
Date: Fri, 20 Apr 2012 00:23:40 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Apr 2012 18:23:57 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; bh=M7ppUUmF04HKGkIsTxrZNlh2siK1/V2yfQ9wkvoD9ZI=; b=uIMqt2O+2gXoxGzTD5lY+EEHhM0NzNQ+VE+a6EFKEriHjvc1/tDffWxjXEZIVFYXC4 NQAQhfZBYWycth00B2N91I5j1QgqKTW7PS4+k3Zyw9W35Sk3A+X9AI7uZC3NYxFQLuzd Ro1NzIcxAQVo+9qJqV7OajemoacKutCbhYbSglSEyYYnhN1T+Ai9o76H2sdy7Bix8pcS v5llyEIddAnVhrGRFHWjRXDbe6t1ppfENI6RQeas72StYg8KhbasIrHdC6tWM07E9it/ KW8GhMpCNSEs44CuTlRkptZj4x3kfnxGPzvW1Zmw3hLms5n9x2yFdPUwD04mOVuoEpAX 0X1g==
In-reply-to: <1SKyMo-000EXx-IN@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1SKD7H-000A52-7x@xxxxxxxxxxxxxxxxxxxx> <CAMtFrUF8qb8HzSmRucq+bF17zx0MQWdUqeKLebYGhfYwwWRnUA@xxxxxxxxxxxxxx> <CAHsXYDDv16KBGA3_n+BfiyYXCjjr+BpMs9x1Gnb+H4kyVeNpGg@xxxxxxxxxxxxxx> <CABqy+spN7+HYM9da-CRDH7yUwW0YBgDBLdC0Gm23j8BQVy8SLA@xxxxxxxxxxxxxx> <CAHsXYDBkJVGg7ybkkaqX2DhhNXUUbC96JS5tBvo=fKEnVDFYbA@xxxxxxxxxxxxxx> <CACDmtYajXMMPM3MoRo+SSFZ+r8Yk01KnzLUU0w6ULQzDjKErCw@xxxxxxxxxxxxxx> <1SKcbw-0009cJ-5K@xxxxxxxxxxxxxxxxxxxx> <4F8F545E.4030603@xxxxxxxxx> <1SKyMo-000EXx-IN@xxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1

Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I just
realized I tested it also with https when the leak happened (wget requires
explicit 'https_proxy' to use CONNECT for https even if you use the same http
proxy).

Ondrej

On 04/19/2012 10:54 PM, torsiris@xxxxxxxxxxx wrote:
> Hi,
> 
> I cannot confirm that wget (v1.12) is sending any DNS resolve when using
> it this way:
> 
> wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
> http://download.test
> 
> Wireshark does not show any UDP traffic.
> 
> I will check out curl. I like the idea of not using a http proxy in between.
> 
> Thanks for the post. :-)
> 
>> On 04/18/2012 11:40 PM, torsiris@xxxxxxxxxxx wrote:
>>>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk@xxxxxx> wrote:
>>>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774@xxxxxxxxx>
>>>>> wrote:
>>>>>> Which version of wget did you audit?  What information leaks did you
>>>>>> check for during your audit?
>>> Hi,
>>>
>>> How can I check what information wget is transmitting? I used wireshark
>>> and filtered to see only the traffic sent from wget to localhost:8118
>>> but
>>> I'm not a network expert and I don't know how to interpret the data.
>>>
>>> Anybody has deeper network knowledge?
>>
>> I've just checked wget, it does leak DNS even with http_proxy environment
>> variable set.
>>
>> How to check:
>>
>> 1. Run wireshark
>> 2. Select "Pseudointerface (any)" unless you know which interface to look
>> at
>> 3. Put "dns" into the Filter field and click "Apply" button
>>
>> DNS is easy to spot since it's almost always going to UDP port 53
>> (exceptions
>> are really rare).
>>
>> Then you'll see what DNS queries your host did at the time (obviously it's
>> best
>> to turn off any other program that could interfere in the measurement).
>>
>> These things can change on version-to-version basis of the same software,
>> so
>> it's always best to check your actual version with wireshark.
>>
>> Though curl is much better than wget in all recent versions at least, this
>> does
>> not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
>> expected to run at port 9050):
>>
>> curl --socks5-hostname localhost:9050
>> "http(s)://somesite.wherever/rest_of_url"
>>
>> Ondrej
>> _______________________________________________
>> tor-talk mailing list
>> tor-talk@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
> 
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] wget - secure?
  - From: torsiris

References:
- [tor-talk] wget - secure?
  - From: torsiris
- Re: [tor-talk] wget - secure?
  - From: Runa A. Sandvik
- Re: [tor-talk] wget - secure?
  - From: Maxim Kammerer
- Re: [tor-talk] wget - secure?
  - From: Robert Ransom
- Re: [tor-talk] wget - secure?
  - From: Maxim Kammerer
- Re: [tor-talk] wget - secure?
  - From: Joseph Lorenzo Hall
- Re: [tor-talk] wget - secure?
  - From: torsiris
- Re: [tor-talk] wget - secure?
  - From: Ondrej Mikle
- Re: [tor-talk] wget - secure?
  - From: torsiris

Prev by Author: Re: [tor-talk] wget - secure?
Next by Author: Re: [tor-talk] Another openssl advisory: Tor seems not to be affected
Previous by thread: Re: [tor-talk] wget - secure?
Next by thread: Re: [tor-talk] wget - secure?
Index(es):
- Author
- Thread